object store users

2025-07-02 00:00:23 -07:00
parent 4aec3c3fb9
commit f47c4aef5a
8 changed files with 1527 additions and 220 deletions
--- a/weed/admin/handlers/handlers.go
+++ b/weed/admin/handlers/handlers.go
@@ -16,6 +16,7 @@ type AdminHandlers struct {
 	authHandlers        *AuthHandlers
 	clusterHandlers     *ClusterHandlers
 	fileBrowserHandlers *FileBrowserHandlers
+	userHandlers        *UserHandlers
 }

 // NewAdminHandlers creates a new instance of AdminHandlers
@@ -23,11 +24,13 @@ func NewAdminHandlers(adminServer *dash.AdminServer) *AdminHandlers {
 	authHandlers := NewAuthHandlers(adminServer)
 	clusterHandlers := NewClusterHandlers(adminServer)
 	fileBrowserHandlers := NewFileBrowserHandlers(adminServer)
+	userHandlers := NewUserHandlers(adminServer)
 	return &AdminHandlers{
 		adminServer:         adminServer,
 		authHandlers:        authHandlers,
 		clusterHandlers:     clusterHandlers,
 		fileBrowserHandlers: fileBrowserHandlers,
+		userHandlers:        userHandlers,
 	}
 }

@@ -53,7 +56,7 @@ func (h *AdminHandlers) SetupRoutes(r *gin.Engine, authRequired bool, username,
 		// Object Store management routes
 		protected.GET("/object-store/buckets", h.ShowS3Buckets)
 		protected.GET("/object-store/buckets/:bucket", h.ShowBucketDetails)
-		protected.GET("/object-store/users", h.ShowObjectStoreUsers)
+		protected.GET("/object-store/users", h.userHandlers.ShowObjectStoreUsers)

 		// File browser routes
 		protected.GET("/files", h.fileBrowserHandlers.ShowFileBrowser)
@@ -83,6 +86,20 @@ func (h *AdminHandlers) SetupRoutes(r *gin.Engine, authRequired bool, username,
 				s3Api.PUT("/buckets/:bucket/quota", h.adminServer.UpdateBucketQuota)
 			}

+			// User management API routes
+			usersApi := api.Group("/users")
+			{
+				usersApi.GET("", h.userHandlers.GetUsers)
+				usersApi.POST("", h.userHandlers.CreateUser)
+				usersApi.GET("/:username", h.userHandlers.GetUserDetails)
+				usersApi.PUT("/:username", h.userHandlers.UpdateUser)
+				usersApi.DELETE("/:username", h.userHandlers.DeleteUser)
+				usersApi.POST("/:username/access-keys", h.userHandlers.CreateAccessKey)
+				usersApi.DELETE("/:username/access-keys/:accessKeyId", h.userHandlers.DeleteAccessKey)
+				usersApi.GET("/:username/policies", h.userHandlers.GetUserPolicies)
+				usersApi.PUT("/:username/policies", h.userHandlers.UpdateUserPolicies)
+			}
+
 			// File management API routes
 			filesApi := api.Group("/files")
 			{
@@ -103,7 +120,7 @@ func (h *AdminHandlers) SetupRoutes(r *gin.Engine, authRequired bool, username,
 		// Object Store management routes
 		r.GET("/object-store/buckets", h.ShowS3Buckets)
 		r.GET("/object-store/buckets/:bucket", h.ShowBucketDetails)
-		r.GET("/object-store/users", h.ShowObjectStoreUsers)
+		r.GET("/object-store/users", h.userHandlers.ShowObjectStoreUsers)

 		// File browser routes
 		r.GET("/files", h.fileBrowserHandlers.ShowFileBrowser)
@@ -133,6 +150,20 @@ func (h *AdminHandlers) SetupRoutes(r *gin.Engine, authRequired bool, username,
 				s3Api.PUT("/buckets/:bucket/quota", h.adminServer.UpdateBucketQuota)
 			}

+			// User management API routes
+			usersApi := api.Group("/users")
+			{
+				usersApi.GET("", h.userHandlers.GetUsers)
+				usersApi.POST("", h.userHandlers.CreateUser)
+				usersApi.GET("/:username", h.userHandlers.GetUserDetails)
+				usersApi.PUT("/:username", h.userHandlers.UpdateUser)
+				usersApi.DELETE("/:username", h.userHandlers.DeleteUser)
+				usersApi.POST("/:username/access-keys", h.userHandlers.CreateAccessKey)
+				usersApi.DELETE("/:username/access-keys/:accessKeyId", h.userHandlers.DeleteAccessKey)
+				usersApi.GET("/:username/policies", h.userHandlers.GetUserPolicies)
+				usersApi.PUT("/:username/policies", h.userHandlers.UpdateUserPolicies)
+			}
+
 			// File management API routes
 			filesApi := api.Group("/files")
 			{
@@ -196,22 +227,6 @@ func (h *AdminHandlers) ShowBucketDetails(c *gin.Context) {
 	c.JSON(http.StatusOK, details)
 }

-// ShowObjectStoreUsers renders the object store users management page
-func (h *AdminHandlers) ShowObjectStoreUsers(c *gin.Context) {
-	// Get object store users data from the server
-	usersData := h.getObjectStoreUsersData(c)
-
-	// Render HTML template
-	c.Header("Content-Type", "text/html")
-	usersComponent := app.ObjectStoreUsers(usersData)
-	layoutComponent := layout.Layout(c, usersComponent)
-	err := layoutComponent.Render(c.Request.Context(), c.Writer)
-	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to render template: " + err.Error()})
-		return
-	}
-}
-
 // getS3BucketsData retrieves Object Store buckets data from the server
 func (h *AdminHandlers) getS3BucketsData(c *gin.Context) dash.S3BucketsData {
 	username := c.GetString("username")
@@ -247,33 +262,6 @@ func (h *AdminHandlers) getS3BucketsData(c *gin.Context) dash.S3BucketsData {
 	}
 }

-// getObjectStoreUsersData retrieves object store users data from the server
-func (h *AdminHandlers) getObjectStoreUsersData(c *gin.Context) dash.ObjectStoreUsersData {
-	username := c.GetString("username")
-	if username == "" {
-		username = "admin"
-	}
-
-	// Get object store users
-	users, err := h.adminServer.GetObjectStoreUsers()
-	if err != nil {
-		// Return empty data on error
-		return dash.ObjectStoreUsersData{
-			Username:    username,
-			Users:       []dash.ObjectStoreUser{},
-			TotalUsers:  0,
-			LastUpdated: time.Now(),
-		}
-	}
-
-	return dash.ObjectStoreUsersData{
-		Username:    username,
-		Users:       users,
-		TotalUsers:  len(users),
-		LastUpdated: time.Now(),
-	}
-}
-
 // getAdminData retrieves admin data from the server (now uses consolidated method)
 func (h *AdminHandlers) getAdminData(c *gin.Context) dash.AdminData {
 	username := c.GetString("username")
--- a/weed/admin/handlers/user_handlers.go
+++ b/weed/admin/handlers/user_handlers.go
@@ -0,0 +1,255 @@
+package handlers
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/seaweedfs/seaweedfs/weed/admin/dash"
+	"github.com/seaweedfs/seaweedfs/weed/admin/view/app"
+	"github.com/seaweedfs/seaweedfs/weed/admin/view/layout"
+	"github.com/seaweedfs/seaweedfs/weed/glog"
+)
+
+// UserHandlers contains all the HTTP handlers for user management
+type UserHandlers struct {
+	adminServer *dash.AdminServer
+}
+
+// NewUserHandlers creates a new instance of UserHandlers
+func NewUserHandlers(adminServer *dash.AdminServer) *UserHandlers {
+	return &UserHandlers{
+		adminServer: adminServer,
+	}
+}
+
+// ShowObjectStoreUsers renders the object store users management page
+func (h *UserHandlers) ShowObjectStoreUsers(c *gin.Context) {
+	// Get object store users data from the server
+	usersData := h.getObjectStoreUsersData(c)
+
+	// Render HTML template
+	c.Header("Content-Type", "text/html")
+	usersComponent := app.ObjectStoreUsers(usersData)
+	layoutComponent := layout.Layout(c, usersComponent)
+	err := layoutComponent.Render(c.Request.Context(), c.Writer)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to render template: " + err.Error()})
+		return
+	}
+}
+
+// GetUsers returns the list of users as JSON
+func (h *UserHandlers) GetUsers(c *gin.Context) {
+	users, err := h.adminServer.GetObjectStoreUsers()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get users: " + err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"users": users})
+}
+
+// CreateUser handles user creation
+func (h *UserHandlers) CreateUser(c *gin.Context) {
+	var req dash.CreateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+		return
+	}
+
+	// Validate required fields
+	if req.Username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	user, err := h.adminServer.CreateObjectStoreUser(req)
+	if err != nil {
+		glog.Errorf("Failed to create user %s: %v", req.Username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create user: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"message": "User created successfully",
+		"user":    user,
+	})
+}
+
+// UpdateUser handles user updates
+func (h *UserHandlers) UpdateUser(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	var req dash.UpdateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+		return
+	}
+
+	user, err := h.adminServer.UpdateObjectStoreUser(username, req)
+	if err != nil {
+		glog.Errorf("Failed to update user %s: %v", username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update user: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "User updated successfully",
+		"user":    user,
+	})
+}
+
+// DeleteUser handles user deletion
+func (h *UserHandlers) DeleteUser(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	err := h.adminServer.DeleteObjectStoreUser(username)
+	if err != nil {
+		glog.Errorf("Failed to delete user %s: %v", username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete user: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "User deleted successfully",
+	})
+}
+
+// GetUserDetails returns detailed information about a specific user
+func (h *UserHandlers) GetUserDetails(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	user, err := h.adminServer.GetObjectStoreUserDetails(username)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "User not found: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, user)
+}
+
+// CreateAccessKey creates a new access key for a user
+func (h *UserHandlers) CreateAccessKey(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	accessKey, err := h.adminServer.CreateAccessKey(username)
+	if err != nil {
+		glog.Errorf("Failed to create access key for user %s: %v", username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create access key: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{
+		"message":    "Access key created successfully",
+		"access_key": accessKey,
+	})
+}
+
+// DeleteAccessKey deletes an access key for a user
+func (h *UserHandlers) DeleteAccessKey(c *gin.Context) {
+	username := c.Param("username")
+	accessKeyId := c.Param("accessKeyId")
+
+	if username == "" || accessKeyId == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username and access key ID are required"})
+		return
+	}
+
+	err := h.adminServer.DeleteAccessKey(username, accessKeyId)
+	if err != nil {
+		glog.Errorf("Failed to delete access key %s for user %s: %v", accessKeyId, username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to delete access key: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "Access key deleted successfully",
+	})
+}
+
+// GetUserPolicies returns the policies for a user
+func (h *UserHandlers) GetUserPolicies(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	policies, err := h.adminServer.GetUserPolicies(username)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to get user policies: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"policies": policies})
+}
+
+// UpdateUserPolicies updates the policies for a user
+func (h *UserHandlers) UpdateUserPolicies(c *gin.Context) {
+	username := c.Param("username")
+	if username == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Username is required"})
+		return
+	}
+
+	var req dash.UpdateUserPoliciesRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request: " + err.Error()})
+		return
+	}
+
+	err := h.adminServer.UpdateUserPolicies(username, req.Actions)
+	if err != nil {
+		glog.Errorf("Failed to update policies for user %s: %v", username, err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to update user policies: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "User policies updated successfully",
+	})
+}
+
+// getObjectStoreUsersData retrieves object store users data from the server
+func (h *UserHandlers) getObjectStoreUsersData(c *gin.Context) dash.ObjectStoreUsersData {
+	username := c.GetString("username")
+	if username == "" {
+		username = "admin"
+	}
+
+	// Get object store users
+	users, err := h.adminServer.GetObjectStoreUsers()
+	if err != nil {
+		glog.Errorf("Failed to get object store users: %v", err)
+		// Return empty data on error
+		return dash.ObjectStoreUsersData{
+			Username:    username,
+			Users:       []dash.ObjectStoreUser{},
+			TotalUsers:  0,
+			LastUpdated: time.Now(),
+		}
+	}
+
+	return dash.ObjectStoreUsersData{
+		Username:    username,
+		Users:       users,
+		TotalUsers:  len(users),
+		LastUpdated: time.Now(),
+	}
+}