Fix SFTP file upload failures with JWT filer tokens (#8448)

* Fix SFTP file upload failures with JWT filer tokens (issue #8425) When JWT authentication is enabled for filer operations via jwt.filer_signing.* configuration, SFTP server file upload requests were rejected because they lacked JWT authorization headers. Changes: - Added JWT signing key and expiration fields to SftpServer struct - Modified putFile() to generate and include JWT tokens in upload requests - Enhanced SFTPServiceOptions with JWT configuration fields - Updated SFTP command startup to load and pass JWT config to service This allows SFTP uploads to authenticate with JWT-enabled filers, consistent with how other SeaweedFS components (S3 API, file browser) handle filer auth. Fixes #8425 * Apply suggestion from @gemini-code-assist[bot] Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-02-25 14:30:21 -08:00
parent a92e9baddf
commit 7f6e58b791
4 changed files with 51 additions and 24 deletions
--- a/weed/sftpd/sftp_service.go
+++ b/weed/sftpd/sftp_service.go
@@ -47,6 +47,10 @@ type SFTPServiceOptions struct {

 	// User Management
 	UserStoreFile string // Path to user store file
+
+	// JWT Configuration for Filer
+	FilerSigningKey          []byte // JWT signing key for filer uploads
+	FilerSigningExpiresAfter int    // JWT token expiration time in seconds
 }

 // NewSFTPService creates a new service instance.
@@ -201,6 +205,8 @@ func (s *SFTPService) handleSSHConnection(conn net.Conn, config *ssh.ServerConfi
 		s.options.DataCenter,
 		s.options.FilerGroup,
 		sftpUser,
+		s.options.FilerSigningKey,
+		s.options.FilerSigningExpiresAfter,
 	)

 	// Ensure home directory exists with proper permissions