tronnet/ProxmoxAAS-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update DB Interface #2

Merged
alu merged 3 commits from update-localdb into main 2024-04-24 20:29:32 +00:00
Conversation 0 Commits 3 Files Changed 12 +152 -42
12 changed files with 152 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e032038100 - Show all commits

16
src/backends/backends.js
View File

@ -92,42 +92,42 @@ class USER_BACKEND extends BACKEND {
/**
* Add group to backend
* @param {{id: string}} group
* @param {{id: string}} group
* @param {Object} attributes group attributes
* @param {Object} params authentication params, usually req.cookies
*/
addGroup (group, attributes, params = null) {}
/**
* Get group from backend
* @param {{id: string}} group
* @param {{id: string}} group
* @param {Object} params authentication params, usually req.cookies
*/
getGroup (group, params = null) {}
/**
* Modify group in backend
* @param {{id: string}} group
* @param {{id: string}} group
* @param {Object} attributes new group attributes to modify
* @param {Object} params authentication params, usually req.cookies
*/
setGroup (group, attributes, params = null) {}
/**
* Delete group from backend
* @param {{id: string}} group
* @param {{id: string}} group
* @param {Object} params authentication params, usually req.cookies
*/
delGroup (group, params = null) {}
/**
* Add user to group
* @param {{id: string, realm: string}} user
* @param {{id: string}} group
* @param {{id: string, realm: string}} user
* @param {{id: string}} group
* @param {Object} params authentication params, usually req.cookies
*/
addUserToGroup (user, group, params = null) {}
/**
* Remove user from group
* @param {{id: string, realm: string}} user
* @param {{id: string}} group
* @param {{id: string, realm: string}} user
* @param {{id: string}} group
* @param {Object} params authentication params, usually req.cookies
*/
delUserFromGroup (user, group, params = null) {}

42
src/backends/localdb.js
View File

@ -35,13 +35,15 @@ export default class LocalDB extends DB_BACKEND {
writeFileSync(this.#path, JSON.stringify(this.#data));
}
addUser (username, attributes, params = null) {
addUser (user, attributes, params = null) {
const username = `${user.id}@${user.realm}`;
attributes = attributes || this.#defaultuser;
this.#data.users[username] = attributes;
this.#save();
}
getUser (username, params = null) {
getUser (user, params = null) {
const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) {
return this.#data.users[username];
}
@ -50,7 +52,8 @@ export default class LocalDB extends DB_BACKEND {
}
}
setUser (username, attributes, params = null) {
setUser (user, attributes, params = null) {
const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) {
this.#data.users[username] = attributes;
this.#save();
@ -61,7 +64,8 @@ export default class LocalDB extends DB_BACKEND {
}
}
delUser (username, params = null) {
delUser (user, params = null) {
const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) {
delete this.#data.users[username];
this.#save();
@ -71,4 +75,34 @@ export default class LocalDB extends DB_BACKEND {
return false;
}
}
// group methods not implemented because db backend does not store groups
addGroup (group, atrributes, params = null) {}
getGroup (group, params = null) {}
setGroup (group, attributes, params = null) {}
delGroup (group, params = null) {}
// assume that adding to group also adds to group's pool
addUserToGroup (user, group, params = null) {
const username = `${user.id}@${user.realm}`;
if (this.#data.users[username]) {
this.#data.users[username].cluster.pools[group.id] = true;
return true;
}
else {
return false;
}
}
// assume that adding to group also adds to group's pool
delUserFromGroup (user, group, params = null) {
const username = `${user.id}@${user.realm}`;
if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) {
delete this.#data.users[username].cluster.pools[group.id];
return true;
}
else {
return false;
}
}
}

2
src/backends/paasldap.js
View File

@ -104,7 +104,7 @@ export default class PAASLDAP extends AUTH_BACKEND {
async addUserToGroup (user, group, params = null) {
return await this.#request(`/groups/${group.id}/members/${user.id}`, "POST", params);
}
async delUserFromGroup (user, group, params = null) {
return await this.#request(`/groups/${group.id}/members/${user.id}`, "DELETE", params);
}

25
src/routes/cluster.js
View File

@ -28,19 +28,24 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
const params = {
node: req.params.node
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const userNodes = db.getUser(req.cookies.username).nodes;
const userNodes = db.getUser(userObj).nodes;
if (!userNodes.includes(params.node)) {
res.status(401).send({ auth: false, path: params.node });
res.end();
return;
}
// get remaining user resources
const userAvailPci = (await getUserResources(req, req.cookies.username)).pci.nodes[params.node];
const userAvailPci = (await getUserResources(req, userObj)).pci.nodes[params.node];
// get node avail devices
let nodeAvailPci = await global.pve.getNodeAvailDevices(params.node, req.cookies);
nodeAvailPci = nodeAvailPci.filter(nodeAvail => userAvailPci.some((userAvail) => {
@ -77,6 +82,11 @@ router.post(`${basePath}/resources`, async (req, res) => {
swap: req.body.swap,
boot: req.body.boot
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -96,7 +106,7 @@ router.post(`${basePath}/resources`, async (req, res) => {
request.cpu = params.proctype;
}
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: "Could not fulfil request." });
res.end();
return;
@ -154,13 +164,18 @@ router.post(`${basePath}/create`, async (req, res) => {
rootfslocation: req.body.rootfslocation,
rootfssize: req.body.rootfssize
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
// get user db config
const user = await db.getUser(req.cookies.username);
const user = await db.getUser(userObj);
const vmid = Number.parseInt(params.vmid);
const vmidMin = user.cluster.vmid.min;
const vmidMax = user.cluster.vmid.max;
@ -197,7 +212,7 @@ router.post(`${basePath}/create`, async (req, res) => {
}
}
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) { // check resource approval
if (!await approveResources(req, userObj, request, params.node)) { // check resource approval
res.status(500).send({ request, error: "Not enough resources to satisfy request." });
res.end();
return;

21
src/routes/cluster/disk.js
View File

@ -129,6 +129,11 @@ router.post("/:disk/resize", async (req, res) => {
disk: req.params.disk,
size: req.body.size
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -149,7 +154,7 @@ router.post("/:disk/resize", async (req, res) => {
const request = {};
request[storage] = Number(params.size * 1024 ** 3); // setup request object
// check request approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;
@ -186,6 +191,11 @@ router.post("/:disk/move", async (req, res) => {
storage: req.body.storage,
delete: req.body.delete
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -209,7 +219,7 @@ router.post("/:disk/move", async (req, res) => {
request[dstStorage] = Number(size); // always decrease destination storage by size
}
// check request approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;
@ -304,6 +314,11 @@ router.post("/:disk/create", async (req, res) => {
size: req.body.size,
iso: req.body.iso
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -324,7 +339,7 @@ router.post("/:disk/create", async (req, res) => {
// setup request
request[params.storage] = Number(params.size * 1024 ** 3);
// check request approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
res.end();
return;

16
src/routes/cluster/net.js
View File

@ -31,6 +31,11 @@ router.post("/:netid/create", async (req, res) => {
rate: req.body.rate,
name: req.body.name
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -54,13 +59,13 @@ router.post("/:netid/create", async (req, res) => {
network: Number(params.rate)
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
res.end();
return;
}
// setup action
const nc = db.getUser(req.cookies.username).templates.network[params.type];
const nc = db.getUser(userObj).templates.network[params.type];
const action = {};
if (params.type === "lxc") {
action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
@ -98,6 +103,11 @@ router.post("/:netid/modify", async (req, res) => {
netid: req.params.netid.replace("net", ""),
rate: req.body.rate
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth for specific instance
const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
const auth = await checkAuth(req.cookies, res, vmpath);
@ -118,7 +128,7 @@ router.post("/:netid/modify", async (req, res) => {
network: Number(params.rate) - Number(currentNetworkRate)
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
res.end();
return;

14
src/routes/cluster/pci.js
View File

@ -74,6 +74,11 @@ router.post("/:hostpci/modify", async (req, res) => {
device: req.body.device,
pcie: req.body.pcie
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check if type is qemu
if (params.type !== "qemu") {
res.status(500).send({ error: "Type must be qemu (vm)." });
@ -102,7 +107,7 @@ router.post("/:hostpci/modify", async (req, res) => {
const deviceData = await global.pve.getDeviceInfo(params.node, params.device);
const request = { pci: deviceData.device_name };
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
res.end();
return;
@ -156,6 +161,11 @@ router.post("/create", async (req, res) => {
device: req.body.device,
pcie: req.body.pcie
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check if type is qemu
if (params.type !== "qemu") {
res.status(500).send({ error: "Type must be qemu (vm)." });
@ -182,7 +192,7 @@ router.post("/create", async (req, res) => {
pci: deviceData.device_name
};
// check resource approval
if (!await approveResources(req, req.cookies.username, request, params.node)) {
if (!await approveResources(req, userObj, request, params.node)) {
res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
res.end();
return;

14
src/routes/cluster/user.js
View File

@ -17,7 +17,12 @@ router.get("/dynamic/resources", async (req, res) => {
if (!auth) {
return;
}
const resources = await getUserResources(req, req.cookies.username);
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const resources = await getUserResources(req, userObj);
res.status(200).send(resources);
});
@ -34,6 +39,11 @@ router.get("/config/:key", async (req, res) => {
const params = {
key: req.params.key
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
@ -41,7 +51,7 @@ router.get("/config/:key", async (req, res) => {
}
const allowKeys = ["resources", "cluster", "nodes"];
if (allowKeys.includes(params.key)) {
const config = global.db.getUser(req.cookies.username);
const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]);
}
else {

5
src/routes/sync.js
View File

@ -167,7 +167,10 @@ if (schemes.interrupt.enabled) {
else {
wsServer.handleUpgrade(req, socket, head, (socket) => {
// get the user pools
const pools = global.db.getUser(cookies.username).cluster.pools;
const userRealm = cookies.username.split("@").at(-1);
const userID = cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
const pools = Object.keys(global.db.getUser(userObj).cluster.pools);
// emit the connection to initialize socket
wsServer.emit("connection", socket, cookies.username, pools);
});

13
src/routes/user.js
View File

@ -11,12 +11,16 @@ const getUserResources = global.utils.getUserResources;
* - 401: {auth: false}
*/
router.get("/dynamic/resources", async (req, res) => {
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
return;
}
const resources = await getUserResources(req, req.cookies.username);
const resources = await getUserResources(req, userObj);
res.status(200).send(resources);
});
@ -33,6 +37,11 @@ router.get("/config/:key", async (req, res) => {
const params = {
key: req.params.key
};
const userRealm = req.cookies.username.split("@").at(-1);
const userID = req.cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
// check auth
const auth = await checkAuth(req.cookies, res);
if (!auth) {
@ -40,7 +49,7 @@ router.get("/config/:key", async (req, res) => {
}
const allowKeys = ["resources", "cluster", "nodes"];
if (allowKeys.includes(params.key)) {
const config = global.db.getUser(req.cookies.username);
const config = global.db.getUser(userObj);
res.status(200).send(config[params.key]);
}
else {

18
src/utils.js
View File

@ -15,7 +15,11 @@ import { exit } from "process";
export async function checkAuth (cookies, res, vmpath = null) {
let auth = false;
if (global.db.getUser(cookies.username) === null) {
const userRealm = cookies.username.split("@").at(-1);
const userID = cookies.username.replace(`@${userRealm}`, "");
const userObj = { id: userID, realm: userRealm };
if (global.db.getUser(userObj) === null) {
auth = false;
res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in localdb.` });
res.end();
@ -104,12 +108,12 @@ async function getAllInstanceConfigs (req, diskprefixes) {
/**
* Get user resource data including used, available, and maximum resources.
* @param {Object} req ProxmoxAAS API request object.
* @param {string} username of user to get resource data.
* @param {{id: string, realm: string}} user object of user to get resource data.
* @returns {{used: Object, avail: Object, max: Object, resources: Object}} used, available, maximum, and resource metadata for the specified user.
*/
export async function getUserResources (req, username) {
export async function getUserResources (req, user) {
const dbResources = global.config.resources;
const userResources = global.db.getUser(username).resources;
const userResources = global.db.getUser(user).resources;
// setup disk prefixes object
const diskprefixes = [];
@ -258,13 +262,13 @@ export async function getUserResources (req, username) {
/**
* Check approval for user requesting additional resources. Generally, subtracts the request from available resources and ensures request can be fulfilled by the available resources.
* @param {Object} req ProxmoxAAS API request object.
* @param {string} username of user requesting additional resources.
* @param {{id: string, realm: string}} user object of user requesting additional resources.
* @param {Object} request k-v pairs of resources and requested amounts
* @returns {boolean} true if the available resources can fullfill the requested resources, false otherwise.
*/
export async function approveResources (req, username, request, node) {
export async function approveResources (req, user, request, node) {
const dbResources = global.config.resources;
const userResources = await getUserResources(req, username);
const userResources = await getUserResources(req, user);
let approved = true;
Object.keys(request).every((key) => {
// if requested resource is not specified in user resources, assume it's not allowed

8
template.localdb.json
View File

@ -81,10 +81,10 @@
"min": 100,
"max": 199
},
"pools": [
"examplepool1",
"examplepool2"
]
"pools": {
"examplepool1": true,
"examplepool2": true
}
},
"templates": {
"instances": {