Главная Обзор Помощь
Вход
SMusatov
/
seaweedfs
зеркало из https://github.com/seaweedfs/seaweedfs.git
1
0
Ответвить 0
Файлы Вики
Дерево: a0a9f6c134
Ветки Метки
seaweedfs
/
weed
/
server
/
volume_server_handlers.go

volume_server_handlers.go 2.1 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. package weed_server
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"strings"
    6. 

  6. 

  7. 	"github.com/chrislusf/seaweedfs/weed/glog"
    8. 

  8. 	"github.com/chrislusf/seaweedfs/weed/security"
    9. 

  9. 	"github.com/chrislusf/seaweedfs/weed/stats"
    10. 

  10. )
    11. 

  11. 

  12. /*
    13. 

  13. 

  14. If volume server is started with a separated public port, the public port will
    15. 

  15. be more "secure".
    16. 

  16. 

  17. Public port currently only supports reads.
    18. 

  18. 

  19. Later writes on public port can have one of the 3
    20. 

  20. security settings:
    21. 

  21. 1. not secured
    22. 

  22. 2. secured by white list
    23. 

  23. 3. secured by JWT(Json Web Token)
    24. 

  24. 

  25. */
    26. 

  26. 

  27. func (vs *VolumeServer) privateStoreHandler(w http.ResponseWriter, r *http.Request) {
    28. 

  28. 	switch r.Method {
    29. 

  29. 	case "GET", "HEAD":
    30. 

  30. 		stats.ReadRequest()
    31. 

  31. 		vs.GetOrHeadHandler(w, r)
    32. 

  32. 	case "DELETE":
    33. 

  33. 		stats.DeleteRequest()
    34. 

  34. 		vs.guard.WhiteList(vs.DeleteHandler)(w, r)
    35. 

  35. 	case "PUT", "POST":
    36. 

  36. 		stats.WriteRequest()
    37. 

  37. 		vs.guard.WhiteList(vs.PostHandler)(w, r)
    38. 

  38. 	}
    39. 

  39. }
    40. 

  40. 

  41. func (vs *VolumeServer) publicReadOnlyHandler(w http.ResponseWriter, r *http.Request) {
    42. 

  42. 	switch r.Method {
    43. 

  43. 	case "GET":
    44. 

  44. 		stats.ReadRequest()
    45. 

  45. 		vs.GetOrHeadHandler(w, r)
    46. 

  46. 	case "HEAD":
    47. 

  47. 		stats.ReadRequest()
    48. 

  48. 		vs.GetOrHeadHandler(w, r)
    49. 

  49. 	}
    50. 

  50. }
    51. 

  51. 

  52. func (vs *VolumeServer) maybeCheckJwtAuthorization(r *http.Request, vid, fid string, isWrite bool) bool {
    53. 

  53. 

  54. 	var signingKey security.SigningKey
    55. 

  55. 

  56. 	if isWrite {
    57. 

  57. 		if len(vs.guard.SigningKey) == 0 {
    58. 

  58. 			return true
    59. 

  59. 		} else {
    60. 

  60. 			signingKey = vs.guard.SigningKey
    61. 

  61. 		}
    62. 

  62. 	} else {
    63. 

  63. 		if len(vs.guard.ReadSigningKey) == 0 {
    64. 

  64. 			return true
    65. 

  65. 		} else {
    66. 

  66. 			signingKey = vs.guard.ReadSigningKey
    67. 

  67. 		}
    68. 

  68. 	}
    69. 

  69. 

  70. 	tokenStr := security.GetJwt(r)
    71. 

  71. 	if tokenStr == "" {
    72. 

  72. 		glog.V(1).Infof("missing jwt from %s", r.RemoteAddr)
    73. 

  73. 		return false
    74. 

  74. 	}
    75. 

  75. 

  76. 	token, err := security.DecodeJwt(signingKey, tokenStr)
    77. 

  77. 	if err != nil {
    78. 

  78. 		glog.V(1).Infof("jwt verification error from %s: %v", r.RemoteAddr, err)
    79. 

  79. 		return false
    80. 

  80. 	}
    81. 

  81. 	if !token.Valid {
    82. 

  82. 		glog.V(1).Infof("jwt invalid from %s: %v", r.RemoteAddr, tokenStr)
    83. 

  83. 		return false
    84. 

  84. 	}
    85. 

  85. 

  86. 	if sc, ok := token.Claims.(*security.SeaweedFileIdClaims); ok {
    87. 

  87. 		if sepIndex := strings.LastIndex(fid, "_"); sepIndex > 0 {
    88. 

  88. 			fid = fid[:sepIndex]
    89. 

  89. 		}
    90. 

  90. 		return sc.Fid == vid+","+fid
    91. 

  91. 	}
    92. 

  92. 	glog.V(1).Infof("unexpected jwt from %s: %v", r.RemoteAddr, tokenStr)
    93. 

  93. 	return false
    94. 

  94. }
    95.