Fix SFTP file upload failures with JWT filer tokens (#8448)

* Fix SFTP file upload failures with JWT filer tokens (issue #8425) When JWT authentication is enabled for filer operations via jwt.filer_signing.* configuration, SFTP server file upload requests were rejected because they lacked JWT authorization headers. Changes: - Added JWT signing key and expiration fields to SftpServer struct - Modified putFile() to generate and include JWT tokens in upload requests - Enhanced SFTPServiceOptions with JWT configuration fields - Updated SFTP command startup to load and pass JWT config to service This allows SFTP uploads to authenticate with JWT-enabled filers, consistent with how other SeaweedFS components (S3 API, file browser) handle filer auth. Fixes #8425 * Apply suggestion from @gemini-code-assist[bot] Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-02-25 14:30:21 -08:00
parent a92e9baddf
commit 7f6e58b791
4 changed files with 51 additions and 24 deletions
--- a/weed/sftpd/sftp_server.go
+++ b/weed/sftpd/sftp_server.go
@@ -20,22 +20,26 @@ import (
 )

 type SftpServer struct {
-	filerAddr      pb.ServerAddress
-	grpcDialOption grpc.DialOption
-	dataCenter     string
-	filerGroup     string
-	user           *user.User
+	filerAddr                pb.ServerAddress
+	grpcDialOption           grpc.DialOption
+	dataCenter               string
+	filerGroup               string
+	user                     *user.User
+	filerSigningKey          []byte
+	filerSigningExpiresAfter int
 }

 // NewSftpServer constructs the server.
-func NewSftpServer(filerAddr pb.ServerAddress, grpcDialOption grpc.DialOption, dataCenter, filerGroup string, user *user.User) SftpServer {
+func NewSftpServer(filerAddr pb.ServerAddress, grpcDialOption grpc.DialOption, dataCenter, filerGroup string, user *user.User, filerSigningKey []byte, filerSigningExpiresAfter int) SftpServer {

 	return SftpServer{
-		filerAddr:      filerAddr,
-		grpcDialOption: grpcDialOption,
-		dataCenter:     dataCenter,
-		filerGroup:     filerGroup,
-		user:           user,
+		filerAddr:                filerAddr,
+		grpcDialOption:           grpcDialOption,
+		dataCenter:               dataCenter,
+		filerGroup:               filerGroup,
+		user:                     user,
+		filerSigningKey:          filerSigningKey,
+		filerSigningExpiresAfter: filerSigningExpiresAfter,
 	}
 }