8d59ef41d5
* Replace admin gin router with mux * Update layout_templ.go * Harden admin handlers * Add login CSRF handling * Fix filer copy naming conflict * address comments * address comments
215 lines
6.8 KiB
Go
215 lines
6.8 KiB
Go
package handlers
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/seaweedfs/seaweedfs/weed/admin/dash"
|
|
"github.com/seaweedfs/seaweedfs/weed/admin/view/app"
|
|
"github.com/seaweedfs/seaweedfs/weed/admin/view/layout"
|
|
"github.com/seaweedfs/seaweedfs/weed/glog"
|
|
)
|
|
|
|
// ServiceAccountHandlers contains HTTP handlers for service account management
|
|
type ServiceAccountHandlers struct {
|
|
adminServer *dash.AdminServer
|
|
}
|
|
|
|
// NewServiceAccountHandlers creates a new instance of ServiceAccountHandlers
|
|
func NewServiceAccountHandlers(adminServer *dash.AdminServer) *ServiceAccountHandlers {
|
|
return &ServiceAccountHandlers{
|
|
adminServer: adminServer,
|
|
}
|
|
}
|
|
|
|
// ShowServiceAccounts renders the service accounts management page
|
|
func (h *ServiceAccountHandlers) ShowServiceAccounts(w http.ResponseWriter, r *http.Request) {
|
|
data := h.getServiceAccountsData(r)
|
|
|
|
// Render to buffer first to avoid partial writes on error
|
|
var buf bytes.Buffer
|
|
component := app.ServiceAccounts(data)
|
|
viewCtx := layout.NewViewContext(r, dash.UsernameFromContext(r.Context()), dash.CSRFTokenFromContext(r.Context()))
|
|
layoutComponent := layout.Layout(viewCtx, component)
|
|
err := layoutComponent.Render(r.Context(), &buf)
|
|
if err != nil {
|
|
glog.Errorf("Failed to render service accounts template: %v", err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Only write to response if render succeeded
|
|
w.Header().Set("Content-Type", "text/html")
|
|
_, _ = w.Write(buf.Bytes())
|
|
}
|
|
|
|
// GetServiceAccounts returns the list of service accounts as JSON
|
|
func (h *ServiceAccountHandlers) GetServiceAccounts(w http.ResponseWriter, r *http.Request) {
|
|
parentUser := r.URL.Query().Get("parent_user")
|
|
|
|
accounts, err := h.adminServer.GetServiceAccounts(r.Context(), parentUser)
|
|
if err != nil {
|
|
glog.Errorf("Failed to get service accounts: %v", err)
|
|
writeJSONError(w, http.StatusInternalServerError, "Failed to get service accounts")
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, map[string]interface{}{"service_accounts": accounts})
|
|
}
|
|
|
|
// CreateServiceAccount handles service account creation
|
|
func (h *ServiceAccountHandlers) CreateServiceAccount(w http.ResponseWriter, r *http.Request) {
|
|
var req dash.CreateServiceAccountRequest
|
|
if err := decodeJSONBody(newJSONMaxReader(w, r), &req); err != nil {
|
|
writeJSONError(w, http.StatusBadRequest, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
if req.ParentUser == "" {
|
|
writeJSONError(w, http.StatusBadRequest, "ParentUser is required")
|
|
return
|
|
}
|
|
|
|
sa, err := h.adminServer.CreateServiceAccount(r.Context(), req)
|
|
if err != nil {
|
|
glog.Errorf("Failed to create service account for user %s: %v", req.ParentUser, err)
|
|
writeJSONError(w, http.StatusInternalServerError, "Failed to create service account")
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusCreated, map[string]interface{}{
|
|
"message": "Service account created successfully",
|
|
"service_account": sa,
|
|
})
|
|
}
|
|
|
|
// GetServiceAccountDetails returns detailed information about a service account
|
|
func (h *ServiceAccountHandlers) GetServiceAccountDetails(w http.ResponseWriter, r *http.Request) {
|
|
id := mux.Vars(r)["id"]
|
|
if id == "" {
|
|
writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
|
|
return
|
|
}
|
|
|
|
sa, err := h.adminServer.GetServiceAccountDetails(r.Context(), id)
|
|
if err != nil {
|
|
// Distinguish not-found errors from internal errors
|
|
if errors.Is(err, dash.ErrServiceAccountNotFound) {
|
|
writeJSONError(w, http.StatusNotFound, "Service account not found: "+err.Error())
|
|
} else {
|
|
glog.Errorf("Failed to get service account details for %s: %v", id, err)
|
|
writeJSONError(w, http.StatusInternalServerError, "Failed to get service account details")
|
|
}
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusOK, sa)
|
|
}
|
|
|
|
// UpdateServiceAccount handles service account updates
|
|
func (h *ServiceAccountHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Request) {
|
|
id := mux.Vars(r)["id"]
|
|
if id == "" {
|
|
writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
|
|
return
|
|
}
|
|
|
|
var req dash.UpdateServiceAccountRequest
|
|
if err := decodeJSONBody(newJSONMaxReader(w, r), &req); err != nil {
|
|
writeJSONError(w, http.StatusBadRequest, "Invalid request: "+err.Error())
|
|
return
|
|
}
|
|
|
|
sa, err := h.adminServer.UpdateServiceAccount(r.Context(), id, req)
|
|
if err != nil {
|
|
// Distinguish not-found errors from internal errors
|
|
if errors.Is(err, dash.ErrServiceAccountNotFound) {
|
|
writeJSONError(w, http.StatusNotFound, "Service account not found")
|
|
} else {
|
|
glog.Errorf("Failed to update service account %s: %v", id, err)
|
|
writeJSONError(w, http.StatusInternalServerError, "Failed to update service account")
|
|
}
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusOK, map[string]interface{}{
|
|
"message": "Service account updated successfully",
|
|
"service_account": sa,
|
|
})
|
|
}
|
|
|
|
// DeleteServiceAccount handles service account deletion
|
|
func (h *ServiceAccountHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Request) {
|
|
id := mux.Vars(r)["id"]
|
|
if id == "" {
|
|
writeJSONError(w, http.StatusBadRequest, "Service account ID is required")
|
|
return
|
|
}
|
|
|
|
err := h.adminServer.DeleteServiceAccount(r.Context(), id)
|
|
if err != nil {
|
|
// Distinguish not-found errors from internal errors
|
|
if errors.Is(err, dash.ErrServiceAccountNotFound) {
|
|
writeJSONError(w, http.StatusNotFound, "Service account not found")
|
|
} else {
|
|
glog.Errorf("Failed to delete service account %s: %v", id, err)
|
|
writeJSONError(w, http.StatusInternalServerError, "Failed to delete service account")
|
|
}
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusOK, map[string]interface{}{
|
|
"message": "Service account deleted successfully",
|
|
})
|
|
}
|
|
|
|
// getServiceAccountsData retrieves service accounts data for the template
|
|
func (h *ServiceAccountHandlers) getServiceAccountsData(r *http.Request) dash.ServiceAccountsData {
|
|
username := dash.UsernameFromContext(r.Context())
|
|
if username == "" {
|
|
username = "admin"
|
|
}
|
|
|
|
// Get all service accounts
|
|
accounts, err := h.adminServer.GetServiceAccounts(r.Context(), "")
|
|
if err != nil {
|
|
glog.Errorf("Failed to get service accounts: %v", err)
|
|
return dash.ServiceAccountsData{
|
|
Username: username,
|
|
ServiceAccounts: []dash.ServiceAccount{},
|
|
TotalAccounts: 0,
|
|
LastUpdated: time.Now(),
|
|
}
|
|
}
|
|
|
|
// Count active accounts
|
|
activeCount := 0
|
|
for _, sa := range accounts {
|
|
if sa.Status == dash.StatusActive {
|
|
activeCount++
|
|
}
|
|
}
|
|
|
|
// Get available users for dropdown
|
|
var availableUsers []string
|
|
users, err := h.adminServer.GetObjectStoreUsers(r.Context())
|
|
if err != nil {
|
|
glog.Errorf("Failed to get users for dropdown: %v", err)
|
|
} else {
|
|
for _, user := range users {
|
|
availableUsers = append(availableUsers, user.Username)
|
|
}
|
|
}
|
|
|
|
return dash.ServiceAccountsData{
|
|
Username: username,
|
|
ServiceAccounts: accounts,
|
|
TotalAccounts: len(accounts),
|
|
ActiveAccounts: activeCount,
|
|
AvailableUsers: availableUsers,
|
|
LastUpdated: time.Now(),
|
|
}
|
|
}
|