tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix some endpoint comments,

Browse Source 
add user node permission check to /node/pci
This commit is contained in:
Arthur Lu 2023-07-07 00:06:36 +00:00
parent 8fb26b274a
commit ffdce767ab
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main.js
View File

@ -60,8 +60,8 @@ app.post("/api/proxmox/*", async (req, res) => { // proxy endpoint for POST prox
/** /**
* GET - check authentication * GET - check authentication
* responses: * responses:
* - 200: {auth: true, path: String} * - 200: {auth: true}
* - 401: {auth: false, path: String} * - 401: {auth: false}
*/ */
app.get("/api/auth", async (req, res) => { app.get("/api/auth", async (req, res) => {
const auth = await checkAuth(req.cookies, res); const auth = await checkAuth(req.cookies, res);
@ -77,8 +77,8 @@ app.get("/api/auth", async (req, res) => {
* - username: String * - username: String
* - password: String * - password: String
* responses: * responses:
* - 200: {auth: true, path: String} * - 200: {auth: true}
* - 401: {auth: false, path: String} * - 401: {auth: false}
*/ */
app.post("/api/auth/ticket", async (req, res) => { app.post("/api/auth/ticket", async (req, res) => {
const response = await requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body)); const response = await requestPVE("/access/ticket", "POST", null, JSON.stringify(req.body));
@ -101,7 +101,7 @@ app.post("/api/auth/ticket", async (req, res) => {
/** /**
* DELETE - request to destroy ticket * DELETE - request to destroy ticket
* responses: * responses:
* - 200: {auth: false, path: String} * - 200: {auth: false}
*/ */
app.delete("/api/auth/ticket", async (req, res) => { app.delete("/api/auth/ticket", async (req, res) => {
const expire = new Date(0); const expire = new Date(0);
@ -140,7 +140,7 @@ app.get("/api/global/config/:key", async (req, res) => {
* GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata * GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
* responses: * responses:
* - 200: {avail: Object, max: Object, used: Object, resources: Object} * - 200: {avail: Object, max: Object, used: Object, resources: Object}
* - 401: {auth: false, path: String} * - 401: {auth: false}
*/ */
app.get("/api/user/dynamic/resources", async (req, res) => { app.get("/api/user/dynamic/resources", async (req, res) => {
// check auth // check auth
@ -158,7 +158,7 @@ app.get("/api/user/dynamic/resources", async (req, res) => {
* - key: User config key * - key: User config key
* responses: * responses:
* - 200: Object * - 200: Object
* - 401: {auth: false, path: String} * - 401: {auth: false}
* - 401: {auth: false, error: String} * - 401: {auth: false, error: String}
*/ */
app.get("/api/user/config/:key", async (req, res) => { app.get("/api/user/config/:key", async (req, res) => {
@ -184,7 +184,7 @@ app.get("/api/user/config/:key", async (req, res) => {
* POST - detach mounted disk from instance * POST - detach mounted disk from instance
* request: * request:
* - node: String - vm host node id * - node: String - vm host node id
* - type: String - vm type (lxc, qemu) * -y tpe: String - vm type (lxc, qemu)
* - vmid: Number - vm id number * - vmid: Number - vm id number
* - disk: String - disk id (sata0, NOT unused) * - disk: String - disk id (sata0, NOT unused)
* responses: * responses:
@ -742,6 +742,7 @@ app.get(`/api/:node(${nodeRegexP})/:type(${typeRegexP})/:vmid(${vmidRegexP})/pci
* - node: String - vm host node id * - node: String - vm host node id
* responses: * responses:
* - 200: PVE PCI Device Object * - 200: PVE PCI Device Object
* - 401: {auth: false}
* - 401: {auth: false, path: String} * - 401: {auth: false, path: String}
* - 500: {error: String} * - 500: {error: String}
*/ */
@ -754,6 +755,12 @@ app.get(`/api/:node(${nodeRegexP})/pci`, async (req, res) => {
if (!auth) { if (!auth) {
return; return;
} }
let userNodes = db.getUserConfig(req.cookies.username).nodes;
if (!userNodes.includes(params.node)){
res.status(401).send({auth: false, path: params.node});
res.end();
return;
}
// get remaining user resources // get remaining user resources
const userAvailPci = (await getUserResources(req, req.cookies.username)).avail.pci; const userAvailPci = (await getUserResources(req, req.cookies.username)).avail.pci;
// get node avail devices // get node avail devices