fix some endpoint comments,
add user node permission check to /node/pci
This commit is contained in:
parent
f389087a2b
commit
cd611e2590
23
src/main.js
23
src/main.js
@ -60,8 +60,8 @@ app.post("/api/proxmox/*", async (req, res) => { // proxy endpoint for POST prox
|
|||||||
/**
|
/**
|
||||||
* GET - check authentication
|
* GET - check authentication
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: {auth: true, path: String}
|
* - 200: {auth: true}
|
||||||
* - 401: {auth: false, path: String}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
app.get("/api/auth", async (req, res) => {
|
app.get("/api/auth", async (req, res) => {
|
||||||
const auth = await checkAuth(req.cookies, res);
|
const auth = await checkAuth(req.cookies, res);
|
||||||
@ -77,8 +77,8 @@ app.get("/api/auth", async (req, res) => {
|
|||||||
* - username: String
|
* - username: String
|
||||||
* - password: String
|
* - password: String
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: {auth: true, path: String}
|
* - 200: {auth: true}
|
||||||
* - 401: {auth: false, path: String}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
app.post("/api/auth/ticket", async (req, res) => {
|
app.post("/api/auth/ticket", async (req, res) => {
|
||||||
const response = await requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body));
|
const response = await requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body));
|
||||||
@ -101,7 +101,7 @@ app.post("/api/auth/ticket", async (req, res) => {
|
|||||||
/**
|
/**
|
||||||
* DELETE - request to destroy ticket
|
* DELETE - request to destroy ticket
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: {auth: false, path: String}
|
* - 200: {auth: false}
|
||||||
*/
|
*/
|
||||||
app.delete("/api/auth/ticket", async (req, res) => {
|
app.delete("/api/auth/ticket", async (req, res) => {
|
||||||
const expire = new Date(0);
|
const expire = new Date(0);
|
||||||
@ -140,7 +140,7 @@ app.get("/api/global/config/:key", async (req, res) => {
|
|||||||
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
|
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
|
* - 200: {avail: Object, max: Object, used: Object, resources: Object}
|
||||||
* - 401: {auth: false, path: String}
|
* - 401: {auth: false}
|
||||||
*/
|
*/
|
||||||
app.get("/api/user/dynamic/resources", async (req, res) => {
|
app.get("/api/user/dynamic/resources", async (req, res) => {
|
||||||
// check auth
|
// check auth
|
||||||
@ -158,7 +158,7 @@ app.get("/api/user/dynamic/resources", async (req, res) => {
|
|||||||
* - key: User config key
|
* - key: User config key
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: Object
|
* - 200: Object
|
||||||
* - 401: {auth: false, path: String}
|
* - 401: {auth: false}
|
||||||
* - 401: {auth: false, error: String}
|
* - 401: {auth: false, error: String}
|
||||||
*/
|
*/
|
||||||
app.get("/api/user/config/:key", async (req, res) => {
|
app.get("/api/user/config/:key", async (req, res) => {
|
||||||
@ -184,7 +184,7 @@ app.get("/api/user/config/:key", async (req, res) => {
|
|||||||
* POST - detach mounted disk from instance
|
* POST - detach mounted disk from instance
|
||||||
* request:
|
* request:
|
||||||
* - node: String - vm host node id
|
* - node: String - vm host node id
|
||||||
* - type: String - vm type (lxc, qemu)
|
* -y tpe: String - vm type (lxc, qemu)
|
||||||
* - vmid: Number - vm id number
|
* - vmid: Number - vm id number
|
||||||
* - disk: String - disk id (sata0, NOT unused)
|
* - disk: String - disk id (sata0, NOT unused)
|
||||||
* responses:
|
* responses:
|
||||||
@ -742,6 +742,7 @@ app.get(`/api/:node(${nodeRegexP})/:type(${typeRegexP})/:vmid(${vmidRegexP})/pci
|
|||||||
* - node: String - vm host node id
|
* - node: String - vm host node id
|
||||||
* responses:
|
* responses:
|
||||||
* - 200: PVE PCI Device Object
|
* - 200: PVE PCI Device Object
|
||||||
|
* - 401: {auth: false}
|
||||||
* - 401: {auth: false, path: String}
|
* - 401: {auth: false, path: String}
|
||||||
* - 500: {error: String}
|
* - 500: {error: String}
|
||||||
*/
|
*/
|
||||||
@ -754,6 +755,12 @@ app.get(`/api/:node(${nodeRegexP})/pci`, async (req, res) => {
|
|||||||
if (!auth) {
|
if (!auth) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
let userNodes = db.getUserConfig(req.cookies.username).nodes;
|
||||||
|
if (!userNodes.includes(params.node)){
|
||||||
|
res.status(401).send({auth: false, path: params.node});
|
||||||
|
res.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
// get remaining user resources
|
// get remaining user resources
|
||||||
const userAvailPci = (await getUserResources(req, req.cookies.username)).avail.pci;
|
const userAvailPci = (await getUserResources(req, req.cookies.username)).avail.pci;
|
||||||
// get node avail devices
|
// get node avail devices
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user