ProxmoxAAS-API/index.js

const express = require("express");
const bodyParser = require("body-parser");
const cookieParser = require("cookie-parser")
const cors = require("cors");
const helmet = require("helmet");
const morgan = require("morgan");
const axios = require('axios');
var api = require("./package.json");

const {pveAPI, pveAPIToken, listenPort} = require("./vars.js");
const { token } = require("morgan");
const { response } = require("express");

const app = express();
app.use(helmet());
app.use(bodyParser.urlencoded({extended: true}));
app.use(cookieParser())
app.use(cors());
app.use(morgan("combined"));


app.get("/api/version", (req, res) => {
	res.send({version: api.version});
});

app.get("/api/echo", (req, res) => {
	res.send({body: req.body, cookies: req.cookies});
});

app.get("/api/auth", async (req, res) => {
	let result = await checkAuth(req.cookies);
	res.send({auth: result});
});

app.get("/api/proxmox/*", async (req, res) => { // proxy endpoint for GET proxmox api with no token
	path = req.url.replace("/api/proxmox", "");
	let result = await requestPVE(path, "GET", req.cookies);
	res.send(result.data, result.status);
});

app.post("/api/proxmox/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token
	path = req.url.replace("/api/proxmox", "");
	let result = await requestPVE(path, "POST", req.cookies, req.body);
	res.send(result.data, result.status);
});

app.post("/api/disk/detach", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = req.body.type === "qemu" ? "POST" : "PUT";
	let result = await requestPVE(`${vmpath}/config`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/disk/attach", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = req.body.type === "qemu" ? "POST" : "PUT";
	let result = await requestPVE(`${vmpath}/config`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/disk/resize", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = "PUT";
	let result = await requestPVE(`${vmpath}/resize`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/disk/move", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;
	let route = req.body.type === "qemu" ? "move_disk" : "move_volume";

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = "POST";
	let result = await requestPVE(`${vmpath}/${route}`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/disk/delete", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = req.body.type === "qemu" ? "POST" : "PUT";
	let result = await requestPVE(`${vmpath}/config`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/disk/create", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = req.body.type === "qemu" ? "POST" : "PUT";
	let result = await requestPVE(`${vmpath}/config`, method, req.cookies, req.body.action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/resources", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let method = req.body.type === "qemu" ? "POST" : "PUT";
	action = JSON.stringify({cores: req.body.cores, memory: req.body.memory});
	let result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

app.post("/api/instance", async (req, res) => {
	let auth = await checkAuth(req.cookies);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	// do stuff
});

app.delete("/api/instance", async (req, res) => {
	let vmpath = `/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`;

	let auth = await checkAuth(req.cookies, vmpath);
	if (!auth) {
		res.send({auth: auth});
		return;
	}

	let result = await requestPVE(`${vmpath}`, "DELETE", req.cookies, null, pveAPIToken);
	result = await handleResponse(req.body.node, result);
	res.send({auth: auth, status: result.status, data: result.data.data});
});

async function checkAuth (cookies, vmpath = null) {
	if (vmpath) {
		let result = await requestPVE(`/${vmpath}/config`, "GET", cookies);
		return result.status === 200;
	}
	else { // if no path is specified, then do a simple authentication
		let result = await requestPVE("/version", "GET", cookies);
		return result.status === 200;
	}
}

async function requestPVE (path, method, cookies, body = null, token = null) {
	let url = `${pveAPI}${path}`;
	let content = {
		method: method,
		mode: "cors",
		credentials: "include",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded"
		},
	}

	if (token) {
		content.headers.Authorization = `PVEAPIToken=${token.user}@${token.realm}!${token.id}=${token.uuid}`;
	}
	else if (cookies) {
		content.headers.CSRFPreventionToken = cookies.CSRFPreventionToken;
		content.headers.Cookie = `PVEAuthCookie=${cookies.PVEAuthCookie}; CSRFPreventionToken=${cookies.CSRFPreventionToken}`;
	}

	if (body) {
		content.data = JSON.parse(body);
	}

	try {
		let response = await axios.request(url, content);
		return response;
	}
	catch (error) {
		return error.response;
	}
}

async function handleResponse (node, response) {
	const waitFor = delay => new Promise(resolve => setTimeout(resolve, delay));
	if (response.data.data) {
		let upid = response.data.data;
		while (true) {
			let taskStatus = await requestPVE(`/nodes/${node}/tasks/${upid}/status`, "GET", null, null, pveAPIToken);
			if (taskStatus.data.data.status === "stopped" && taskStatus.data.data.exitStatus === "OK") {
				return taskStatus;
			}
			else if (taskStatus.data.data.status === "stopped") {
				return taskStatus;
			}
			else {
				await waitFor(1000);
			}
		}
	}
	else {
		return response;
	}
}

app.listen(listenPort, () => {
	console.log(`proxmoxaas-api v${api.version} listening on port ${listenPort}`);
});