From 5989d86ef8b7fa4275672b0ecfcad1234a890e49 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Thu, 9 Nov 2023 18:57:52 +0000 Subject: [PATCH] add password change route --- config/template.localdb.json | 8 ++++++++ src/localdb.js | 4 ++++ src/routes/auth.js | 23 +++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/config/template.localdb.json b/config/template.localdb.json index 3d49343..5516826 100644 --- a/config/template.localdb.json +++ b/config/template.localdb.json @@ -1,4 +1,12 @@ { + "static": { + "types": { + "auth": { + "pve": "pve", + "ldap": "ldap" + } + } + }, "global": { "application": { "pveAPI": "https://pve.mydomain.example/api2/json", diff --git a/src/localdb.js b/src/localdb.js index d9c11f3..8fa2baa 100644 --- a/src/localdb.js +++ b/src/localdb.js @@ -34,6 +34,10 @@ class LocalDB { writeFileSync(this.#path, JSON.stringify(this.#data)); } + getStatic () { + return this.#data.static; + } + getGlobal () { return this.#data.global; } diff --git a/src/routes/auth.js b/src/routes/auth.js index 72fcbc8..4fb2d05 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -1,9 +1,11 @@ import { Router } from "express"; export const router = Router({ mergeParams: true }); ; +const db = global.db; const domain = global.db.domain; const checkAuth = global.utils.checkAuth; const requestPVE = global.pve.requestPVE; +const pveAPIToken = global.db.pveAPIToken; /** * GET - check authentication @@ -59,3 +61,24 @@ router.delete("/ticket", async (req, res) => { res.cookie("auth", 0, { domain, path: "/", expires: expire }); res.status(200).send({ auth: false }); }); + +router.post("/password", async (req, res) => { + const params = { + password: req.body.password, + userid: req.cookies.username + }; + const useridparsed = params.userid.split("@"); + const realmName = useridparsed[useridparsed.length - 1]; + const domains = (await requestPVE(`/access/domains`, "GET", pveAPIToken)).data.data; + const realm = domains.find((e) => e.realm === realmName); + const type = realm.type; + const types = db.getStatic().types.auth; + + if (types[type] === "pve") { + const response = await requestPVE("/access/password", "PUT", {cookies: req.cookies}, JSON.stringify(params)); + res.status(response.status).send(response.data) + } + else { + res.status(501).send({error: `Auth type ${type} not implemented yet.`}) + } +});