add jwt token in weed admin headers requests

weed/admin/handlers/file_browser_handlers.go

@@ -24,6 +24,7 @@ import (
 	"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
 	"github.com/seaweedfs/seaweedfs/weed/util"
 	"github.com/seaweedfs/seaweedfs/weed/util/http/client"
+	"github.com/seaweedfs/seaweedfs/weed/security"
 )
 
 type FileBrowserHandlers struct {
@@ -364,6 +365,22 @@ func (h *FileBrowserHandlers) uploadFileToFiler(filePath string, fileHeader *mul
 	}
 	defer file.Close()
 
+	// Load security configuration
+	v := util.GetViper()
+	
+	// Read Filer JWT token from security.toml
+	signingKey := security.SigningKey(v.GetString("jwt.filer_signing.key"))
+	expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
+	
+	//  Generate JWT token to authenticate with Filer
+	var jwtToken security.EncodedJwt
+	if len(signingKey) > 0 {
+		jwtToken = security.GenJwtForFilerServer(signingKey, expiresAfterSec)
+		glog.V(4).Infof("Generated JWT token for filer upload (expires in %d sec)", expiresAfterSec)
+	} else {
+		glog.V(2).Info("No JWT signing key configured, uploading without authentication")
+	}
+
 	// Create multipart form data
 	var body bytes.Buffer
 	writer := multipart.NewWriter(&body)
@@ -407,6 +424,12 @@ func (h *FileBrowserHandlers) uploadFileToFiler(filePath string, fileHeader *mul
 	// Set content type with boundary
 	req.Header.Set("Content-Type", writer.FormDataContentType())
 
+	// Add JWT Token to Authorization Header
+	if jwtToken != "" {
+		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", string(jwtToken)))
+		glog.V(4).Infof("Added JWT authorization header")
+	}
+
 	// Send request using TLS-aware HTTP client with 60s timeout for large file uploads
 	// lgtm[go/ssrf]
 	// Safe: filerAddress validated by validateFilerAddress() to match configured filer