check instance pool matches user allowed pools,

update user allowed nodes format, add get user ct templates route
2024-04-15 21:52:20 +00:00 · 2024-04-15 21:52:20 +00:00 · 0a8bd87ed4
commit 0a8bd87ed4
parent e032038100
4 changed files with 52 additions and 104 deletions
--- a/src/routes/cluster.js
+++ b/src/routes/cluster.js
@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
 	if (!auth) {
 		return;
 	}
-	const userNodes = db.getUser(userObj).nodes;
-	if (!userNodes.includes(params.node)) {
+	const userNodes = db.getUser(userObj).cluster.nodes;
+	if (userNodes[params.node] !== true) {
 		res.status(401).send({ auth: false, path: params.node });
 		res.end();
 		return;
@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
 		return;
 	}
 	// check node is within allowed list
-	if (!user.nodes.includes(params.node)) {
-		res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
+	if (user.cluster.nodes[params.node] !== true) {
+		res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
+		res.end();
+		return;
+	}
+	// check if pool is in user allowed pools
+	if (user.cluster.pools[params.pool] !== true) {
+		res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
 		res.end();
 		return;
 	}
@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
 		vmid: params.vmid,
 		cores: Number(params.cores),
 		memory: Number(params.memory),
-		pool: params.pool // TODO allow user to select pool to assign VM
+		pool: params.pool
 	};
 	for (const key of Object.keys(user.templates.instances[params.type])) {
 		action[key] = user.templates.instances[params.type][key].value;
--- a/src/routes/cluster/user.js
+++ b/src/routes/cluster/user.js
@ -1,85 +0,0 @@
-import { Router } from "express";
-export const router = Router({ mergeParams: true }); ;
-
-const config = global.config;
-const checkAuth = global.utils.checkAuth;
-const getUserResources = global.utils.getUserResources;
-
-/**
- * GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
- * responses:
- * - 200: {avail: Object, max: Object, used: Object, resources: Object}
- * - 401: {auth: false}
- */
-router.get("/dynamic/resources", async (req, res) => {
-	// check auth
-	const auth = await checkAuth(req.cookies, res);
-	if (!auth) {
-		return;
-	}
-
-	const userRealm = req.cookies.username.split("@").at(-1);
-	const userID = req.cookies.username.replace(`@${userRealm}`, "");
-	const userObj = { id: userID, realm: userRealm };
-
-	const resources = await getUserResources(req, userObj);
-	res.status(200).send(resources);
-});
-
-/**
- * GET - get db user configuration by key
- * request:
- * - key: string - user config key
- * responses:
- * - 200: Object
- * - 401: {auth: false}
- * - 401: {auth: false, error: string}
- */
-router.get("/config/:key", async (req, res) => {
-	const params = {
-		key: req.params.key
-	};
-
-	const userRealm = req.cookies.username.split("@").at(-1);
-	const userID = req.cookies.username.replace(`@${userRealm}`, "");
-	const userObj = { id: userID, realm: userRealm };
-
-	// check auth
-	const auth = await checkAuth(req.cookies, res);
-	if (!auth) {
-		return;
-	}
-	const allowKeys = ["resources", "cluster", "nodes"];
-	if (allowKeys.includes(params.key)) {
-		const config = global.db.getUser(userObj);
-		res.status(200).send(config[params.key]);
-	}
-	else {
-		res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
-	}
-});
-
-/**
- * GET - get user accessible iso files
- * response:
- * - 200: Array.<Object>
- * - 401: {auth: false}
- */
-router.get("/iso", async (req, res) => {
-	// check auth
-	const auth = await checkAuth(req.cookies, res);
-	if (!auth) {
-		return;
-	}
-	// get user iso config
-	const userIsoConfig = config.useriso;
-	// get all isos
-	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
-	const userIsos = [];
-	isos.forEach((iso) => {
-		iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
-		userIsos.push(iso);
-	});
-	userIsos.sort();
-	res.status(200).send(userIsos);
-});
--- a/src/routes/user.js
+++ b/src/routes/user.js
@ -1,6 +1,7 @@
 import { Router } from "express";
 export const router = Router({ mergeParams: true }); ;

+const config = global.config;
 const checkAuth = global.utils.checkAuth;
 const getUserResources = global.utils.getUserResources;

@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources;
 * - 401: {auth: false}
 */
 router.get("/dynamic/resources", async (req, res) => {
-	const userRealm = req.cookies.username.split("@").at(-1);
-	const userID = req.cookies.username.replace(`@${userRealm}`, "");
-	const userObj = { id: userID, realm: userRealm };
-
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
+
+	const userRealm = req.cookies.username.split("@").at(-1);
+	const userID = req.cookies.username.replace(`@${userRealm}`, "");
+	const userObj = { id: userID, realm: userRealm };
+
 	const resources = await getUserResources(req, userObj);
 	res.status(200).send(resources);
 });
@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
 	if (!auth) {
 		return;
 	}
-	const allowKeys = ["resources", "cluster", "nodes"];
+	const allowKeys = ["resources", "cluster"];
 	if (allowKeys.includes(params.key)) {
 		const config = global.db.getUser(userObj);
 		res.status(200).send(config[params.key]);
@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
 * - 200: Array.<Object>
 * - 401: {auth: false}
 */
-router.get("/iso", async (req, res) => {
+router.get("/vm-isos", async (req, res) => {
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	// get user iso config
-	const userIsoConfig = global.config.useriso;
+	const userIsoConfig = config.useriso;
 	// get all isos
 	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
 	const userIsos = [];
@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => {
 	userIsos.sort();
 	res.status(200).send(userIsos);
 });
+
+/**
+ * GET - get user accessible container template files
+ * response:
+ * - 200: Array.<Object>
+ * - 401: {auth: false}
+ */
+router.get("/ct-templates", async (req, res) => {
+	// check auth
+	const auth = await checkAuth(req.cookies, res);
+	if (!auth) {
+		return;
+	}
+	// get user iso config
+	const userIsoConfig = config.useriso;
+	// get all isos
+	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
+	const userIsos = [];
+	isos.forEach((iso) => {
+		iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
+		userIsos.push(iso);
+	});
+	userIsos.sort();
+	res.status(200).send(userIsos);
+});
--- a/template.localdb.json
+++ b/template.localdb.json
@ -71,19 +71,19 @@
 					}
 				}
 			},
-			"nodes": [
-				"example-node-0",
-				"example-node-1",
-				"example-node-2"
-			],
 			"cluster": {
+				"nodes": {
+					"example-node-0": true,
+					"example-node-1": true,
+					"example-node-2": true
+				},
 				"vmid": {
 					"min": 100,
 					"max": 199
 				},
 				"pools": {
-					"examplepool1": true,
-					"examplepool2": true
+					"example-pool-1": true,
+					"example-pool-2": true
 				}
 			},
 			"templates": {