Admin UI: replace gin with mux (#8420)

* Replace admin gin router with mux * Update layout_templ.go * Harden admin handlers * Add login CSRF handling * Fix filer copy naming conflict * address comments * address comments
2026-02-23 19:11:17 -08:00
parent e596542295
commit 8d59ef41d5
29 changed files with 1843 additions and 1596 deletions
--- a/weed/admin/handlers/service_account_handlers.go
+++ b/weed/admin/handlers/service_account_handlers.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"time"

-	"github.com/gin-gonic/gin"
+	"github.com/gorilla/mux"
 	"github.com/seaweedfs/seaweedfs/weed/admin/dash"
 	"github.com/seaweedfs/seaweedfs/weed/admin/view/app"
 	"github.com/seaweedfs/seaweedfs/weed/admin/view/layout"
@@ -26,153 +26,154 @@ func NewServiceAccountHandlers(adminServer *dash.AdminServer) *ServiceAccountHan
 }

 // ShowServiceAccounts renders the service accounts management page
-func (h *ServiceAccountHandlers) ShowServiceAccounts(c *gin.Context) {
-	data := h.getServiceAccountsData(c)
+func (h *ServiceAccountHandlers) ShowServiceAccounts(w http.ResponseWriter, r *http.Request) {
+	data := h.getServiceAccountsData(r)

 	// Render to buffer first to avoid partial writes on error
 	var buf bytes.Buffer
 	component := app.ServiceAccounts(data)
-	layoutComponent := layout.Layout(c, component)
-	err := layoutComponent.Render(c.Request.Context(), &buf)
+	viewCtx := layout.NewViewContext(r, dash.UsernameFromContext(r.Context()), dash.CSRFTokenFromContext(r.Context()))
+	layoutComponent := layout.Layout(viewCtx, component)
+	err := layoutComponent.Render(r.Context(), &buf)
 	if err != nil {
 		glog.Errorf("Failed to render service accounts template: %v", err)
-		c.AbortWithStatus(http.StatusInternalServerError)
+		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}

 	// Only write to response if render succeeded
-	c.Header("Content-Type", "text/html")
-	c.Writer.Write(buf.Bytes())
+	w.Header().Set("Content-Type", "text/html")
+	_, _ = w.Write(buf.Bytes())
 }

 // GetServiceAccounts returns the list of service accounts as JSON
-func (h *ServiceAccountHandlers) GetServiceAccounts(c *gin.Context) {
-	parentUser := c.Query("parent_user")
+func (h *ServiceAccountHandlers) GetServiceAccounts(w http.ResponseWriter, r *http.Request) {
+	parentUser := r.URL.Query().Get("parent_user")

-	accounts, err := h.adminServer.GetServiceAccounts(c.Request.Context(), parentUser)
+	accounts, err := h.adminServer.GetServiceAccounts(r.Context(), parentUser)
 	if err != nil {
 		glog.Errorf("Failed to get service accounts: %v", err)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get service accounts"})
+		writeJSONError(w, http.StatusInternalServerError, "Failed to get service accounts")
 		return
 	}
-	c.JSON(http.StatusOK, gin.H{"service_accounts": accounts})
+	writeJSON(w, http.StatusOK, map[string]interface{}{"service_accounts": accounts})
 }

 // CreateServiceAccount handles service account creation
-func (h *ServiceAccountHandlers) CreateServiceAccount(c *gin.Context) {
+func (h *ServiceAccountHandlers) CreateServiceAccount(w http.ResponseWriter, r *http.Request) {
 	var req dash.CreateServiceAccountRequest
-	if err := c.ShouldBindJSON(&req); err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+	if err := decodeJSONBody(newJSONMaxReader(w, r), &req); err != nil {
+		writeJSONError(w, http.StatusBadRequest, "Invalid request: "+err.Error())
 		return
 	}

 	if req.ParentUser == "" {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "ParentUser is required"})
+		writeJSONError(w, http.StatusBadRequest, "ParentUser is required")
 		return
 	}

-	sa, err := h.adminServer.CreateServiceAccount(c.Request.Context(), req)
+	sa, err := h.adminServer.CreateServiceAccount(r.Context(), req)
 	if err != nil {
 		glog.Errorf("Failed to create service account for user %s: %v", req.ParentUser, err)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create service account"})
+		writeJSONError(w, http.StatusInternalServerError, "Failed to create service account")
 		return
 	}

-	c.JSON(http.StatusCreated, gin.H{
+	writeJSON(w, http.StatusCreated, map[string]interface{}{
 		"message":         "Service account created successfully",
 		"service_account": sa,
 	})
 }

 // GetServiceAccountDetails returns detailed information about a service account
-func (h *ServiceAccountHandlers) GetServiceAccountDetails(c *gin.Context) {
-	id := c.Param("id")
+func (h *ServiceAccountHandlers) GetServiceAccountDetails(w http.ResponseWriter, r *http.Request) {
+	id := mux.Vars(r)["id"]
 	if id == "" {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "Service account ID is required"})
+		writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
 		return
 	}

-	sa, err := h.adminServer.GetServiceAccountDetails(c.Request.Context(), id)
+	sa, err := h.adminServer.GetServiceAccountDetails(r.Context(), id)
 	if err != nil {
 		// Distinguish not-found errors from internal errors
 		if errors.Is(err, dash.ErrServiceAccountNotFound) {
-			c.JSON(http.StatusNotFound, gin.H{"error": "Service account not found: " + err.Error()})
+			writeJSONError(w, http.StatusNotFound, "Service account not found: "+err.Error())
 		} else {
 			glog.Errorf("Failed to get service account details for %s: %v", id, err)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get service account details"})
+			writeJSONError(w, http.StatusInternalServerError, "Failed to get service account details")
 		}
 		return
 	}

-	c.JSON(http.StatusOK, sa)
+	writeJSON(w, http.StatusOK, sa)
 }

 // UpdateServiceAccount handles service account updates
-func (h *ServiceAccountHandlers) UpdateServiceAccount(c *gin.Context) {
-	id := c.Param("id")
+func (h *ServiceAccountHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Request) {
+	id := mux.Vars(r)["id"]
 	if id == "" {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "Service account ID is required"})
+		writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
 		return
 	}

 	var req dash.UpdateServiceAccountRequest
-	if err := c.ShouldBindJSON(&req); err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+	if err := decodeJSONBody(newJSONMaxReader(w, r), &req); err != nil {
+		writeJSONError(w, http.StatusBadRequest, "Invalid request: "+err.Error())
 		return
 	}

-	sa, err := h.adminServer.UpdateServiceAccount(c.Request.Context(), id, req)
+	sa, err := h.adminServer.UpdateServiceAccount(r.Context(), id, req)
 	if err != nil {
 		// Distinguish not-found errors from internal errors
 		if errors.Is(err, dash.ErrServiceAccountNotFound) {
-			c.JSON(http.StatusNotFound, gin.H{"error": "Service account not found"})
+			writeJSONError(w, http.StatusNotFound, "Service account not found")
 		} else {
 			glog.Errorf("Failed to update service account %s: %v", id, err)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update service account"})
+			writeJSONError(w, http.StatusInternalServerError, "Failed to update service account")
 		}
 		return
 	}

-	c.JSON(http.StatusOK, gin.H{
+	writeJSON(w, http.StatusOK, map[string]interface{}{
 		"message":         "Service account updated successfully",
 		"service_account": sa,
 	})
 }

 // DeleteServiceAccount handles service account deletion
-func (h *ServiceAccountHandlers) DeleteServiceAccount(c *gin.Context) {
-	id := c.Param("id")
+func (h *ServiceAccountHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Request) {
+	id := mux.Vars(r)["id"]
 	if id == "" {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "Service account ID is required"})
+		writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
 		return
 	}

-	err := h.adminServer.DeleteServiceAccount(c.Request.Context(), id)
+	err := h.adminServer.DeleteServiceAccount(r.Context(), id)
 	if err != nil {
 		// Distinguish not-found errors from internal errors
 		if errors.Is(err, dash.ErrServiceAccountNotFound) {
-			c.JSON(http.StatusNotFound, gin.H{"error": "Service account not found"})
+			writeJSONError(w, http.StatusNotFound, "Service account not found")
 		} else {
 			glog.Errorf("Failed to delete service account %s: %v", id, err)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete service account"})
+			writeJSONError(w, http.StatusInternalServerError, "Failed to delete service account")
 		}
 		return
 	}

-	c.JSON(http.StatusOK, gin.H{
+	writeJSON(w, http.StatusOK, map[string]interface{}{
 		"message": "Service account deleted successfully",
 	})
 }

 // getServiceAccountsData retrieves service accounts data for the template
-func (h *ServiceAccountHandlers) getServiceAccountsData(c *gin.Context) dash.ServiceAccountsData {
-	username := c.GetString("username")
+func (h *ServiceAccountHandlers) getServiceAccountsData(r *http.Request) dash.ServiceAccountsData {
+	username := dash.UsernameFromContext(r.Context())
 	if username == "" {
 		username = "admin"
 	}

 	// Get all service accounts
-	accounts, err := h.adminServer.GetServiceAccounts(c.Request.Context(), "")
+	accounts, err := h.adminServer.GetServiceAccounts(r.Context(), "")
 	if err != nil {
 		glog.Errorf("Failed to get service accounts: %v", err)
 		return dash.ServiceAccountsData{
@@ -193,7 +194,7 @@ func (h *ServiceAccountHandlers) getServiceAccountsData(c *gin.Context) dash.Ser

 	// Get available users for dropdown
 	var availableUsers []string
-	users, err := h.adminServer.GetObjectStoreUsers(c.Request.Context())
+	users, err := h.adminServer.GetObjectStoreUsers(r.Context())
 	if err != nil {
 		glog.Errorf("Failed to get users for dropdown: %v", err)
 	} else {