From e032038100c6a8eb5b0ec7bdbe71fa7ab391d787 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Tue, 9 Apr 2024 21:02:41 +0000 Subject: [PATCH 1/3] update localdb backend interface, update all references to localdb backend --- src/backends/backends.js | 16 +++++++-------- src/backends/localdb.js | 42 ++++++++++++++++++++++++++++++++++---- src/backends/paasldap.js | 2 +- src/routes/cluster.js | 25 ++++++++++++++++++----- src/routes/cluster/disk.js | 21 ++++++++++++++++--- src/routes/cluster/net.js | 16 ++++++++++++--- src/routes/cluster/pci.js | 14 +++++++++++-- src/routes/cluster/user.js | 14 +++++++++++-- src/routes/sync.js | 5 ++++- src/routes/user.js | 13 ++++++++++-- src/utils.js | 18 +++++++++------- template.localdb.json | 8 ++++---- 12 files changed, 152 insertions(+), 42 deletions(-) diff --git a/src/backends/backends.js b/src/backends/backends.js index 52e0846..7d7f0b2 100644 --- a/src/backends/backends.js +++ b/src/backends/backends.js @@ -92,42 +92,42 @@ class USER_BACKEND extends BACKEND { /** * Add group to backend - * @param {{id: string}} group + * @param {{id: string}} group * @param {Object} attributes group attributes * @param {Object} params authentication params, usually req.cookies */ addGroup (group, attributes, params = null) {} /** * Get group from backend - * @param {{id: string}} group + * @param {{id: string}} group * @param {Object} params authentication params, usually req.cookies */ getGroup (group, params = null) {} /** * Modify group in backend - * @param {{id: string}} group + * @param {{id: string}} group * @param {Object} attributes new group attributes to modify * @param {Object} params authentication params, usually req.cookies */ setGroup (group, attributes, params = null) {} /** * Delete group from backend - * @param {{id: string}} group + * @param {{id: string}} group * @param {Object} params authentication params, usually req.cookies */ delGroup (group, params = null) {} /** * Add user to group - * @param {{id: string, realm: string}} user - * @param {{id: string}} group + * @param {{id: string, realm: string}} user + * @param {{id: string}} group * @param {Object} params authentication params, usually req.cookies */ addUserToGroup (user, group, params = null) {} /** * Remove user from group - * @param {{id: string, realm: string}} user - * @param {{id: string}} group + * @param {{id: string, realm: string}} user + * @param {{id: string}} group * @param {Object} params authentication params, usually req.cookies */ delUserFromGroup (user, group, params = null) {} diff --git a/src/backends/localdb.js b/src/backends/localdb.js index f7c2717..c385156 100644 --- a/src/backends/localdb.js +++ b/src/backends/localdb.js @@ -35,13 +35,15 @@ export default class LocalDB extends DB_BACKEND { writeFileSync(this.#path, JSON.stringify(this.#data)); } - addUser (username, attributes, params = null) { + addUser (user, attributes, params = null) { + const username = `${user.id}@${user.realm}`; attributes = attributes || this.#defaultuser; this.#data.users[username] = attributes; this.#save(); } - getUser (username, params = null) { + getUser (user, params = null) { + const username = `${user.id}@${user.realm}`; if (this.#data.users[username]) { return this.#data.users[username]; } @@ -50,7 +52,8 @@ export default class LocalDB extends DB_BACKEND { } } - setUser (username, attributes, params = null) { + setUser (user, attributes, params = null) { + const username = `${user.id}@${user.realm}`; if (this.#data.users[username]) { this.#data.users[username] = attributes; this.#save(); @@ -61,7 +64,8 @@ export default class LocalDB extends DB_BACKEND { } } - delUser (username, params = null) { + delUser (user, params = null) { + const username = `${user.id}@${user.realm}`; if (this.#data.users[username]) { delete this.#data.users[username]; this.#save(); @@ -71,4 +75,34 @@ export default class LocalDB extends DB_BACKEND { return false; } } + + // group methods not implemented because db backend does not store groups + addGroup (group, atrributes, params = null) {} + getGroup (group, params = null) {} + setGroup (group, attributes, params = null) {} + delGroup (group, params = null) {} + + // assume that adding to group also adds to group's pool + addUserToGroup (user, group, params = null) { + const username = `${user.id}@${user.realm}`; + if (this.#data.users[username]) { + this.#data.users[username].cluster.pools[group.id] = true; + return true; + } + else { + return false; + } + } + + // assume that adding to group also adds to group's pool + delUserFromGroup (user, group, params = null) { + const username = `${user.id}@${user.realm}`; + if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) { + delete this.#data.users[username].cluster.pools[group.id]; + return true; + } + else { + return false; + } + } } diff --git a/src/backends/paasldap.js b/src/backends/paasldap.js index a0cc714..976b81a 100644 --- a/src/backends/paasldap.js +++ b/src/backends/paasldap.js @@ -104,7 +104,7 @@ export default class PAASLDAP extends AUTH_BACKEND { async addUserToGroup (user, group, params = null) { return await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params); } - + async delUserFromGroup (user, group, params = null) { return await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params); } diff --git a/src/routes/cluster.js b/src/routes/cluster.js index 69cd384..bdbe542 100644 --- a/src/routes/cluster.js +++ b/src/routes/cluster.js @@ -28,19 +28,24 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => { const params = { node: req.params.node }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { return; } - const userNodes = db.getUser(req.cookies.username).nodes; + const userNodes = db.getUser(userObj).nodes; if (!userNodes.includes(params.node)) { res.status(401).send({ auth: false, path: params.node }); res.end(); return; } // get remaining user resources - const userAvailPci = (await getUserResources(req, req.cookies.username)).pci.nodes[params.node]; + const userAvailPci = (await getUserResources(req, userObj)).pci.nodes[params.node]; // get node avail devices let nodeAvailPci = await global.pve.getNodeAvailDevices(params.node, req.cookies); nodeAvailPci = nodeAvailPci.filter(nodeAvail => userAvailPci.some((userAvail) => { @@ -77,6 +82,11 @@ router.post(`${basePath}/resources`, async (req, res) => { swap: req.body.swap, boot: req.body.boot }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -96,7 +106,7 @@ router.post(`${basePath}/resources`, async (req, res) => { request.cpu = params.proctype; } // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: "Could not fulfil request." }); res.end(); return; @@ -154,13 +164,18 @@ router.post(`${basePath}/create`, async (req, res) => { rootfslocation: req.body.rootfslocation, rootfssize: req.body.rootfssize }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { return; } // get user db config - const user = await db.getUser(req.cookies.username); + const user = await db.getUser(userObj); const vmid = Number.parseInt(params.vmid); const vmidMin = user.cluster.vmid.min; const vmidMax = user.cluster.vmid.max; @@ -197,7 +212,7 @@ router.post(`${basePath}/create`, async (req, res) => { } } // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { // check resource approval + if (!await approveResources(req, userObj, request, params.node)) { // check resource approval res.status(500).send({ request, error: "Not enough resources to satisfy request." }); res.end(); return; diff --git a/src/routes/cluster/disk.js b/src/routes/cluster/disk.js index 107d5a9..bdb0597 100644 --- a/src/routes/cluster/disk.js +++ b/src/routes/cluster/disk.js @@ -129,6 +129,11 @@ router.post("/:disk/resize", async (req, res) => { disk: req.params.disk, size: req.body.size }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -149,7 +154,7 @@ router.post("/:disk/resize", async (req, res) => { const request = {}; request[storage] = Number(params.size * 1024 ** 3); // setup request object // check request approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` }); res.end(); return; @@ -186,6 +191,11 @@ router.post("/:disk/move", async (req, res) => { storage: req.body.storage, delete: req.body.delete }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -209,7 +219,7 @@ router.post("/:disk/move", async (req, res) => { request[dstStorage] = Number(size); // always decrease destination storage by size } // check request approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` }); res.end(); return; @@ -304,6 +314,11 @@ router.post("/:disk/create", async (req, res) => { size: req.body.size, iso: req.body.iso }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -324,7 +339,7 @@ router.post("/:disk/create", async (req, res) => { // setup request request[params.storage] = Number(params.size * 1024 ** 3); // check request approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` }); res.end(); return; diff --git a/src/routes/cluster/net.js b/src/routes/cluster/net.js index e198b8c..cdd4530 100644 --- a/src/routes/cluster/net.js +++ b/src/routes/cluster/net.js @@ -31,6 +31,11 @@ router.post("/:netid/create", async (req, res) => { rate: req.body.rate, name: req.body.name }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -54,13 +59,13 @@ router.post("/:netid/create", async (req, res) => { network: Number(params.rate) }; // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` }); res.end(); return; } // setup action - const nc = db.getUser(req.cookies.username).templates.network[params.type]; + const nc = db.getUser(userObj).templates.network[params.type]; const action = {}; if (params.type === "lxc") { action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`; @@ -98,6 +103,11 @@ router.post("/:netid/modify", async (req, res) => { netid: req.params.netid.replace("net", ""), rate: req.body.rate }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth for specific instance const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`; const auth = await checkAuth(req.cookies, res, vmpath); @@ -118,7 +128,7 @@ router.post("/:netid/modify", async (req, res) => { network: Number(params.rate) - Number(currentNetworkRate) }; // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` }); res.end(); return; diff --git a/src/routes/cluster/pci.js b/src/routes/cluster/pci.js index aa4268a..6790dbb 100644 --- a/src/routes/cluster/pci.js +++ b/src/routes/cluster/pci.js @@ -74,6 +74,11 @@ router.post("/:hostpci/modify", async (req, res) => { device: req.body.device, pcie: req.body.pcie }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check if type is qemu if (params.type !== "qemu") { res.status(500).send({ error: "Type must be qemu (vm)." }); @@ -102,7 +107,7 @@ router.post("/:hostpci/modify", async (req, res) => { const deviceData = await global.pve.getDeviceInfo(params.node, params.device); const request = { pci: deviceData.device_name }; // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` }); res.end(); return; @@ -156,6 +161,11 @@ router.post("/create", async (req, res) => { device: req.body.device, pcie: req.body.pcie }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check if type is qemu if (params.type !== "qemu") { res.status(500).send({ error: "Type must be qemu (vm)." }); @@ -182,7 +192,7 @@ router.post("/create", async (req, res) => { pci: deviceData.device_name }; // check resource approval - if (!await approveResources(req, req.cookies.username, request, params.node)) { + if (!await approveResources(req, userObj, request, params.node)) { res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` }); res.end(); return; diff --git a/src/routes/cluster/user.js b/src/routes/cluster/user.js index 151c22c..caf21f7 100644 --- a/src/routes/cluster/user.js +++ b/src/routes/cluster/user.js @@ -17,7 +17,12 @@ router.get("/dynamic/resources", async (req, res) => { if (!auth) { return; } - const resources = await getUserResources(req, req.cookies.username); + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + + const resources = await getUserResources(req, userObj); res.status(200).send(resources); }); @@ -34,6 +39,11 @@ router.get("/config/:key", async (req, res) => { const params = { key: req.params.key }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { @@ -41,7 +51,7 @@ router.get("/config/:key", async (req, res) => { } const allowKeys = ["resources", "cluster", "nodes"]; if (allowKeys.includes(params.key)) { - const config = global.db.getUser(req.cookies.username); + const config = global.db.getUser(userObj); res.status(200).send(config[params.key]); } else { diff --git a/src/routes/sync.js b/src/routes/sync.js index e1c61ac..aa46620 100644 --- a/src/routes/sync.js +++ b/src/routes/sync.js @@ -167,7 +167,10 @@ if (schemes.interrupt.enabled) { else { wsServer.handleUpgrade(req, socket, head, (socket) => { // get the user pools - const pools = global.db.getUser(cookies.username).cluster.pools; + const userRealm = cookies.username.split("@").at(-1); + const userID = cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + const pools = Object.keys(global.db.getUser(userObj).cluster.pools); // emit the connection to initialize socket wsServer.emit("connection", socket, cookies.username, pools); }); diff --git a/src/routes/user.js b/src/routes/user.js index 5e672f1..dd41de7 100644 --- a/src/routes/user.js +++ b/src/routes/user.js @@ -11,12 +11,16 @@ const getUserResources = global.utils.getUserResources; * - 401: {auth: false} */ router.get("/dynamic/resources", async (req, res) => { + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { return; } - const resources = await getUserResources(req, req.cookies.username); + const resources = await getUserResources(req, userObj); res.status(200).send(resources); }); @@ -33,6 +37,11 @@ router.get("/config/:key", async (req, res) => { const params = { key: req.params.key }; + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { @@ -40,7 +49,7 @@ router.get("/config/:key", async (req, res) => { } const allowKeys = ["resources", "cluster", "nodes"]; if (allowKeys.includes(params.key)) { - const config = global.db.getUser(req.cookies.username); + const config = global.db.getUser(userObj); res.status(200).send(config[params.key]); } else { diff --git a/src/utils.js b/src/utils.js index 21de03e..c213a15 100644 --- a/src/utils.js +++ b/src/utils.js @@ -15,7 +15,11 @@ import { exit } from "process"; export async function checkAuth (cookies, res, vmpath = null) { let auth = false; - if (global.db.getUser(cookies.username) === null) { + const userRealm = cookies.username.split("@").at(-1); + const userID = cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + + if (global.db.getUser(userObj) === null) { auth = false; res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in localdb.` }); res.end(); @@ -104,12 +108,12 @@ async function getAllInstanceConfigs (req, diskprefixes) { /** * Get user resource data including used, available, and maximum resources. * @param {Object} req ProxmoxAAS API request object. - * @param {string} username of user to get resource data. + * @param {{id: string, realm: string}} user object of user to get resource data. * @returns {{used: Object, avail: Object, max: Object, resources: Object}} used, available, maximum, and resource metadata for the specified user. */ -export async function getUserResources (req, username) { +export async function getUserResources (req, user) { const dbResources = global.config.resources; - const userResources = global.db.getUser(username).resources; + const userResources = global.db.getUser(user).resources; // setup disk prefixes object const diskprefixes = []; @@ -258,13 +262,13 @@ export async function getUserResources (req, username) { /** * Check approval for user requesting additional resources. Generally, subtracts the request from available resources and ensures request can be fulfilled by the available resources. * @param {Object} req ProxmoxAAS API request object. - * @param {string} username of user requesting additional resources. + * @param {{id: string, realm: string}} user object of user requesting additional resources. * @param {Object} request k-v pairs of resources and requested amounts * @returns {boolean} true if the available resources can fullfill the requested resources, false otherwise. */ -export async function approveResources (req, username, request, node) { +export async function approveResources (req, user, request, node) { const dbResources = global.config.resources; - const userResources = await getUserResources(req, username); + const userResources = await getUserResources(req, user); let approved = true; Object.keys(request).every((key) => { // if requested resource is not specified in user resources, assume it's not allowed diff --git a/template.localdb.json b/template.localdb.json index d20c6e3..80e23b0 100644 --- a/template.localdb.json +++ b/template.localdb.json @@ -81,10 +81,10 @@ "min": 100, "max": 199 }, - "pools": [ - "examplepool1", - "examplepool2" - ] + "pools": { + "examplepool1": true, + "examplepool2": true + } }, "templates": { "instances": { From 0a8bd87ed4ee2f8cc07eb9515fb19d26f169dc82 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Mon, 15 Apr 2024 21:52:20 +0000 Subject: [PATCH 2/3] check instance pool matches user allowed pools, update user allowed nodes format, add get user ct templates route --- src/routes/cluster.js | 16 ++++--- src/routes/cluster/user.js | 85 -------------------------------------- src/routes/user.js | 41 ++++++++++++++---- template.localdb.json | 14 +++---- 4 files changed, 52 insertions(+), 104 deletions(-) delete mode 100644 src/routes/cluster/user.js diff --git a/src/routes/cluster.js b/src/routes/cluster.js index bdbe542..1515870 100644 --- a/src/routes/cluster.js +++ b/src/routes/cluster.js @@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => { if (!auth) { return; } - const userNodes = db.getUser(userObj).nodes; - if (!userNodes.includes(params.node)) { + const userNodes = db.getUser(userObj).cluster.nodes; + if (userNodes[params.node] !== true) { res.status(401).send({ auth: false, path: params.node }); res.end(); return; @@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => { return; } // check node is within allowed list - if (!user.nodes.includes(params.node)) { - res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` }); + if (user.cluster.nodes[params.node] !== true) { + res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` }); + res.end(); + return; + } + // check if pool is in user allowed pools + if (user.cluster.pools[params.pool] !== true) { + res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` }); res.end(); return; } @@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => { vmid: params.vmid, cores: Number(params.cores), memory: Number(params.memory), - pool: params.pool // TODO allow user to select pool to assign VM + pool: params.pool }; for (const key of Object.keys(user.templates.instances[params.type])) { action[key] = user.templates.instances[params.type][key].value; diff --git a/src/routes/cluster/user.js b/src/routes/cluster/user.js deleted file mode 100644 index caf21f7..0000000 --- a/src/routes/cluster/user.js +++ /dev/null @@ -1,85 +0,0 @@ -import { Router } from "express"; -export const router = Router({ mergeParams: true }); ; - -const config = global.config; -const checkAuth = global.utils.checkAuth; -const getUserResources = global.utils.getUserResources; - -/** - * GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata - * responses: - * - 200: {avail: Object, max: Object, used: Object, resources: Object} - * - 401: {auth: false} - */ -router.get("/dynamic/resources", async (req, res) => { - // check auth - const auth = await checkAuth(req.cookies, res); - if (!auth) { - return; - } - - const userRealm = req.cookies.username.split("@").at(-1); - const userID = req.cookies.username.replace(`@${userRealm}`, ""); - const userObj = { id: userID, realm: userRealm }; - - const resources = await getUserResources(req, userObj); - res.status(200).send(resources); -}); - -/** - * GET - get db user configuration by key - * request: - * - key: string - user config key - * responses: - * - 200: Object - * - 401: {auth: false} - * - 401: {auth: false, error: string} - */ -router.get("/config/:key", async (req, res) => { - const params = { - key: req.params.key - }; - - const userRealm = req.cookies.username.split("@").at(-1); - const userID = req.cookies.username.replace(`@${userRealm}`, ""); - const userObj = { id: userID, realm: userRealm }; - - // check auth - const auth = await checkAuth(req.cookies, res); - if (!auth) { - return; - } - const allowKeys = ["resources", "cluster", "nodes"]; - if (allowKeys.includes(params.key)) { - const config = global.db.getUser(userObj); - res.status(200).send(config[params.key]); - } - else { - res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` }); - } -}); - -/** - * GET - get user accessible iso files - * response: - * - 200: Array. - * - 401: {auth: false} - */ -router.get("/iso", async (req, res) => { - // check auth - const auth = await checkAuth(req.cookies, res); - if (!auth) { - return; - } - // get user iso config - const userIsoConfig = config.useriso; - // get all isos - const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data; - const userIsos = []; - isos.forEach((iso) => { - iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, ""); - userIsos.push(iso); - }); - userIsos.sort(); - res.status(200).send(userIsos); -}); diff --git a/src/routes/user.js b/src/routes/user.js index dd41de7..53f58cd 100644 --- a/src/routes/user.js +++ b/src/routes/user.js @@ -1,6 +1,7 @@ import { Router } from "express"; export const router = Router({ mergeParams: true }); ; +const config = global.config; const checkAuth = global.utils.checkAuth; const getUserResources = global.utils.getUserResources; @@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources; * - 401: {auth: false} */ router.get("/dynamic/resources", async (req, res) => { - const userRealm = req.cookies.username.split("@").at(-1); - const userID = req.cookies.username.replace(`@${userRealm}`, ""); - const userObj = { id: userID, realm: userRealm }; - // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { return; } + + const userRealm = req.cookies.username.split("@").at(-1); + const userID = req.cookies.username.replace(`@${userRealm}`, ""); + const userObj = { id: userID, realm: userRealm }; + const resources = await getUserResources(req, userObj); res.status(200).send(resources); }); @@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => { if (!auth) { return; } - const allowKeys = ["resources", "cluster", "nodes"]; + const allowKeys = ["resources", "cluster"]; if (allowKeys.includes(params.key)) { const config = global.db.getUser(userObj); res.status(200).send(config[params.key]); @@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => { * - 200: Array. * - 401: {auth: false} */ -router.get("/iso", async (req, res) => { +router.get("/vm-isos", async (req, res) => { // check auth const auth = await checkAuth(req.cookies, res); if (!auth) { return; } // get user iso config - const userIsoConfig = global.config.useriso; + const userIsoConfig = config.useriso; // get all isos const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data; const userIsos = []; @@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => { userIsos.sort(); res.status(200).send(userIsos); }); + +/** + * GET - get user accessible container template files + * response: + * - 200: Array. + * - 401: {auth: false} + */ +router.get("/ct-templates", async (req, res) => { + // check auth + const auth = await checkAuth(req.cookies, res); + if (!auth) { + return; + } + // get user iso config + const userIsoConfig = config.useriso; + // get all isos + const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data; + const userIsos = []; + isos.forEach((iso) => { + iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, ""); + userIsos.push(iso); + }); + userIsos.sort(); + res.status(200).send(userIsos); +}); diff --git a/template.localdb.json b/template.localdb.json index 80e23b0..91e4638 100644 --- a/template.localdb.json +++ b/template.localdb.json @@ -71,19 +71,19 @@ } } }, - "nodes": [ - "example-node-0", - "example-node-1", - "example-node-2" - ], "cluster": { + "nodes": { + "example-node-0": true, + "example-node-1": true, + "example-node-2": true + }, "vmid": { "min": 100, "max": 199 }, "pools": { - "examplepool1": true, - "examplepool2": true + "example-pool-1": true, + "example-pool-2": true } }, "templates": { From f9ad56a283f879cc28a4043624e95d0d75e388a5 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Tue, 23 Apr 2024 18:56:43 +0000 Subject: [PATCH 3/3] fix instance create pool error mesage --- src/routes/cluster.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/cluster.js b/src/routes/cluster.js index 1515870..9eb48c1 100644 --- a/src/routes/cluster.js +++ b/src/routes/cluster.js @@ -193,7 +193,7 @@ router.post(`${basePath}/create`, async (req, res) => { } // check if pool is in user allowed pools if (user.cluster.pools[params.pool] !== true) { - res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` }); + res.status(500).send({ error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` }); res.end(); return; }