gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

cleanup security.Secret

Browse source
This commit is contained in:
Chris Lu 2019-02-09 21:56:32 -08:00
parent 501bd72b1c
commit 4ff4a147b2
16 changed files with 90 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
weed/command/benchmark.go
View file

@ -17,7 +17,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"github.com/chrislusf/seaweedfs/weed/wdclient"
)
@ -35,7 +34,6 @@ type BenchmarkOptions struct {
collection *string
cpuprofile *string
maxCpu *int
secretKey *string
}
var (
@ -59,7 +57,6 @@ func init() {
b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection")
b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file")
b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
b.secretKey = cmdBenchmark.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
sharedBytes = make([]byte, 1024)
}
@ -188,7 +185,6 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
defer wait.Done()
delayedDeleteChan := make(chan *delayedFile, 100)
var waitForDeletions sync.WaitGroup
secret := security.Secret(*b.secretKey)
for i := 0; i < 7; i++ {
waitForDeletions.Add(1)
@ -198,8 +194,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
if df.enterTime.After(time.Now()) {
time.Sleep(df.enterTime.Sub(time.Now()))
}
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid,
security.GenJwt(secret, df.fp.Fid)); e == nil {
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid, ""); e == nil {
s.completed++
} else {
s.failed++
@ -224,7 +219,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
}
if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil {
fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection
if _, err := fp.Upload(0, masterClient.GetMaster(), secret); err == nil {
if _, err := fp.Upload(0, masterClient.GetMaster(), ""); err == nil {
if random.Intn(100) < *b.deletePercentage {
s.total++
delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp}

3
weed/command/filer.go
View file

@ -28,7 +28,6 @@ type FilerOptions struct {
redirectOnRead *bool
disableDirListing *bool
maxMB *int
secretKey *string
dirListingLimit *int
dataCenter *string
enableNotification *bool
@ -49,7 +48,6 @@ func init() {
f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request")
f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing")
f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit")
f.secretKey = cmdFiler.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size")
f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center")
}
@ -103,7 +101,6 @@ func (fo *FilerOptions) startFiler() {
RedirectOnRead: *fo.redirectOnRead,
DisableDirListing: *fo.disableDirListing,
MaxMB: *fo.maxMB,
SecretKey: *fo.secretKey,
DirListingLimit: *fo.dirListingLimit,
DataCenter: *fo.dataCenter,
DefaultLevelDbDir: defaultLevelDbDirectory,

6
weed/command/filer_copy.go
View file

@ -11,7 +11,6 @@ import (
"context"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"io"
"net/http"
@ -31,9 +30,6 @@ type CopyOptions struct {
collection *string
ttl *string
maxMB *int
secretKey *string
secret security.Secret
}
func init() {
@ -46,7 +42,6 @@ func init() {
copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit")
copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000")
copy.secretKey = cmdCopy.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
}
var cmdCopy = &Command{
@ -66,7 +61,6 @@ var cmdCopy = &Command{
}
func runCopy(cmd *Command, args []string) bool {
copy.secret = security.Secret(*copy.secretKey)
if len(args) <= 1 {
return false
}

3
weed/command/master.go
View file

@ -47,7 +47,6 @@ var (
mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
masterSecureKey = cmdMaster.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file")
masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file")
@ -75,7 +74,7 @@ func runMaster(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *mport, *metaFolder,
*volumeSizeLimitMB, *volumePreallocate,
*mpulse, *defaultReplicaPlacement, *garbageThreshold,
masterWhiteList, *masterSecureKey,
masterWhiteList,
)
listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport)

4
weed/command/server.go
View file

@ -58,7 +58,6 @@ var (
serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name")
serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list")
serverSecureKey = cmdServer.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port")
masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000")
@ -96,7 +95,6 @@ func init() {
}
func runServer(cmd *Command, args []string) bool {
filerOptions.secretKey = serverSecureKey
if *serverOptions.cpuprofile != "" {
f, err := os.Create(*serverOptions.cpuprofile)
if err != nil {
@ -170,7 +168,7 @@ func runServer(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder,
*masterVolumeSizeLimitMB, *masterVolumePreallocate,
*pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold,
serverWhiteList, *serverSecureKey,
serverWhiteList,
)
glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort)

8
weed/command/upload.go
View file

@ -7,7 +7,6 @@ import (
"path/filepath"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
)
var (
@ -23,7 +22,6 @@ type UploadOptions struct {
dataCenter *string
ttl *string
maxMB *int
secretKey *string
}
func init() {
@ -37,7 +35,6 @@ func init() {
upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name")
upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit")
upload.secretKey = cmdUpload.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
}
var cmdUpload = &Command{
@ -60,7 +57,6 @@ var cmdUpload = &Command{
}
func runUpload(cmd *Command, args []string) bool {
secret := security.Secret(*upload.secretKey)
if len(args) == 0 {
if *upload.dir == "" {
return false
@ -79,7 +75,7 @@ func runUpload(cmd *Command, args []string) bool {
}
results, e := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results)
fmt.Println(string(bytes))
if e != nil {
@ -98,7 +94,7 @@ func runUpload(cmd *Command, args []string) bool {
}
results, _ := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results)
fmt.Println(string(bytes))
}

1
weed/operation/data_struts.go
View file

@ -2,6 +2,5 @@ package operation
type JoinResult struct {
VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"`
SecretKey string `json:"secretKey,omitempty"`
Error string `json:"error,omitempty"`
}

11
weed/operation/submit.go
View file

@ -37,9 +37,7 @@ type SubmitResult struct {
}
func SubmitFiles(master string, files []FilePart,
replication string, collection string, dataCenter string, ttl string, maxMB int,
secret security.Secret,
) ([]SubmitResult, error) {
replication string, collection string, dataCenter string, ttl string, maxMB int) ([]SubmitResult, error) {
results := make([]SubmitResult, len(files))
for index, file := range files {
results[index].FileName = file.FileName
@ -67,7 +65,7 @@ func SubmitFiles(master string, files []FilePart,
file.Replication = replication
file.Collection = collection
file.DataCenter = dataCenter
results[index].Size, err = file.Upload(maxMB, master, secret)
results[index].Size, err = file.Upload(maxMB, master, "")
if err != nil {
results[index].Error = err.Error()
}
@ -110,8 +108,7 @@ func newFilePart(fullPathFilename string) (ret FilePart, err error) {
return ret, nil
}
func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (retSize uint32, err error) {
jwt := security.GenJwt(secret, fi.Fid)
func (fi FilePart) Upload(maxMB int, master string, jwt security.EncodedJwt) (retSize uint32, err error) {
fileUrl := "http://" + fi.Server + "/" + fi.Fid
if fi.ModTime != 0 {
fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime))
@ -201,7 +198,7 @@ func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (ret
}
func upload_one_chunk(filename string, reader io.Reader, master,
fileUrl string, jwt security.EncodedJwt,
fileUrl string, jwt security.EncodedJwt,
) (size uint32, e error) {
glog.V(4).Info("Uploading part ", filename, " to ", fileUrl, "...")
uploadResult, uploadError := Upload(fileUrl, filename, reader, false,

1
weed/pb/master.proto
View file

@ -36,7 +36,6 @@ message Heartbeat {
message HeartbeatResponse {
uint64 volumeSizeLimit = 1;
string secretKey = 2;
string leader = 3;
}

142
weed/pb/master_pb/master.pb.go
View file

@ -145,7 +145,6 @@ func (m *Heartbeat) GetDeletedVids() []uint32 {
type HeartbeatResponse struct {
VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"`
SecretKey string `protobuf:"bytes,2,opt,name=secretKey" json:"secretKey,omitempty"`
Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"`
}
@ -161,13 +160,6 @@ func (m *HeartbeatResponse) GetVolumeSizeLimit() uint64 {
return 0
}
func (m *HeartbeatResponse) GetSecretKey() string {
if m != nil {
return m.SecretKey
}
return ""
}
func (m *HeartbeatResponse) GetLeader() string {
if m != nil {
return m.Leader
@ -966,71 +958,71 @@ var _Seaweed_serviceDesc = grpc.ServiceDesc{
func init() { proto.RegisterFile("master.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 1055 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0x4b, 0x6f, 0xe4, 0x44,
0x10, 0x5e, 0x7b, 0x9e, 0xae, 0xd9, 0xc9, 0x4e, 0x3a, 0x11, 0xf2, 0xce, 0xbe, 0x06, 0x73, 0x19,
0x04, 0x8a, 0x96, 0x70, 0x44, 0x08, 0xb1, 0xd1, 0x22, 0xa2, 0x04, 0x36, 0x38, 0xb0, 0x07, 0x2e,
0xa6, 0x63, 0x57, 0xa2, 0x56, 0xfc, 0xa2, 0xbb, 0x27, 0x99, 0xd9, 0x0b, 0x47, 0xfe, 0x15, 0x17,
0xb8, 0xf1, 0x53, 0xb8, 0xf1, 0x0b, 0x50, 0x3f, 0xec, 0xf1, 0x38, 0x09, 0x91, 0x90, 0xb8, 0xb5,
0xbf, 0xae, 0xee, 0xaa, 0xfe, 0xbe, 0x7a, 0x18, 0x1e, 0x66, 0x54, 0x48, 0xe4, 0x7b, 0x25, 0x2f,
0x64, 0x41, 0x3c, 0xf3, 0x15, 0x95, 0x67, 0xc1, 0x5f, 0x2e, 0x78, 0x5f, 0x23, 0xe5, 0xf2, 0x0c,
0xa9, 0x24, 0x5b, 0xe0, 0xb2, 0xd2, 0x77, 0x66, 0xce, 0xdc, 0x0b, 0x5d, 0x56, 0x12, 0x02, 0xdd,
0xb2, 0xe0, 0xd2, 0x77, 0x67, 0xce, 0x7c, 0x1c, 0xea, 0x35, 0x79, 0x06, 0x50, 0x2e, 0xce, 0x52,
0x16, 0x47, 0x0b, 0x9e, 0xfa, 0x1d, 0x6d, 0xeb, 0x19, 0xe4, 0x07, 0x9e, 0x92, 0x39, 0x4c, 0x32,
0xba, 0x8c, 0xae, 0x8a, 0x74, 0x91, 0x61, 0x14, 0x17, 0x8b, 0x5c, 0xfa, 0x5d, 0x7d, 0x7c, 0x2b,
0xa3, 0xcb, 0xb7, 0x1a, 0x3e, 0x50, 0x28, 0x99, 0xa9, 0xa8, 0x96, 0xd1, 0x39, 0x4b, 0x31, 0xba,
0xc4, 0x95, 0xdf, 0x9b, 0x39, 0xf3, 0x6e, 0x08, 0x19, 0x5d, 0x7e, 0xc5, 0x52, 0x3c, 0xc2, 0x15,
0x79, 0x01, 0xa3, 0x84, 0x4a, 0x1a, 0xc5, 0x98, 0x4b, 0xe4, 0x7e, 0x5f, 0xfb, 0x02, 0x05, 0x1d,
0x68, 0x44, 0xc5, 0xc7, 0x69, 0x7c, 0xe9, 0x0f, 0xf4, 0x8e, 0x5e, 0xab, 0xf8, 0x68, 0x92, 0xb1,
0x3c, 0xd2, 0x91, 0x0f, 0xb5, 0x6b, 0x4f, 0x23, 0x27, 0x2a, 0xfc, 0xcf, 0x61, 0x60, 0x62, 0x13,
0xbe, 0x37, 0xeb, 0xcc, 0x47, 0xfb, 0x1f, 0xec, 0xd5, 0x6c, 0xec, 0x99, 0xf0, 0x0e, 0xf3, 0xf3,
0x82, 0x67, 0x54, 0xb2, 0x22, 0xff, 0x06, 0x85, 0xa0, 0x17, 0x18, 0x56, 0x67, 0xc8, 0x63, 0x18,
0xe6, 0x78, 0x1d, 0x5d, 0xb1, 0x44, 0xf8, 0x30, 0xeb, 0xcc, 0xc7, 0xe1, 0x20, 0xc7, 0xeb, 0xb7,
0x2c, 0x11, 0xe4, 0x7d, 0x78, 0x98, 0x60, 0x8a, 0x12, 0x13, 0xb3, 0x3d, 0xd2, 0xdb, 0x23, 0x8b,
0x29, 0x93, 0x40, 0xc0, 0x76, 0x4d, 0x76, 0x88, 0xa2, 0x2c, 0x72, 0x81, 0x64, 0x0e, 0x8f, 0xcc,
0xed, 0xa7, 0xec, 0x1d, 0x1e, 0xb3, 0x8c, 0x49, 0xad, 0x40, 0x37, 0x6c, 0xc3, 0xe4, 0x29, 0x78,
0x02, 0x63, 0x8e, 0xf2, 0x08, 0x57, 0x5a, 0x13, 0x2f, 0x5c, 0x03, 0xe4, 0x3d, 0xe8, 0xa7, 0x48,
0x13, 0xe4, 0x56, 0x14, 0xfb, 0x15, 0xfc, 0xe1, 0x82, 0x7f, 0xd7, 0xc3, 0xb4, 0xe2, 0x89, 0xf6,
0x37, 0x0e, 0x5d, 0x96, 0x28, 0x46, 0x05, 0x7b, 0x87, 0xfa, 0xf6, 0x6e, 0xa8, 0xd7, 0xe4, 0x39,
0x40, 0x5c, 0xa4, 0x29, 0xc6, 0xea, 0xa0, 0xbd, 0xbc, 0x81, 0x28, 0xc6, 0xb5, 0x88, 0x6b, 0xb1,
0xbb, 0xa1, 0xa7, 0x10, 0xa3, 0x73, 0xcd, 0x8b, 0x35, 0x30, 0x3a, 0x5b, 0x5e, 0x8c, 0xc9, 0xc7,
0x40, 0x2a, 0xea, 0xce, 0x56, 0xb5, 0x61, 0x5f, 0x1b, 0x4e, 0xec, 0xce, 0xab, 0x55, 0x65, 0xfd,
0x04, 0x3c, 0x8e, 0x34, 0x89, 0x8a, 0x3c, 0x5d, 0x69, 0xe9, 0x87, 0xe1, 0x50, 0x01, 0x6f, 0xf2,
0x74, 0x45, 0x3e, 0x82, 0x6d, 0x8e, 0x65, 0xca, 0x62, 0x1a, 0x95, 0x29, 0x8d, 0x31, 0xc3, 0xbc,
0xca, 0x82, 0x89, 0xdd, 0x38, 0xa9, 0x70, 0xe2, 0xc3, 0xe0, 0x0a, 0xb9, 0x50, 0xcf, 0xf2, 0xb4,
0x49, 0xf5, 0x49, 0x26, 0xd0, 0x91, 0x32, 0xf5, 0x41, 0xa3, 0x6a, 0x19, 0x0c, 0xa0, 0xf7, 0x3a,
0x2b, 0xe5, 0x2a, 0xf8, 0xcd, 0x81, 0x47, 0xa7, 0x8b, 0x12, 0xf9, 0xab, 0xb4, 0x88, 0x2f, 0x5f,
0x2f, 0x25, 0xa7, 0xe4, 0x0d, 0x6c, 0x21, 0xa7, 0x62, 0xc1, 0x55, 0xec, 0x09, 0xcb, 0x2f, 0x34,
0xa5, 0xa3, 0xfd, 0x79, 0x23, 0xb9, 0x5a, 0x67, 0xf6, 0x5e, 0x9b, 0x03, 0x07, 0xda, 0x3e, 0x1c,
0x63, 0xf3, 0x73, 0xfa, 0x23, 0x8c, 0x37, 0xf6, 0x95, 0x30, 0x2a, 0xf1, 0xad, 0x54, 0x7a, 0xad,
0x14, 0x2f, 0x29, 0x67, 0x72, 0x65, 0x0b, 0xd4, 0x7e, 0x29, 0x41, 0x6c, 0xfd, 0xa9, 0x3c, 0xec,
0xe8, 0x3c, 0xf4, 0x0c, 0x72, 0x98, 0x88, 0xe0, 0x43, 0xd8, 0x39, 0x48, 0x19, 0xe6, 0xf2, 0x98,
0x09, 0x89, 0x79, 0x88, 0x3f, 0x2f, 0x50, 0x48, 0xe5, 0x21, 0xa7, 0x19, 0xda, 0xf2, 0xd7, 0xeb,
0xe0, 0x17, 0xd8, 0x32, 0xa9, 0x73, 0x5c, 0xc4, 0x3a, 0x6f, 0x14, 0x31, 0xaa, 0xee, 0x8d, 0x91,
0x5a, 0xb6, 0x1a, 0x82, 0xdb, 0x6e, 0x08, 0xcd, 0x8a, 0xe9, 0xfc, 0x7b, 0xc5, 0x74, 0x6f, 0x56,
0xcc, 0xf7, 0xb0, 0x73, 0x5c, 0x14, 0x97, 0x8b, 0xd2, 0x84, 0x51, 0xc5, 0xba, 0xf9, 0x42, 0x67,
0xd6, 0x51, 0x3e, 0xeb, 0x17, 0xb6, 0x32, 0xd6, 0x6d, 0x67, 0x6c, 0xf0, 0xb7, 0x03, 0xbb, 0x9b,
0xd7, 0xda, 0x5a, 0xfc, 0x09, 0x76, 0xea, 0x7b, 0xa3, 0xd4, 0xbe, 0xd9, 0x38, 0x18, 0xed, 0xbf,
0x6c, 0x88, 0x79, 0xdb, 0xe9, 0xaa, 0x7d, 0x24, 0x15, 0x59, 0xe1, 0xf6, 0x55, 0x0b, 0x11, 0xd3,
0x25, 0x4c, 0xda, 0x66, 0x2a, 0xa1, 0x6b, 0xaf, 0x96, 0xd9, 0x61, 0x75, 0x92, 0x7c, 0x02, 0xde,
0x3a, 0x10, 0x57, 0x07, 0xb2, 0xb3, 0x11, 0x88, 0xf5, 0xb5, 0xb6, 0x22, 0xbb, 0xd0, 0x43, 0xce,
0x8b, 0xaa, 0x11, 0x98, 0x8f, 0xe0, 0x33, 0x18, 0xfe, 0x67, 0x15, 0x83, 0x3f, 0x1d, 0x18, 0x7f,
0x29, 0x04, 0xbb, 0xa8, 0xd3, 0x65, 0x17, 0x7a, 0xa6, 0x4c, 0x4d, 0xb3, 0x32, 0x1f, 0x64, 0x06,
0x23, 0x5b, 0x65, 0x0d, 0xea, 0x9b, 0xd0, 0xbd, 0xdd, 0xc4, 0x56, 0x5e, 0xd7, 0x84, 0x26, 0x65,
0xda, 0x1e, 0x03, 0xbd, 0x3b, 0xc7, 0x40, 0xbf, 0x31, 0x06, 0x9e, 0x80, 0xa7, 0x0f, 0xe5, 0x45,
0x82, 0x76, 0x3e, 0x0c, 0x15, 0xf0, 0x6d, 0x91, 0xe8, 0xb4, 0xae, 0x1e, 0x63, 0x85, 0x9f, 0x40,
0xe7, 0xbc, 0x26, 0x5f, 0x2d, 0x2b, 0x8a, 0xdc, 0xbb, 0x28, 0xba, 0x31, 0xf9, 0x6a, 0x42, 0xba,
0x4d, 0x42, 0x6a, 0x2d, 0x7a, 0x4d, 0x2d, 0x2e, 0x60, 0xfb, 0x54, 0x52, 0xc9, 0x84, 0x64, 0xb1,
0xa8, 0x18, 0x6d, 0x71, 0xe7, 0xdc, 0xc7, 0x9d, 0x7b, 0x17, 0x77, 0x9d, 0x9a, 0xbb, 0xe0, 0x77,
0x07, 0x48, 0xd3, 0x93, 0x7d, 0xee, 0xff, 0xe0, 0x4a, 0xd1, 0x23, 0x0b, 0x49, 0xd3, 0x48, 0x0f,
0x10, 0x3b, 0x06, 0x34, 0xa2, 0x26, 0x98, 0x12, 0x64, 0x21, 0x30, 0x31, 0xbb, 0x66, 0x06, 0x0c,
0x15, 0xa0, 0x37, 0x37, 0x47, 0x48, 0xbf, 0x35, 0x42, 0xf6, 0x7f, 0xed, 0xc0, 0xe0, 0x14, 0xe9,
0x35, 0x62, 0x42, 0x0e, 0x61, 0x7c, 0x8a, 0x79, 0xb2, 0xfe, 0x69, 0xd9, 0x6d, 0x54, 0x43, 0x8d,
0x4e, 0x9f, 0xde, 0x86, 0x56, 0xef, 0x0f, 0x1e, 0xcc, 0x9d, 0x97, 0x0e, 0x39, 0x81, 0xf1, 0x11,
0x62, 0x79, 0x50, 0xe4, 0x39, 0xc6, 0x12, 0x13, 0xf2, 0xbc, 0x71, 0xe8, 0x96, 0x16, 0x39, 0x7d,
0x7c, 0xe3, 0x5f, 0xa1, 0xaa, 0x28, 0x7b, 0xe3, 0x77, 0xf0, 0xb0, 0xd9, 0x19, 0x36, 0x2e, 0xbc,
0xa5, 0x8f, 0x4d, 0x5f, 0xdc, 0xd3, 0x52, 0x82, 0x07, 0xe4, 0x0b, 0xe8, 0x9b, 0x5c, 0x25, 0x7e,
0xc3, 0x78, 0xa3, 0x16, 0x37, 0xe2, 0xda, 0x4c, 0xec, 0xe0, 0x01, 0x39, 0x02, 0x58, 0x67, 0x00,
0x69, 0xf2, 0x72, 0x23, 0x05, 0xa7, 0xcf, 0xee, 0xd8, 0xad, 0x2e, 0x3b, 0xeb, 0xeb, 0x3f, 0xc8,
0x4f, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0xc7, 0x9f, 0x0a, 0x25, 0x51, 0x0a, 0x00, 0x00,
// 1043 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0xcd, 0x6e, 0x24, 0x35,
0x10, 0xde, 0xee, 0xf9, 0xed, 0x9a, 0x4c, 0x76, 0xe2, 0x44, 0xa8, 0x77, 0x96, 0xdd, 0x1d, 0x9a,
0xcb, 0x20, 0x50, 0xb4, 0x84, 0x23, 0x42, 0x88, 0x8d, 0x82, 0x88, 0x12, 0xd8, 0xd0, 0x61, 0xf7,
0xc0, 0xa5, 0x71, 0xba, 0x2b, 0x91, 0x95, 0xfe, 0xc3, 0xf6, 0x24, 0x33, 0x7b, 0xe1, 0xc8, 0x5b,
0x71, 0x81, 0x1b, 0x8f, 0xc2, 0x8d, 0x27, 0x40, 0xfe, 0xe9, 0x4e, 0x4f, 0x27, 0x21, 0x12, 0x12,
0x37, 0xfb, 0x73, 0xd9, 0xae, 0xfa, 0xbe, 0xaa, 0xb2, 0x61, 0x23, 0xa3, 0x42, 0x22, 0xdf, 0x2d,
0x79, 0x21, 0x0b, 0xe2, 0x99, 0x59, 0x54, 0x9e, 0x05, 0x7f, 0xb9, 0xe0, 0x7d, 0x83, 0x94, 0xcb,
0x33, 0xa4, 0x92, 0x6c, 0x82, 0xcb, 0x4a, 0xdf, 0x99, 0x39, 0x73, 0x2f, 0x74, 0x59, 0x49, 0x08,
0x74, 0xcb, 0x82, 0x4b, 0xdf, 0x9d, 0x39, 0xf3, 0x71, 0xa8, 0xc7, 0xe4, 0x19, 0x40, 0xb9, 0x38,
0x4b, 0x59, 0x1c, 0x2d, 0x78, 0xea, 0x77, 0xb4, 0xad, 0x67, 0x90, 0x37, 0x3c, 0x25, 0x73, 0x98,
0x64, 0x74, 0x19, 0x5d, 0x15, 0xe9, 0x22, 0xc3, 0x28, 0x2e, 0x16, 0xb9, 0xf4, 0xbb, 0x7a, 0xfb,
0x66, 0x46, 0x97, 0x6f, 0x35, 0xbc, 0xaf, 0x50, 0x32, 0x53, 0x5e, 0x2d, 0xa3, 0x73, 0x96, 0x62,
0x74, 0x89, 0x2b, 0xbf, 0x37, 0x73, 0xe6, 0xdd, 0x10, 0x32, 0xba, 0xfc, 0x9a, 0xa5, 0x78, 0x84,
0x2b, 0xf2, 0x02, 0x46, 0x09, 0x95, 0x34, 0x8a, 0x31, 0x97, 0xc8, 0xfd, 0xbe, 0xbe, 0x0b, 0x14,
0xb4, 0xaf, 0x11, 0xe5, 0x1f, 0xa7, 0xf1, 0xa5, 0x3f, 0xd0, 0x2b, 0x7a, 0xac, 0xfc, 0xa3, 0x49,
0xc6, 0xf2, 0x48, 0x7b, 0x3e, 0xd4, 0x57, 0x7b, 0x1a, 0x39, 0x51, 0xee, 0x7f, 0x01, 0x03, 0xe3,
0x9b, 0xf0, 0xbd, 0x59, 0x67, 0x3e, 0xda, 0xfb, 0x70, 0xb7, 0x66, 0x63, 0xd7, 0xb8, 0x77, 0x98,
0x9f, 0x17, 0x3c, 0xa3, 0x92, 0x15, 0xf9, 0xb7, 0x28, 0x04, 0xbd, 0xc0, 0xb0, 0xda, 0x43, 0x9e,
0xc0, 0x30, 0xc7, 0xeb, 0xe8, 0x8a, 0x25, 0xc2, 0x87, 0x59, 0x67, 0x3e, 0x0e, 0x07, 0x39, 0x5e,
0xbf, 0x65, 0x89, 0x20, 0x1f, 0xc0, 0x46, 0x82, 0x29, 0x4a, 0x4c, 0xcc, 0xf2, 0x48, 0x2f, 0x8f,
0x2c, 0xa6, 0x4c, 0x82, 0x37, 0xb0, 0x55, 0x93, 0x1d, 0xa2, 0x28, 0x8b, 0x5c, 0x20, 0x99, 0xc3,
0x63, 0x73, 0xfa, 0x29, 0x7b, 0x87, 0xc7, 0x2c, 0x63, 0x52, 0x2b, 0xd0, 0x0d, 0xdb, 0x30, 0x79,
0x0f, 0xfa, 0x29, 0xd2, 0x04, 0xb9, 0xa5, 0xdd, 0xce, 0x82, 0x3f, 0x5c, 0xf0, 0xef, 0x73, 0x5d,
0x6b, 0x9a, 0xe8, 0x13, 0xc7, 0xa1, 0xcb, 0x12, 0xc5, 0x99, 0x60, 0xef, 0x50, 0x6b, 0xda, 0x0d,
0xf5, 0x98, 0x3c, 0x07, 0x88, 0x8b, 0x34, 0xc5, 0x58, 0x6d, 0xb4, 0x87, 0x37, 0x10, 0xc5, 0xa9,
0x96, 0xe9, 0x46, 0xce, 0x6e, 0xe8, 0x29, 0xc4, 0x28, 0x59, 0x47, 0x6e, 0x0d, 0x8c, 0x92, 0x36,
0x72, 0x63, 0xf2, 0x09, 0x90, 0x8a, 0x9c, 0xb3, 0x55, 0x6d, 0xd8, 0xd7, 0x86, 0x13, 0xbb, 0xf2,
0x6a, 0x55, 0x59, 0x3f, 0x05, 0x8f, 0x23, 0x4d, 0xa2, 0x22, 0x4f, 0x57, 0x5a, 0xdc, 0x61, 0x38,
0x54, 0xc0, 0xeb, 0x3c, 0x5d, 0x91, 0x8f, 0x61, 0x8b, 0x63, 0x99, 0xb2, 0x98, 0x46, 0x65, 0x4a,
0x63, 0xcc, 0x30, 0xaf, 0x74, 0x9e, 0xd8, 0x85, 0x93, 0x0a, 0x27, 0x3e, 0x0c, 0xae, 0x90, 0x0b,
0x15, 0x96, 0xa7, 0x4d, 0xaa, 0x29, 0x99, 0x40, 0x47, 0xca, 0xd4, 0x07, 0x8d, 0xaa, 0x61, 0x30,
0x80, 0xde, 0x41, 0x56, 0xca, 0x55, 0xf0, 0x9b, 0x03, 0x8f, 0x4f, 0x17, 0x25, 0xf2, 0x57, 0x69,
0x11, 0x5f, 0x1e, 0x2c, 0x25, 0xa7, 0xe4, 0x35, 0x6c, 0x22, 0xa7, 0x62, 0xc1, 0x95, 0xef, 0x09,
0xcb, 0x2f, 0x34, 0xa5, 0xa3, 0xbd, 0x79, 0x23, 0x7d, 0x5a, 0x7b, 0x76, 0x0f, 0xcc, 0x86, 0x7d,
0x6d, 0x1f, 0x8e, 0xb1, 0x39, 0x9d, 0xfe, 0x08, 0xe3, 0xb5, 0x75, 0x25, 0x8c, 0x4a, 0x6d, 0x2b,
0x95, 0x1e, 0x2b, 0xc5, 0x4b, 0xca, 0x99, 0x5c, 0xd9, 0x12, 0xb4, 0x33, 0x25, 0x88, 0xad, 0x30,
0x95, 0x69, 0x1d, 0x9d, 0x69, 0x9e, 0x41, 0x0e, 0x13, 0x11, 0x7c, 0x04, 0xdb, 0xfb, 0x29, 0xc3,
0x5c, 0x1e, 0x33, 0x21, 0x31, 0x0f, 0xf1, 0xe7, 0x05, 0x0a, 0xa9, 0x6e, 0xc8, 0x69, 0x86, 0xb6,
0xc0, 0xf5, 0x38, 0xf8, 0x05, 0x36, 0x4d, 0xea, 0x1c, 0x17, 0xb1, 0xce, 0x1b, 0x45, 0x8c, 0xaa,
0x6c, 0x63, 0xa4, 0x86, 0xad, 0x92, 0x77, 0xdb, 0x25, 0xdf, 0xac, 0x89, 0xce, 0xbf, 0xd7, 0x44,
0xf7, 0x76, 0x4d, 0xfc, 0x00, 0xdb, 0xc7, 0x45, 0x71, 0xb9, 0x28, 0x8d, 0x1b, 0x95, 0xaf, 0xeb,
0x11, 0x3a, 0xb3, 0x8e, 0xba, 0xb3, 0x8e, 0xb0, 0x95, 0xb1, 0x6e, 0x3b, 0x63, 0x83, 0xbf, 0x1d,
0xd8, 0x59, 0x3f, 0xd6, 0x56, 0xdb, 0x4f, 0xb0, 0x5d, 0x9f, 0x1b, 0xa5, 0x36, 0x66, 0x73, 0xc1,
0x68, 0xef, 0x65, 0x43, 0xcc, 0xbb, 0x76, 0x57, 0x0d, 0x22, 0xa9, 0xc8, 0x0a, 0xb7, 0xae, 0x5a,
0x88, 0x98, 0x2e, 0x61, 0xd2, 0x36, 0x53, 0x09, 0x5d, 0xdf, 0x6a, 0x99, 0x1d, 0x56, 0x3b, 0xc9,
0xa7, 0xe0, 0xdd, 0x38, 0xe2, 0x6a, 0x47, 0xb6, 0xd7, 0x1c, 0xb1, 0x77, 0xdd, 0x58, 0x91, 0x1d,
0xe8, 0x21, 0xe7, 0x45, 0xd5, 0x08, 0xcc, 0x24, 0xf8, 0x1c, 0x86, 0xff, 0x59, 0xc5, 0xe0, 0x4f,
0x07, 0xc6, 0x5f, 0x09, 0xc1, 0x2e, 0xea, 0x74, 0xd9, 0x81, 0x9e, 0x29, 0x53, 0xd3, 0x8e, 0xcc,
0x84, 0xcc, 0x60, 0x64, 0xab, 0xac, 0x41, 0x7d, 0x13, 0x7a, 0xb0, 0x9b, 0xd8, 0xca, 0xeb, 0x1a,
0xd7, 0xa4, 0x4c, 0xdb, 0x8d, 0xbe, 0x77, 0x6f, 0xa3, 0xef, 0x37, 0x1a, 0xfd, 0x53, 0xf0, 0xf4,
0xa6, 0xbc, 0x48, 0xd0, 0xbe, 0x00, 0x43, 0x05, 0x7c, 0x57, 0x24, 0x3a, 0xad, 0xab, 0x60, 0xac,
0xf0, 0x13, 0xe8, 0x9c, 0xd7, 0xe4, 0xab, 0x61, 0x45, 0x91, 0x7b, 0x1f, 0x45, 0xb7, 0xde, 0xb6,
0x9a, 0x90, 0x6e, 0x93, 0x90, 0x5a, 0x8b, 0x5e, 0x53, 0x8b, 0x0b, 0xd8, 0x3a, 0x95, 0x54, 0x32,
0x21, 0x59, 0x2c, 0x2a, 0x46, 0x5b, 0xdc, 0x39, 0x0f, 0x71, 0xe7, 0xde, 0xc7, 0x5d, 0xa7, 0xe6,
0x2e, 0xf8, 0xdd, 0x01, 0xd2, 0xbc, 0xc9, 0x86, 0xfb, 0x3f, 0x5c, 0xa5, 0xe8, 0x91, 0x85, 0xa4,
0x69, 0xa4, 0x1f, 0x10, 0xfb, 0x0c, 0x68, 0x44, 0xbd, 0x51, 0x4a, 0x90, 0x85, 0xc0, 0xc4, 0xac,
0x9a, 0x37, 0x60, 0xa8, 0x00, 0xbd, 0xb8, 0xfe, 0x84, 0xf4, 0x5b, 0x4f, 0xc8, 0xde, 0xaf, 0x1d,
0x18, 0x9c, 0x22, 0xbd, 0x46, 0x4c, 0xc8, 0x21, 0x8c, 0x4f, 0x31, 0x4f, 0x6e, 0xbe, 0x25, 0x3b,
0x8d, 0x6a, 0xa8, 0xd1, 0xe9, 0xfb, 0x77, 0xa1, 0x55, 0xfc, 0xc1, 0xa3, 0xb9, 0xf3, 0xd2, 0x21,
0x27, 0x30, 0x3e, 0x42, 0x2c, 0xf7, 0x8b, 0x3c, 0xc7, 0x58, 0x62, 0x42, 0x9e, 0x37, 0x36, 0xdd,
0xd1, 0x22, 0xa7, 0x4f, 0x6e, 0xfd, 0x06, 0xaa, 0x8a, 0xb2, 0x27, 0x7e, 0x0f, 0x1b, 0xcd, 0xce,
0xb0, 0x76, 0xe0, 0x1d, 0x7d, 0x6c, 0xfa, 0xe2, 0x81, 0x96, 0x12, 0x3c, 0x22, 0x5f, 0x42, 0xdf,
0xe4, 0x2a, 0xf1, 0x1b, 0xc6, 0x6b, 0xb5, 0xb8, 0xe6, 0xd7, 0x7a, 0x62, 0x07, 0x8f, 0xc8, 0x11,
0xc0, 0x4d, 0x06, 0x90, 0x26, 0x2f, 0xb7, 0x52, 0x70, 0xfa, 0xec, 0x9e, 0xd5, 0xea, 0xb0, 0xb3,
0xbe, 0xfe, 0x23, 0x7e, 0xf6, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x77, 0xb3, 0x32, 0xc7, 0x33,
0x0a, 0x00, 0x00,
}

4
weed/security/guard.go
View file

@ -42,13 +42,13 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
*/
type Guard struct {
whiteList []string
SecretKey Secret
SecretKey SigningKey
isActive bool
}
func NewGuard(whiteList []string, secretKey string) *Guard {
g := &Guard{whiteList: whiteList, SecretKey: Secret(secretKey)}
g := &Guard{whiteList: whiteList, SecretKey: SigningKey(secretKey)}
g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0
return g
}

18
weed/security/jwt.go
View file

@ -11,10 +11,10 @@ import (
)
type EncodedJwt string
type Secret string
type SigningKey string
func GenJwt(secret Secret, fileId string) EncodedJwt {
if secret == "" {
func GenJwt(signingKey SigningKey, fileId string) EncodedJwt {
if signingKey == "" {
return ""
}
@ -23,7 +23,7 @@ func GenJwt(secret Secret, fileId string) EncodedJwt {
ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
Subject: fileId,
}
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
if e != nil {
glog.V(0).Infof("Failed to sign claims: %v", t.Claims)
return ""
@ -55,20 +55,20 @@ func GetJwt(r *http.Request) EncodedJwt {
return EncodedJwt(tokenStr)
}
func EncodeJwt(secret Secret, claims *jwt.StandardClaims) (EncodedJwt, error) {
if secret == "" {
func EncodeJwt(signingKey SigningKey, claims *jwt.StandardClaims) (EncodedJwt, error) {
if signingKey == "" {
return "", nil
}
t := jwt.New(jwt.GetSigningMethod("HS256"))
t.Claims = claims
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
return EncodedJwt(encoded), e
}
func DecodeJwt(secret Secret, tokenString EncodedJwt) (token *jwt.Token, err error) {
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
// check exp, nbf
return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) {
return secret, nil
return signingKey, nil
})
}

3
weed/server/filer_server.go
View file

@ -28,7 +28,6 @@ type FilerOption struct {
RedirectOnRead bool
DisableDirListing bool
MaxMB int
SecretKey string
DirListingLimit int
DataCenter string
DefaultLevelDbDir string
@ -36,7 +35,7 @@ type FilerOption struct {
type FilerServer struct {
option *FilerOption
secret security.Secret
secret security.SigningKey
filer *filer2.Filer
}

1
weed/server/master_grpc_server.go
View file

@ -67,7 +67,6 @@ func (ms *MasterServer) SendHeartbeat(stream master_pb.Seaweed_SendHeartbeatServ
glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort())
if err := stream.Send(&master_pb.HeartbeatResponse{
VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024,
SecretKey: string(ms.guard.SecretKey),
}); err != nil {
return err
}

3
weed/server/master_server.go
View file

@ -45,7 +45,6 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
defaultReplicaPlacement string,
garbageThreshold float64,
whiteList []string,
secureKey string,
) *MasterServer {
var preallocateSize int64
@ -67,7 +66,7 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
ms.vg = topology.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB")
ms.guard = security.NewGuard(whiteList, secureKey)
ms.guard = security.NewGuard(whiteList, signingKey)
handleStaticResources2(r)
r.HandleFunc("/", ms.uiStatusHandler)

4
weed/server/volume_grpc_client_to_master.go
View file

@ -6,7 +6,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/master_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"golang.org/x/net/context"
)
@ -73,9 +72,6 @@ func (vs *VolumeServer) doHeartbeat(masterNode, masterGrpcAddress string, sleepI
if in.GetVolumeSizeLimit() != 0 {
vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit()
}
if in.GetSecretKey() != "" {
vs.guard.SecretKey = security.Secret(in.GetSecretKey())
}
if in.GetLeader() != "" && masterNode != in.GetLeader() {
glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode)
newLeader = in.GetLeader()