From 8396de3a9652ef84d41f5ecc5e40e47a1e70025c Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Tue, 23 May 2023 00:11:48 +0000 Subject: [PATCH] fix api crash on username missing from lcoaldb --- db.js | 7 ++++++- main.js | 4 ++-- pve.js | 17 ----------------- utils.js | 28 +++++++++++++++++++++++++++- 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/db.js b/db.js index 4edee35..9f45992 100644 --- a/db.js +++ b/db.js @@ -24,5 +24,10 @@ export function getResourceConfig() { } export function getUserConfig(username) { - return db.users[username]; + if (db.users[username]) { + return db.users[username]; + } + else { + return null; + } } \ No newline at end of file diff --git a/main.js b/main.js index 421660d..787ab97 100644 --- a/main.js +++ b/main.js @@ -6,8 +6,8 @@ import morgan from "morgan"; import api from "./package.json" assert {type: "json"}; import { pveAPIToken, listenPort, hostname, domain } from "./vars.js"; -import { checkAuth, requestPVE, handleResponse, getDiskInfo } from "./pve.js"; -import { getAllocatedResources, approveResources } from "./utils.js"; +import { requestPVE, handleResponse, getDiskInfo } from "./pve.js"; +import { checkAuth, getAllocatedResources, approveResources } from "./utils.js"; import { getUserConfig } from "./db.js"; const app = express(); diff --git a/pve.js b/pve.js index 8146a5e..d0e9aaa 100644 --- a/pve.js +++ b/pve.js @@ -1,23 +1,6 @@ import axios from 'axios'; import { pveAPI, pveAPIToken } from "./vars.js"; -export async function checkAuth(cookies, res, vmpath = null) { - let auth = false; - if (vmpath) { - let result = await requestPVE(`/${vmpath}/config`, "GET", cookies); - auth = result.status === 200; - } - else { // if no path is specified, then do a simple authentication - let result = await requestPVE("/version", "GET", cookies); - auth = result.status === 200; - } - if (!auth) { - res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version" }); - res.end(); - } - return auth; -} - export async function requestPVE(path, method, cookies, body = null, token = null) { let url = `${pveAPI}${path}`; let content = { diff --git a/utils.js b/utils.js index 700fdbe..7898fd3 100644 --- a/utils.js +++ b/utils.js @@ -1,6 +1,32 @@ -import { getUsedResources } from "./pve.js"; +import { getUsedResources, requestPVE } from "./pve.js"; import { getUserConfig, getResourceConfig } from "./db.js"; +export async function checkAuth(cookies, res, vmpath = null) { + let auth = false; + + if (getUserConfig(cookies.username) === null) { + auth = false; + res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version", error: `user ${cookies.username} not found in localdb` }); + res.end(); + return false; + } + + if (vmpath) { + let result = await requestPVE(`/${vmpath}/config`, "GET", cookies); + auth = result.status === 200; + } + else { // if no path is specified, then do a simple authentication + let result = await requestPVE("/version", "GET", cookies); + auth = result.status === 200; + } + + if (!auth) { + res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version", error: `user token did not pass authentication check` }); + res.end(); + } + return auth; +} + export async function getAllocatedResources(req, username) { let dbResources = getResourceConfig(); let used = await getUsedResources(req, dbResources);