require params in all backend calls

This commit is contained in:
Arthur Lu 2024-07-23 18:08:36 +00:00
parent 9f6b03db32
commit 783bc37c94
8 changed files with 61 additions and 60 deletions

View File

@ -66,7 +66,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
addUser (user, attributes, params = null) {} addUser (user, attributes, params) {}
/** /**
* Get user from backend * Get user from backend
@ -74,14 +74,14 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {Object} containing user data from this backend, null if user does not exist * @returns {Object} containing user data from this backend, null if user does not exist
*/ */
getUser (user, params = null) {} getUser (user, params) {}
/** /**
* Get all users from backend * Get all users from backend
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {Array} containing each user data from this backend * @returns {Array} containing each user data from this backend
*/ */
getAllUsers (params = null) {} getAllUsers (params) {}
/** /**
* Modify user in backend * Modify user in backend
@ -90,7 +90,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
setUser (user, attributes, params = null) {} setUser (user, attributes, params) {}
/** /**
* Delete user from backend * Delete user from backend
@ -98,7 +98,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
delUser (user, params = null) {} delUser (user, params) {}
/** /**
* Add group to backend * Add group to backend
@ -107,7 +107,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
addGroup (group, attributes, params = null) {} addGroup (group, attributes, params) {}
/** /**
* Get group from backend * Get group from backend
@ -115,14 +115,14 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {Object} containing group data from this backend, null if user does not exist * @returns {Object} containing group data from this backend, null if user does not exist
*/ */
getGroup (group, params = null) {} getGroup (group, params) {}
/** /**
* Get all users from backend * Get all users from backend
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {Array} containing each group data from this backend * @returns {Array} containing each group data from this backend
*/ */
getAllGroups (params = null) {} getAllGroups (params) {}
/** /**
* Modify group in backend * Modify group in backend
@ -131,7 +131,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
setGroup (group, attributes, params = null) {} setGroup (group, attributes, params) {}
/** /**
* Delete group from backend * Delete group from backend
@ -139,7 +139,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
delGroup (group, params = null) {} delGroup (group, params) {}
/** /**
* Add user to group * Add user to group
@ -148,7 +148,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
addUserToGroup (user, group, params = null) {} addUserToGroup (user, group, params) {}
/** /**
* Remove user from group * Remove user from group
@ -157,7 +157,7 @@ class USER_BACKEND extends BACKEND {
* @param {Object} params authentication params, usually req.cookies * @param {Object} params authentication params, usually req.cookies
* @returns {{ok: boolean, status: number, message: string}} error object or null * @returns {{ok: boolean, status: number, message: string}} error object or null
*/ */
delUserFromGroup (user, group, params = null) {} delUserFromGroup (user, group, params) {}
} }
/** /**
@ -191,9 +191,9 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
return this.#config.realm[user.realm]; return this.#config.realm[user.realm];
} }
addUser (user, attributes, params = null) {} addUser (user, attributes, params) {}
async getUser (user, params = null) { async getUser (user, params) {
let userData = {}; let userData = {};
for (const backend of this.#config.realm[user.realm]) { for (const backend of this.#config.realm[user.realm]) {
const backendData = await global.backends[backend].getUser(user, params); const backendData = await global.backends[backend].getUser(user, params);
@ -204,7 +204,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
return userData; return userData;
} }
async getAllUsers (params = null) { async getAllUsers (params) {
const userData = {}; const userData = {};
for (const backend of this.#config.any) { for (const backend of this.#config.any) {
const backendData = await global.backends[backend].getAllUsers(params); const backendData = await global.backends[backend].getAllUsers(params);
@ -217,7 +217,7 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
return userData; return userData;
} }
async setUser (user, attributes, params = null) { async setUser (user, attributes, params) {
const results = { const results = {
ok: true, ok: true,
status: 200, status: 200,
@ -234,13 +234,13 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
return results; return results;
} }
delUser (user, params = null) {} delUser (user, params) {}
addGroup (group, attributes, params = null) {} addGroup (group, attributes, params) {}
getGroup (group, params = null) {} getGroup (group, params) {}
async getAllGroups (params = null) { async getAllGroups (params) {
const groupData = {}; const groupData = {};
for (const backend of this.#config.any) { for (const backend of this.#config.any) {
const backendData = await global.backends[backend].getAllGroups(params); const backendData = await global.backends[backend].getAllGroups(params);
@ -253,11 +253,11 @@ class USER_BACKEND_MANAGER extends USER_BACKEND {
return groupData; return groupData;
} }
setGroup (group, attributes, params = null) {} setGroup (group, attributes, params) {}
delGroup (group, params = null) {} delGroup (group, params) {}
addUserToGroup (user, group, params = null) {} addUserToGroup (user, group, params) {}
delUserFromGroup (user, group, params = null) {} delUserFromGroup (user, group, params) {}
} }

View File

@ -35,7 +35,7 @@ export default class LocalDB extends DB_BACKEND {
writeFileSync(this.#path, JSON.stringify(this.#data)); writeFileSync(this.#path, JSON.stringify(this.#data));
} }
addUser (user, attributes, params = null) { addUser (user, attributes, params) {
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) { // user already exists if (this.#data.users[username]) { // user already exists
return { return {
@ -52,17 +52,20 @@ export default class LocalDB extends DB_BACKEND {
} }
} }
getUser (user, params = null) { getUser (user, params) {
const username = `${user.id}@${user.realm}`; const requestedUser = `${user.id}@${user.realm}`;
if (this.#data.users[username]) { const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token
return this.#data.users[username]; // user can access a user's db data if they are an admin OR are requesting own data
const authorized = this.#data.users[requestingUser].cluster.admin || requestingUser === requestedUser;
if (authorized && this.#data.users[requestedUser]) {
return this.#data.users[requestedUser];
} }
else { else {
return null; return null;
} }
} }
async getAllUsers (params = null) { async getAllUsers (params) {
const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token
if (this.#data.users[requestingUser].cluster.admin === true) { if (this.#data.users[requestingUser].cluster.admin === true) {
return this.#data.users; return this.#data.users;
@ -72,7 +75,7 @@ export default class LocalDB extends DB_BACKEND {
} }
} }
setUser (user, attributes, params = null) { setUser (user, attributes, params) {
if (attributes.resources && attributes.cluster && attributes.templates) { // localdb should only deal with these attributes if (attributes.resources && attributes.cluster && attributes.templates) { // localdb should only deal with these attributes
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) { if (this.#data.users[username]) {
@ -89,7 +92,7 @@ export default class LocalDB extends DB_BACKEND {
} }
} }
delUser (user, params = null) { delUser (user, params) {
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) { if (this.#data.users[username]) {
delete this.#data.users[username]; delete this.#data.users[username];
@ -102,17 +105,16 @@ export default class LocalDB extends DB_BACKEND {
} }
// group methods not implemented because db backend does not store groups // group methods not implemented because db backend does not store groups
addGroup (group, atrributes, params = null) {} addGroup (group, atrributes, params) {}
getGroup (group, params = null) {} getGroup (group, params) {}
getAllGroups (params = null) { getAllGroups (params) {
return null; return null;
} }
setGroup (group, attributes, params) {}
setGroup (group, attributes, params = null) {} delGroup (group, params) {}
delGroup (group, params = null) {}
// assume that adding to group also adds to group's pool // assume that adding to group also adds to group's pool
addUserToGroup (user, group, params = null) { addUserToGroup (user, group, params) {
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) { if (this.#data.users[username]) {
this.#data.users[username].cluster.pools[group.id] = true; this.#data.users[username].cluster.pools[group.id] = true;
@ -124,7 +126,7 @@ export default class LocalDB extends DB_BACKEND {
} }
// assume that adding to group also adds to group's pool // assume that adding to group also adds to group's pool
delUserFromGroup (user, group, params = null) { delUserFromGroup (user, group, params) {
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) { if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) {
delete this.#data.users[username].cluster.pools[group.id]; delete this.#data.users[username].cluster.pools[group.id];

View File

@ -86,12 +86,12 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
async addUser (user, attributes, params = null) { async addUser (user, attributes, params) {
const res = await this.#request(`/users/${user.id}`, "POST", params, attributes); const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async getUser (user, params = null) { async getUser (user, params) {
if (!params) { // params required, do nothing if params are missing if (!params) { // params required, do nothing if params are missing
return null; return null;
} }
@ -104,7 +104,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
async getAllUsers (params = null) { async getAllUsers (params) {
if (!params) { if (!params) {
return null; return null;
} }
@ -123,26 +123,26 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
async setUser (user, attributes, params = null) { async setUser (user, attributes, params) {
const res = await this.#request(`/users/${user.id}`, "POST", params, attributes); const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async delUser (user, params = null) { async delUser (user, params) {
const res = await this.#request(`/users/${user.id}`, "DELETE", params); const res = await this.#request(`/users/${user.id}`, "DELETE", params);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async addGroup (group, attributes, params = null) { async addGroup (group, attributes, params) {
const res = await this.#request(`/groups/${group.id}`, "POST", params); const res = await this.#request(`/groups/${group.id}`, "POST", params);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async getGroup (group, params = null) { async getGroup (group, params) {
return await this.#request(`/groups/${group.id}`, "GET", params); return await this.#request(`/groups/${group.id}`, "GET", params);
} }
async getAllGroups (params = null) { async getAllGroups (params) {
if (!params) { if (!params) {
return null; return null;
} }
@ -161,22 +161,22 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
async setGroup (group, attributes, params = null) { async setGroup (group, attributes, params) {
// not implemented, LDAP groups do not have any attributes to change // not implemented, LDAP groups do not have any attributes to change
return null; return null;
} }
async delGroup (group, params = null) { async delGroup (group, params) {
const res = await this.#request(`/groups/${group.id}`, "DELETE", params); const res = await this.#request(`/groups/${group.id}`, "DELETE", params);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async addUserToGroup (user, group, params = null) { async addUserToGroup (user, group, params) {
const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params); const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }
async delUserFromGroup (user, group, params = null) { async delUserFromGroup (user, group, params) {
const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params); const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
return this.#handleGenericReturn(res); return this.#handleGenericReturn(res);
} }

View File

@ -35,7 +35,7 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
if (!auth) { if (!auth) {
return; return;
} }
const userNodes = (await global.userManager.getUser(userObj)).cluster.nodes; const userNodes = (await global.userManager.getUser(userObj, req.cookies)).cluster.nodes;
if (userNodes[params.node] !== true) { if (userNodes[params.node] !== true) {
res.status(401).send({ auth: false, path: params.node }); res.status(401).send({ auth: false, path: params.node });
res.end(); res.end();
@ -168,7 +168,7 @@ router.post(`${basePath}/create`, async (req, res) => {
return; return;
} }
// get user db config // get user db config
const user = await global.userManager.getUser(userObj); const user = await global.userManager.getUser(userObj, req.cookies);
const vmid = Number.parseInt(params.vmid); const vmid = Number.parseInt(params.vmid);
const vmidMin = user.cluster.vmid.min; const vmidMin = user.cluster.vmid.min;
const vmidMax = user.cluster.vmid.max; const vmidMax = user.cluster.vmid.max;

View File

@ -62,7 +62,7 @@ router.post("/:netid/create", async (req, res) => {
return; return;
} }
// setup action // setup action
const nc = (await global.userManager.getUser(userObj)).templates.network[params.type]; const nc = (await global.userManager.getUser(userObj, req.cookies)).templates.network[params.type];
const action = {}; const action = {};
if (params.type === "lxc") { if (params.type === "lxc") {
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`; action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;

View File

@ -168,7 +168,7 @@ if (schemes.interrupt.enabled) {
wsServer.handleUpgrade(req, socket, head, async (socket) => { wsServer.handleUpgrade(req, socket, head, async (socket) => {
// get the user pools // get the user pools
const userObj = global.utils.getUserObjFromUsername(cookies.username); const userObj = global.utils.getUserObjFromUsername(cookies.username);
const pools = Object.keys((await global.userManager.getUser(userObj)).cluster.pools); const pools = Object.keys((await global.userManager.getUser(userObj, cookies)).cluster.pools);
// emit the connection to initialize socket // emit the connection to initialize socket
wsServer.emit("connection", socket, cookies.username, pools); wsServer.emit("connection", socket, cookies.username, pools);
}); });

View File

@ -51,7 +51,7 @@ router.get("/config/:key", async (req, res) => {
} }
const allowKeys = ["resources", "cluster"]; const allowKeys = ["resources", "cluster"];
if (allowKeys.includes(params.key)) { if (allowKeys.includes(params.key)) {
const config = await global.userManager.getUser(userObj); const config = await global.userManager.getUser(userObj, req.cookies);
res.status(200).send(config[params.key]); res.status(200).send(config[params.key]);
} }
else { else {

View File

@ -36,7 +36,7 @@ export async function checkAuth (cookies, res, vmpath = null) {
return false; return false;
} }
if ((await global.userManager.getUser(userObj)) === null) { // check if user exists in database if ((await global.userManager.getUser(userObj, cookies)) === null) { // check if user exists in database
res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in database.` }); res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in database.` });
res.end(); res.end();
return false; return false;
@ -130,8 +130,7 @@ async function getAllInstanceConfigs (req, diskprefixes) {
*/ */
export async function getUserResources (req, user) { export async function getUserResources (req, user) {
const dbResources = global.config.resources; const dbResources = global.config.resources;
const userResources = (await global.userManager.getUser(user)).resources; const userResources = (await global.userManager.getUser(user, req.cookies)).resources;
// setup disk prefixes object // setup disk prefixes object
const diskprefixes = []; const diskprefixes = [];
for (const resourceName of Object.keys(dbResources)) { for (const resourceName of Object.keys(dbResources)) {