Merge pull request 'Update DB Interface' (#2) from update-localdb into main
Reviewed-on: #2
This commit is contained in:
commit
bb7404a82d
@ -92,42 +92,42 @@ class USER_BACKEND extends BACKEND {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Add group to backend
|
* Add group to backend
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} attributes group attributes
|
* @param {Object} attributes group attributes
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
addGroup (group, attributes, params = null) {}
|
addGroup (group, attributes, params = null) {}
|
||||||
/**
|
/**
|
||||||
* Get group from backend
|
* Get group from backend
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
getGroup (group, params = null) {}
|
getGroup (group, params = null) {}
|
||||||
/**
|
/**
|
||||||
* Modify group in backend
|
* Modify group in backend
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} attributes new group attributes to modify
|
* @param {Object} attributes new group attributes to modify
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
setGroup (group, attributes, params = null) {}
|
setGroup (group, attributes, params = null) {}
|
||||||
/**
|
/**
|
||||||
* Delete group from backend
|
* Delete group from backend
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
delGroup (group, params = null) {}
|
delGroup (group, params = null) {}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add user to group
|
* Add user to group
|
||||||
* @param {{id: string, realm: string}} user
|
* @param {{id: string, realm: string}} user
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
addUserToGroup (user, group, params = null) {}
|
addUserToGroup (user, group, params = null) {}
|
||||||
/**
|
/**
|
||||||
* Remove user from group
|
* Remove user from group
|
||||||
* @param {{id: string, realm: string}} user
|
* @param {{id: string, realm: string}} user
|
||||||
* @param {{id: string}} group
|
* @param {{id: string}} group
|
||||||
* @param {Object} params authentication params, usually req.cookies
|
* @param {Object} params authentication params, usually req.cookies
|
||||||
*/
|
*/
|
||||||
delUserFromGroup (user, group, params = null) {}
|
delUserFromGroup (user, group, params = null) {}
|
||||||
|
@ -35,13 +35,15 @@ export default class LocalDB extends DB_BACKEND {
|
|||||||
writeFileSync(this.#path, JSON.stringify(this.#data));
|
writeFileSync(this.#path, JSON.stringify(this.#data));
|
||||||
}
|
}
|
||||||
|
|
||||||
addUser (username, attributes, params = null) {
|
addUser (user, attributes, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
attributes = attributes || this.#defaultuser;
|
attributes = attributes || this.#defaultuser;
|
||||||
this.#data.users[username] = attributes;
|
this.#data.users[username] = attributes;
|
||||||
this.#save();
|
this.#save();
|
||||||
}
|
}
|
||||||
|
|
||||||
getUser (username, params = null) {
|
getUser (user, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
if (this.#data.users[username]) {
|
if (this.#data.users[username]) {
|
||||||
return this.#data.users[username];
|
return this.#data.users[username];
|
||||||
}
|
}
|
||||||
@ -50,7 +52,8 @@ export default class LocalDB extends DB_BACKEND {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
setUser (username, attributes, params = null) {
|
setUser (user, attributes, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
if (this.#data.users[username]) {
|
if (this.#data.users[username]) {
|
||||||
this.#data.users[username] = attributes;
|
this.#data.users[username] = attributes;
|
||||||
this.#save();
|
this.#save();
|
||||||
@ -61,7 +64,8 @@ export default class LocalDB extends DB_BACKEND {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
delUser (username, params = null) {
|
delUser (user, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
if (this.#data.users[username]) {
|
if (this.#data.users[username]) {
|
||||||
delete this.#data.users[username];
|
delete this.#data.users[username];
|
||||||
this.#save();
|
this.#save();
|
||||||
@ -71,4 +75,34 @@ export default class LocalDB extends DB_BACKEND {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// group methods not implemented because db backend does not store groups
|
||||||
|
addGroup (group, atrributes, params = null) {}
|
||||||
|
getGroup (group, params = null) {}
|
||||||
|
setGroup (group, attributes, params = null) {}
|
||||||
|
delGroup (group, params = null) {}
|
||||||
|
|
||||||
|
// assume that adding to group also adds to group's pool
|
||||||
|
addUserToGroup (user, group, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
|
if (this.#data.users[username]) {
|
||||||
|
this.#data.users[username].cluster.pools[group.id] = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// assume that adding to group also adds to group's pool
|
||||||
|
delUserFromGroup (user, group, params = null) {
|
||||||
|
const username = `${user.id}@${user.realm}`;
|
||||||
|
if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) {
|
||||||
|
delete this.#data.users[username].cluster.pools[group.id];
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -104,7 +104,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
|
|||||||
async addUserToGroup (user, group, params = null) {
|
async addUserToGroup (user, group, params = null) {
|
||||||
return await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
|
return await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
|
||||||
}
|
}
|
||||||
|
|
||||||
async delUserFromGroup (user, group, params = null) {
|
async delUserFromGroup (user, group, params = null) {
|
||||||
return await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
|
return await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
|
||||||
}
|
}
|
||||||
|
@ -28,19 +28,24 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
|
|||||||
const params = {
|
const params = {
|
||||||
node: req.params.node
|
node: req.params.node
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const userNodes = db.getUser(req.cookies.username).nodes;
|
const userNodes = db.getUser(userObj).cluster.nodes;
|
||||||
if (!userNodes.includes(params.node)) {
|
if (userNodes[params.node] !== true) {
|
||||||
res.status(401).send({ auth: false, path: params.node });
|
res.status(401).send({ auth: false, path: params.node });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// get remaining user resources
|
// get remaining user resources
|
||||||
const userAvailPci = (await getUserResources(req, req.cookies.username)).pci.nodes[params.node];
|
const userAvailPci = (await getUserResources(req, userObj)).pci.nodes[params.node];
|
||||||
// get node avail devices
|
// get node avail devices
|
||||||
let nodeAvailPci = await global.pve.getNodeAvailDevices(params.node, req.cookies);
|
let nodeAvailPci = await global.pve.getNodeAvailDevices(params.node, req.cookies);
|
||||||
nodeAvailPci = nodeAvailPci.filter(nodeAvail => userAvailPci.some((userAvail) => {
|
nodeAvailPci = nodeAvailPci.filter(nodeAvail => userAvailPci.some((userAvail) => {
|
||||||
@ -77,6 +82,11 @@ router.post(`${basePath}/resources`, async (req, res) => {
|
|||||||
swap: req.body.swap,
|
swap: req.body.swap,
|
||||||
boot: req.body.boot
|
boot: req.body.boot
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -96,7 +106,7 @@ router.post(`${basePath}/resources`, async (req, res) => {
|
|||||||
request.cpu = params.proctype;
|
request.cpu = params.proctype;
|
||||||
}
|
}
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: "Could not fulfil request." });
|
res.status(500).send({ request, error: "Could not fulfil request." });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -154,13 +164,18 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
rootfslocation: req.body.rootfslocation,
|
rootfslocation: req.body.rootfslocation,
|
||||||
rootfssize: req.body.rootfssize
|
rootfssize: req.body.rootfssize
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// get user db config
|
// get user db config
|
||||||
const user = await db.getUser(req.cookies.username);
|
const user = await db.getUser(userObj);
|
||||||
const vmid = Number.parseInt(params.vmid);
|
const vmid = Number.parseInt(params.vmid);
|
||||||
const vmidMin = user.cluster.vmid.min;
|
const vmidMin = user.cluster.vmid.min;
|
||||||
const vmidMax = user.cluster.vmid.max;
|
const vmidMax = user.cluster.vmid.max;
|
||||||
@ -171,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// check node is within allowed list
|
// check node is within allowed list
|
||||||
if (!user.nodes.includes(params.node)) {
|
if (user.cluster.nodes[params.node] !== true) {
|
||||||
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
|
res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
|
||||||
|
res.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// check if pool is in user allowed pools
|
||||||
|
if (user.cluster.pools[params.pool] !== true) {
|
||||||
|
res.status(500).send({ error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -197,7 +218,7 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) { // check resource approval
|
if (!await approveResources(req, userObj, request, params.node)) { // check resource approval
|
||||||
res.status(500).send({ request, error: "Not enough resources to satisfy request." });
|
res.status(500).send({ request, error: "Not enough resources to satisfy request." });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -207,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
|
|||||||
vmid: params.vmid,
|
vmid: params.vmid,
|
||||||
cores: Number(params.cores),
|
cores: Number(params.cores),
|
||||||
memory: Number(params.memory),
|
memory: Number(params.memory),
|
||||||
pool: params.pool // TODO allow user to select pool to assign VM
|
pool: params.pool
|
||||||
};
|
};
|
||||||
for (const key of Object.keys(user.templates.instances[params.type])) {
|
for (const key of Object.keys(user.templates.instances[params.type])) {
|
||||||
action[key] = user.templates.instances[params.type][key].value;
|
action[key] = user.templates.instances[params.type][key].value;
|
||||||
|
@ -129,6 +129,11 @@ router.post("/:disk/resize", async (req, res) => {
|
|||||||
disk: req.params.disk,
|
disk: req.params.disk,
|
||||||
size: req.body.size
|
size: req.body.size
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -149,7 +154,7 @@ router.post("/:disk/resize", async (req, res) => {
|
|||||||
const request = {};
|
const request = {};
|
||||||
request[storage] = Number(params.size * 1024 ** 3); // setup request object
|
request[storage] = Number(params.size * 1024 ** 3); // setup request object
|
||||||
// check request approval
|
// check request approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` });
|
res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -186,6 +191,11 @@ router.post("/:disk/move", async (req, res) => {
|
|||||||
storage: req.body.storage,
|
storage: req.body.storage,
|
||||||
delete: req.body.delete
|
delete: req.body.delete
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -209,7 +219,7 @@ router.post("/:disk/move", async (req, res) => {
|
|||||||
request[dstStorage] = Number(size); // always decrease destination storage by size
|
request[dstStorage] = Number(size); // always decrease destination storage by size
|
||||||
}
|
}
|
||||||
// check request approval
|
// check request approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
|
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -304,6 +314,11 @@ router.post("/:disk/create", async (req, res) => {
|
|||||||
size: req.body.size,
|
size: req.body.size,
|
||||||
iso: req.body.iso
|
iso: req.body.iso
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -324,7 +339,7 @@ router.post("/:disk/create", async (req, res) => {
|
|||||||
// setup request
|
// setup request
|
||||||
request[params.storage] = Number(params.size * 1024 ** 3);
|
request[params.storage] = Number(params.size * 1024 ** 3);
|
||||||
// check request approval
|
// check request approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
|
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
|
@ -31,6 +31,11 @@ router.post("/:netid/create", async (req, res) => {
|
|||||||
rate: req.body.rate,
|
rate: req.body.rate,
|
||||||
name: req.body.name
|
name: req.body.name
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -54,13 +59,13 @@ router.post("/:netid/create", async (req, res) => {
|
|||||||
network: Number(params.rate)
|
network: Number(params.rate)
|
||||||
};
|
};
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
|
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// setup action
|
// setup action
|
||||||
const nc = db.getUser(req.cookies.username).templates.network[params.type];
|
const nc = db.getUser(userObj).templates.network[params.type];
|
||||||
const action = {};
|
const action = {};
|
||||||
if (params.type === "lxc") {
|
if (params.type === "lxc") {
|
||||||
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
|
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
|
||||||
@ -98,6 +103,11 @@ router.post("/:netid/modify", async (req, res) => {
|
|||||||
netid: req.params.netid.replace("net", ""),
|
netid: req.params.netid.replace("net", ""),
|
||||||
rate: req.body.rate
|
rate: req.body.rate
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth for specific instance
|
// check auth for specific instance
|
||||||
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
|
||||||
const auth = await checkAuth(req.cookies, res, vmpath);
|
const auth = await checkAuth(req.cookies, res, vmpath);
|
||||||
@ -118,7 +128,7 @@ router.post("/:netid/modify", async (req, res) => {
|
|||||||
network: Number(params.rate) - Number(currentNetworkRate)
|
network: Number(params.rate) - Number(currentNetworkRate)
|
||||||
};
|
};
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
|
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
|
@ -74,6 +74,11 @@ router.post("/:hostpci/modify", async (req, res) => {
|
|||||||
device: req.body.device,
|
device: req.body.device,
|
||||||
pcie: req.body.pcie
|
pcie: req.body.pcie
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check if type is qemu
|
// check if type is qemu
|
||||||
if (params.type !== "qemu") {
|
if (params.type !== "qemu") {
|
||||||
res.status(500).send({ error: "Type must be qemu (vm)." });
|
res.status(500).send({ error: "Type must be qemu (vm)." });
|
||||||
@ -102,7 +107,7 @@ router.post("/:hostpci/modify", async (req, res) => {
|
|||||||
const deviceData = await global.pve.getDeviceInfo(params.node, params.device);
|
const deviceData = await global.pve.getDeviceInfo(params.node, params.device);
|
||||||
const request = { pci: deviceData.device_name };
|
const request = { pci: deviceData.device_name };
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
|
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
@ -156,6 +161,11 @@ router.post("/create", async (req, res) => {
|
|||||||
device: req.body.device,
|
device: req.body.device,
|
||||||
pcie: req.body.pcie
|
pcie: req.body.pcie
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check if type is qemu
|
// check if type is qemu
|
||||||
if (params.type !== "qemu") {
|
if (params.type !== "qemu") {
|
||||||
res.status(500).send({ error: "Type must be qemu (vm)." });
|
res.status(500).send({ error: "Type must be qemu (vm)." });
|
||||||
@ -182,7 +192,7 @@ router.post("/create", async (req, res) => {
|
|||||||
pci: deviceData.device_name
|
pci: deviceData.device_name
|
||||||
};
|
};
|
||||||
// check resource approval
|
// check resource approval
|
||||||
if (!await approveResources(req, req.cookies.username, request, params.node)) {
|
if (!await approveResources(req, userObj, request, params.node)) {
|
||||||
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
|
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
|
||||||
res.end();
|
res.end();
|
||||||
return;
|
return;
|
||||||
|
@ -1,75 +0,0 @@
|
|||||||
import { Router } from "express";
|
|
||||||
export const router = Router({ mergeParams: true }); ;
|
|
||||||
|
|
||||||
const config = global.config;
|
|
||||||
const checkAuth = global.utils.checkAuth;
|
|
||||||
const getUserResources = global.utils.getUserResources;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
|
|
||||||
* responses:
|
|
||||||
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
|
|
||||||
* - 401: {auth: false}
|
|
||||||
*/
|
|
||||||
router.get("/dynamic/resources", async (req, res) => {
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
const resources = await getUserResources(req, req.cookies.username);
|
|
||||||
res.status(200).send(resources);
|
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get db user configuration by key
|
|
||||||
* request:
|
|
||||||
* - key: string - user config key
|
|
||||||
* responses:
|
|
||||||
* - 200: Object
|
|
||||||
* - 401: {auth: false}
|
|
||||||
* - 401: {auth: false, error: string}
|
|
||||||
*/
|
|
||||||
router.get("/config/:key", async (req, res) => {
|
|
||||||
const params = {
|
|
||||||
key: req.params.key
|
|
||||||
};
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
const allowKeys = ["resources", "cluster", "nodes"];
|
|
||||||
if (allowKeys.includes(params.key)) {
|
|
||||||
const config = global.db.getUser(req.cookies.username);
|
|
||||||
res.status(200).send(config[params.key]);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
|
||||||
* GET - get user accessible iso files
|
|
||||||
* response:
|
|
||||||
* - 200: Array.<Object>
|
|
||||||
* - 401: {auth: false}
|
|
||||||
*/
|
|
||||||
router.get("/iso", async (req, res) => {
|
|
||||||
// check auth
|
|
||||||
const auth = await checkAuth(req.cookies, res);
|
|
||||||
if (!auth) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
// get user iso config
|
|
||||||
const userIsoConfig = config.useriso;
|
|
||||||
// get all isos
|
|
||||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
|
||||||
const userIsos = [];
|
|
||||||
isos.forEach((iso) => {
|
|
||||||
iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
|
|
||||||
userIsos.push(iso);
|
|
||||||
});
|
|
||||||
userIsos.sort();
|
|
||||||
res.status(200).send(userIsos);
|
|
||||||
});
|
|
@ -167,7 +167,10 @@ if (schemes.interrupt.enabled) {
|
|||||||
else {
|
else {
|
||||||
wsServer.handleUpgrade(req, socket, head, (socket) => {
|
wsServer.handleUpgrade(req, socket, head, (socket) => {
|
||||||
// get the user pools
|
// get the user pools
|
||||||
const pools = global.db.getUser(cookies.username).cluster.pools;
|
const userRealm = cookies.username.split("@").at(-1);
|
||||||
|
const userID = cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
const pools = Object.keys(global.db.getUser(userObj).cluster.pools);
|
||||||
// emit the connection to initialize socket
|
// emit the connection to initialize socket
|
||||||
wsServer.emit("connection", socket, cookies.username, pools);
|
wsServer.emit("connection", socket, cookies.username, pools);
|
||||||
});
|
});
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
import { Router } from "express";
|
import { Router } from "express";
|
||||||
export const router = Router({ mergeParams: true }); ;
|
export const router = Router({ mergeParams: true }); ;
|
||||||
|
|
||||||
|
const config = global.config;
|
||||||
const checkAuth = global.utils.checkAuth;
|
const checkAuth = global.utils.checkAuth;
|
||||||
const getUserResources = global.utils.getUserResources;
|
const getUserResources = global.utils.getUserResources;
|
||||||
|
|
||||||
@ -16,7 +17,12 @@ router.get("/dynamic/resources", async (req, res) => {
|
|||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const resources = await getUserResources(req, req.cookies.username);
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
|
const resources = await getUserResources(req, userObj);
|
||||||
res.status(200).send(resources);
|
res.status(200).send(resources);
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -33,14 +39,19 @@ router.get("/config/:key", async (req, res) => {
|
|||||||
const params = {
|
const params = {
|
||||||
key: req.params.key
|
key: req.params.key
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const userRealm = req.cookies.username.split("@").at(-1);
|
||||||
|
const userID = req.cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const allowKeys = ["resources", "cluster", "nodes"];
|
const allowKeys = ["resources", "cluster"];
|
||||||
if (allowKeys.includes(params.key)) {
|
if (allowKeys.includes(params.key)) {
|
||||||
const config = global.db.getUser(req.cookies.username);
|
const config = global.db.getUser(userObj);
|
||||||
res.status(200).send(config[params.key]);
|
res.status(200).send(config[params.key]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -54,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
|
|||||||
* - 200: Array.<Object>
|
* - 200: Array.<Object>
|
||||||
* - 401: {auth: false}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
router.get("/iso", async (req, res) => {
|
router.get("/vm-isos", async (req, res) => {
|
||||||
// check auth
|
// check auth
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// get user iso config
|
// get user iso config
|
||||||
const userIsoConfig = global.config.useriso;
|
const userIsoConfig = config.useriso;
|
||||||
// get all isos
|
// get all isos
|
||||||
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
|
||||||
const userIsos = [];
|
const userIsos = [];
|
||||||
@ -72,3 +83,28 @@ router.get("/iso", async (req, res) => {
|
|||||||
userIsos.sort();
|
userIsos.sort();
|
||||||
res.status(200).send(userIsos);
|
res.status(200).send(userIsos);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* GET - get user accessible container template files
|
||||||
|
* response:
|
||||||
|
* - 200: Array.<Object>
|
||||||
|
* - 401: {auth: false}
|
||||||
|
*/
|
||||||
|
router.get("/ct-templates", async (req, res) => {
|
||||||
|
// check auth
|
||||||
|
const auth = await checkAuth(req.cookies, res);
|
||||||
|
if (!auth) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// get user iso config
|
||||||
|
const userIsoConfig = config.useriso;
|
||||||
|
// get all isos
|
||||||
|
const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
|
||||||
|
const userIsos = [];
|
||||||
|
isos.forEach((iso) => {
|
||||||
|
iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
|
||||||
|
userIsos.push(iso);
|
||||||
|
});
|
||||||
|
userIsos.sort();
|
||||||
|
res.status(200).send(userIsos);
|
||||||
|
});
|
||||||
|
18
src/utils.js
18
src/utils.js
@ -15,7 +15,11 @@ import { exit } from "process";
|
|||||||
export async function checkAuth (cookies, res, vmpath = null) {
|
export async function checkAuth (cookies, res, vmpath = null) {
|
||||||
let auth = false;
|
let auth = false;
|
||||||
|
|
||||||
if (global.db.getUser(cookies.username) === null) {
|
const userRealm = cookies.username.split("@").at(-1);
|
||||||
|
const userID = cookies.username.replace(`@${userRealm}`, "");
|
||||||
|
const userObj = { id: userID, realm: userRealm };
|
||||||
|
|
||||||
|
if (global.db.getUser(userObj) === null) {
|
||||||
auth = false;
|
auth = false;
|
||||||
res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in localdb.` });
|
res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in localdb.` });
|
||||||
res.end();
|
res.end();
|
||||||
@ -104,12 +108,12 @@ async function getAllInstanceConfigs (req, diskprefixes) {
|
|||||||
/**
|
/**
|
||||||
* Get user resource data including used, available, and maximum resources.
|
* Get user resource data including used, available, and maximum resources.
|
||||||
* @param {Object} req ProxmoxAAS API request object.
|
* @param {Object} req ProxmoxAAS API request object.
|
||||||
* @param {string} username of user to get resource data.
|
* @param {{id: string, realm: string}} user object of user to get resource data.
|
||||||
* @returns {{used: Object, avail: Object, max: Object, resources: Object}} used, available, maximum, and resource metadata for the specified user.
|
* @returns {{used: Object, avail: Object, max: Object, resources: Object}} used, available, maximum, and resource metadata for the specified user.
|
||||||
*/
|
*/
|
||||||
export async function getUserResources (req, username) {
|
export async function getUserResources (req, user) {
|
||||||
const dbResources = global.config.resources;
|
const dbResources = global.config.resources;
|
||||||
const userResources = global.db.getUser(username).resources;
|
const userResources = global.db.getUser(user).resources;
|
||||||
|
|
||||||
// setup disk prefixes object
|
// setup disk prefixes object
|
||||||
const diskprefixes = [];
|
const diskprefixes = [];
|
||||||
@ -258,13 +262,13 @@ export async function getUserResources (req, username) {
|
|||||||
/**
|
/**
|
||||||
* Check approval for user requesting additional resources. Generally, subtracts the request from available resources and ensures request can be fulfilled by the available resources.
|
* Check approval for user requesting additional resources. Generally, subtracts the request from available resources and ensures request can be fulfilled by the available resources.
|
||||||
* @param {Object} req ProxmoxAAS API request object.
|
* @param {Object} req ProxmoxAAS API request object.
|
||||||
* @param {string} username of user requesting additional resources.
|
* @param {{id: string, realm: string}} user object of user requesting additional resources.
|
||||||
* @param {Object} request k-v pairs of resources and requested amounts
|
* @param {Object} request k-v pairs of resources and requested amounts
|
||||||
* @returns {boolean} true if the available resources can fullfill the requested resources, false otherwise.
|
* @returns {boolean} true if the available resources can fullfill the requested resources, false otherwise.
|
||||||
*/
|
*/
|
||||||
export async function approveResources (req, username, request, node) {
|
export async function approveResources (req, user, request, node) {
|
||||||
const dbResources = global.config.resources;
|
const dbResources = global.config.resources;
|
||||||
const userResources = await getUserResources(req, username);
|
const userResources = await getUserResources(req, user);
|
||||||
let approved = true;
|
let approved = true;
|
||||||
Object.keys(request).every((key) => {
|
Object.keys(request).every((key) => {
|
||||||
// if requested resource is not specified in user resources, assume it's not allowed
|
// if requested resource is not specified in user resources, assume it's not allowed
|
||||||
|
@ -71,20 +71,20 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nodes": [
|
|
||||||
"example-node-0",
|
|
||||||
"example-node-1",
|
|
||||||
"example-node-2"
|
|
||||||
],
|
|
||||||
"cluster": {
|
"cluster": {
|
||||||
|
"nodes": {
|
||||||
|
"example-node-0": true,
|
||||||
|
"example-node-1": true,
|
||||||
|
"example-node-2": true
|
||||||
|
},
|
||||||
"vmid": {
|
"vmid": {
|
||||||
"min": 100,
|
"min": 100,
|
||||||
"max": 199
|
"max": 199
|
||||||
},
|
},
|
||||||
"pools": [
|
"pools": {
|
||||||
"examplepool1",
|
"example-pool-1": true,
|
||||||
"examplepool2"
|
"example-pool-2": true
|
||||||
]
|
}
|
||||||
},
|
},
|
||||||
"templates": {
|
"templates": {
|
||||||
"instances": {
|
"instances": {
|
||||||
|
Loading…
Reference in New Issue
Block a user