fix auth early escape
Signed-off-by: Arthur Lu <learthurgo@gmail.com>
This commit is contained in:
parent
d6cd844379
commit
e12e245abd
39
main.js
39
main.js
@ -25,7 +25,8 @@ app.get("/api/echo", (req, res) => {
|
||||
});
|
||||
|
||||
app.get("/api/auth", async (req, res) => {
|
||||
await checkAuth(req.cookies);
|
||||
let auth = await checkAuth(req.cookies);
|
||||
if (!auth) { return; }
|
||||
res.status(200).send({ auth: true });
|
||||
});
|
||||
|
||||
@ -71,28 +72,32 @@ app.delete("/api/ticket", async (req, res) => {
|
||||
|
||||
app.get("/api/user/resources", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
let resources = await getAllocatedResources(req, req.cookies.username);
|
||||
res.status(200).send(resources);
|
||||
});
|
||||
|
||||
app.get("/api/user/instances", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
let config = getUserConfig(req.cookies.username);
|
||||
res.status(200).send(config.instances)
|
||||
});
|
||||
|
||||
app.get("/api/user/nodes", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
let config = getUserConfig(req.cookies.username);
|
||||
res.status(200).send(config.nodes)
|
||||
})
|
||||
|
||||
app.post("/api/instance/disk/detach", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
if (req.body.disk.includes("unused")) {
|
||||
res.status(500).send({ error: `Requested disk ${req.body.disk} cannot be unused. Use /disk/delete to permanently delete unused disks.` });
|
||||
res.end();
|
||||
@ -106,7 +111,8 @@ app.post("/api/instance/disk/detach", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/disk/attach", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
let action = {};
|
||||
action[req.body.disk] = req.body.data;
|
||||
action = JSON.stringify(action);
|
||||
@ -117,7 +123,8 @@ app.post("/api/instance/disk/attach", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/disk/resize", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// check disk existence
|
||||
let diskConfig = await getDiskInfo(req.body.node, req.body.type, req.body.vmid, req.body.disk); // get target disk
|
||||
if (!diskConfig) { // exit if disk does not exist
|
||||
@ -143,7 +150,8 @@ app.post("/api/instance/disk/resize", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/disk/move", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// check disk existence
|
||||
let diskConfig = await getDiskInfo(req.body.node, req.body.type, req.body.vmid, req.body.disk); // get target disk
|
||||
if (!diskConfig) { // exit if disk does not exist
|
||||
@ -183,7 +191,8 @@ app.post("/api/instance/disk/move", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/disk/delete", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// only ide or unused are allowed to be deleted
|
||||
if (!req.body.disk.includes("unused") && !req.body.disk.includes("ide")) { // must be ide or unused
|
||||
res.status(500).send({ error: `Requested disk ${req.body.disk} must be unused or ide. Use /disk/detach to detach disks in use.` });
|
||||
@ -199,7 +208,8 @@ app.post("/api/instance/disk/delete", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/disk/create", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// setup request
|
||||
let request = {};
|
||||
if (!req.body.disk.includes("ide")) {
|
||||
@ -230,7 +240,8 @@ app.post("/api/instance/disk/create", async (req, res) => {
|
||||
|
||||
app.post("/api/instance/resources", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// get current config
|
||||
let currentConfig = await requestPVE(`/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}/config`, "GET", null, null, pveAPIToken);
|
||||
let request = {
|
||||
@ -252,7 +263,8 @@ app.post("/api/instance/resources", async (req, res) => {
|
||||
|
||||
app.post("/api/instance", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// setup request
|
||||
let request = {
|
||||
cores: Number(req.body.cores),
|
||||
@ -309,7 +321,8 @@ app.post("/api/instance", async (req, res) => {
|
||||
|
||||
app.delete("/api/instance", async (req, res) => {
|
||||
// check auth
|
||||
await checkAuth(req.cookies, res);
|
||||
let auth = await checkAuth(req.cookies, res);
|
||||
if (!auth) { return; }
|
||||
// commit action
|
||||
let result = await requestPVE(`/nodes/${req.body.node}/${req.body.type}/${req.body.vmid}`, "DELETE", req.cookies, null, pveAPIToken);
|
||||
await handleResponse(req.body.node, result, res);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user