gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6dab90472b7683898a5f0e0685577dc7d37caf32
seaweedFS/weed/admin
History
Chris Lu 6dab90472b admin: fix access key creation UX (#8579) 
* admin: remove misleading "secret key only shown once" warning

The access key details modal already allows viewing both the access key
and secret key at any time, so the warning about the secret key only
being displayed once is incorrect and misleading.

* admin: allow specifying custom access key and secret key

Add optional access_key and secret_key fields to the create access key
API. When provided, the specified keys are used instead of generating
random ones. The UI now shows a form with optional fields when creating
a new key, with a note that leaving them blank auto-generates keys.

* admin: check access key uniqueness before creating

Access keys must be globally unique across all users since S3 auth
looks them up in a single global map. Add an explicit check using
GetUserByAccessKey before creating, so the user gets a clear error
("access key is already in use") rather than a generic store error.

* Update object_store_users_templ.go

* admin: address review feedback for access key creation

Handler:
- Use decodeJSONBody/newJSONMaxReader instead of raw json.Decode to
  enforce request size limits and handle malformed JSON properly
- Return 409 Conflict for duplicate access keys, 400 Bad Request for
  validation errors, instead of generic 500

Backend:
- Validate access key length (4-128 chars) and secret key length
  (8-128 chars) when user-provided

Frontend:
- Extract resetCreateKeyForm() helper to avoid duplicated cleanup logic
- Wire resetCreateKeyForm to accessKeysModal hidden.bs.modal event so
  form state is always cleared when modal is dismissed
- Change secret key input to type="password" with a visibility toggle

* admin: guard against nil request and handle GetUserByAccessKey errors

- Add nil check for the CreateAccessKeyRequest pointer before
  dereferencing, defaulting to an empty request (auto-generate both
  keys).
- Handle non-"not found" errors from GetUserByAccessKey explicitly
  instead of silently proceeding, so store errors (e.g. db connection
  failures) surface rather than being swallowed.

* Update object_store_users_templ.go

* admin: fix access key uniqueness check with gRPC store

GetUserByAccessKey returns a gRPC NotFound status error (not the
sentinel credential.ErrAccessKeyNotFound) when using the gRPC store,
causing the uniqueness check to fail with a spurious error.

Treat the lookup as best-effort: only reject when a user is found
(err == nil). Any error (not-found via any store, connectivity issues)
falls through to the store's own CreateAccessKey which enforces
uniqueness definitively.

* admin: fix error handling and input validation for access key creation

Backend:
- Remove access key value from the duplicate-key error message to avoid
  logging the caller-supplied identifier.

Handler:
- Handle empty POST body (io.EOF) as a valid request that auto-generates
  both keys, instead of rejecting it as malformed JSON.
- Return 404 for "not found" errors (e.g. non-existent user) instead of
  collapsing them into a 500.

Frontend:
- Add minlength/maxlength attributes matching backend constraints
  (access key 4-128, secret key 8-128).
- Call reportValidity() before submitting so invalid lengths are caught
  client-side without a round trip.

* admin: use sentinel errors and fix GetUserByAccessKey error handling

Backend (user_management.go):
- Define sentinel errors (ErrAccessKeyInUse, ErrUserNotFound,
  ErrInvalidInput) and wrap them in returned errors so callers can use
  errors.Is.
- Handle GetUserByAccessKey errors properly: check the sentinel
  credential.ErrAccessKeyNotFound first, then fall back to string
  matching for stores (gRPC) that return non-sentinel not-found errors.
  Surface unexpected errors instead of silently proceeding.

Handler (user_handlers.go):
- Replace fragile strings.Contains error matching with errors.Is
  against the new dash sentinels.

Frontend (object_store_users.templ):
- Add double-submit guard (isCreatingKey flag + button disabling) to
  prevent duplicate access key creation requests.
2026-03-09 14:03:41 -07:00
..
config
Fix maintenance worker panic and add EC integration tests (#8068)
2026-01-20 15:07:43 -08:00
dash
admin: fix access key creation UX (#8579)
2026-03-09 14:03:41 -07:00
handlers
admin: fix access key creation UX (#8579)
2026-03-09 14:03:41 -07:00
internal/httputil
Admin UI: replace gin with mux (#8420)
2026-02-23 19:11:17 -08:00
maintenance
reduce logs
2026-03-09 12:14:25 -07:00
plugin
admin: expose per-job-type detection interval in plugin UI (#8552)
2026-03-08 14:03:51 -07:00
static
admin: fix access key creation UX (#8579)
2026-03-09 14:03:41 -07:00
topology
fix: volume balance detection returns multiple tasks per run (#8559)
2026-03-08 21:34:03 -07:00
view
admin: fix access key creation UX (#8579)
2026-03-09 14:03:41 -07:00
Makefile
consistent template generation
2026-02-22 13:34:06 -08:00
README.md
Add s3tables shell and admin UI (#8172)
2026-01-30 22:57:05 -08:00
static_embed.go
Admin UI: Add message queue to admin UI (#6958)
2025-07-11 10:19:27 -07:00

README.md

SeaweedFS Admin Component

A modern web-based administration interface for SeaweedFS clusters built with Go, Gin, Templ, and Bootstrap.

Features

  • Dashboard: Real-time cluster status and metrics
  • Master Management: Monitor master nodes and leadership status
  • Volume Server Management: View volume servers, capacity, and health
  • Object Store Bucket Management: Create, delete, and manage Object Store buckets with web interface
  • S3 Tables Management: Manage table buckets, namespaces, tables, tags, and policies via the admin UI
  • System Health: Overall cluster health monitoring
  • Responsive Design: Bootstrap-based UI that works on all devices
  • Authentication: Optional user authentication with sessions
  • TLS Support: HTTPS support for production deployments

Building

Using the Admin Makefile

The admin component has its own Makefile for development and building:

# Navigate to admin directory
cd weed/admin

# View all available targets
make help

# Generate templates and build
make build

# Development mode with template watching
make dev

# Run the admin server
make run

# Clean build artifacts
make clean

Using the Root Makefile

The root SeaweedFS Makefile automatically integrates the admin component:

# From the root directory
make install          # Builds weed with admin component
make full_install     # Full build with all tags
make test            # Runs tests including admin component

# Admin-specific targets from root
make admin-generate  # Generate admin templates
make admin-build     # Build admin component
make admin-run       # Run admin server
make admin-dev       # Development mode
make admin-clean     # Clean admin artifacts

Manual Building

If you prefer to build manually:

# Install templ compiler
go install github.com/a-h/templ/cmd/templ@latest

# Generate templates
templ generate

# Build the main weed binary
cd ../../../
go build -o weed ./weed

Development

Template Development

The admin interface uses Templ for type-safe HTML templates:

# Watch for template changes and auto-regenerate
make watch

# Or manually generate templates
make generate

# Format templates
make fmt

File Structure

weed/admin/
├── Makefile              # Admin-specific build tasks
├── README.md             # This file
├── admin.go              # Main application entry point
├── dash/                 # Server and handler logic
│   ├── admin_server.go   # HTTP server setup
│   ├── handler_admin.go  # Admin dashboard handlers
│   ├── handler_auth.go   # Authentication handlers
│   └── middleware.go     # HTTP middleware
├── static/               # Static assets
│   ├── css/admin.css     # Admin-specific styles
│   └── js/admin.js       # Admin-specific JavaScript
└── view/                 # Templates
    ├── app/              # Application templates
    │   ├── admin.templ   # Main dashboard template
    │   ├── s3_buckets.templ # Object Store bucket management template
    │   ├── s3tables_*.templ # S3 Tables management templates
    │   └── *_templ.go    # Generated Go code
    └── layout/           # Layout templates
        ├── layout.templ  # Base layout template
        └── layout_templ.go # Generated Go code

Object Store Management

The admin interface includes Object Store and S3 Tables management capabilities:

  • Create/delete Object Store buckets and adjust quotas or ownership.
  • Manage S3 Tables buckets, namespaces, and tables.
  • Update S3 Tables policies and tags via the UI and API endpoints.

Usage

Basic Usage

# Start admin interface on default port (23646)
weed admin

# Start with custom configuration
weed admin -port=8080 -masters="master1:9333,master2:9333"

# Start with authentication
weed admin -adminUser=admin -adminPassword=secret123

# Start with HTTPS
weed admin -port=443 -tlsCert=/path/to/cert.pem -tlsKey=/path/to/key.pem

Configuration Options

Option Default Description
-port 23646 Admin server port
-masters localhost:9333 Comma-separated master servers
-adminUser admin Admin username (if auth enabled)
-adminPassword "" Admin password (empty = no auth)
-tlsCert "" Path to TLS certificate
-tlsKey "" Path to TLS private key

Docker Usage

# Build Docker image with admin component
make docker-build

# Run with Docker
docker run -p 23646:23646 seaweedfs/seaweedfs:latest admin -masters=host.docker.internal:9333

Development Workflow

Quick Start

# Clone and setup
git clone <seaweedfs-repo>
cd seaweedfs/weed/admin

# Install dependencies and build
make install-deps
make build

# Start development server
make dev

Making Changes

  1. Template Changes: Edit .templ files in view/

    • Templates auto-regenerate in development mode
    • Use make generate to manually regenerate

  2. Go Code Changes: Edit .go files

    • Restart the server to see changes
    • Use make build to rebuild

  3. Static Assets: Edit files in static/

    • Changes are served immediately

Testing

# Run admin component tests
make test

# Run from root directory
make admin-test

# Lint code
make lint

# Format code
make fmt

Production Deployment

Security Considerations

  1. Authentication: Always set adminPassword in production
  2. HTTPS: Use TLS certificates for encrypted connections
  3. Firewall: Restrict admin interface access to authorized networks

Example Production Setup

# Production deployment with security
weed admin \
  -port=443 \
  -masters="master1:9333,master2:9333,master3:9333" \
  -adminUser=admin \
  -adminPassword=your-secure-password \
  -tlsCert=/etc/ssl/certs/admin.crt \
  -tlsKey=/etc/ssl/private/admin.key

Monitoring

The admin interface provides endpoints for monitoring:

  • GET /health - Health check endpoint
  • GET /metrics - Prometheus metrics (if enabled)
  • GET /api/status - JSON status information

Troubleshooting

Common Issues

  1. Templates not found: Run make generate to create template files
  2. Build errors: Ensure templ is installed with make install-templ
  3. Static files not loading: Check that static/ directory exists and has proper files
  4. Connection errors: Verify master and filer addresses are correct

Debug Mode

# Enable debug logging
weed -v=2 admin

# Check generated templates
ls -la view/app/*_templ.go view/layout/*_templ.go

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests: make test
  5. Format code: make fmt
  6. Submit a pull request

Architecture

The admin component follows a clean architecture:

  • Presentation Layer: Templ templates + Bootstrap CSS
  • HTTP Layer: Gin router with middleware
  • Business Logic: Handler functions in dash/ package
  • Data Layer: Communicates with SeaweedFS masters and filers

This separation makes the code maintainable and testable.

Reference in New Issue View Git Blame Copy Permalink