sftpd: use global TLS-aware HTTP client for filer uploads (#8795)

* sftpd: use global TLS-aware HTTP client for filer uploads (#8794)

putFile() hardcoded http:// and used http.DefaultClient, which broke
file uploads when the filer has HTTPS/TLS enabled. Switch to the global
HTTP client which reads [https.client] from security.toml and
automatically normalizes the URL scheme.

* sftpd: propagate NormalizeUrl error instead of swallowing it

weed/sftpd/sftp_filer.go

@@ -21,6 +21,7 @@ import (
 	weed_server "github.com/seaweedfs/seaweedfs/weed/server"
 	"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
 	"github.com/seaweedfs/seaweedfs/weed/util"
+	util_http "github.com/seaweedfs/seaweedfs/weed/util/http"
 	"google.golang.org/grpc"
 )
 
@@ -322,6 +323,12 @@ func (fs *SftpServer) removeDir(absPath string) error {
 func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User) error {
 	dir, filename := util.FullPath(filepath).DirAndName()
 	uploadUrl := fmt.Sprintf("http://%s%s", fs.filerAddr, filepath)
+	// Let the global HTTP client normalize the scheme to https:// when TLS is configured
+	normalizedUrl, err := util_http.NormalizeUrl(uploadUrl)
+	if err != nil {
+		return fmt.Errorf("normalize upload url %q: %w", uploadUrl, err)
+	}
+	uploadUrl = normalizedUrl
 
 	// Compute MD5 while uploading
 	hash := md5.New()
@@ -342,7 +349,7 @@ func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User
 		}
 	}
 
-	resp, err := http.DefaultClient.Do(req)
+	resp, err := util_http.Do(req)
 	if err != nil {
 		return fmt.Errorf("upload to filer: %w", err)
 	}