add default export to db and package module,

start grouping routes by type,
use dynamic imports and express routers
This commit is contained in:
Arthur Lu 2023-07-27 20:10:46 +00:00
parent ae58a18c9a
commit aae3bb14c0
14 changed files with 1327 additions and 1191 deletions

View File

@ -1,257 +0,0 @@
import { WebSocketServer } from "ws";
import * as cookie from "cookie";
import { requestPVE } from "./pve.js";
import { checkAuth, getObjectHash, getTimeLeft } from "./utils.js";
import { db, pveAPIToken } from "./db.js";
// maps usernames to socket object(s)
const userSocketMap = {};
// maps pool ids to users
const poolUserMap = {};
// maps sockets to their requested rates
const requestedRates = {};
// stores the next queued interrupt handler
let timer = null;
// previous cluster state for interrupt handler
let prevState = {};
// target ms value
let targetMSTime = null;
export function setupClientSync (app, server, options) {
const schemes = options.schemes;
const resourceTypes = options.resourcetypes;
/**
* GET - get list of supported synchronization schemes
* responses:
* - 200 : {always: boolean, hash: boolean, interrupt: boolean}
*/
app.get("/api/sync/schemes", async (req, res) => {
res.send(schemes);
});
if (schemes.always.enabled) {
console.log("clientsync: enabled always sync");
}
// setup hash scheme
if (schemes.hash.enabled) {
/**
* GET - get hash of current cluster resources states
* Client can use this endpoint to check for cluster state changes to avoid costly data transfers to the client.
* responses:
* - 401: {auth: false}
* - 200: string
*/
app.get("/api/sync/hash", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get current cluster resources
const status = (await requestPVE("/cluster/resources", "GET", req.cookies)).data.data;
// filter out just state information of resources that are needed
const state = extractClusterState(status, resourceTypes);
res.status(200).send(getObjectHash(state));
});
console.log("clientsync: enabled hash sync");
}
// setup interupt scheme
if (schemes.interrupt.enabled) {
const wsServer = new WebSocketServer({ noServer: true, path: "/api/sync/interrupt" });
wsServer.on("connection", (socket, username, pool) => {
// add new socket to userSocketmap
if (userSocketMap[username]) {
const index = Object.keys(userSocketMap[username]).length;
userSocketMap[username][index] = socket;
socket.userIndex = index;
}
else {
userSocketMap[username] = { 0: socket };
socket.userIndex = 0;
}
// add user to associated pool in poolUserMap
if (poolUserMap[pool]) {
poolUserMap[pool][username] = true;
}
else {
poolUserMap[pool] = {};
poolUserMap[pool][username] = true;
}
// add socket entry into requestedRates
const index = Object.keys(requestedRates).length;
requestedRates[index] = Infinity;
socket.rateIndex = index;
// handle socket error
socket.on("error", console.error);
// handle socket close
socket.on("close", () => {
// remove closed socket from userSocketMap user entry
delete userSocketMap[username][socket.userIndex];
// if there are no more sockets for this user, delete the userSocketMap user entry and the poolUserMap user entry
if (Object.keys(userSocketMap[username]).length === 0) {
// delete the user entry
delete userSocketMap[username];
// remove user from poolUserMap pool entry
delete poolUserMap[pool][username];
// if the poolUserMap pool entry is empty, delete the entry
if (Object.keys(poolUserMap[pool]).length === 0) {
delete poolUserMap[pool];
}
}
// remove socket entry from requestedRates
delete requestedRates[socket.rateIndex];
if (Object.keys(requestedRates).length === 0) { // if there are no requested rates left, clear the timer
clearTimeout(timer);
timer = null;
targetMSTime = null;
}
// terminate socket
socket.terminate();
});
// handle socket incoming message
socket.on("message", (message) => {
const parsed = message.toString().split(" ");
const cmd = parsed[0];
// command is rate and the value is valid
if (cmd === "rate" && parsed[1] >= schemes.interrupt["min-rate"] && parsed[1] <= schemes.interrupt["max-rate"]) {
// get requested rate in ms
const rate = Number(parsed[1]) * 1000;
// if timer has not started, start it with requested rate
if (!timer) {
timer = setTimeout(handleInterruptSync, rate);
const time = global.process.uptime();
targetMSTime = time - Math.floor(time);
}
// otherwise, if the timer has started but the rate is lower than the current minimum
// AND if the next event trigger is more than the new rate in the future,
// restart the timer with the new rate
// avoids a large requested rate preventing a faster rate from being fulfilled
else if (rate < Math.min.apply(null, Object.values(requestedRates)) && getTimeLeft(timer) > rate) {
clearTimeout(timer);
timer = setTimeout(handleInterruptSync, rate);
const time = global.process.uptime();
targetMSTime = time - Math.floor(time);
}
// otherwise just add the rate to the list, when the next even trigger happens it will be requeued with the new requested rates
requestedRates[socket.rateIndex] = rate;
}
// command is rate but the requested value is out of bounds, terminate socket
else if (cmd === "rate") {
socket.send(`error: rate must be in range [${schemes.interrupt["min-rate"]}, ${schemes.interrupt["max-rate"]}].`);
socket.terminate();
}
// otherwise, command is invalid, terminate socket
else {
socket.send(`error: ${cmd} command not found.`);
socket.terminate();
}
});
});
// handle the wss upgrade request
server.on("upgrade", async (req, socket, head) => {
const cookies = cookie.parse(req.headers.cookie || "");
const auth = (await requestPVE("/version", "GET", cookies)).status === 200;
if (!auth) {
socket.destroy();
}
else {
wsServer.handleUpgrade(req, socket, head, (socket) => {
const pool = db.getUserConfig(cookies.username).cluster.pool;
wsServer.emit("connection", socket, cookies.username, pool);
});
}
});
const handleInterruptSync = async () => {
// queue timeout for next iteration with delay of minimum rate
const minRequestedRate = Math.min.apply(null, Object.values(requestedRates));
// if the minimum rate is not Infinity, schedule the next timer
if (minRequestedRate < Infinity) {
const time = global.process.uptime() - targetMSTime;
const delay = (time - Math.round(time)) * 1000;
timer = setTimeout(handleInterruptSync, minRequestedRate - delay);
}
// if the minimum rate is Infinity, then don't schedule anything and set timer to null
else {
timer = null;
targetMSTime = null;
return;
}
// get current cluster resources
const status = (await requestPVE("/cluster/resources", "GET", null, null, pveAPIToken)).data.data;
// filter out just state information of resources that are needed, and hash each one
const currState = extractClusterState(status, resourceTypes, true);
// get a map of users to send sync notifications
const syncUsers = {};
// for each current resource in the cluster, check for state changes
Object.keys(currState).forEach((resource) => {
// if the resource's current state has changed, add all relevant users to syncUsers
const resourceCurrState = currState[resource];
const resourcePrevState = prevState[resource];
// if the previous state did not exist, or the status or pool have changed, then a resource state was added or modified
if (!resourcePrevState || resourceCurrState.hash !== resourcePrevState.hash) {
// if the resource is a node, send sync to all users
if (resourceCurrState.type === "node") {
Object.keys(userSocketMap).forEach((user) => {
syncUsers[user] = true;
});
}
// if the resource is qemu or lxc, send sync to users in the same pool if there is a pool and if the pool has users
else if (resourceCurrState.pool && poolUserMap[resourceCurrState.pool]) {
Object.keys(poolUserMap[resourceCurrState.pool]).forEach((user) => {
syncUsers[user] = true;
});
}
}
});
// for each previous resource in the cluster, check for state changes
Object.keys(prevState).forEach((resource) => {
const resourceCurrState = currState[resource];
const resourcePrevState = prevState[resource];
// if the resource no longer exists in the current state, then it is lost or deleted
if (!resourceCurrState) {
// if the resource is a node, send sync to all users
if (resourcePrevState.type === "node") {
Object.keys(userSocketMap).forEach((user) => {
syncUsers[user] = true;
});
}
// if the resource is qemu or lxc, send sync to users in the same pool if there is a pool and if the pool has users
else if (resourcePrevState.pool && poolUserMap[resourcePrevState.pool]) {
Object.keys(poolUserMap[resourcePrevState.pool]).forEach((user) => {
syncUsers[user] = true;
});
}
}
});
// for each user in syncUsers, send a sync message over their registered sockets
for (const user of Object.keys(syncUsers)) {
for (const socket of Object.keys(userSocketMap[user])) {
userSocketMap[user][socket].send("sync");
}
}
// set prevState for next iteration
prevState = currState;
};
console.log("clientsync: enabled interrupt sync");
}
}
function extractClusterState (status, resourceTypes, hashIndividual = false) {
const state = {};
status.forEach((resource) => {
if (resourceTypes.includes(resource.type)) {
state[resource.id] = {
name: resource.name || null,
type: resource.type,
status: resource.status,
node: resource.node,
pool: resource.pool || null
};
if (hashIndividual) {
const hash = getObjectHash(state[resource.id]);
state[resource.id].hash = hash;
}
}
});
return state;
}

View File

@ -7,6 +7,11 @@ class LocalDB {
constructor () { constructor () {
try { try {
this.load(); this.load();
this.pveAPI = this.getGlobalConfig().application.pveAPI;
this.pveAPIToken = this.getGlobalConfig().application.pveAPIToken;
this.listenPort = this.getGlobalConfig().application.listenPort;
this.hostname = this.getGlobalConfig().application.hostname;
this.domain = this.getGlobalConfig().application.domain;
} }
catch { catch {
console.log("Error: localdb.json was not found. Please follow the directions in the README to initialize localdb.json."); console.log("Error: localdb.json was not found. Please follow the directions in the README to initialize localdb.json.");
@ -46,9 +51,4 @@ class LocalDB {
} }
} }
export const db = new LocalDB(); export default new LocalDB();
export const pveAPI = db.getGlobalConfig().application.pveAPI;
export const pveAPIToken = db.getGlobalConfig().application.pveAPIToken;
export const listenPort = db.getGlobalConfig().application.listenPort;
export const hostname = db.getGlobalConfig().application.hostname;
export const domain = db.getGlobalConfig().application.domain;

File diff suppressed because it is too large Load Diff

View File

@ -1,2 +1,2 @@
import { readFileSync } from "fs"; import { readFileSync } from "fs";
export const api = JSON.parse(readFileSync("package.json")); export default JSON.parse(readFileSync("package.json"));

View File

@ -1,5 +1,7 @@
import axios from "axios"; import axios from "axios";
import { pveAPI, pveAPIToken } from "./db.js"; import db from "./db.js";
const pveAPI = db.pveAPI;
const pveAPIToken = db.pveAPIToken;
/** /**
* Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation. * Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation.

61
src/routes/auth.js Normal file
View File

@ -0,0 +1,61 @@
import { Router } from "express";
export const router = Router();
const domain = global.db.domain;
const checkAuth = global.utils.checkAuth;
const requestPVE = global.pve.requestPVE;
/**
* GET - check authentication
* responses:
* - 200: {auth: true}
* - 401: {auth: false}
*/
router.get("/", async (req, res) => {
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
res.status(200).send({ auth: true });
});
/**
* POST - safer ticket generation using proxmox authentication but adding HttpOnly
* request:
* - username: string
* - password: string
* responses:
* - 200: {auth: true}
* - 401: {auth: false}
*/
router.post("/ticket", async (req, res) => {
const response = await requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body));
if (!(response.status === 200)) {
res.status(response.status).send({ auth: false });
res.end();
return;
}
const ticket = response.data.data.ticket;
const csrftoken = response.data.data.CSRFPreventionToken;
const username = response.data.data.username;
const expire = new Date(Date.now() + (2 * 60 * 60 * 1000));
res.cookie("PVEAuthCookie", ticket, { domain, path: "/", httpOnly: true, secure: true, expires: expire });
res.cookie("CSRFPreventionToken", csrftoken, { domain, path: "/", httpOnly: true, secure: true, expires: expire });
res.cookie("username", username, { domain, path: "/", secure: true, expires: expire });
res.cookie("auth", 1, { domain, path: "/", secure: true, expires: expire });
res.status(200).send({ auth: true });
});
/**
* DELETE - request to destroy ticket
* responses:
* - 200: {auth: false}
*/
router.delete("/ticket", async (req, res) => {
const expire = new Date(0);
res.cookie("PVEAuthCookie", "", { domain, path: "/", httpOnly: true, secure: true, expires: expire });
res.cookie("CSRFPreventionToken", "", { domain, path: "/", httpOnly: true, secure: true, expires: expire });
res.cookie("username", "", { domain, path: "/", httpOnly: true, secure: true, expires: expire });
res.cookie("auth", 0, { domain, path: "/", expires: expire });
res.status(200).send({ auth: false });
});

29
src/routes/cluster.js Normal file
View File

@ -0,0 +1,29 @@
import { Router } from "express";
export const router = Router();
const nodeRegexP = "[\\w-]+";
const typeRegexP = "qemu|lxc";
const vmidRegexP = "\\d+";
const basePath = `/:node(${nodeRegexP})/:type(${typeRegexP})/:vmid(${vmidRegexP})`;
import("./cluster/disk.js").then((module) => {
router.use(`${basePath}/disk`, (req, res, next) => {
req.routeparams = Object.assign({}, req.routeparams, req.params);
next();
}, module.router);
});
import("./cluster/net.js").then((module) => {
router.use(`${basePath}/net`, (req, res, next) => {
req.routeparams = Object.assign({}, req.routeparams, req.params);
next();
}, module.router);
});
import("./cluster/pci.js").then((module) => {
router.use(`${basePath}/pci`,(req, res, next) => {
req.routeparams = Object.assign({}, req.routeparams, req.params);
next();
}, module.router);
});

358
src/routes/cluster/disk.js Normal file
View File

@ -0,0 +1,358 @@
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
const handleResponse = global.pve.handleResponse;
const getDiskInfo = global.pve.getDiskInfo;
const checkAuth = global.utils.checkAuth;
const approveResources = global.utils.approveResources;
const pveAPIToken = global.db.pveAPIToken;
/**
* POST - detach mounted disk from instance
* request:
* - node: string - vm host node id
* -y tpe: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (sata0, NOT unused)
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: PVE Task Object
*/
router.post(`/:disk/detach`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies, null, null)).data.data;
// disk must exist
if (!config[params.disk]) {
res.status(500).send({ error: `Disk ${params.disk} does not exist.` });
res.end();
return;
}
// disk cannot be unused
if (params.disk.includes("unused")) {
res.status(500).send({ error: `Requested disk ${params.disk} cannot be unused. Use /disk/delete to permanently delete unused disks.` });
res.end();
return;
}
const action = JSON.stringify({ delete: params.disk });
const method = params.type === "qemu" ? "POST" : "PUT";
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* POST - attach unused disk image to instance
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (sata0 NOT unused)
* - source: number - source unused disk number (0 => unused0)
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: PVE Task Object
*/
router.post(`/:disk/attach`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk,
source: req.body.source
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies, null, null)).data.data;
// disk must exist
if (!config[`unused${params.source}`]) {
res.status(403).send({ error: `Requested disk unused${params.source} does not exist.` });
res.end();
return;
}
// target disk must be allowed according to source disk's storage options
const diskConfig = await getDiskInfo(params.node, params.type, params.vmid, `unused${params.source}`); // get target disk
const resourceConfig = db.getGlobalConfig().resources;
if (!resourceConfig[diskConfig.storage].disks.some(diskPrefix => params.disk.startsWith(diskPrefix))) {
res.status(500).send({ error: `Requested target ${params.disk} is not in allowed list [${resourceConfig[diskConfig.storage].disks}].` });
res.end();
return;
}
// setup action using source disk info from vm config
let action = {};
action[params.disk] = config[`unused${params.source}`];
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* POST - increase size of mounted disk
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (sata0 NOT unused)
* - size: number - increase size in GiB
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:disk/resize`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk,
size: req.body.size
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// check disk existence
const diskConfig = await getDiskInfo(params.node, params.type, params.vmid, params.disk); // get target disk
if (!diskConfig) { // exit if disk does not exist
res.status(500).send({ error: `requested disk ${params.disk} does not exist.` });
res.end();
return;
}
// setup request
const storage = diskConfig.storage; // get the storage
const request = {};
request[storage] = Number(params.size * 1024 ** 3); // setup request object
// check request approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;
}
// action approved, commit to action
const action = JSON.stringify({ disk: params.disk, size: `+${params.size}G` });
const result = await requestPVE(`${vmpath}/resize`, "PUT", req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* POST - move mounted disk from one storage to another
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (sata0 NOT unused)
* - storage: string - target storage to move disk
* - delete: number - delete original disk (0, 1)
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:disk/move`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk,
storage: req.body.storage,
delete: req.body.delete
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// check disk existence
const diskConfig = await getDiskInfo(params.node, params.type, params.vmid, params.disk); // get target disk
if (!diskConfig) { // exit if disk does not exist
res.status(500).send({ error: `requested disk ${params.disk} does not exist.` });
res.end();
return;
}
// setup request
const size = parseInt(diskConfig.size); // get source disk size
const dstStorage = params.storage; // get destination storage
const request = {};
if (!params.delete) { // if not delete, then request storage, otherwise it is net 0
request[dstStorage] = Number(size); // always decrease destination storage by size
}
// check request approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;
}
// create action
let action = { storage: params.storage, delete: params.delete };
if (params.type === "qemu") {
action.disk = params.disk;
}
else {
action.volume = params.disk;
}
action = JSON.stringify(action);
const route = params.type === "qemu" ? "move_disk" : "move_volume";
// commit action
const result = await requestPVE(`${vmpath}/${route}`, "POST", req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* DELETE - delete unused disk permanently
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (unused0 or ide0)
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: PVE Task Object
*/
router.delete(`/:disk/delete`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies, null, null)).data.data;
// disk must exist
if (!config[params.disk]) {
res.status(403).send({ error: `Requested disk unused${params.source} does not exist.` });
res.end();
return;
}
// only ide or unused are allowed to be deleted
if (!params.disk.includes("unused") && !params.disk.includes("ide")) { // must be ide or unused
res.status(500).send({ error: `Requested disk ${params.disk} must be unused or ide. Use /disk/detach to detach disks in use.` });
res.end();
return;
}
// create action
const action = JSON.stringify({ delete: params.disk });
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* POST - create a new disk in storage of specified size
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - disk: string - disk id (sata0, ide0, NOT unused)
* - storage: string - storage to hold disk
* - size: number - size of disk in GiB
* - iso: string (optional) - file name to mount as cdrom
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:disk/create`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
disk: req.params.disk,
storage: req.body.storage,
size: req.body.size,
iso: req.body.iso
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies, null, null)).data.data;
// disk must not exist
if (config[params.disk]) {
res.status(403).send({ error: `Requested disk ${params.disk} already exists.` });
res.end();
return;
}
// setup request
const request = {};
if (!params.disk.includes("ide")) {
// setup request
request[params.storage] = Number(params.size * 1024 ** 3);
// check request approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;
}
// target disk must be allowed according to storage options
const resourceConfig = db.getGlobalConfig().resources;
if (!resourceConfig[params.storage].disks.some(diskPrefix => params.disk.startsWith(diskPrefix))) {
res.status(500).send({ error: `Requested target ${params.disk} is not in allowed list [${resourceConfig[params.storage].disks}].` });
res.end();
return;
}
}
// setup action
let action = {};
if (params.disk.includes("ide") && params.iso) {
action[params.disk] = `${params.iso},media=cdrom`;
}
else if (params.type === "qemu") { // type is qemu, use sata
action[params.disk] = `${params.storage}:${params.size}`;
}
else { // type is lxc, use mp and add mp and backup values
action[params.disk] = `${params.storage}:${params.size},mp=/${params.disk}/,backup=1`;
}
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});

180
src/routes/cluster/net.js Normal file
View File

@ -0,0 +1,180 @@
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
const handleResponse = global.pve.handleResponse;
const checkAuth = global.utils.checkAuth;
const approveResources = global.utils.approveResources;
const pveAPIToken = global.db.pveAPIToken;
/**
* POST - create new virtual network interface
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - netid: number - network interface id number (0 => net0)
* - rate: number - new bandwidth rate for interface in MB/s
* - name: string, optional - required interface name for lxc only
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:netid/create`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
netid: req.params.netid.replace("net", ""),
rate: req.body.rate,
name: req.body.name
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const currentConfig = await requestPVE(`/nodes/${params.node}/${params.type}/${params.vmid}/config`, "GET", null, null, pveAPIToken);
// net interface must not exist
if (currentConfig.data.data[`net${params.netid}`]) {
res.status(500).send({ error: `Network interface net${params.netid} already exists.` });
res.end();
return;
}
if (params.type === "lxc" && !params.name) {
res.status(500).send({ error: "Network interface must have name parameter." });
res.end();
return;
}
const request = {
network: Number(params.rate)
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
res.end();
return;
}
// setup action
const nc = db.getUserConfig(req.cookies.username).templates.network[params.type];
let action = {};
if (params.type === "lxc") {
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
}
else {
action[`net${params.netid}`] = `${nc.type},bridge=${nc.bridge},tag=${nc.vlan},rate=${params.rate}`;
}
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* POST - modify virtual network interface
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - netid: number - network interface id number (0 => net0)
* - rate: number - new bandwidth rate for interface in MB/s
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:netid/modify`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
netid: req.params.netid.replace("net", ""),
rate: req.body.rate
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const currentConfig = await requestPVE(`/nodes/${params.node}/${params.type}/${params.vmid}/config`, "GET", null, null, pveAPIToken);
// net interface must already exist
if (!currentConfig.data.data[`net${params.netid}`]) {
res.status(500).send({ error: `Network interface net${params.netid} does not exist.` });
res.end();
return;
}
const currentNetworkConfig = currentConfig.data.data[`net${params.netid}`];
const currentNetworkRate = currentNetworkConfig.split("rate=")[1].split(",")[0];
const request = {
network: Number(params.rate) - Number(currentNetworkRate)
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
res.end();
return;
}
// setup action
let action = {};
action[`net${params.netid}`] = currentNetworkConfig.replace(`rate=${currentNetworkRate}`, `rate=${params.rate}`);
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});
/**
* DELETE - delete virtual network interface
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number
* - netid: number - network interface id number (0 => net0)
* responses:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
* - 500: PVE Task Object
*/
router.delete(`/:netid/delete`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
netid: req.params.netid.replace("net", "")
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// get current config
const currentConfig = await requestPVE(`/nodes/${params.node}/${params.type}/${params.vmid}/config`, "GET", null, null, pveAPIToken);
// net interface must already exist
if (!currentConfig.data.data[`net${params.netid}`]) {
res.status(500).send({ error: `Network interface net${params.netid} does not exist.` });
res.end();
return;
}
// setup action
const action = JSON.stringify({ delete: `net${params.netid}` });
const method = params.type === "qemu" ? "POST" : "PUT";
// commit action
const result = await requestPVE(`${vmpath}/config`, method, req.cookies, action, pveAPIToken);
await handleResponse(params.node, result, res);
});

278
src/routes/cluster/pci.js Normal file
View File

@ -0,0 +1,278 @@
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
const handleResponse = global.pve.handleResponse;
const getDeviceInfo = global.pve.getDeviceInfo;
const getNodeAvailDevices = global.pve.getNodeAvailDevices;
const checkAuth = global.utils.checkAuth;
const approveResources = global.utils.approveResources;
const getUserResources = global.utils.getUserResources;
const pveAPIToken = global.db.pveAPIToken;
/**
* GET - get instance pcie device data
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number to destroy
* - hostpci: string - hostpci number
* responses:
* - 200: PVE PCI Device Object
* - 401: {auth: false, path: string}
* - 500: {error: string}
*/
router.get(`/:hostpci`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
hostpci: req.params.hostpci.replace("hostpci", "")
};
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// check device is in instance config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies)).data.data;
if (!config[`hostpci${params.hostpci}`]) {
res.status(500).send({ error: `Could not find hostpci${params.hostpci} in ${params.vmid}.` });
res.end();
return;
}
const device = config[`hostpci${params.hostpci}`].split(",")[0];
// get node's pci devices
const deviceData = await getDeviceInfo(params.node, params.type, params.vmid, device);
if (!deviceData) {
res.status(500).send({ error: `Could not find hostpci${params.hostpci}=${device} in ${params.node}.` });
res.end();
return;
}
res.status(200).send(deviceData);
res.end();
});
/**
* POST - modify existing instance pci device
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number to destroy
* - hostpci: string - hostpci number
* - device: string - new device id
* - pcie: Boolean - whether to use pci express or pci
* response:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/:hostpci/modify`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
hostpci: req.params.hostpci.replace("hostpci", ""),
device: req.body.device,
pcie: req.body.pcie
};
// check if type is qemu
if (params.type !== "qemu") {
res.status(500).send({ error: "Type must be qemu (vm)." });
res.end();
return;
}
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// force all functions
params.device = params.device.split(".")[0];
// get instance config to check if device has not changed
const config = (await requestPVE(`/nodes/${params.node}/${params.type}/${params.vmid}/config`, "GET", params.cookies, null, pveAPIToken)).data.data;
const currentDeviceData = await getDeviceInfo(params.node, params.type, params.vmid, config[`hostpci${params.hostpci}`].split(",")[0]);
if (!currentDeviceData) {
res.status(500).send({ error: `No device in hostpci${params.hostpci}.` });
res.end();
return;
}
// only check user and node availability if base id is different
if (currentDeviceData.id.split(".")[0] !== params.device) {
// setup request
const deviceData = await getDeviceInfo(params.node, params.type, params.vmid, params.device);
const request = { pci: deviceData.device_name };
// check resource approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
res.end();
return;
}
// check node availability
const nodeAvailPci = await getNodeAvailDevices(params.node, req.cookies);
if (!nodeAvailPci.some(element => element.id.split(".")[0] === params.device)) {
res.status(500).send({ error: `Device ${params.device} is already in use on ${params.node}.` });
res.end();
return;
}
}
// setup action
let action = {};
action[`hostpci${params.hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action
const rootauth = await requestPVE("/access/ticket", "POST", null, JSON.stringify(db.getGlobalConfig().application.pveroot), null);
if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end();
return;
}
const rootcookies = {
PVEAuthCookie: rootauth.data.data.ticket,
CSRFPreventionToken: rootauth.data.data.CSRFPreventionToken
};
const result = await requestPVE(`${vmpath}/config`, "POST", rootcookies, action, null);
await handleResponse(params.node, result, res);
});
/**
* POST - add new instance pci device
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number to destroy
* - device: string - new device id
* - pcie: Boolean - whether to use pci express or pci
* response:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.post(`/create`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
device: req.body.device,
pcie: req.body.pcie
};
// check if type is qemu
if (params.type !== "qemu") {
res.status(500).send({ error: "Type must be qemu (vm)." });
res.end();
return;
}
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// force all functions
params.device = params.device.split(".")[0];
// get instance config to find next available hostpci slot
const config = requestPVE(`/nodes/${params.node}/${params.type}/${params.vmid}/config`, "GET", params.cookies, null, null);
let hostpci = 0;
while (config[`hostpci${hostpci}`]) {
hostpci++;
}
// setup request
const deviceData = await getDeviceInfo(params.node, params.type, params.vmid, params.device);
const request = {
pci: deviceData.device_name
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request)) {
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
res.end();
return;
}
// check node availability
const nodeAvailPci = await getNodeAvailDevices(params.node, req.cookies);
if (!nodeAvailPci.some(element => element.id.split(".")[0] === params.device)) {
res.status(500).send({ error: `Device ${params.device} is already in use on ${params.node}.` });
res.end();
return;
}
// setup action
let action = {};
action[`hostpci${hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action
const rootauth = await requestPVE("/access/ticket", "POST", null, JSON.stringify(db.getGlobalConfig().application.pveroot), null);
if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end();
return;
}
const rootcookies = {
PVEAuthCookie: rootauth.data.data.ticket,
CSRFPreventionToken: rootauth.data.data.CSRFPreventionToken
};
const result = await requestPVE(`${vmpath}/config`, "POST", rootcookies, action, null);
await handleResponse(params.node, result, res);
});
/**
* DELETE - delete instance pci device
* request:
* - node: string - vm host node id
* - type: string - vm type (lxc, qemu)
* - vmid: number - vm id number to destroy
* - hostpci: string - hostpci number
* response:
* - 200: PVE Task Object
* - 401: {auth: false, path: string}
* - 500: {request: Object, error: string}
* - 500: PVE Task Object
*/
router.delete(`/:hostpci/delete`, async (req, res) => {
req.params = Object.assign({}, req.routeparams, req.params);
const params = {
node: req.params.node,
type: req.params.type,
vmid: req.params.vmid,
hostpci: req.params.hostpci.replace("hostpci", "")
};
// check if type is qemu
if (params.type !== "qemu") {
res.status(500).send({ error: "Type must be qemu (vm)." });
res.end();
return;
}
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
if (!auth) {
return;
}
// check device is in instance config
const config = (await requestPVE(`${vmpath}/config`, "GET", req.cookies)).data.data;
if (!config[`hostpci${params.hostpci}`]) {
res.status(500).send({ error: `Could not find hostpci${params.hostpci} in ${params.vmid}.` });
res.end();
return;
}
// setup action
const action = JSON.stringify({ delete: `hostpci${params.hostpci}` });
// commit action, need to use root user here because proxmox api only allows root to modify hostpci for whatever reason
const rootauth = await requestPVE("/access/ticket", "POST", null, JSON.stringify(db.getGlobalConfig().application.pveroot), null);
if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end();
return;
}
const rootcookies = {
PVEAuthCookie: rootauth.data.data.ticket,
CSRFPreventionToken: rootauth.data.data.CSRFPreventionToken
};
const result = await requestPVE(`${vmpath}/config`, "POST", rootcookies, action, null);
await handleResponse(params.node, result, res);
});

24
src/routes/proxmox.js Normal file
View File

@ -0,0 +1,24 @@
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
/**
* GET - proxy proxmox api without privilege elevation
* request and responses passed through to/from proxmox
*/
router.get("/*", async (req, res) => { // proxy endpoint for GET proxmox api with no token
const path = req.url.replace("/api/proxmox", "");
const result = await requestPVE(path, "GET", req.cookies);
res.status(result.status).send(result.data);
});
/**
* POST - proxy proxmox api without privilege elevation
* request and responses passed through to/from proxmox
*/
router.post("/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token
const path = req.url.replace("/api/proxmox", "");
const result = await requestPVE(path, "POST", req.cookies, JSON.stringify(req.body)); // need to stringify body because of other issues
res.status(result.status).send(result.data);
});

264
src/routes/sync.js Normal file
View File

@ -0,0 +1,264 @@
import { WebSocketServer } from "ws";
import * as cookie from "cookie";
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
const checkAuth = global.utils.checkAuth;
const db = global.db;
const pveAPIToken = global.db.pveAPIToken;
const getObjectHash = global.utils.getObjectHash;
const getTimeLeft = global.utils.getTimeLeft;
// maps usernames to socket object(s)
const userSocketMap = {};
// maps pool ids to users
const poolUserMap = {};
// maps sockets to their requested rates
const requestedRates = {};
// stores the next queued interrupt handler
let timer = null;
// previous cluster state for interrupt handler
let prevState = {};
// target ms value
let targetMSTime = null;
const schemes = db.getGlobalConfig().clientsync.schemes;
const resourceTypes = db.getGlobalConfig().clientsync.resourcetypes;
/**
* GET - get list of supported synchronization schemes
* responses:
* - 200 : {always: boolean, hash: boolean, interrupt: boolean}
*/
router.get("/schemes", async (req, res) => {
res.send(schemes);
});
if (schemes.always.enabled) {
console.log("clientsync: enabled always sync");
}
// setup hash scheme
if (schemes.hash.enabled) {
/**
* GET - get hash of current cluster resources states
* Client can use this endpoint to check for cluster state changes to avoid costly data transfers to the client.
* responses:
* - 401: {auth: false}
* - 200: string
*/
router.get("/hash", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get current cluster resources
const status = (await requestPVE("/cluster/resources", "GET", req.cookies)).data.data;
// filter out just state information of resources that are needed
const state = extractClusterState(status, resourceTypes);
res.status(200).send(getObjectHash(state));
});
console.log("clientsync: enabled hash sync");
}
// setup interupt scheme
if (schemes.interrupt.enabled) {
const wsServer = new WebSocketServer({ noServer: true, path: "/api/sync/interrupt" });
wsServer.on("connection", (socket, username, pool) => {
// add new socket to userSocketmap
if (userSocketMap[username]) {
const index = Object.keys(userSocketMap[username]).length;
userSocketMap[username][index] = socket;
socket.userIndex = index;
}
else {
userSocketMap[username] = { 0: socket };
socket.userIndex = 0;
}
// add user to associated pool in poolUserMap
if (poolUserMap[pool]) {
poolUserMap[pool][username] = true;
}
else {
poolUserMap[pool] = {};
poolUserMap[pool][username] = true;
}
// add socket entry into requestedRates
const index = Object.keys(requestedRates).length;
requestedRates[index] = Infinity;
socket.rateIndex = index;
// handle socket error
socket.on("error", console.error);
// handle socket close
socket.on("close", () => {
// remove closed socket from userSocketMap user entry
delete userSocketMap[username][socket.userIndex];
// if there are no more sockets for this user, delete the userSocketMap user entry and the poolUserMap user entry
if (Object.keys(userSocketMap[username]).length === 0) {
// delete the user entry
delete userSocketMap[username];
// remove user from poolUserMap pool entry
delete poolUserMap[pool][username];
// if the poolUserMap pool entry is empty, delete the entry
if (Object.keys(poolUserMap[pool]).length === 0) {
delete poolUserMap[pool];
}
}
// remove socket entry from requestedRates
delete requestedRates[socket.rateIndex];
if (Object.keys(requestedRates).length === 0) { // if there are no requested rates left, clear the timer
clearTimeout(timer);
timer = null;
targetMSTime = null;
}
// terminate socket
socket.terminate();
});
// handle socket incoming message
socket.on("message", (message) => {
const parsed = message.toString().split(" ");
const cmd = parsed[0];
// command is rate and the value is valid
if (cmd === "rate" && parsed[1] >= schemes.interrupt["min-rate"] && parsed[1] <= schemes.interrupt["max-rate"]) {
// get requested rate in ms
const rate = Number(parsed[1]) * 1000;
// if timer has not started, start it with requested rate
if (!timer) {
timer = setTimeout(handleInterruptSync, rate);
const time = global.process.uptime();
targetMSTime = time - Math.floor(time);
}
// otherwise, if the timer has started but the rate is lower than the current minimum
// AND if the next event trigger is more than the new rate in the future,
// restart the timer with the new rate
// avoids a large requested rate preventing a faster rate from being fulfilled
else if (rate < Math.min.apply(null, Object.values(requestedRates)) && getTimeLeft(timer) > rate) {
clearTimeout(timer);
timer = setTimeout(handleInterruptSync, rate);
const time = global.process.uptime();
targetMSTime = time - Math.floor(time);
}
// otherwise just add the rate to the list, when the next even trigger happens it will be requeued with the new requested rates
requestedRates[socket.rateIndex] = rate;
}
// command is rate but the requested value is out of bounds, terminate socket
else if (cmd === "rate") {
socket.send(`error: rate must be in range [${schemes.interrupt["min-rate"]}, ${schemes.interrupt["max-rate"]}].`);
socket.terminate();
}
// otherwise, command is invalid, terminate socket
else {
socket.send(`error: ${cmd} command not found.`);
socket.terminate();
}
});
});
// handle the wss upgrade request
global.server.on("upgrade", async (req, socket, head) => {
const cookies = cookie.parse(req.headers.cookie || "");
const auth = (await requestPVE("/version", "GET", cookies)).status === 200;
if (!auth) {
socket.destroy();
}
else {
wsServer.handleUpgrade(req, socket, head, (socket) => {
const pool = db.getUserConfig(cookies.username).cluster.pool;
wsServer.emit("connection", socket, cookies.username, pool);
});
}
});
const handleInterruptSync = async () => {
// queue timeout for next iteration with delay of minimum rate
const minRequestedRate = Math.min.apply(null, Object.values(requestedRates));
// if the minimum rate is not Infinity, schedule the next timer
if (minRequestedRate < Infinity) {
const time = global.process.uptime() - targetMSTime;
const delay = (time - Math.round(time)) * 1000;
timer = setTimeout(handleInterruptSync, minRequestedRate - delay);
}
// if the minimum rate is Infinity, then don't schedule anything and set timer to null
else {
timer = null;
targetMSTime = null;
return;
}
// get current cluster resources
const status = (await requestPVE("/cluster/resources", "GET", null, null, pveAPIToken)).data.data;
// filter out just state information of resources that are needed, and hash each one
const currState = extractClusterState(status, resourceTypes, true);
// get a map of users to send sync notifications
const syncUsers = {};
// for each current resource in the cluster, check for state changes
Object.keys(currState).forEach((resource) => {
// if the resource's current state has changed, add all relevant users to syncUsers
const resourceCurrState = currState[resource];
const resourcePrevState = prevState[resource];
// if the previous state did not exist, or the status or pool have changed, then a resource state was added or modified
if (!resourcePrevState || resourceCurrState.hash !== resourcePrevState.hash) {
// if the resource is a node, send sync to all users
if (resourceCurrState.type === "node") {
Object.keys(userSocketMap).forEach((user) => {
syncUsers[user] = true;
});
}
// if the resource is qemu or lxc, send sync to users in the same pool if there is a pool and if the pool has users
else if (resourceCurrState.pool && poolUserMap[resourceCurrState.pool]) {
Object.keys(poolUserMap[resourceCurrState.pool]).forEach((user) => {
syncUsers[user] = true;
});
}
}
});
// for each previous resource in the cluster, check for state changes
Object.keys(prevState).forEach((resource) => {
const resourceCurrState = currState[resource];
const resourcePrevState = prevState[resource];
// if the resource no longer exists in the current state, then it is lost or deleted
if (!resourceCurrState) {
// if the resource is a node, send sync to all users
if (resourcePrevState.type === "node") {
Object.keys(userSocketMap).forEach((user) => {
syncUsers[user] = true;
});
}
// if the resource is qemu or lxc, send sync to users in the same pool if there is a pool and if the pool has users
else if (resourcePrevState.pool && poolUserMap[resourcePrevState.pool]) {
Object.keys(poolUserMap[resourcePrevState.pool]).forEach((user) => {
syncUsers[user] = true;
});
}
}
});
// for each user in syncUsers, send a sync message over their registered sockets
for (const user of Object.keys(syncUsers)) {
for (const socket of Object.keys(userSocketMap[user])) {
userSocketMap[user][socket].send("sync");
}
}
// set prevState for next iteration
prevState = currState;
};
console.log("clientsync: enabled interrupt sync");
}
function extractClusterState (status, resourceTypes, hashIndividual = false) {
const state = {};
status.forEach((resource) => {
if (resourceTypes.includes(resource.type)) {
state[resource.id] = {
name: resource.name || null,
type: resource.type,
status: resource.status,
node: resource.node,
pool: resource.pool || null
};
if (hashIndividual) {
const hash = getObjectHash(state[resource.id]);
state[resource.id].hash = hash;
}
}
});
return state;
}

76
src/routes/user.js Normal file
View File

@ -0,0 +1,76 @@
import { Router } from "express";
export const router = Router();
const requestPVE = global.pve.requestPVE;
const checkAuth = global.utils.checkAuth;
const getUserResources = global.utils.getUserResources;
const pveAPIToken = global.db.pveAPIToken;
/**
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
* responses:
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
* - 401: {auth: false}
*/
router.get("/dynamic/resources", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const resources = await getUserResources(req, req.cookies.username);
res.status(200).send(resources);
});
/**
* GET - get db user configuration by key
* request:
* - key: string - user config key
* responses:
* - 200: Object
* - 401: {auth: false}
* - 401: {auth: false, error: string}
*/
router.get("/config/:key", async (req, res) => {
const params = {
key: req.params.key
};
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const allowKeys = ["resources", "cluster", "nodes"];
if (allowKeys.includes(params.key)) {
const config = db.getUserConfig(req.cookies.username);
res.status(200).send(config[params.key]);
}
else {
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
}
});
/**
* GET - get user accessible iso files
* response:
* - 200: Array.<Object>
* - 401: {auth: false}
*/
router.get("/iso", async (req, res) => {
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user iso config
const userIsoConfig = db.getGlobalConfig().useriso;
// get all isos
const isos = (await requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", null, null, pveAPIToken)).data.data;
const userIsos = [];
isos.forEach((iso) => {
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
userIsos.push(iso);
});
userIsos.sort();
res.status(200).send(userIsos);
});

View File

@ -1,7 +1,7 @@
import { createHash } from "crypto"; import { createHash } from "crypto";
import { getUsedResources, requestPVE } from "./pve.js"; import { getUsedResources, requestPVE } from "./pve.js";
import { db } from "./db.js"; import db from "./db.js";
/** /**
* Check if a user is authorized to access a specified vm, or the cluster in general. * Check if a user is authorized to access a specified vm, or the cluster in general.