Add admin component (#6928)

* init version

* relocate

* add s3 bucket link

* refactor handlers into weed/admin folder

* fix login logout

* adding favicon

* remove fall back to http get topology

* grpc dial option, disk total capacity

* show filer count

* fix each volume disk usage

* add filers to dashboard

* adding hosts, volumes, collections

* refactor code and menu

* remove "refresh" button

* fix data for collections

* rename cluster hosts into volume servers

* add masters, filers

* reorder

* adding file browser

* create folder and upload files

* add filer version, created at time

* remove mock data

* remove fields

* fix submenu item highlighting

* fix bucket creation

* purge files

* delete multiple

* fix bucket creation

* remove region from buckets

* add object store with buckets and users

* rendering permission

* refactor

* get bucket objects and size

* link to file browser

* add file size and count for collections page

* paginate the volumes

* fix possible SSRF

https://github.com/seaweedfs/seaweedfs/pull/6928/checks?check_run_id=45108469801

* Update weed/command/admin.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update weed/command/admin.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix build

* import

* remove filer CLI option

* remove filer option

* remove CLI options

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

weed/admin/dash/file_browser.go

@@ -0,0 +1,350 @@
+package dash
+
+import (
+	"context"
+	"path/filepath"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
+)
+
+// FileEntry represents a file or directory entry in the file browser
+type FileEntry struct {
+	Name        string    `json:"name"`
+	FullPath    string    `json:"full_path"`
+	IsDirectory bool      `json:"is_directory"`
+	Size        int64     `json:"size"`
+	ModTime     time.Time `json:"mod_time"`
+	Mode        string    `json:"mode"`
+	Uid         uint32    `json:"uid"`
+	Gid         uint32    `json:"gid"`
+	Mime        string    `json:"mime"`
+	Replication string    `json:"replication"`
+	Collection  string    `json:"collection"`
+	TtlSec      int32     `json:"ttl_sec"`
+}
+
+// BreadcrumbItem represents a single breadcrumb in the navigation
+type BreadcrumbItem struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+}
+
+// FileBrowserData contains all data needed for the file browser view
+type FileBrowserData struct {
+	Username     string           `json:"username"`
+	CurrentPath  string           `json:"current_path"`
+	ParentPath   string           `json:"parent_path"`
+	Breadcrumbs  []BreadcrumbItem `json:"breadcrumbs"`
+	Entries      []FileEntry      `json:"entries"`
+	TotalEntries int              `json:"total_entries"`
+	TotalSize    int64            `json:"total_size"`
+	LastUpdated  time.Time        `json:"last_updated"`
+	IsBucketPath bool             `json:"is_bucket_path"`
+	BucketName   string           `json:"bucket_name"`
+}
+
+// GetFileBrowser retrieves file browser data for a given path
+func (s *AdminServer) GetFileBrowser(path string) (*FileBrowserData, error) {
+	if path == "" {
+		path = "/"
+	}
+
+	var entries []FileEntry
+	var totalSize int64
+
+	// Get directory listing from filer
+	err := s.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
+		stream, err := client.ListEntries(context.Background(), &filer_pb.ListEntriesRequest{
+			Directory:          path,
+			Prefix:             "",
+			Limit:              1000,
+			InclusiveStartFrom: false,
+		})
+		if err != nil {
+			return err
+		}
+
+		for {
+			resp, err := stream.Recv()
+			if err != nil {
+				if err.Error() == "EOF" {
+					break
+				}
+				return err
+			}
+
+			entry := resp.Entry
+			if entry == nil {
+				continue
+			}
+
+			fullPath := path
+			if !strings.HasSuffix(fullPath, "/") {
+				fullPath += "/"
+			}
+			fullPath += entry.Name
+
+			var modTime time.Time
+			if entry.Attributes != nil && entry.Attributes.Mtime > 0 {
+				modTime = time.Unix(entry.Attributes.Mtime, 0)
+			}
+
+			var mode string
+			var uid, gid uint32
+			var size int64
+			var replication, collection string
+			var ttlSec int32
+
+			if entry.Attributes != nil {
+				mode = formatFileMode(entry.Attributes.FileMode)
+				uid = entry.Attributes.Uid
+				gid = entry.Attributes.Gid
+				size = int64(entry.Attributes.FileSize)
+				ttlSec = entry.Attributes.TtlSec
+			}
+
+			// Get replication and collection from entry extended attributes or chunks
+			if entry.Extended != nil {
+				if repl, ok := entry.Extended["replication"]; ok {
+					replication = string(repl)
+				}
+				if coll, ok := entry.Extended["collection"]; ok {
+					collection = string(coll)
+				}
+			}
+
+			// Determine MIME type based on file extension
+			mime := "application/octet-stream"
+			if entry.IsDirectory {
+				mime = "inode/directory"
+			} else {
+				ext := strings.ToLower(filepath.Ext(entry.Name))
+				switch ext {
+				case ".txt", ".log":
+					mime = "text/plain"
+				case ".html", ".htm":
+					mime = "text/html"
+				case ".css":
+					mime = "text/css"
+				case ".js":
+					mime = "application/javascript"
+				case ".json":
+					mime = "application/json"
+				case ".xml":
+					mime = "application/xml"
+				case ".pdf":
+					mime = "application/pdf"
+				case ".jpg", ".jpeg":
+					mime = "image/jpeg"
+				case ".png":
+					mime = "image/png"
+				case ".gif":
+					mime = "image/gif"
+				case ".svg":
+					mime = "image/svg+xml"
+				case ".mp4":
+					mime = "video/mp4"
+				case ".mp3":
+					mime = "audio/mpeg"
+				case ".zip":
+					mime = "application/zip"
+				case ".tar":
+					mime = "application/x-tar"
+				case ".gz":
+					mime = "application/gzip"
+				}
+			}
+
+			fileEntry := FileEntry{
+				Name:        entry.Name,
+				FullPath:    fullPath,
+				IsDirectory: entry.IsDirectory,
+				Size:        size,
+				ModTime:     modTime,
+				Mode:        mode,
+				Uid:         uid,
+				Gid:         gid,
+				Mime:        mime,
+				Replication: replication,
+				Collection:  collection,
+				TtlSec:      ttlSec,
+			}
+
+			entries = append(entries, fileEntry)
+			if !entry.IsDirectory {
+				totalSize += size
+			}
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	// Sort entries: directories first, then files, both alphabetically
+	sort.Slice(entries, func(i, j int) bool {
+		if entries[i].IsDirectory != entries[j].IsDirectory {
+			return entries[i].IsDirectory
+		}
+		return strings.ToLower(entries[i].Name) < strings.ToLower(entries[j].Name)
+	})
+
+	// Generate breadcrumbs
+	breadcrumbs := s.generateBreadcrumbs(path)
+
+	// Calculate parent path
+	parentPath := "/"
+	if path != "/" {
+		parentPath = filepath.Dir(path)
+		if parentPath == "." {
+			parentPath = "/"
+		}
+	}
+
+	// Check if this is a bucket path
+	isBucketPath := false
+	bucketName := ""
+	if strings.HasPrefix(path, "/buckets/") {
+		isBucketPath = true
+		pathParts := strings.Split(strings.Trim(path, "/"), "/")
+		if len(pathParts) >= 2 {
+			bucketName = pathParts[1]
+		}
+	}
+
+	return &FileBrowserData{
+		CurrentPath:  path,
+		ParentPath:   parentPath,
+		Breadcrumbs:  breadcrumbs,
+		Entries:      entries,
+		TotalEntries: len(entries),
+		TotalSize:    totalSize,
+		LastUpdated:  time.Now(),
+		IsBucketPath: isBucketPath,
+		BucketName:   bucketName,
+	}, nil
+}
+
+// generateBreadcrumbs creates breadcrumb navigation for the current path
+func (s *AdminServer) generateBreadcrumbs(path string) []BreadcrumbItem {
+	var breadcrumbs []BreadcrumbItem
+
+	// Always start with root
+	breadcrumbs = append(breadcrumbs, BreadcrumbItem{
+		Name: "Root",
+		Path: "/",
+	})
+
+	if path == "/" {
+		return breadcrumbs
+	}
+
+	// Split path and build breadcrumbs
+	parts := strings.Split(strings.Trim(path, "/"), "/")
+	currentPath := ""
+
+	for _, part := range parts {
+		if part == "" {
+			continue
+		}
+		currentPath += "/" + part
+
+		// Special handling for bucket paths
+		displayName := part
+		if len(breadcrumbs) == 1 && part == "buckets" {
+			displayName = "S3 Buckets"
+		} else if len(breadcrumbs) == 2 && strings.HasPrefix(path, "/buckets/") {
+			displayName = "📦 " + part // Add bucket icon to bucket name
+		}
+
+		breadcrumbs = append(breadcrumbs, BreadcrumbItem{
+			Name: displayName,
+			Path: currentPath,
+		})
+	}
+
+	return breadcrumbs
+}
+
+// formatFileMode converts file mode to Unix-style string representation (e.g., "drwxr-xr-x")
+func formatFileMode(mode uint32) string {
+	var result []byte = make([]byte, 10)
+
+	// File type
+	switch mode & 0170000 { // S_IFMT mask
+	case 0040000: // S_IFDIR
+		result[0] = 'd'
+	case 0100000: // S_IFREG
+		result[0] = '-'
+	case 0120000: // S_IFLNK
+		result[0] = 'l'
+	case 0020000: // S_IFCHR
+		result[0] = 'c'
+	case 0060000: // S_IFBLK
+		result[0] = 'b'
+	case 0010000: // S_IFIFO
+		result[0] = 'p'
+	case 0140000: // S_IFSOCK
+		result[0] = 's'
+	default:
+		result[0] = '-' // S_IFREG is default
+	}
+
+	// Owner permissions
+	if mode&0400 != 0 { // S_IRUSR
+		result[1] = 'r'
+	} else {
+		result[1] = '-'
+	}
+	if mode&0200 != 0 { // S_IWUSR
+		result[2] = 'w'
+	} else {
+		result[2] = '-'
+	}
+	if mode&0100 != 0 { // S_IXUSR
+		result[3] = 'x'
+	} else {
+		result[3] = '-'
+	}
+
+	// Group permissions
+	if mode&0040 != 0 { // S_IRGRP
+		result[4] = 'r'
+	} else {
+		result[4] = '-'
+	}
+	if mode&0020 != 0 { // S_IWGRP
+		result[5] = 'w'
+	} else {
+		result[5] = '-'
+	}
+	if mode&0010 != 0 { // S_IXGRP
+		result[6] = 'x'
+	} else {
+		result[6] = '-'
+	}
+
+	// Other permissions
+	if mode&0004 != 0 { // S_IROTH
+		result[7] = 'r'
+	} else {
+		result[7] = '-'
+	}
+	if mode&0002 != 0 { // S_IWOTH
+		result[8] = 'w'
+	} else {
+		result[8] = '-'
+	}
+	if mode&0001 != 0 { // S_IXOTH
+		result[9] = 'x'
+	} else {
+		result[9] = '-'
+	}
+
+	return string(result)
+}

weed/admin/dash/handler_admin.go

@@ -0,0 +1,373 @@
+package dash
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/seaweedfs/seaweedfs/weed/cluster"
+	"github.com/seaweedfs/seaweedfs/weed/glog"
+	"github.com/seaweedfs/seaweedfs/weed/pb/master_pb"
+)
+
+type AdminData struct {
+	Username      string         `json:"username"`
+	ClusterStatus string         `json:"cluster_status"`
+	TotalVolumes  int            `json:"total_volumes"`
+	TotalFiles    int64          `json:"total_files"`
+	TotalSize     int64          `json:"total_size"`
+	MasterNodes   []MasterNode   `json:"master_nodes"`
+	VolumeServers []VolumeServer `json:"volume_servers"`
+	FilerNodes    []FilerNode    `json:"filer_nodes"`
+	DataCenters   []DataCenter   `json:"datacenters"`
+	LastUpdated   time.Time      `json:"last_updated"`
+	SystemHealth  string         `json:"system_health"`
+}
+
+// S3 Bucket management data structures for templates
+type S3BucketsData struct {
+	Username     string     `json:"username"`
+	Buckets      []S3Bucket `json:"buckets"`
+	TotalBuckets int        `json:"total_buckets"`
+	TotalSize    int64      `json:"total_size"`
+	LastUpdated  time.Time  `json:"last_updated"`
+}
+
+type CreateBucketRequest struct {
+	Name   string `json:"name" binding:"required"`
+	Region string `json:"region"`
+}
+
+// Object Store Users management structures
+type ObjectStoreUser struct {
+	Username    string    `json:"username"`
+	Email       string    `json:"email"`
+	AccessKey   string    `json:"access_key"`
+	SecretKey   string    `json:"secret_key"`
+	Status      string    `json:"status"`
+	CreatedAt   time.Time `json:"created_at"`
+	LastLogin   time.Time `json:"last_login"`
+	Permissions []string  `json:"permissions"`
+}
+
+type ObjectStoreUsersData struct {
+	Username    string            `json:"username"`
+	Users       []ObjectStoreUser `json:"users"`
+	TotalUsers  int               `json:"total_users"`
+	LastUpdated time.Time         `json:"last_updated"`
+}
+
+type FilerNode struct {
+	Address     string    `json:"address"`
+	DataCenter  string    `json:"datacenter"`
+	Rack        string    `json:"rack"`
+	Status      string    `json:"status"`
+	LastUpdated time.Time `json:"last_updated"`
+}
+
+// GetAdminData retrieves admin data as a struct (for reuse by both JSON and HTML handlers)
+func (s *AdminServer) GetAdminData(username string) (AdminData, error) {
+	if username == "" {
+		username = "admin"
+	}
+
+	// Get cluster topology
+	topology, err := s.GetClusterTopology()
+	if err != nil {
+		glog.Errorf("Failed to get cluster topology: %v", err)
+		return AdminData{}, err
+	}
+
+	// Get master nodes status
+	masterNodes := s.getMasterNodesStatus()
+
+	// Get filer nodes status
+	filerNodes := s.getFilerNodesStatus()
+
+	// Prepare admin data
+	adminData := AdminData{
+		Username:      username,
+		ClusterStatus: s.determineClusterStatus(topology, masterNodes),
+		TotalVolumes:  topology.TotalVolumes,
+		TotalFiles:    topology.TotalFiles,
+		TotalSize:     topology.TotalSize,
+		MasterNodes:   masterNodes,
+		VolumeServers: topology.VolumeServers,
+		FilerNodes:    filerNodes,
+		DataCenters:   topology.DataCenters,
+		LastUpdated:   topology.UpdatedAt,
+		SystemHealth:  s.determineSystemHealth(topology, masterNodes),
+	}
+
+	return adminData, nil
+}
+
+// ShowAdmin displays the main admin page (now uses GetAdminData)
+func (s *AdminServer) ShowAdmin(c *gin.Context) {
+	username := c.GetString("username")
+
+	adminData, err := s.GetAdminData(username)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get admin data: " + err.Error()})
+		return
+	}
+
+	// Return JSON for API calls
+	c.JSON(http.StatusOK, adminData)
+}
+
+// ShowOverview displays cluster overview
+func (s *AdminServer) ShowOverview(c *gin.Context) {
+	topology, err := s.GetClusterTopology()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, topology)
+}
+
+// S3 Bucket Management Handlers
+
+// ShowS3Buckets displays the S3 buckets management page
+func (s *AdminServer) ShowS3Buckets(c *gin.Context) {
+	username := c.GetString("username")
+
+	buckets, err := s.GetS3Buckets()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get S3 buckets: " + err.Error()})
+		return
+	}
+
+	// Calculate totals
+	var totalSize int64
+	for _, bucket := range buckets {
+		totalSize += bucket.Size
+	}
+
+	data := S3BucketsData{
+		Username:     username,
+		Buckets:      buckets,
+		TotalBuckets: len(buckets),
+		TotalSize:    totalSize,
+		LastUpdated:  time.Now(),
+	}
+
+	c.JSON(http.StatusOK, data)
+}
+
+// ShowBucketDetails displays detailed information about a specific bucket
+func (s *AdminServer) ShowBucketDetails(c *gin.Context) {
+	bucketName := c.Param("bucket")
+	if bucketName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Bucket name is required"})
+		return
+	}
+
+	details, err := s.GetBucketDetails(bucketName)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get bucket details: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, details)
+}
+
+// CreateBucket creates a new S3 bucket
+func (s *AdminServer) CreateBucket(c *gin.Context) {
+	var req CreateBucketRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+		return
+	}
+
+	// Validate bucket name (basic validation)
+	if len(req.Name) < 3 || len(req.Name) > 63 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Bucket name must be between 3 and 63 characters"})
+		return
+	}
+
+	err := s.CreateS3Bucket(req.Name)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create bucket: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"message": "Bucket created successfully",
+		"bucket":  req.Name,
+	})
+}
+
+// DeleteBucket deletes an S3 bucket
+func (s *AdminServer) DeleteBucket(c *gin.Context) {
+	bucketName := c.Param("bucket")
+	if bucketName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Bucket name is required"})
+		return
+	}
+
+	err := s.DeleteS3Bucket(bucketName)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete bucket: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "Bucket deleted successfully",
+		"bucket":  bucketName,
+	})
+}
+
+// ListBucketsAPI returns buckets as JSON API
+func (s *AdminServer) ListBucketsAPI(c *gin.Context) {
+	buckets, err := s.GetS3Buckets()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"buckets": buckets,
+		"count":   len(buckets),
+	})
+}
+
+// getMasterNodesStatus checks status of all master nodes
+func (s *AdminServer) getMasterNodesStatus() []MasterNode {
+	var masterNodes []MasterNode
+
+	// Since we have a single master address, create one entry
+	var isLeader bool = true // Assume leader since it's the only master we know about
+	var status string
+
+	// Try to get leader info from this master
+	err := s.WithMasterClient(func(client master_pb.SeaweedClient) error {
+		_, err := client.GetMasterConfiguration(context.Background(), &master_pb.GetMasterConfigurationRequest{})
+		if err != nil {
+			return err
+		}
+		// For now, assume this master is the leader since we can connect to it
+		isLeader = true
+		return nil
+	})
+
+	if err != nil {
+		status = "unreachable"
+		isLeader = false
+	} else {
+		status = "active"
+	}
+
+	masterNodes = append(masterNodes, MasterNode{
+		Address:  s.masterAddress,
+		IsLeader: isLeader,
+		Status:   status,
+	})
+
+	return masterNodes
+}
+
+// getFilerNodesStatus checks status of all filer nodes using master's ListClusterNodes
+func (s *AdminServer) getFilerNodesStatus() []FilerNode {
+	var filerNodes []FilerNode
+
+	// Get filer nodes from master using ListClusterNodes
+	err := s.WithMasterClient(func(client master_pb.SeaweedClient) error {
+		resp, err := client.ListClusterNodes(context.Background(), &master_pb.ListClusterNodesRequest{
+			ClientType: cluster.FilerType,
+		})
+		if err != nil {
+			return err
+		}
+
+		// Process each filer node
+		for _, node := range resp.ClusterNodes {
+			filerNodes = append(filerNodes, FilerNode{
+				Address:     node.Address,
+				DataCenter:  node.DataCenter,
+				Rack:        node.Rack,
+				Status:      "active", // If it's in the cluster list, it's considered active
+				LastUpdated: time.Now(),
+			})
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		glog.Errorf("Failed to get filer nodes from master %s: %v", s.masterAddress, err)
+		// Return empty list if we can't get filer info from master
+		return []FilerNode{}
+	}
+
+	return filerNodes
+}
+
+// determineClusterStatus analyzes cluster health
+func (s *AdminServer) determineClusterStatus(topology *ClusterTopology, masters []MasterNode) string {
+	// Check if we have an active leader
+	hasActiveLeader := false
+	for _, master := range masters {
+		if master.IsLeader && master.Status == "active" {
+			hasActiveLeader = true
+			break
+		}
+	}
+
+	if !hasActiveLeader {
+		return "critical"
+	}
+
+	// Check volume server health
+	activeServers := 0
+	for _, vs := range topology.VolumeServers {
+		if vs.Status == "active" {
+			activeServers++
+		}
+	}
+
+	if activeServers == 0 {
+		return "critical"
+	} else if activeServers < len(topology.VolumeServers) {
+		return "warning"
+	}
+
+	return "healthy"
+}
+
+// determineSystemHealth provides overall system health assessment
+func (s *AdminServer) determineSystemHealth(topology *ClusterTopology, masters []MasterNode) string {
+	// Simple health calculation based on active components
+	totalComponents := len(masters) + len(topology.VolumeServers)
+	activeComponents := 0
+
+	for _, master := range masters {
+		if master.Status == "active" {
+			activeComponents++
+		}
+	}
+
+	for _, vs := range topology.VolumeServers {
+		if vs.Status == "active" {
+			activeComponents++
+		}
+	}
+
+	if totalComponents == 0 {
+		return "unknown"
+	}
+
+	healthPercent := float64(activeComponents) / float64(totalComponents) * 100
+
+	if healthPercent >= 95 {
+		return "excellent"
+	} else if healthPercent >= 80 {
+		return "good"
+	} else if healthPercent >= 60 {
+		return "fair"
+	} else {
+		return "poor"
+	}
+}

weed/admin/dash/handler_auth.go

@@ -0,0 +1,128 @@
+package dash
+
+import (
+	"net/http"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+)
+
+// ShowLogin displays the login page
+func (s *AdminServer) ShowLogin(c *gin.Context) {
+	// If authentication is not required, redirect to admin
+	session := sessions.Default(c)
+	if session.Get("authenticated") == true {
+		c.Redirect(http.StatusSeeOther, "/admin")
+		return
+	}
+
+	// For now, return a simple login form as JSON
+	c.HTML(http.StatusOK, "login.html", gin.H{
+		"title": "SeaweedFS Admin Login",
+		"error": c.Query("error"),
+	})
+}
+
+// HandleLogin handles login form submission
+func (s *AdminServer) HandleLogin(username, password string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		loginUsername := c.PostForm("username")
+		loginPassword := c.PostForm("password")
+
+		if loginUsername == username && loginPassword == password {
+			session := sessions.Default(c)
+			session.Set("authenticated", true)
+			session.Set("username", loginUsername)
+			session.Save()
+
+			c.Redirect(http.StatusSeeOther, "/admin")
+			return
+		}
+
+		// Authentication failed
+		c.Redirect(http.StatusSeeOther, "/login?error=Invalid credentials")
+	}
+}
+
+// HandleLogout handles user logout
+func (s *AdminServer) HandleLogout(c *gin.Context) {
+	session := sessions.Default(c)
+	session.Clear()
+	session.Save()
+	c.Redirect(http.StatusSeeOther, "/login")
+}
+
+// Additional methods for admin functionality
+func (s *AdminServer) GetClusterTopologyHandler(c *gin.Context) {
+	topology, err := s.GetClusterTopology()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, topology)
+}
+
+func (s *AdminServer) GetMasters(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{"masters": []string{s.masterAddress}})
+}
+
+func (s *AdminServer) GetVolumeServers(c *gin.Context) {
+	topology, err := s.GetClusterTopology()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"volume_servers": topology.VolumeServers})
+}
+
+func (s *AdminServer) AssignVolume(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume assignment not yet implemented"})
+}
+
+func (s *AdminServer) ListVolumes(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume listing not yet implemented"})
+}
+
+func (s *AdminServer) CreateVolume(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume creation not yet implemented"})
+}
+
+func (s *AdminServer) DeleteVolume(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume deletion not yet implemented"})
+}
+
+func (s *AdminServer) ReplicateVolume(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume replication not yet implemented"})
+}
+
+func (s *AdminServer) BrowseFiles(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "File browsing not yet implemented"})
+}
+
+func (s *AdminServer) UploadFile(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "File upload not yet implemented"})
+}
+
+func (s *AdminServer) DeleteFile(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "File deletion not yet implemented"})
+}
+
+func (s *AdminServer) ShowMetrics(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Metrics display not yet implemented"})
+}
+
+func (s *AdminServer) GetMetricsData(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Metrics data not yet implemented"})
+}
+
+func (s *AdminServer) TriggerGC(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Garbage collection not yet implemented"})
+}
+
+func (s *AdminServer) CompactVolumes(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Volume compaction not yet implemented"})
+}
+
+func (s *AdminServer) GetMaintenanceStatus(c *gin.Context) {
+	c.JSON(http.StatusNotImplemented, gin.H{"message": "Maintenance status not yet implemented"})
+}

weed/admin/dash/middleware.go

@@ -0,0 +1,27 @@
+package dash
+
+import (
+	"net/http"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+)
+
+// RequireAuth checks if user is authenticated
+func RequireAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		session := sessions.Default(c)
+		authenticated := session.Get("authenticated")
+		username := session.Get("username")
+
+		if authenticated != true || username == nil {
+			c.Redirect(http.StatusTemporaryRedirect, "/login")
+			c.Abort()
+			return
+		}
+
+		// Set username in context for use in handlers
+		c.Set("username", username)
+		c.Next()
+	}
+}