check instance pool matches user allowed pools,

update user allowed nodes format,
add get user ct templates route
This commit is contained in:
Arthur Lu 2024-04-15 21:52:20 +00:00
parent 3ddd1f62d7
commit 9360f7abec
4 changed files with 52 additions and 104 deletions

View File

@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
if (!auth) {
return;
}
const userNodes = db.getUser(userObj).nodes;
if (!userNodes.includes(params.node)) {
const userNodes = db.getUser(userObj).cluster.nodes;
if (userNodes[params.node] !== true) {
res.status(401).send({ auth: false, path: params.node });
res.end();
return;
@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
return;
}
// check node is within allowed list
if (!user.nodes.includes(params.node)) {
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
if (user.cluster.nodes[params.node] !== true) {
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
res.end();
return;
}
// check if pool is in user allowed pools
if (user.cluster.pools[params.pool] !== true) {
res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
res.end();
return;
}
@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
vmid: params.vmid,
cores: Number(params.cores),
memory: Number(params.memory),
pool: params.pool // TODO allow user to select pool to assign VM
pool: params.pool
};
for (const key of Object.keys(user.templates.instances[params.type])) {
action[key] = user.templates.instances[params.type][key].value;

View File

@ -1,85 +0,0 @@
import { Router } from "express";
export const router = Router({ mergeParams: true }); ;
const config = global.config;
const checkAuth = global.utils.checkAuth;
const getUserResources = global.utils.getUserResources;
/**
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
* responses:
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
* - 401: {auth: false}
*/
router.get("/dynamic/resources", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const resources = await getUserResources(req, userObj);
res.status(200).send(resources);
});
/**
* GET - get db user configuration by key
* request:
* - key: string - user config key
* responses:
* - 200: Object
* - 401: {auth: false}
* - 401: {auth: false, error: string}
*/
router.get("/config/:key", async (req, res) => {
const params = {
key: req.params.key
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const allowKeys = ["resources", "cluster", "nodes"];
if (allowKeys.includes(params.key)) {
const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]);
}
else {
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
}
});
/**
* GET - get user accessible iso files
* response:
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/iso", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = config.useriso;
// get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
const userIsos = [];
isos.forEach((iso) => {
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
userIsos.push(iso);
});
userIsos.sort();
res.status(200).send(userIsos);
});

View File

@ -1,6 +1,7 @@
import { Router } from "express";
export const router = Router({ mergeParams: true }); ;
const config = global.config;
const checkAuth = global.utils.checkAuth;
const getUserResources = global.utils.getUserResources;
@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources;
* - 401: {auth: false}
*/
router.get("/dynamic/resources", async (req, res) => {
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const resources = await getUserResources(req, userObj);
res.status(200).send(resources);
});
@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
if (!auth) {
return;
}
const allowKeys = ["resources", "cluster", "nodes"];
const allowKeys = ["resources", "cluster"];
if (allowKeys.includes(params.key)) {
const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]);
@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/iso", async (req, res) => {
router.get("/vm-isos", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = global.config.useriso;
const userIsoConfig = config.useriso;
// get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
const userIsos = [];
@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => {
userIsos.sort();
res.status(200).send(userIsos);
});
/**
* GET - get user accessible container template files
* response:
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/ct-templates", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = config.useriso;
// get all isos
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
const userIsos = [];
isos.forEach((iso) => {
iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
userIsos.push(iso);
});
userIsos.sort();
res.status(200).send(userIsos);
});

View File

@ -71,19 +71,19 @@
}
}
},
"nodes": [
"example-node-0",
"example-node-1",
"example-node-2"
],
"cluster": {
"nodes": {
"example-node-0": true,
"example-node-1": true,
"example-node-2": true
},
"vmid": {
"min": 100,
"max": 199
},
"pools": {
"examplepool1": true,
"examplepool2": true
"example-pool-1": true,
"example-pool-2": true
}
},
"templates": {