From dcef0bb03269f2981c73baacbb3166ad01e0607d Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Thu, 27 Apr 2023 15:39:01 +0000
Subject: [PATCH] add node restriction

Signed-off-by: Arthur Lu <learthurgo@gmail.com>
---
 main.js  | 5 +++++
 utils.js | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/main.js b/main.js
index 03e8476..74e2177 100644
--- a/main.js
+++ b/main.js
@@ -229,6 +229,11 @@ app.post("/api/instance", async (req, res) => {
 		res.end();
 		return;
 	}
+	if (!user.nodes.includes(req.body.node)) {
+		res.status(500).send({error: `Requested node ${req.body.node} is not in allowed nodes [${user.nodes}]`});
+		res.end();
+		return;
+	}
 	let action = {
 		vmid: req.body.vmid,
 		cores: req.body.cores,
diff --git a/utils.js b/utils.js
index 7ab9ca2..8710140 100644
--- a/utils.js
+++ b/utils.js
@@ -3,8 +3,8 @@ import { getUserConfig, getResourceConfig } from "./db.js";
 
 export async function getUserData (req, username) {
 	let resources = await getAllocatedResources(req, username);
-	let instances = getUserConfig(req.cookies.username).instances;
-	return {resources: resources, instances: instances};
+	let user = getUserConfig(req.cookies.username);
+	return {resources: resources, instances: user.instances, nodes: user.nodes};
 }
 
 async function getAllocatedResources (req, username) {