From 219b651bc3642b74e5ffd824a0fedc904ec9796c Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Sun, 3 Mar 2019 10:17:44 -0800 Subject: [PATCH] jwt check the base file id fix https://github.com/chrislusf/seaweedfs/issues/867 --- weed/server/common_test.go | 31 +++++++++++++++++++++++++++ weed/server/volume_server_handlers.go | 4 ++++ 2 files changed, 35 insertions(+) create mode 100644 weed/server/common_test.go diff --git a/weed/server/common_test.go b/weed/server/common_test.go new file mode 100644 index 000000000..2e6c70bfe --- /dev/null +++ b/weed/server/common_test.go @@ -0,0 +1,31 @@ +package weed_server + +import ( + "strings" + "testing" +) + +func TestParseURL(t *testing.T) { + if vid, fid, _, _, _ := parseURLPath("/1,06dfa8a684"); true { + if vid != "1" { + t.Errorf("fail to parse vid: %s", vid) + } + if fid != "06dfa8a684" { + t.Errorf("fail to parse fid: %s", fid) + } + } + if vid, fid, _, _, _ := parseURLPath("/1,06dfa8a684_1"); true { + if vid != "1" { + t.Errorf("fail to parse vid: %s", vid) + } + if fid != "06dfa8a684_1" { + t.Errorf("fail to parse fid: %s", fid) + } + if sepIndex := strings.LastIndex(fid, "_"); sepIndex > 0 { + fid = fid[:sepIndex] + } + if fid != "06dfa8a684" { + t.Errorf("fail to parse fid: %s", fid) + } + } +} diff --git a/weed/server/volume_server_handlers.go b/weed/server/volume_server_handlers.go index 0e9aaeb3b..d23c08290 100644 --- a/weed/server/volume_server_handlers.go +++ b/weed/server/volume_server_handlers.go @@ -2,6 +2,7 @@ package weed_server import ( "net/http" + "strings" "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/security" @@ -71,6 +72,9 @@ func (vs *VolumeServer) maybeCheckJwtAuthorization(r *http.Request, vid, fid str } if sc, ok := token.Claims.(*security.SeaweedFileIdClaims); ok { + if sepIndex := strings.LastIndex(fid, "_"); sepIndex > 0 { + fid = fid[:sepIndex] + } return sc.Fid == vid+","+fid } glog.V(1).Infof("unexpected jwt from %s: %v", r.RemoteAddr, tokenStr)