tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix various formatting,

Browse Source 
add interface for generic backends,
add interfaces for DB and AUTH type backends,
implement basic user password change method
This commit is contained in:
Arthur Lu 2024-01-09 00:47:33 +00:00
parent 18590011cc
commit 68f92493b7
11 changed files with 156 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/backends/backends.js
View File

@ -26,3 +26,39 @@ export default async () => {
global.auth[e] = backends[global.auth[e]]; global.auth[e] = backends[global.auth[e]];
}); });
}; };
/**
* Interface for all backend types. Contains only two methods for opening and closing a session with the backend.
* Users will recieve tokens from all backends when first authenticating and will delete tokens when logging out.
*/
export class BACKEND {
/**
* Opens a session with the backend and creates session tokens if needed
* @param {Object} credentials object containing username and password fields
* @returns {Object[]} list of session token objects with token name and value
*/
openSession (credentials) {}
/**
* Closes an opened session with the backend if needed
* @param {*} token list of session token objects with token name and value
* @returns {Boolean} true if session was closed successfully, false otherwise
*/
closeSesssion (tokens) {}
}
/**
* Interface for user database backends.
*/
export class DB_BACKEND extends BACKEND {
addUser (username, config = null) {}
getUser (username) {}
setUser (username, config) {}
deluser (username) {}
}
/**
* Interface for user auth backends.
*/
export class AUTH_BACKEND extends BACKEND{
modUser (username, attributes, params = null) {}
}

11
src/backends/localdb.js
View File

@ -1,11 +1,14 @@
import { readFileSync, writeFileSync } from "fs"; import { readFileSync, writeFileSync } from "fs";
import { exit } from "process"; import { exit } from "process";
import { DB_BACKEND } from "./backends.js";
export default class LocalDB { export default class LocalDB extends DB_BACKEND {
#path = null; #path = null;
#data = null; #data = null;
#defaultuser = null; #defaultuser = null;
constructor (config) { constructor (config) {
super();
const path = config.dbfile; const path = config.dbfile;
try { try {
this.#path = path; this.#path = path;
@ -13,7 +16,7 @@ export default class LocalDB {
this.#defaultuser = global.config.defaultuser; this.#defaultuser = global.config.defaultuser;
} }
catch { catch {
console.log(`Error: ${path} was not found. Please follow the directions in the README to initialize localdb.json.`); console.log(`error: ${path} was not found. Please follow the directions in the README to initialize localdb.json.`);
exit(1); exit(1);
} }
} }
@ -32,6 +35,10 @@ export default class LocalDB {
writeFileSync(this.#path, JSON.stringify(this.#data)); writeFileSync(this.#path, JSON.stringify(this.#data));
} }
openSession (credentials) { return [] }
closeSesssion (tokens) {return true }
addUser (username, config = null) { addUser (username, config = null) {
config = config || this.#defaultuser; config = config || this.#defaultuser;
this.#data.users[username] = config; this.#data.users[username] = config;

52
src/backends/paasldap.js
View File

@ -1,3 +1,53 @@
export default class PAASLDAP { import axios from "axios";
import { AUTH_BACKEND } from "./backends.js";
export default class PAASLDAP extends AUTH_BACKEND {
#url = null;
constructor (config) {
super();
this.#url = config.url;
}
/**
* Send HTTP request to paas-LDAP API.
* @param {*} path HTTP path, prepended with the paas-LDAP API base url
* @param {*} method HTTP method
* @param {*} body body parameters and data to be sent. Optional.
* @returns {Object} HTTP response object or HTTP error object.
*/
async #request (path, method, auth = null, body = null) {
const url = `${this.#url}${path}`;
const content = {
method,
mode: "cors",
credentials: "include",
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
data: body
};
if (auth) {
content.data.binduser = auth.binduser;
content.data.bindpass = auth.bindpass;
}
try {
return await axios.request(url, content);
}
catch (error) {
error.ok = false;
error.status = 500;
error.data = {
error: error.code
};
return error;
}
}
async modUser (userid, attributes, params = null) {
const bind = { binduser: params.binduser, bindpass: params.bindpass };
return await this.#request(`/users/${userid}`, "POST", bind, attributes);
}
} }

13
src/backends/pve.js
View File

@ -13,7 +13,7 @@ export default class PVE {
/** /**
* Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation. * Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation.
* @param {string} path HTTP path, prepended with the proxmox API base path. * @param {string} path HTTP path, prepended with the proxmox API base url.
* @param {string} method HTTP method. * @param {string} method HTTP method.
* @param {Object} auth authentication method. Set auth.cookies with user cookies or auth.token with PVE API Token. Optional. * @param {Object} auth authentication method. Set auth.cookies with user cookies or auth.token with PVE API Token. Optional.
* @param {string} body body parameters and data to be sent. Optional. * @param {string} body body parameters and data to be sent. Optional.
@ -27,7 +27,8 @@ export default class PVE {
credentials: "include", credentials: "include",
headers: { headers: {
"Content-Type": "application/x-www-form-urlencoded" "Content-Type": "application/x-www-form-urlencoded"
} },
data: body
}; };
if (auth && auth.cookies) { if (auth && auth.cookies) {
@ -35,12 +36,8 @@ export default class PVE {
content.headers.Cookie = `PVEAuthCookie=${auth.cookies.PVEAuthCookie}; CSRFPreventionToken=${auth.cookies.CSRFPreventionToken}`; content.headers.Cookie = `PVEAuthCookie=${auth.cookies.PVEAuthCookie}; CSRFPreventionToken=${auth.cookies.CSRFPreventionToken}`;
} }
else if (auth && auth.token) { else if (auth && auth.token) {
auth.token = this.#pveAPIToken; const token = this.#pveAPIToken;
content.headers.Authorization = `PVEAPIToken=${auth.token.user}@${auth.token.realm}!${auth.token.id}=${auth.token.uuid}`; content.headers.Authorization = `PVEAPIToken=${token.user}@${token.realm}!${token.id}=${token.uuid}`;
}
if (body) {
content.data = JSON.parse(body);
} }
try { try {

47
src/routes/auth.js
View File

@ -27,7 +27,8 @@ router.get("/", async (req, res) => {
* - 401: {auth: false} * - 401: {auth: false}
*/ */
router.post("/ticket", async (req, res) => { router.post("/ticket", async (req, res) => {
const response = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body)); const body = JSON.parse(JSON.stringify(req.body));
const response = await global.pve.requestPVE("/access/ticket", "POST", null, body);
if (!(response.status === 200)) { if (!(response.status === 200)) {
res.status(response.status).send({ auth: false }); res.status(response.status).send({ auth: false });
res.end(); res.end();
@ -60,26 +61,48 @@ router.delete("/ticket", async (req, res) => {
res.status(200).send({ auth: false }); res.status(200).send({ auth: false });
}); });
/**
* POST - change user password
* request:
* - binduser: string
* - bindpass: string
* - username: string
* - password: string
* responses:
* - PAAS-LDAP API response
*/
router.post("/password", async (req, res) => { router.post("/password", async (req, res) => {
const params = { const params = {
password: req.body.password, binduser: req.body.binduser,
userid: req.cookies.username bindpass: req.body.bindpass,
username: req.body.username,
password: req.body.password
}; };
const userRealm = params.userid.split("@").at(-1); const userRealm = params.username.split("@").at(-1);
const domains = (await global.pve.requestPVE("/access/domains", "GET", { token: true })).data.data; const domains = (await global.pve.requestPVE("/access/domains", "GET", { token: true })).data.data;
const realm = domains.find((e) => e.realm === userRealm); const realm = domains.find((e) => e.realm === userRealm);
const authHandlers = global.config.handlers.auth; const authHandlers = global.config.handlers.auth;
const handlerType = authHandlers[realm.type];
if (handlerType === "pve") { if (realm.type in authHandlers) {
const response = await global.pve.requestPVE("/access/password", "PUT", { cookies: req.cookies }, JSON.stringify(params)); const handler = authHandlers[realm.type];
res.status(response.status).send(response.data); const userID = params.username.replace(`@${realm.realm}`, "");
} const newAttributes = {
else if (handlerType === "paasldap") { userpassword: params.password
res.status(501).send({ error: `Auth type ${handlerType} not implemented yet.` }); };
const bindParams = {
binduser: params.binduser,
bindpass: params.bindpass
};
const response = await handler.modUser(userID, newAttributes, bindParams);
if (response.ok) {
res.status(response.status).send();
} }
else { else {
res.status(501).send({ error: `Auth type ${handlerType} not implemented yet.` }); res.status(response.status).send({error: response.data.error});
}
}
else {
res.status(501).send({ error: `Auth type ${realm.type} not implemented yet.` });
} }
}); });

6
src/routes/cluster.js
View File

@ -102,7 +102,7 @@ router.post(`${basePath}/resources`, async (req, res) => {
return; return;
} }
// setup action // setup action
let action = { cores: params.cores, memory: params.memory }; const action = { cores: params.cores, memory: params.memory };
if (params.type === "lxc") { if (params.type === "lxc") {
action.swap = Number(params.swap); action.swap = Number(params.swap);
} }
@ -110,7 +110,6 @@ router.post(`${basePath}/resources`, async (req, res) => {
action.cpu = params.proctype; action.cpu = params.proctype;
action.boot = `order=${params.boot.toString().replaceAll(",", ";")};`; action.boot = `order=${params.boot.toString().replaceAll(",", ";")};`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -203,7 +202,7 @@ router.post(`${basePath}/create`, async (req, res) => {
return; return;
} }
// setup action by adding non resource values // setup action by adding non resource values
let action = { const action = {
vmid: params.vmid, vmid: params.vmid,
cores: Number(params.cores), cores: Number(params.cores),
memory: Number(params.memory), memory: Number(params.memory),
@ -223,7 +222,6 @@ router.post(`${basePath}/create`, async (req, res) => {
else { else {
action.name = params.name; action.name = params.name;
} }
action = JSON.stringify(action);
// commit action // commit action
const result = await global.pve.requestPVE(`/nodes/${params.node}/${params.type}`, "POST", { token: true }, action); const result = await global.pve.requestPVE(`/nodes/${params.node}/${params.type}`, "POST", { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);

15
src/routes/cluster/disk.js
View File

@ -45,7 +45,7 @@ router.post("/:disk/detach", async (req, res) => {
res.end(); res.end();
return; return;
} }
const action = JSON.stringify({ delete: params.disk }); const action = { delete: params.disk };
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
@ -97,9 +97,8 @@ router.post("/:disk/attach", async (req, res) => {
return; return;
} }
// setup action using source disk info from vm config // setup action using source disk info from vm config
let action = {}; const action = {};
action[params.disk] = config[`unused${params.source}`]; action[params.disk] = config[`unused${params.source}`];
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -156,7 +155,7 @@ router.post("/:disk/resize", async (req, res) => {
return; return;
} }
// action approved, commit to action // action approved, commit to action
const action = JSON.stringify({ disk: params.disk, size: `+${params.size}G` }); const action = { disk: params.disk, size: `+${params.size}G` };
const result = await global.pve.requestPVE(`${vmpath}/resize`, "PUT", { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/resize`, "PUT", { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
}); });
@ -216,14 +215,13 @@ router.post("/:disk/move", async (req, res) => {
return; return;
} }
// create action // create action
let action = { storage: params.storage, delete: params.delete }; const action = { storage: params.storage, delete: params.delete };
if (params.type === "qemu") { if (params.type === "qemu") {
action.disk = params.disk; action.disk = params.disk;
} }
else { else {
action.volume = params.disk; action.volume = params.disk;
} }
action = JSON.stringify(action);
const route = params.type === "qemu" ? "move_disk" : "move_volume"; const route = params.type === "qemu" ? "move_disk" : "move_volume";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/${route}`, "POST", { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/${route}`, "POST", { token: true }, action);
@ -272,7 +270,7 @@ router.delete("/:disk/delete", async (req, res) => {
return; return;
} }
// create action // create action
const action = JSON.stringify({ delete: params.disk }); const action = { delete: params.disk };
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -340,7 +338,7 @@ router.post("/:disk/create", async (req, res) => {
} }
} }
// setup action // setup action
let action = {}; const action = {};
if (params.disk.includes("ide") && params.iso) { if (params.disk.includes("ide") && params.iso) {
action[params.disk] = `${params.iso},media=cdrom`; action[params.disk] = `${params.iso},media=cdrom`;
} }
@ -350,7 +348,6 @@ router.post("/:disk/create", async (req, res) => {
else { // type is lxc, use mp and add mp and backup values else { // type is lxc, use mp and add mp and backup values
action[params.disk] = `${params.storage}:${params.size},mp=/${params.disk}/,backup=1`; action[params.disk] = `${params.storage}:${params.size},mp=/${params.disk}/,backup=1`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);

9
src/routes/cluster/net.js
View File

@ -61,14 +61,13 @@ router.post("/:netid/create", async (req, res) => {
} }
// setup action // setup action
const nc = db.getUser(req.cookies.username).templates.network[params.type]; const nc = db.getUser(req.cookies.username).templates.network[params.type];
let action = {}; const action = {};
if (params.type === "lxc") { if (params.type === "lxc") {
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`; action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
} }
else { else {
action[`net${params.netid}`] = `${nc.type},bridge=${nc.bridge},tag=${nc.vlan},rate=${params.rate}`; action[`net${params.netid}`] = `${nc.type},bridge=${nc.bridge},tag=${nc.vlan},rate=${params.rate}`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -125,9 +124,8 @@ router.post("/:netid/modify", async (req, res) => {
return; return;
} }
// setup action // setup action
let action = {}; const action = {};
action[`net${params.netid}`] = currentNetworkConfig.replace(`rate=${currentNetworkRate}`, `rate=${params.rate}`); action[`net${params.netid}`] = currentNetworkConfig.replace(`rate=${currentNetworkRate}`, `rate=${params.rate}`);
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -170,9 +168,8 @@ router.delete("/:netid/delete", async (req, res) => {
return; return;
} }
// setup action // setup action
const action = JSON.stringify({ delete: `net${params.netid}` });
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, { delete: `net${params.netid}` });
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
}); });

14
src/routes/cluster/pci.js
View File

@ -116,11 +116,10 @@ router.post("/:hostpci/modify", async (req, res) => {
} }
} }
// setup action // setup action
let action = {}; const action = {};
action[`hostpci${params.hostpci}`] = `${params.device},pcie=${params.pcie}`; action[`hostpci${params.hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action // commit action
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();
@ -196,11 +195,10 @@ router.post("/create", async (req, res) => {
return; return;
} }
// setup action // setup action
let action = {}; const action = {};
action[`hostpci${hostpci}`] = `${params.device},pcie=${params.pcie}`; action[`hostpci${hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action // commit action
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();
@ -255,9 +253,9 @@ router.delete("/:hostpci/delete", async (req, res) => {
return; return;
} }
// setup action // setup action
const action = JSON.stringify({ delete: `hostpci${params.hostpci}` }); const action = { delete: `hostpci${params.hostpci}` };
// commit action, need to use root user here because proxmox api only allows root to modify hostpci for whatever reason // commit action, need to use root user here because proxmox api only allows root to modify hostpci for whatever reason
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();

3
src/routes/proxmox.js
View File

@ -18,6 +18,7 @@ router.get("/*", async (req, res) => { // proxy endpoint for GET proxmox api wit
*/ */
router.post("/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token router.post("/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token
const path = req.url.replace("/api/proxmox", ""); const path = req.url.replace("/api/proxmox", "");
const result = await global.pve.requestPVE(path, "POST", { cookies: req.cookies }, JSON.stringify(req.body)); // need to stringify body because of other issues const body = JSON.parse(JSON.stringify(req.body));
const result = await global.pve.requestPVE(path, "POST", { cookies: req.cookies }, body); // need to stringify body because of other issues
res.status(result.status).send(result.data); res.status(result.status).send(result.data);
}); });

2
src/utils.js
View File

@ -354,7 +354,7 @@ export function readJSONFile (path) {
return JSON.parse(readFileSync(path)); return JSON.parse(readFileSync(path));
} }
catch (e) { catch (e) {
console.log(`Error: ${path} was not found.`); console.log(`error: ${path} was not found.`);
exit(1); exit(1);
} }
}; };