check instance pool matches user allowed pools,
update user allowed nodes format, add get user ct templates route
This commit is contained in:
parent
3ddd1f62d7
commit
9360f7abec
@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
|
|||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const userNodes = db.getUser(userObj).nodes;
|
const userNodes = db.getUser(userObj).cluster.nodes;
|
||||||
if (!userNodes.includes(params.node)) {
|
if (userNodes[params.node] !== true) {
|
||||||
res.status(401).send({ auth: false, path: params.node });
|
res.status(401).send({ auth: false, path: params.node });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// check node is within allowed list
|
// check node is within allowed list
|
||||||
if (!user.nodes.includes(params.node)) {
|
if (user.cluster.nodes[params.node] !== true) {
|
||||||
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
|
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
|
||||||
|
res.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// check if pool is in user allowed pools
|
||||||
|
if (user.cluster.pools[params.pool] !== true) {
|
||||||
|
res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
vmid: params.vmid,
|
vmid: params.vmid,
|
||||||
cores: Number(params.cores),
|
cores: Number(params.cores),
|
||||||
memory: Number(params.memory),
|
memory: Number(params.memory),
|
||||||
pool: params.pool // TODO allow user to select pool to assign VM
|
pool: params.pool
|
||||||
};
|
};
|
||||||
for (const key of Object.keys(user.templates.instances[params.type])) {
|
for (const key of Object.keys(user.templates.instances[params.type])) {
|
||||||
action[key] = user.templates.instances[params.type][key].value;
|
action[key] = user.templates.instances[params.type][key].value;
|
||||||
|
@ -1,85 +0,0 @@
|
|||||||
import { Router } from "express";
|
|
||||||
export const router = Router({ mergeParams: true }); ;
|
|
||||||
|
|
||||||
const config = global.config;
|
|
||||||
const checkAuth = global.utils.checkAuth;
|
|
||||||
const getUserResources = global.utils.getUserResources;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
|
|
||||||
* responses:
|
|
||||||
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
|
|
||||||
* - 401: {auth: false}
|
|
||||||
*/
|
|
||||||
router.get("/dynamic/resources", async (req, res) => {
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
const userRealm = req.cookies.username.split("@").at(-1);
|
|
||||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
|
||||||
const userObj = { id: userID, realm: userRealm };
|
|
||||||
|
|
||||||
const resources = await getUserResources(req, userObj);
|
|
||||||
res.status(200).send(resources);
|
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get db user configuration by key
|
|
||||||
* request:
|
|
||||||
* - key: string - user config key
|
|
||||||
* responses:
|
|
||||||
* - 200: Object
|
|
||||||
* - 401: {auth: false}
|
|
||||||
* - 401: {auth: false, error: string}
|
|
||||||
*/
|
|
||||||
router.get("/config/:key", async (req, res) => {
|
|
||||||
const params = {
|
|
||||||
key: req.params.key
|
|
||||||
};
|
|
||||||
|
|
||||||
const userRealm = req.cookies.username.split("@").at(-1);
|
|
||||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
|
||||||
const userObj = { id: userID, realm: userRealm };
|
|
||||||
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
const allowKeys = ["resources", "cluster", "nodes"];
|
|
||||||
if (allowKeys.includes(params.key)) {
|
|
||||||
const config = global.db.getUser(userObj);
|
|
||||||
res.status(200).send(config[params.key]);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get user accessible iso files
|
|
||||||
* response:
|
|
||||||
* - 200: Array.<Object>
|
|
||||||
* - 401: {auth: false}
|
|
||||||
*/
|
|
||||||
router.get("/iso", async (req, res) => {
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
// get user iso config
|
|
||||||
const userIsoConfig = config.useriso;
|
|
||||||
// get all isos
|
|
||||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
|
||||||
const userIsos = [];
|
|
||||||
isos.forEach((iso) => {
|
|
||||||
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
|
|
||||||
userIsos.push(iso);
|
|
||||||
});
|
|
||||||
userIsos.sort();
|
|
||||||
res.status(200).send(userIsos);
|
|
||||||
});
|
|
@ -1,6 +1,7 @@
|
|||||||
import { Router } from "express";
|
import { Router } from "express";
|
||||||
export const router = Router({ mergeParams: true }); ;
|
export const router = Router({ mergeParams: true }); ;
|
||||||
|
|
||||||
|
const config = global.config;
|
||||||
const checkAuth = global.utils.checkAuth;
|
const checkAuth = global.utils.checkAuth;
|
||||||
const getUserResources = global.utils.getUserResources;
|
const getUserResources = global.utils.getUserResources;
|
||||||
|
|
||||||
@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources;
|
|||||||
* - 401: {auth: false}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
router.get("/dynamic/resources", async (req, res) => {
|
router.get("/dynamic/resources", async (req, res) => {
|
||||||
const userRealm = req.cookies.username.split("@").at(-1);
|
|
||||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
|
||||||
const userObj = { id: userID, realm: userRealm };
|
|
||||||
|
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
const resources = await getUserResources(req, userObj);
|
const resources = await getUserResources(req, userObj);
|
||||||
res.status(200).send(resources);
|
res.status(200).send(resources);
|
||||||
});
|
});
|
||||||
@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
|
|||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const allowKeys = ["resources", "cluster", "nodes"];
|
const allowKeys = ["resources", "cluster"];
|
||||||
if (allowKeys.includes(params.key)) {
|
if (allowKeys.includes(params.key)) {
|
||||||
const config = global.db.getUser(userObj);
|
const config = global.db.getUser(userObj);
|
||||||
res.status(200).send(config[params.key]);
|
res.status(200).send(config[params.key]);
|
||||||
@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
|
|||||||
* - 200: Array.<Object>
|
* - 200: Array.<Object>
|
||||||
* - 401: {auth: false}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
router.get("/iso", async (req, res) => {
|
router.get("/vm-isos", async (req, res) => {
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// get user iso config
|
// get user iso config
|
||||||
const userIsoConfig = global.config.useriso;
|
const userIsoConfig = config.useriso;
|
||||||
// get all isos
|
// get all isos
|
||||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
||||||
const userIsos = [];
|
const userIsos = [];
|
||||||
@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => {
|
|||||||
userIsos.sort();
|
userIsos.sort();
|
||||||
res.status(200).send(userIsos);
|
res.status(200).send(userIsos);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* GET - get user accessible container template files
|
||||||
|
* response:
|
||||||
|
* - 200: Array.<Object>
|
||||||
|
* - 401: {auth: false}
|
||||||
|
*/
|
||||||
|
router.get("/ct-templates", async (req, res) => {
|
||||||
|
// check auth
|
||||||
|
const auth = await checkAuth(req.cookies, res);
|
||||||
|
if (!auth) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// get user iso config
|
||||||
|
const userIsoConfig = config.useriso;
|
||||||
|
// get all isos
|
||||||
|
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
|
||||||
|
const userIsos = [];
|
||||||
|
isos.forEach((iso) => {
|
||||||
|
iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
|
||||||
|
userIsos.push(iso);
|
||||||
|
});
|
||||||
|
userIsos.sort();
|
||||||
|
res.status(200).send(userIsos);
|
||||||
|
});
|
||||||
|
@ -71,19 +71,19 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nodes": [
|
|
||||||
"example-node-0",
|
|
||||||
"example-node-1",
|
|
||||||
"example-node-2"
|
|
||||||
],
|
|
||||||
"cluster": {
|
"cluster": {
|
||||||
|
"nodes": {
|
||||||
|
"example-node-0": true,
|
||||||
|
"example-node-1": true,
|
||||||
|
"example-node-2": true
|
||||||
|
},
|
||||||
"vmid": {
|
"vmid": {
|
||||||
"min": 100,
|
"min": 100,
|
||||||
"max": 199
|
"max": 199
|
||||||
},
|
},
|
||||||
"pools": {
|
"pools": {
|
||||||
"examplepool1": true,
|
"example-pool-1": true,
|
||||||
"examplepool2": true
|
"example-pool-2": true
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"templates": {
|
"templates": {
|
||||||
|
Loading…
Reference in New Issue
Block a user