check instance pool matches user allowed pools,

update user allowed nodes format,
add get user ct templates route
This commit is contained in:
Arthur Lu 2024-04-15 21:52:20 +00:00
parent e032038100
commit 0a8bd87ed4
4 changed files with 52 additions and 104 deletions

View File

@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
if (!auth) { if (!auth) {
return; return;
} }
const userNodes = db.getUser(userObj).nodes; const userNodes = db.getUser(userObj).cluster.nodes;
if (!userNodes.includes(params.node)) { if (userNodes[params.node] !== true) {
res.status(401).send({ auth: false, path: params.node }); res.status(401).send({ auth: false, path: params.node });
res.end(); res.end();
return; return;
@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
return; return;
} }
// check node is within allowed list // check node is within allowed list
if (!user.nodes.includes(params.node)) { if (user.cluster.nodes[params.node] !== true) {
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` }); res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
res.end();
return;
}
// check if pool is in user allowed pools
if (user.cluster.pools[params.pool] !== true) {
res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
res.end(); res.end();
return; return;
} }
@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
vmid: params.vmid, vmid: params.vmid,
cores: Number(params.cores), cores: Number(params.cores),
memory: Number(params.memory), memory: Number(params.memory),
pool: params.pool // TODO allow user to select pool to assign VM pool: params.pool
}; };
for (const key of Object.keys(user.templates.instances[params.type])) { for (const key of Object.keys(user.templates.instances[params.type])) {
action[key] = user.templates.instances[params.type][key].value; action[key] = user.templates.instances[params.type][key].value;

View File

@ -1,85 +0,0 @@
import { Router } from "express";
export const router = Router({ mergeParams: true }); ;
const config = global.config;
const checkAuth = global.utils.checkAuth;
const getUserResources = global.utils.getUserResources;
/**
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
* responses:
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
* - 401: {auth: false}
*/
router.get("/dynamic/resources", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const resources = await getUserResources(req, userObj);
res.status(200).send(resources);
});
/**
* GET - get db user configuration by key
* request:
* - key: string - user config key
* responses:
* - 200: Object
* - 401: {auth: false}
* - 401: {auth: false, error: string}
*/
router.get("/config/:key", async (req, res) => {
const params = {
key: req.params.key
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const allowKeys = ["resources", "cluster", "nodes"];
if (allowKeys.includes(params.key)) {
const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]);
}
else {
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
}
});
/**
* GET - get user accessible iso files
* response:
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/iso", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = config.useriso;
// get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
const userIsos = [];
isos.forEach((iso) => {
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
userIsos.push(iso);
});
userIsos.sort();
res.status(200).send(userIsos);
});

View File

@ -1,6 +1,7 @@
import { Router } from "express"; import { Router } from "express";
export const router = Router({ mergeParams: true }); ; export const router = Router({ mergeParams: true }); ;
const config = global.config;
const checkAuth = global.utils.checkAuth; const checkAuth = global.utils.checkAuth;
const getUserResources = global.utils.getUserResources; const getUserResources = global.utils.getUserResources;
@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources;
* - 401: {auth: false} * - 401: {auth: false}
*/ */
router.get("/dynamic/resources", async (req, res) => { router.get("/dynamic/resources", async (req, res) => {
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth // check auth
const auth = await checkAuth(req.cookies, res); const auth = await checkAuth(req.cookies, res);
if (!auth) { if (!auth) {
return; return;
} }
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const resources = await getUserResources(req, userObj); const resources = await getUserResources(req, userObj);
res.status(200).send(resources); res.status(200).send(resources);
}); });
@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
if (!auth) { if (!auth) {
return; return;
} }
const allowKeys = ["resources", "cluster", "nodes"]; const allowKeys = ["resources", "cluster"];
if (allowKeys.includes(params.key)) { if (allowKeys.includes(params.key)) {
const config = global.db.getUser(userObj); const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]); res.status(200).send(config[params.key]);
@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
* - 200: Array.<Object> * - 200: Array.<Object>
* - 401: {auth: false} * - 401: {auth: false}
*/ */
router.get("/iso", async (req, res) => { router.get("/vm-isos", async (req, res) => {
// check auth // check auth
const auth = await checkAuth(req.cookies, res); const auth = await checkAuth(req.cookies, res);
if (!auth) { if (!auth) {
return; return;
} }
// get user iso config // get user iso config
const userIsoConfig = global.config.useriso; const userIsoConfig = config.useriso;
// get all isos // get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data; const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
const userIsos = []; const userIsos = [];
@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => {
userIsos.sort(); userIsos.sort();
res.status(200).send(userIsos); res.status(200).send(userIsos);
}); });
/**
* GET - get user accessible container template files
* response:
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/ct-templates", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = config.useriso;
// get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
const userIsos = [];
isos.forEach((iso) => {
iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
userIsos.push(iso);
});
userIsos.sort();
res.status(200).send(userIsos);
});

View File

@ -71,19 +71,19 @@
} }
} }
}, },
"nodes": [
"example-node-0",
"example-node-1",
"example-node-2"
],
"cluster": { "cluster": {
"nodes": {
"example-node-0": true,
"example-node-1": true,
"example-node-2": true
},
"vmid": { "vmid": {
"min": 100, "min": 100,
"max": 199 "max": 199
}, },
"pools": { "pools": {
"examplepool1": true, "example-pool-1": true,
"examplepool2": true "example-pool-2": true
} }
}, },
"templates": { "templates": {