tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix utils.js,

Browse Source 
implement getAllUsers/getAllGroups in backends,
add paasldap realm config option
This commit is contained in:
Arthur Lu 2024-07-15 19:14:03 +00:00
parent 3b81bd20ea
commit 9f6b03db32
4 changed files with 86 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/template.config.json
View File

@ -25,7 +25,8 @@
"paasldap": { "paasldap": {
"import": "paasldap.js", "import": "paasldap.js",
"config": { "config": {
"url": "http://paasldap.mydomain.example" "url": "http://paasldap.mydomain.example",
"realm": "ldap"
} }
} }
}, },

14
src/backends/localdb.js
View File

@ -62,6 +62,16 @@ export default class LocalDB extends DB_BACKEND {
} }
} }
async getAllUsers (params = null) {
const requestingUser = params.username; // assume checkAuth has been run, which already checks that username matches PVE token
if (this.#data.users[requestingUser].cluster.admin === true) {
return this.#data.users;
}
else {
return null;
}
}
setUser (user, attributes, params = null) { setUser (user, attributes, params = null) {
if (attributes.resources && attributes.cluster && attributes.templates) { // localdb should only deal with these attributes if (attributes.resources && attributes.cluster && attributes.templates) { // localdb should only deal with these attributes
const username = `${user.id}@${user.realm}`; const username = `${user.id}@${user.realm}`;
@ -94,6 +104,10 @@ export default class LocalDB extends DB_BACKEND {
// group methods not implemented because db backend does not store groups // group methods not implemented because db backend does not store groups
addGroup (group, atrributes, params = null) {} addGroup (group, atrributes, params = null) {}
getGroup (group, params = null) {} getGroup (group, params = null) {}
getAllGroups (params = null) {
return null;
}
setGroup (group, attributes, params = null) {} setGroup (group, attributes, params = null) {}
delGroup (group, params = null) {} delGroup (group, params = null) {}

85
src/backends/paasldap.js
View File

@ -4,10 +4,12 @@ import * as setCookie from "set-cookie-parser";
export default class PAASLDAP extends AUTH_BACKEND { export default class PAASLDAP extends AUTH_BACKEND {
#url = null; #url = null;
#realm = null;
constructor (config) { constructor (config) {
super(); super();
this.#url = config.url; this.#url = config.url;
this.#realm = config.realm;
} }
/** /**
@ -45,6 +47,19 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
#handleGenericReturn (res) {
if (res.ok) { // if ok, return null
return null;
}
else { // if not ok, return error obj
return {
ok: res.ok,
status: res.status,
message: res.ok ? "" : res.data.error
};
}
}
async openSession (user, password) { async openSession (user, password) {
const username = user.id; const username = user.id;
const content = { username, password }; const content = { username, password };
@ -65,7 +80,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
return { return {
ok: false, ok: false,
status: result.status, status: result.status,
message: result.data.error.message, message: result.data.error,
cookies: [] cookies: []
}; };
} }
@ -73,16 +88,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
async addUser (user, attributes, params = null) { async addUser (user, attributes, params = null) {
const res = await this.#request(`/users/${user.id}`, "POST", params, attributes); const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
if (res.ok) { // if ok, return null return this.#handleGenericReturn(res);
return null;
}
else { // if not ok, return error obj
return {
ok: res.ok,
status: res.status,
message: res.ok ? "" : res.data.error.message
};
}
} }
async getUser (user, params = null) { async getUser (user, params = null) {
@ -98,35 +104,80 @@ export default class PAASLDAP extends AUTH_BACKEND {
} }
} }
async getAllUsers (params = null) {
if (!params) {
return null;
}
const res = await this.#request("/users", "GET", params);
if (res.ok) { // if ok, return user data
const users = res.data.users;
const usersFormatted = {};
// label each user object by user@realm
for (const user of users) {
usersFormatted[`${user.attributes.uid}@${this.#realm}`] = user;
}
return usersFormatted;
}
else { // else return null
return null;
}
}
async setUser (user, attributes, params = null) { async setUser (user, attributes, params = null) {
return await this.#request(`/users/${user.id}`, "POST", params, attributes); const res = await this.#request(`/users/${user.id}`, "POST", params, attributes);
return this.#handleGenericReturn(res);
} }
async delUser (user, params = null) { async delUser (user, params = null) {
return await this.#request(`/users/${user.id}`, "DELETE", params); const res = await this.#request(`/users/${user.id}`, "DELETE", params);
return this.#handleGenericReturn(res);
} }
async addGroup (group, attributes, params = null) { async addGroup (group, attributes, params = null) {
return await this.#request(`/groups/${group.id}`, "POST", params); const res = await this.#request(`/groups/${group.id}`, "POST", params);
return this.#handleGenericReturn(res);
} }
async getGroup (group, params = null) { async getGroup (group, params = null) {
return await this.#request(`/groups/${group.id}`, "GET", params); return await this.#request(`/groups/${group.id}`, "GET", params);
} }
async getAllGroups (params = null) {
if (!params) {
return null;
}
const res = await this.#request("/groups", "GET", params);
if (res.ok) { // if ok, return user data
const groups = res.data.groups;
const groupsFormatted = {};
// label each user object by user@realm
for (const group of groups) {
groupsFormatted[`${group.attributes.cn}@${this.#realm}`] = group;
}
return groupsFormatted;
}
else { // else return null
return null;
}
}
async setGroup (group, attributes, params = null) { async setGroup (group, attributes, params = null) {
// not implemented, LDAP groups do not have any attributes to change // not implemented, LDAP groups do not have any attributes to change
return null;
} }
async delGroup (group, params = null) { async delGroup (group, params = null) {
return await this.#request(`/groups/${group.id}`, "DELETE", params); const res = await this.#request(`/groups/${group.id}`, "DELETE", params);
return this.#handleGenericReturn(res);
} }
async addUserToGroup (user, group, params = null) { async addUserToGroup (user, group, params = null) {
return await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params); const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
return this.#handleGenericReturn(res);
} }
async delUserFromGroup (user, group, params = null) { async delUserFromGroup (user, group, params = null) {
return await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params); const res = await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
return this.#handleGenericReturn(res);
} }
} }

2
src/utils.js
View File

@ -348,7 +348,7 @@ export function getTimeLeft (timeout) {
/** /**
* Recursively import routes from target folder. * Recursively import routes from target folder.
* @param {Object} router or app object. * @param {Object} router or app object.
* @param {string} baseroute API route for each imported module. * @param {string} baseroute base route of imported modules starting from the current path.
* @param {string} target folder to import modules. * @param {string} target folder to import modules.
* @param {string} from source folder of calling module, optional for imports from the same base directory. * @param {string} from source folder of calling module, optional for imports from the same base directory.
*/ */