Add read only user (#7862)

* add readonly user

* add args

* address comments

* avoid same user name

* Prevents timing attacks

* doc

---------

Co-authored-by: Chris Lu <chris.lu@gmail.com>

weed/admin/handlers/auth_handlers.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"net/http"
 
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/seaweedfs/seaweedfs/weed/admin/dash"
 	"github.com/seaweedfs/seaweedfs/weed/admin/view/layout"
@@ -22,6 +23,14 @@ func NewAuthHandlers(adminServer *dash.AdminServer) *AuthHandlers {
 
 // ShowLogin displays the login page
 func (a *AuthHandlers) ShowLogin(c *gin.Context) {
+	session := sessions.Default(c)
+
+	// If already authenticated, redirect to admin
+	if session.Get("authenticated") == true {
+		c.Redirect(http.StatusSeeOther, "/admin")
+		return
+	}
+
 	errorMessage := c.Query("error")
 
 	// Render login template
@@ -35,8 +44,8 @@ func (a *AuthHandlers) ShowLogin(c *gin.Context) {
 }
 
 // HandleLogin handles login form submission
-func (a *AuthHandlers) HandleLogin(username, password string) gin.HandlerFunc {
-	return a.adminServer.HandleLogin(username, password)
+func (a *AuthHandlers) HandleLogin(adminUser, adminPassword, readOnlyUser, readOnlyPassword string) gin.HandlerFunc {
+	return a.adminServer.HandleLogin(adminUser, adminPassword, readOnlyUser, readOnlyPassword)
 }
 
 // HandleLogout handles user logout