fix various formatting,

add interface for generic backends,
add interfaces for DB and AUTH type backends,
implement basic user password change method
This commit is contained in:
Arthur Lu 2024-01-09 00:47:33 +00:00
parent a0109d3546
commit b27172dd9e
11 changed files with 156 additions and 52 deletions

View File

@ -26,3 +26,39 @@ export default async () => {
global.auth[e] = backends[global.auth[e]]; global.auth[e] = backends[global.auth[e]];
}); });
}; };
/**
* Interface for all backend types. Contains only two methods for opening and closing a session with the backend.
* Users will recieve tokens from all backends when first authenticating and will delete tokens when logging out.
*/
export class BACKEND {
/**
* Opens a session with the backend and creates session tokens if needed
* @param {Object} credentials object containing username and password fields
* @returns {Object[]} list of session token objects with token name and value
*/
openSession (credentials) {}
/**
* Closes an opened session with the backend if needed
* @param {*} token list of session token objects with token name and value
* @returns {Boolean} true if session was closed successfully, false otherwise
*/
closeSesssion (tokens) {}
}
/**
* Interface for user database backends.
*/
export class DB_BACKEND extends BACKEND {
addUser (username, config = null) {}
getUser (username) {}
setUser (username, config) {}
deluser (username) {}
}
/**
* Interface for user auth backends.
*/
export class AUTH_BACKEND extends BACKEND{
modUser (username, attributes, params = null) {}
}

View File

@ -1,11 +1,14 @@
import { readFileSync, writeFileSync } from "fs"; import { readFileSync, writeFileSync } from "fs";
import { exit } from "process"; import { exit } from "process";
import { DB_BACKEND } from "./backends.js";
export default class LocalDB { export default class LocalDB extends DB_BACKEND {
#path = null; #path = null;
#data = null; #data = null;
#defaultuser = null; #defaultuser = null;
constructor (config) { constructor (config) {
super();
const path = config.dbfile; const path = config.dbfile;
try { try {
this.#path = path; this.#path = path;
@ -13,7 +16,7 @@ export default class LocalDB {
this.#defaultuser = global.config.defaultuser; this.#defaultuser = global.config.defaultuser;
} }
catch { catch {
console.log(`Error: ${path} was not found. Please follow the directions in the README to initialize localdb.json.`); console.log(`error: ${path} was not found. Please follow the directions in the README to initialize localdb.json.`);
exit(1); exit(1);
} }
} }
@ -32,6 +35,10 @@ export default class LocalDB {
writeFileSync(this.#path, JSON.stringify(this.#data)); writeFileSync(this.#path, JSON.stringify(this.#data));
} }
openSession (credentials) { return [] }
closeSesssion (tokens) {return true }
addUser (username, config = null) { addUser (username, config = null) {
config = config || this.#defaultuser; config = config || this.#defaultuser;
this.#data.users[username] = config; this.#data.users[username] = config;

View File

@ -1,3 +1,53 @@
export default class PAASLDAP { import axios from "axios";
import { AUTH_BACKEND } from "./backends.js";
export default class PAASLDAP extends AUTH_BACKEND {
#url = null;
constructor (config) {
super();
this.#url = config.url;
}
/**
* Send HTTP request to paas-LDAP API.
* @param {*} path HTTP path, prepended with the paas-LDAP API base url
* @param {*} method HTTP method
* @param {*} body body parameters and data to be sent. Optional.
* @returns {Object} HTTP response object or HTTP error object.
*/
async #request (path, method, auth = null, body = null) {
const url = `${this.#url}${path}`;
const content = {
method,
mode: "cors",
credentials: "include",
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
data: body
};
if (auth) {
content.data.binduser = auth.binduser;
content.data.bindpass = auth.bindpass;
}
try {
return await axios.request(url, content);
}
catch (error) {
error.ok = false;
error.status = 500;
error.data = {
error: error.code
};
return error;
}
}
async modUser (userid, attributes, params = null) {
const bind = { binduser: params.binduser, bindpass: params.bindpass };
return await this.#request(`/users/${userid}`, "POST", bind, attributes);
}
} }

View File

@ -13,7 +13,7 @@ export default class PVE {
/** /**
* Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation. * Send HTTP request to proxmox API. Allows requests to be made with user cookie credentials or an API token for controlled priviledge elevation.
* @param {string} path HTTP path, prepended with the proxmox API base path. * @param {string} path HTTP path, prepended with the proxmox API base url.
* @param {string} method HTTP method. * @param {string} method HTTP method.
* @param {Object} auth authentication method. Set auth.cookies with user cookies or auth.token with PVE API Token. Optional. * @param {Object} auth authentication method. Set auth.cookies with user cookies or auth.token with PVE API Token. Optional.
* @param {string} body body parameters and data to be sent. Optional. * @param {string} body body parameters and data to be sent. Optional.
@ -27,7 +27,8 @@ export default class PVE {
credentials: "include", credentials: "include",
headers: { headers: {
"Content-Type": "application/x-www-form-urlencoded" "Content-Type": "application/x-www-form-urlencoded"
} },
data: body
}; };
if (auth && auth.cookies) { if (auth && auth.cookies) {
@ -35,12 +36,8 @@ export default class PVE {
content.headers.Cookie = `PVEAuthCookie=${auth.cookies.PVEAuthCookie}; CSRFPreventionToken=${auth.cookies.CSRFPreventionToken}`; content.headers.Cookie = `PVEAuthCookie=${auth.cookies.PVEAuthCookie}; CSRFPreventionToken=${auth.cookies.CSRFPreventionToken}`;
} }
else if (auth && auth.token) { else if (auth && auth.token) {
auth.token = this.#pveAPIToken; const token = this.#pveAPIToken;
content.headers.Authorization = `PVEAPIToken=${auth.token.user}@${auth.token.realm}!${auth.token.id}=${auth.token.uuid}`; content.headers.Authorization = `PVEAPIToken=${token.user}@${token.realm}!${token.id}=${token.uuid}`;
}
if (body) {
content.data = JSON.parse(body);
} }
try { try {

View File

@ -27,7 +27,8 @@ router.get("/", async (req, res) => {
* - 401: {auth: false} * - 401: {auth: false}
*/ */
router.post("/ticket", async (req, res) => { router.post("/ticket", async (req, res) => {
const response = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body)); const body = JSON.parse(JSON.stringify(req.body));
const response = await global.pve.requestPVE("/access/ticket", "POST", null, body);
if (!(response.status === 200)) { if (!(response.status === 200)) {
res.status(response.status).send({ auth: false }); res.status(response.status).send({ auth: false });
res.end(); res.end();
@ -60,26 +61,48 @@ router.delete("/ticket", async (req, res) => {
res.status(200).send({ auth: false }); res.status(200).send({ auth: false });
}); });
/**
* POST - change user password
* request:
* - binduser: string
* - bindpass: string
* - username: string
* - password: string
* responses:
* - PAAS-LDAP API response
*/
router.post("/password", async (req, res) => { router.post("/password", async (req, res) => {
const params = { const params = {
password: req.body.password, binduser: req.body.binduser,
userid: req.cookies.username bindpass: req.body.bindpass,
username: req.body.username,
password: req.body.password
}; };
const userRealm = params.userid.split("@").at(-1); const userRealm = params.username.split("@").at(-1);
const domains = (await global.pve.requestPVE("/access/domains", "GET", { token: true })).data.data; const domains = (await global.pve.requestPVE("/access/domains", "GET", { token: true })).data.data;
const realm = domains.find((e) => e.realm === userRealm); const realm = domains.find((e) => e.realm === userRealm);
const authHandlers = global.config.handlers.auth; const authHandlers = global.config.handlers.auth;
const handlerType = authHandlers[realm.type];
if (handlerType === "pve") { if (realm.type in authHandlers) {
const response = await global.pve.requestPVE("/access/password", "PUT", { cookies: req.cookies }, JSON.stringify(params)); const handler = authHandlers[realm.type];
res.status(response.status).send(response.data); const userID = params.username.replace(`@${realm.realm}`, "");
} const newAttributes = {
else if (handlerType === "paasldap") { userpassword: params.password
res.status(501).send({ error: `Auth type ${handlerType} not implemented yet.` }); };
const bindParams = {
binduser: params.binduser,
bindpass: params.bindpass
};
const response = await handler.modUser(userID, newAttributes, bindParams);
if (response.ok) {
res.status(response.status).send();
}
else {
res.status(response.status).send({error: response.data.error});
}
} }
else { else {
res.status(501).send({ error: `Auth type ${handlerType} not implemented yet.` }); res.status(501).send({ error: `Auth type ${realm.type} not implemented yet.` });
} }
}); });

View File

@ -102,7 +102,7 @@ router.post(`${basePath}/resources`, async (req, res) => {
return; return;
} }
// setup action // setup action
let action = { cores: params.cores, memory: params.memory }; const action = { cores: params.cores, memory: params.memory };
if (params.type === "lxc") { if (params.type === "lxc") {
action.swap = Number(params.swap); action.swap = Number(params.swap);
} }
@ -110,7 +110,6 @@ router.post(`${basePath}/resources`, async (req, res) => {
action.cpu = params.proctype; action.cpu = params.proctype;
action.boot = `order=${params.boot.toString().replaceAll(",", ";")};`; action.boot = `order=${params.boot.toString().replaceAll(",", ";")};`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -203,7 +202,7 @@ router.post(`${basePath}/create`, async (req, res) => {
return; return;
} }
// setup action by adding non resource values // setup action by adding non resource values
let action = { const action = {
vmid: params.vmid, vmid: params.vmid,
cores: Number(params.cores), cores: Number(params.cores),
memory: Number(params.memory), memory: Number(params.memory),
@ -223,7 +222,6 @@ router.post(`${basePath}/create`, async (req, res) => {
else { else {
action.name = params.name; action.name = params.name;
} }
action = JSON.stringify(action);
// commit action // commit action
const result = await global.pve.requestPVE(`/nodes/${params.node}/${params.type}`, "POST", { token: true }, action); const result = await global.pve.requestPVE(`/nodes/${params.node}/${params.type}`, "POST", { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);

View File

@ -45,7 +45,7 @@ router.post("/:disk/detach", async (req, res) => {
res.end(); res.end();
return; return;
} }
const action = JSON.stringify({ delete: params.disk }); const action = { delete: params.disk };
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
@ -97,9 +97,8 @@ router.post("/:disk/attach", async (req, res) => {
return; return;
} }
// setup action using source disk info from vm config // setup action using source disk info from vm config
let action = {}; const action = {};
action[params.disk] = config[`unused${params.source}`]; action[params.disk] = config[`unused${params.source}`];
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -156,7 +155,7 @@ router.post("/:disk/resize", async (req, res) => {
return; return;
} }
// action approved, commit to action // action approved, commit to action
const action = JSON.stringify({ disk: params.disk, size: `+${params.size}G` }); const action = { disk: params.disk, size: `+${params.size}G` };
const result = await global.pve.requestPVE(`${vmpath}/resize`, "PUT", { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/resize`, "PUT", { token: true }, action);
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
}); });
@ -216,14 +215,13 @@ router.post("/:disk/move", async (req, res) => {
return; return;
} }
// create action // create action
let action = { storage: params.storage, delete: params.delete }; const action = { storage: params.storage, delete: params.delete };
if (params.type === "qemu") { if (params.type === "qemu") {
action.disk = params.disk; action.disk = params.disk;
} }
else { else {
action.volume = params.disk; action.volume = params.disk;
} }
action = JSON.stringify(action);
const route = params.type === "qemu" ? "move_disk" : "move_volume"; const route = params.type === "qemu" ? "move_disk" : "move_volume";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/${route}`, "POST", { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/${route}`, "POST", { token: true }, action);
@ -272,7 +270,7 @@ router.delete("/:disk/delete", async (req, res) => {
return; return;
} }
// create action // create action
const action = JSON.stringify({ delete: params.disk }); const action = { delete: params.disk };
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -340,7 +338,7 @@ router.post("/:disk/create", async (req, res) => {
} }
} }
// setup action // setup action
let action = {}; const action = {};
if (params.disk.includes("ide") && params.iso) { if (params.disk.includes("ide") && params.iso) {
action[params.disk] = `${params.iso},media=cdrom`; action[params.disk] = `${params.iso},media=cdrom`;
} }
@ -350,7 +348,6 @@ router.post("/:disk/create", async (req, res) => {
else { // type is lxc, use mp and add mp and backup values else { // type is lxc, use mp and add mp and backup values
action[params.disk] = `${params.storage}:${params.size},mp=/${params.disk}/,backup=1`; action[params.disk] = `${params.storage}:${params.size},mp=/${params.disk}/,backup=1`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);

View File

@ -61,14 +61,13 @@ router.post("/:netid/create", async (req, res) => {
} }
// setup action // setup action
const nc = db.getUser(req.cookies.username).templates.network[params.type]; const nc = db.getUser(req.cookies.username).templates.network[params.type];
let action = {}; const action = {};
if (params.type === "lxc") { if (params.type === "lxc") {
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`; action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
} }
else { else {
action[`net${params.netid}`] = `${nc.type},bridge=${nc.bridge},tag=${nc.vlan},rate=${params.rate}`; action[`net${params.netid}`] = `${nc.type},bridge=${nc.bridge},tag=${nc.vlan},rate=${params.rate}`;
} }
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -125,9 +124,8 @@ router.post("/:netid/modify", async (req, res) => {
return; return;
} }
// setup action // setup action
let action = {}; const action = {};
action[`net${params.netid}`] = currentNetworkConfig.replace(`rate=${currentNetworkRate}`, `rate=${params.rate}`); action[`net${params.netid}`] = currentNetworkConfig.replace(`rate=${currentNetworkRate}`, `rate=${params.rate}`);
action = JSON.stringify(action);
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action);
@ -170,9 +168,8 @@ router.delete("/:netid/delete", async (req, res) => {
return; return;
} }
// setup action // setup action
const action = JSON.stringify({ delete: `net${params.netid}` });
const method = params.type === "qemu" ? "POST" : "PUT"; const method = params.type === "qemu" ? "POST" : "PUT";
// commit action // commit action
const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, action); const result = await global.pve.requestPVE(`${vmpath}/config`, method, { token: true }, { delete: `net${params.netid}` });
await global.pve.handleResponse(params.node, result, res); await global.pve.handleResponse(params.node, result, res);
}); });

View File

@ -116,11 +116,10 @@ router.post("/:hostpci/modify", async (req, res) => {
} }
} }
// setup action // setup action
let action = {}; const action = {};
action[`hostpci${params.hostpci}`] = `${params.device},pcie=${params.pcie}`; action[`hostpci${params.hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action // commit action
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();
@ -196,11 +195,10 @@ router.post("/create", async (req, res) => {
return; return;
} }
// setup action // setup action
let action = {}; const action = {};
action[`hostpci${hostpci}`] = `${params.device},pcie=${params.pcie}`; action[`hostpci${hostpci}`] = `${params.device},pcie=${params.pcie}`;
action = JSON.stringify(action);
// commit action // commit action
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();
@ -255,9 +253,9 @@ router.delete("/:hostpci/delete", async (req, res) => {
return; return;
} }
// setup action // setup action
const action = JSON.stringify({ delete: `hostpci${params.hostpci}` }); const action = { delete: `hostpci${params.hostpci}` };
// commit action, need to use root user here because proxmox api only allows root to modify hostpci for whatever reason // commit action, need to use root user here because proxmox api only allows root to modify hostpci for whatever reason
const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, JSON.stringify(global.config.backends.pve.config.root)); const rootauth = await global.pve.requestPVE("/access/ticket", "POST", null, global.config.backends.pve.config.root);
if (!(rootauth.status === 200)) { if (!(rootauth.status === 200)) {
res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." }); res.status(rootauth.status).send({ auth: false, error: "API could not authenticate as root user." });
res.end(); res.end();

View File

@ -18,6 +18,7 @@ router.get("/*", async (req, res) => { // proxy endpoint for GET proxmox api wit
*/ */
router.post("/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token router.post("/*", async (req, res) => { // proxy endpoint for POST proxmox api with no token
const path = req.url.replace("/api/proxmox", ""); const path = req.url.replace("/api/proxmox", "");
const result = await global.pve.requestPVE(path, "POST", { cookies: req.cookies }, JSON.stringify(req.body)); // need to stringify body because of other issues const body = JSON.parse(JSON.stringify(req.body));
const result = await global.pve.requestPVE(path, "POST", { cookies: req.cookies }, body); // need to stringify body because of other issues
res.status(result.status).send(result.data); res.status(result.status).send(result.data);
}); });

View File

@ -354,7 +354,7 @@ export function readJSONFile (path) {
return JSON.parse(readFileSync(path)); return JSON.parse(readFileSync(path));
} }
catch (e) { catch (e) {
console.log(`Error: ${path} was not found.`); console.log(`error: ${path} was not found.`);
exit(1); exit(1);
} }
}; };