Add JWT authentication to fs.mergeVolumes command (#6461)

Add jwt authentication to fs.mergeVolumes command
2025-09-18 01:02:46 +02:00 · 2025-01-21 05:46:46 +03:30 · 2025-01-21 05:46:46 +03:30 · b2f56d9add
commit b2f56d9add
parent b305b9fd11
1 changed files with 12 additions and 1 deletions
--- a/weed/shell/command_fs_merge_volumes.go
+++ b/weed/shell/command_fs_merge_volumes.go
@ -10,10 +10,12 @@ import (
 	"sort"
 	"strings"

+	"slices"
+
+	"github.com/seaweedfs/seaweedfs/weed/security"
 	"github.com/seaweedfs/seaweedfs/weed/storage/needle"
 	"github.com/seaweedfs/seaweedfs/weed/wdclient"
 	"golang.org/x/exp/maps"
-	"slices"

 	"github.com/seaweedfs/seaweedfs/weed/operation"
 	"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
@ -341,6 +343,14 @@ func moveChunk(chunk *filer_pb.FileChunk, toVolumeId needle.VolumeId, masterClie
 		return err
 	}

+	v := util.GetViper()
+	signingKey := v.GetString("jwt.signing.key")
+	var jwt security.EncodedJwt
+	if signingKey != "" {
+		expiresAfterSec := v.GetInt("jwt.signing.expires_after_seconds")
+		jwt = security.GenJwtForVolumeServer(security.SigningKey(signingKey), expiresAfterSec, toFid.String())
+	}
+
 	_, err, _ = uploader.Upload(reader, &operation.UploadOption{
 		UploadUrl:         uploadURL,
 		Filename:          filename,
@ -349,6 +359,7 @@ func moveChunk(chunk *filer_pb.FileChunk, toVolumeId needle.VolumeId, masterClie
 		MimeType:          contentType,
 		PairMap:           nil,
 		Md5:               md5,
+		Jwt:               security.EncodedJwt(jwt),
 	})
 	if err != nil {
 		return err