Admin UI: replace gin with mux (#8420)

* Replace admin gin router with mux * Update layout_templ.go * Harden admin handlers * Add login CSRF handling * Fix filer copy naming conflict * address comments * address comments
2026-02-23 19:11:17 -08:00
parent e596542295
commit 8d59ef41d5
29 changed files with 1843 additions and 1596 deletions
--- a/weed/admin/handlers/auth_handlers.go
+++ b/weed/admin/handlers/auth_handlers.go
@@ -3,52 +3,65 @@ package handlers
 import (
 	"net/http"

-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
+	"github.com/gorilla/sessions"
 	"github.com/seaweedfs/seaweedfs/weed/admin/dash"
 	"github.com/seaweedfs/seaweedfs/weed/admin/view/layout"
+	"github.com/seaweedfs/seaweedfs/weed/glog"
 )

 // AuthHandlers contains authentication-related HTTP handlers
 type AuthHandlers struct {
-	adminServer *dash.AdminServer
+	adminServer  *dash.AdminServer
+	sessionStore sessions.Store
 }

 // NewAuthHandlers creates a new instance of AuthHandlers
-func NewAuthHandlers(adminServer *dash.AdminServer) *AuthHandlers {
+func NewAuthHandlers(adminServer *dash.AdminServer, store sessions.Store) *AuthHandlers {
 	return &AuthHandlers{
-		adminServer: adminServer,
+		adminServer:  adminServer,
+		sessionStore: store,
 	}
 }

 // ShowLogin displays the login page
-func (a *AuthHandlers) ShowLogin(c *gin.Context) {
-	session := sessions.Default(c)
-
-	// If already authenticated, redirect to admin
-	if session.Get("authenticated") == true {
-		c.Redirect(http.StatusSeeOther, "/admin")
-		return
+func (a *AuthHandlers) ShowLogin(w http.ResponseWriter, r *http.Request) {
+	session, err := a.sessionStore.Get(r, dash.SessionName())
+	var csrfToken string
+	if err == nil {
+		if authenticated, _ := session.Values["authenticated"].(bool); authenticated {
+			http.Redirect(w, r, "/admin", http.StatusSeeOther)
+			return
+		}
+	} else {
+		glog.V(1).Infof("Failed to load session for login page: %v", err)
 	}

-	errorMessage := c.Query("error")
+	if session != nil {
+		token, tokenErr := dash.EnsureSessionCSRFToken(session, r, w)
+		if tokenErr != nil {
+			glog.V(1).Infof("Failed to ensure CSRF token for login page: %v", tokenErr)
+		} else {
+			csrfToken = token
+		}
+	}
+
+	errorMessage := r.URL.Query().Get("error")

 	// Render login template
-	c.Header("Content-Type", "text/html")
-	loginComponent := layout.LoginForm(c, "SeaweedFS Admin", errorMessage)
-	err := loginComponent.Render(c.Request.Context(), c.Writer)
-	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to render login template: " + err.Error()})
+	w.Header().Set("Content-Type", "text/html")
+	loginComponent := layout.LoginForm("SeaweedFS Admin", errorMessage, csrfToken)
+	if err := loginComponent.Render(r.Context(), w); err != nil {
+		writeJSONError(w, http.StatusInternalServerError, "Failed to render login template: "+err.Error())
 		return
 	}
 }

 // HandleLogin handles login form submission
-func (a *AuthHandlers) HandleLogin(adminUser, adminPassword, readOnlyUser, readOnlyPassword string) gin.HandlerFunc {
-	return a.adminServer.HandleLogin(adminUser, adminPassword, readOnlyUser, readOnlyPassword)
+func (a *AuthHandlers) HandleLogin(adminUser, adminPassword, readOnlyUser, readOnlyPassword string) http.HandlerFunc {
+	return a.adminServer.HandleLogin(a.sessionStore, adminUser, adminPassword, readOnlyUser, readOnlyPassword)
 }

 // HandleLogout handles user logout
-func (a *AuthHandlers) HandleLogout(c *gin.Context) {
-	a.adminServer.HandleLogout(c)
+func (a *AuthHandlers) HandleLogout(w http.ResponseWriter, r *http.Request) {
+	a.adminServer.HandleLogout(a.sessionStore, w, r)
 }