check instance pool matches user allowed pools,
update user allowed nodes format, add get user ct templates route
This commit is contained in:
parent
3ddd1f62d7
commit
9360f7abec
@ -38,8 +38,8 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
const userNodes = db.getUser(userObj).nodes;
|
||||
if (!userNodes.includes(params.node)) {
|
||||
const userNodes = db.getUser(userObj).cluster.nodes;
|
||||
if (userNodes[params.node] !== true) {
|
||||
res.status(401).send({ auth: false, path: params.node });
|
||||
res.end();
|
||||
return;
|
||||
@ -186,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
|
||||
return;
|
||||
}
|
||||
// check node is within allowed list
|
||||
if (!user.nodes.includes(params.node)) {
|
||||
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
|
||||
if (user.cluster.nodes[params.node] !== true) {
|
||||
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
// check if pool is in user allowed pools
|
||||
if (user.cluster.pools[params.pool] !== true) {
|
||||
res.status(500).send({ request, error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
@ -222,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
|
||||
vmid: params.vmid,
|
||||
cores: Number(params.cores),
|
||||
memory: Number(params.memory),
|
||||
pool: params.pool // TODO allow user to select pool to assign VM
|
||||
pool: params.pool
|
||||
};
|
||||
for (const key of Object.keys(user.templates.instances[params.type])) {
|
||||
action[key] = user.templates.instances[params.type][key].value;
|
||||
|
@ -1,85 +0,0 @@
|
||||
import { Router } from "express";
|
||||
export const router = Router({ mergeParams: true }); ;
|
||||
|
||||
const config = global.config;
|
||||
const checkAuth = global.utils.checkAuth;
|
||||
const getUserResources = global.utils.getUserResources;
|
||||
|
||||
/**
|
||||
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
|
||||
* responses:
|
||||
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
|
||||
* - 401: {auth: false}
|
||||
*/
|
||||
router.get("/dynamic/resources", async (req, res) => {
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
|
||||
const userRealm = req.cookies.username.split("@").at(-1);
|
||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||
const userObj = { id: userID, realm: userRealm };
|
||||
|
||||
const resources = await getUserResources(req, userObj);
|
||||
res.status(200).send(resources);
|
||||
});
|
||||
|
||||
/**
|
||||
* GET - get db user configuration by key
|
||||
* request:
|
||||
* - key: string - user config key
|
||||
* responses:
|
||||
* - 200: Object
|
||||
* - 401: {auth: false}
|
||||
* - 401: {auth: false, error: string}
|
||||
*/
|
||||
router.get("/config/:key", async (req, res) => {
|
||||
const params = {
|
||||
key: req.params.key
|
||||
};
|
||||
|
||||
const userRealm = req.cookies.username.split("@").at(-1);
|
||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||
const userObj = { id: userID, realm: userRealm };
|
||||
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
const allowKeys = ["resources", "cluster", "nodes"];
|
||||
if (allowKeys.includes(params.key)) {
|
||||
const config = global.db.getUser(userObj);
|
||||
res.status(200).send(config[params.key]);
|
||||
}
|
||||
else {
|
||||
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* GET - get user accessible iso files
|
||||
* response:
|
||||
* - 200: Array.<Object>
|
||||
* - 401: {auth: false}
|
||||
*/
|
||||
router.get("/iso", async (req, res) => {
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
// get user iso config
|
||||
const userIsoConfig = config.useriso;
|
||||
// get all isos
|
||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
||||
const userIsos = [];
|
||||
isos.forEach((iso) => {
|
||||
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
|
||||
userIsos.push(iso);
|
||||
});
|
||||
userIsos.sort();
|
||||
res.status(200).send(userIsos);
|
||||
});
|
@ -1,6 +1,7 @@
|
||||
import { Router } from "express";
|
||||
export const router = Router({ mergeParams: true }); ;
|
||||
|
||||
const config = global.config;
|
||||
const checkAuth = global.utils.checkAuth;
|
||||
const getUserResources = global.utils.getUserResources;
|
||||
|
||||
@ -11,15 +12,16 @@ const getUserResources = global.utils.getUserResources;
|
||||
* - 401: {auth: false}
|
||||
*/
|
||||
router.get("/dynamic/resources", async (req, res) => {
|
||||
const userRealm = req.cookies.username.split("@").at(-1);
|
||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||
const userObj = { id: userID, realm: userRealm };
|
||||
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
|
||||
const userRealm = req.cookies.username.split("@").at(-1);
|
||||
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||
const userObj = { id: userID, realm: userRealm };
|
||||
|
||||
const resources = await getUserResources(req, userObj);
|
||||
res.status(200).send(resources);
|
||||
});
|
||||
@ -47,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
const allowKeys = ["resources", "cluster", "nodes"];
|
||||
const allowKeys = ["resources", "cluster"];
|
||||
if (allowKeys.includes(params.key)) {
|
||||
const config = global.db.getUser(userObj);
|
||||
res.status(200).send(config[params.key]);
|
||||
@ -63,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
|
||||
* - 200: Array.<Object>
|
||||
* - 401: {auth: false}
|
||||
*/
|
||||
router.get("/iso", async (req, res) => {
|
||||
router.get("/vm-isos", async (req, res) => {
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
// get user iso config
|
||||
const userIsoConfig = global.config.useriso;
|
||||
const userIsoConfig = config.useriso;
|
||||
// get all isos
|
||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
||||
const userIsos = [];
|
||||
@ -81,3 +83,28 @@ router.get("/iso", async (req, res) => {
|
||||
userIsos.sort();
|
||||
res.status(200).send(userIsos);
|
||||
});
|
||||
|
||||
/**
|
||||
* GET - get user accessible container template files
|
||||
* response:
|
||||
* - 200: Array.<Object>
|
||||
* - 401: {auth: false}
|
||||
*/
|
||||
router.get("/ct-templates", async (req, res) => {
|
||||
// check auth
|
||||
const auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) {
|
||||
return;
|
||||
}
|
||||
// get user iso config
|
||||
const userIsoConfig = config.useriso;
|
||||
// get all isos
|
||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
|
||||
const userIsos = [];
|
||||
isos.forEach((iso) => {
|
||||
iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
|
||||
userIsos.push(iso);
|
||||
});
|
||||
userIsos.sort();
|
||||
res.status(200).send(userIsos);
|
||||
});
|
||||
|
@ -71,19 +71,19 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"nodes": [
|
||||
"example-node-0",
|
||||
"example-node-1",
|
||||
"example-node-2"
|
||||
],
|
||||
"cluster": {
|
||||
"nodes": {
|
||||
"example-node-0": true,
|
||||
"example-node-1": true,
|
||||
"example-node-2": true
|
||||
},
|
||||
"vmid": {
|
||||
"min": 100,
|
||||
"max": 199
|
||||
},
|
||||
"pools": {
|
||||
"examplepool1": true,
|
||||
"examplepool2": true
|
||||
"example-pool-1": true,
|
||||
"example-pool-2": true
|
||||
}
|
||||
},
|
||||
"templates": {
|
||||
|
Loading…
Reference in New Issue
Block a user