require params in all backend calls
This commit is contained in:
parent
9f6b03db32
commit
783bc37c94
@ -66,7 +66,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
addUser (user, attributes, params = null) {}
|
||||
addUser (user, attributes, params) {}
|
||||
|
||||
/**
|
||||
* Get user from backend
|
||||
@ -74,14 +74,14 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {Object} containing user data from this backend, null if user does not exist
|
||||
*/
|
||||
getUser (user, params = null) {}
|
||||
getUser (user, params) {}
|
||||
|
||||
/**
|
||||
* Get all users from backend
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {Array} containing each user data from this backend
|
||||
*/
|
||||
getAllUsers (params = null) {}
|
||||
getAllUsers (params) {}
|
||||
|
||||
/**
|
||||
* Modify user in backend
|
||||
@ -90,7 +90,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
setUser (user, attributes, params = null) {}
|
||||
setUser (user, attributes, params) {}
|
||||
|
||||
/**
|
||||
* Delete user from backend
|
||||
@ -98,7 +98,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
delUser (user, params = null) {}
|
||||
delUser (user, params) {}
|
||||
|
||||
/**
|
||||
* Add group to backend
|
||||
@ -107,7 +107,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
addGroup (group, attributes, params = null) {}
|
||||
addGroup (group, attributes, params) {}
|
||||
|
||||
/**
|
||||
* Get group from backend
|
||||
@ -115,14 +115,14 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {Object} containing group data from this backend, null if user does not exist
|
||||
*/
|
||||
getGroup (group, params = null) {}
|
||||
getGroup (group, params) {}
|
||||
|
||||
/**
|
||||
* Get all users from backend
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {Array} containing each group data from this backend
|
||||
*/
|
||||
getAllGroups (params = null) {}
|
||||
getAllGroups (params) {}
|
||||
|
||||
/**
|
||||
* Modify group in backend
|
||||
@ -131,7 +131,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
setGroup (group, attributes, params = null) {}
|
||||
setGroup (group, attributes, params) {}
|
||||
|
||||
/**
|
||||
* Delete group from backend
|
||||
@ -139,7 +139,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
delGroup (group, params = null) {}
|
||||
delGroup (group, params) {}
|
||||
|
||||
/**
|
||||
* Add user to group
|
||||
@ -148,7 +148,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
addUserToGroup (user, group, params = null) {}
|
||||
addUserToGroup (user, group, params) {}
|
||||
|
||||
/**
|
||||
* Remove user from group
|
||||
@ -157,7 +157,7 @@ class USER_BACKEND extends BACKEND {
|
||||
* @param {Object} params authentication params, usually req.cookies
|
||||
* @returns {{ok: boolean, status: number, message: string}} error object or null
|
||||
*/
|
||||
delUserFromGroup (user, group, params = null) {}
|
||||
delUserFromGroup (user, group, params) {}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -191,9 +191,9 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
return this.#config.realm[user.realm];
|
||||
}
|
||||
|
||||
addUser (user, attributes, params = null) {}
|
||||
addUser (user, attributes, params) {}
|
||||
|
||||
async getUser (user, params = null) {
|
||||
async getUser (user, params) {
|
||||
let userData = {};
|
||||
for (const backend of this.#config.realm[user.realm]) {
|
||||
const backendData = await global.backends[backend].getUser(user, params);
|
||||
@ -204,7 +204,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
return userData;
|
||||
}
|
||||
|
||||
async getAllUsers (params = null) {
|
||||
async getAllUsers (params) {
|
||||
const userData = {};
|
||||
for (const backend of this.#config.any) {
|
||||
const backendData = await global.backends[backend].getAllUsers(params);
|
||||
@ -217,7 +217,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
return userData;
|
||||
}
|
||||
|
||||
async setUser (user, attributes, params = null) {
|
||||
async setUser (user, attributes, params) {
|
||||
const results = {
|
||||
ok: true,
|
||||
status: 200,
|
||||
@ -234,13 +234,13 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
return results;
|
||||
}
|
||||
|
||||
delUser (user, params = null) {}
|
||||
delUser (user, params) {}
|
||||
|
||||
addGroup (group, attributes, params = null) {}
|
||||
addGroup (group, attributes, params) {}
|
||||
|
||||
getGroup (group, params = null) {}
|
||||
getGroup (group, params) {}
|
||||
|
||||
async getAllGroups (params = null) {
|
||||
async getAllGroups (params) {
|
||||
const groupData = {};
|
||||
for (const backend of this.#config.any) {
|
||||
const backendData = await global.backends[backend].getAllGroups(params);
|
||||
@ -253,11 +253,11 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
|
||||
return groupData;
|
||||
}
|
||||
|
||||
setGroup (group, attributes, params = null) {}
|
||||
setGroup (group, attributes, params) {}
|
||||
|
||||
delGroup (group, params = null) {}
|
||||
delGroup (group, params) {}
|
||||
|
||||
addUserToGroup (user, group, params = null) {}
|
||||
addUserToGroup (user, group, params) {}
|
||||
|
||||
delUserFromGroup (user, group, params = null) {}
|
||||
delUserFromGroup (user, group, params) {}
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@ export default class LocalDB extends DB_BACKEND {
|
||||
writeFileSync(this.#path, JSON.stringify(this.#data));
|
||||
}
|
||||
|
||||
addUser (user, attributes, params = null) {
|
||||
addUser (user, attributes, params) {
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username]) { // user already exists
|
||||
return {
|
||||
@ -52,17 +52,20 @@ export default class LocalDB extends DB_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
getUser (user, params = null) {
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username]) {
|
||||
return this.#data.users[username];
|
||||
getUser (user, params) {
|
||||
const requestedUser = `${user.id}@${user.realm}`;
|
||||
const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token
|
||||
// user can access a user's db data if they are an admin OR are requesting own data
|
||||
const authorized = this.#data.users[requestingUser].cluster.admin || requestingUser === requestedUser;
|
||||
if (authorized && this.#data.users[requestedUser]) {
|
||||
return this.#data.users[requestedUser];
|
||||
}
|
||||
else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
async getAllUsers (params = null) {
|
||||
async getAllUsers (params) {
|
||||
const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token
|
||||
if (this.#data.users[requestingUser].cluster.admin === true) {
|
||||
return this.#data.users;
|
||||
@ -72,7 +75,7 @@ export default class LocalDB extends DB_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
setUser (user, attributes, params = null) {
|
||||
setUser (user, attributes, params) {
|
||||
if (attributes.resources && attributes.cluster && attributes.templates) { // localdb should only deal with these attributes
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username]) {
|
||||
@ -89,7 +92,7 @@ export default class LocalDB extends DB_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
delUser (user, params = null) {
|
||||
delUser (user, params) {
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username]) {
|
||||
delete this.#data.users[username];
|
||||
@ -102,17 +105,16 @@ export default class LocalDB extends DB_BACKEND {
|
||||
}
|
||||
|
||||
// group methods not implemented because db backend does not store groups
|
||||
addGroup (group, atrributes, params = null) {}
|
||||
getGroup (group, params = null) {}
|
||||
getAllGroups (params = null) {
|
||||
addGroup (group, atrributes, params) {}
|
||||
getGroup (group, params) {}
|
||||
getAllGroups (params) {
|
||||
return null;
|
||||
}
|
||||
|
||||
setGroup (group, attributes, params = null) {}
|
||||
delGroup (group, params = null) {}
|
||||
setGroup (group, attributes, params) {}
|
||||
delGroup (group, params) {}
|
||||
|
||||
// assume that adding to group also adds to group's pool
|
||||
addUserToGroup (user, group, params = null) {
|
||||
addUserToGroup (user, group, params) {
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username]) {
|
||||
this.#data.users[username].cluster.pools[group.id] = true;
|
||||
@ -124,7 +126,7 @@ export default class LocalDB extends DB_BACKEND {
|
||||
}
|
||||
|
||||
// assume that adding to group also adds to group's pool
|
||||
delUserFromGroup (user, group, params = null) {
|
||||
delUserFromGroup (user, group, params) {
|
||||
const username = `${user.id}@${user.realm}`;
|
||||
if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) {
|
||||
delete this.#data.users[username].cluster.pools[group.id];
|
||||
|
||||
@ -86,12 +86,12 @@ export default class PAASLDAP extends AUTH_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
async addUser (user, attributes, params = null) {
|
||||
async addUser (user, attributes, params) {
|
||||
const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async getUser (user, params = null) {
|
||||
async getUser (user, params) {
|
||||
if (!params) { // params required, do nothing if params are missing
|
||||
return null;
|
||||
}
|
||||
@ -104,7 +104,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
async getAllUsers (params = null) {
|
||||
async getAllUsers (params) {
|
||||
if (!params) {
|
||||
return null;
|
||||
}
|
||||
@ -123,26 +123,26 @@ export default class PAASLDAP extends AUTH_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
async setUser (user, attributes, params = null) {
|
||||
async setUser (user, attributes, params) {
|
||||
const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async delUser (user, params = null) {
|
||||
async delUser (user, params) {
|
||||
const res = await this.#request(`/users/${user.id}`, "DELETE", params);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async addGroup (group, attributes, params = null) {
|
||||
async addGroup (group, attributes, params) {
|
||||
const res = await this.#request(`/groups/${group.id}`, "POST", params);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async getGroup (group, params = null) {
|
||||
async getGroup (group, params) {
|
||||
return await this.#request(`/groups/${group.id}`, "GET", params);
|
||||
}
|
||||
|
||||
async getAllGroups (params = null) {
|
||||
async getAllGroups (params) {
|
||||
if (!params) {
|
||||
return null;
|
||||
}
|
||||
@ -161,22 +161,22 @@ export default class PAASLDAP extends AUTH_BACKEND {
|
||||
}
|
||||
}
|
||||
|
||||
async setGroup (group, attributes, params = null) {
|
||||
async setGroup (group, attributes, params) {
|
||||
// not implemented, LDAP groups do not have any attributes to change
|
||||
return null;
|
||||
}
|
||||
|
||||
async delGroup (group, params = null) {
|
||||
async delGroup (group, params) {
|
||||
const res = await this.#request(`/groups/${group.id}`, "DELETE", params);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async addUserToGroup (user, group, params = null) {
|
||||
async addUserToGroup (user, group, params) {
|
||||
const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
async delUserFromGroup (user, group, params = null) {
|
||||
async delUserFromGroup (user, group, params) {
|
||||
const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
|
||||
return this.#handleGenericReturn(res);
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
const userNodes = (await global.userManager.getUser(userObj)).cluster.nodes;
|
||||
const userNodes = (await global.userManager.getUser(userObj, req.cookies)).cluster.nodes;
|
||||
if (userNodes[params.node] !== true) {
|
||||
res.status(401).send({ auth: false, path: params.node });
|
||||
res.end();
|
||||
@ -168,7 +168,7 @@ router.post(`${basePath}/create`, async (req, res) => {
|
||||
return;
|
||||
}
|
||||
// get user db config
|
||||
const user = await global.userManager.getUser(userObj);
|
||||
const user = await global.userManager.getUser(userObj, req.cookies);
|
||||
const vmid = Number.parseInt(params.vmid);
|
||||
const vmidMin = user.cluster.vmid.min;
|
||||
const vmidMax = user.cluster.vmid.max;
|
||||
|
||||
@ -62,7 +62,7 @@ router.post("/:netid/create", async (req, res) => {
|
||||
return;
|
||||
}
|
||||
// setup action
|
||||
const nc = (await global.userManager.getUser(userObj)).templates.network[params.type];
|
||||
const nc = (await global.userManager.getUser(userObj, req.cookies)).templates.network[params.type];
|
||||
const action = {};
|
||||
if (params.type === "lxc") {
|
||||
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
|
||||
|
||||
@ -168,7 +168,7 @@ if (schemes.interrupt.enabled) {
|
||||
wsServer.handleUpgrade(req, socket, head, async (socket) => {
|
||||
// get the user pools
|
||||
const userObj = global.utils.getUserObjFromUsername(cookies.username);
|
||||
const pools = Object.keys((await global.userManager.getUser(userObj)).cluster.pools);
|
||||
const pools = Object.keys((await global.userManager.getUser(userObj, cookies)).cluster.pools);
|
||||
// emit the connection to initialize socket
|
||||
wsServer.emit("connection", socket, cookies.username, pools);
|
||||
});
|
||||
|
||||
@ -51,7 +51,7 @@ router.get("/config/:key", async (req, res) => {
|
||||
}
|
||||
const allowKeys = ["resources", "cluster"];
|
||||
if (allowKeys.includes(params.key)) {
|
||||
const config = await global.userManager.getUser(userObj);
|
||||
const config = await global.userManager.getUser(userObj, req.cookies);
|
||||
res.status(200).send(config[params.key]);
|
||||
}
|
||||
else {
|
||||
|
||||
@ -36,7 +36,7 @@ export async function checkAuth (cookies, res, vmpath = null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((await global.userManager.getUser(userObj)) === null) { // check if user exists in database
|
||||
if ((await global.userManager.getUser(userObj, cookies)) === null) { // check if user exists in database
|
||||
res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in database.` });
|
||||
res.end();
|
||||
return false;
|
||||
@ -130,8 +130,7 @@ async function getAllInstanceConfigs (req, diskprefixes) {
|
||||
*/
|
||||
export async function getUserResources (req, user) {
|
||||
const dbResources = global.config.resources;
|
||||
const userResources = (await global.userManager.getUser(user)).resources;
|
||||
|
||||
const userResources = (await global.userManager.getUser(user, req.cookies)).resources;
|
||||
// setup disk prefixes object
|
||||
const diskprefixes = [];
|
||||
for (const resourceName of Object.keys(dbResources)) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user