2024-04-24 20:29:32 +00:00
12 changed files with 185 additions and 127 deletions
--- a/src/backends/localdb.js
+++ b/src/backends/localdb.js
@ -35,13 +35,15 @@ export default class LocalDB extends DB_BACKEND {
 		writeFileSync(this.#path, JSON.stringify(this.#data));
 	}
-	addUser (username, attributes, params = null) {
+	addUser (user, attributes, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		attributes = attributes || this.#defaultuser;
 		this.#data.users[username] = attributes;
 		this.#save();
 	}
-	getUser (username, params = null) {
+	getUser (user, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		if (this.#data.users[username]) {
 			return this.#data.users[username];
 		}
@ -50,7 +52,8 @@ export default class LocalDB extends DB_BACKEND {
 		}
 	}
-	setUser (username, attributes, params = null) {
+	setUser (user, attributes, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		if (this.#data.users[username]) {
 			this.#data.users[username] = attributes;
 			this.#save();
@ -61,7 +64,8 @@ export default class LocalDB extends DB_BACKEND {
 		}
 	}
-	delUser (username, params = null) {
+	delUser (user, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		if (this.#data.users[username]) {
 			delete this.#data.users[username];
 			this.#save();
@ -71,4 +75,34 @@ export default class LocalDB extends DB_BACKEND {
 			return false;
 		}
 	}
 	// group methods not implemented because db backend does not store groups
 	addGroup (group, atrributes, params = null) {}
 	getGroup (group, params = null) {}
 	setGroup (group, attributes, params = null) {}
 	delGroup (group, params = null) {}
 	// assume that adding to group also adds to group's pool
 	addUserToGroup (user, group, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		if (this.#data.users[username]) {
 			this.#data.users[username].cluster.pools[group.id] = true;
 			return true;
 		}
 		else {
 			return false;
 		}
 	}
 	// assume that adding to group also adds to group's pool
 	delUserFromGroup (user, group, params = null) {
 		const username = `${user.id}@${user.realm}`;
 		if (this.#data.users[username] && this.#data.users[username].cluster.pools[group.id]) {
 			delete this.#data.users[username].cluster.pools[group.id];
 			return true;
 		}
 		else {
 			return false;
 		}
 	}
 }
--- a/src/routes/cluster.js
+++ b/src/routes/cluster.js
@ -28,19 +28,24 @@ router.get(`/:node(${nodeRegexP})/pci`, async (req, res) => {
 	const params = {
 		node: req.params.node
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
-	const userNodes = db.getUser(req.cookies.username).nodes;
+	const userNodes = db.getUser(userObj).cluster.nodes;
-	if (!userNodes.includes(params.node)) {
+	if (userNodes[params.node] !== true) {
 		res.status(401).send({ auth: false, path: params.node });
 		res.end();
 		return;
 	}
 	// get remaining user resources
-	const userAvailPci = (await getUserResources(req, req.cookies.username)).pci.nodes[params.node];
+	const userAvailPci = (await getUserResources(req, userObj)).pci.nodes[params.node];
 	// get node avail devices
 	let nodeAvailPci = await global.pve.getNodeAvailDevices(params.node, req.cookies);
 	nodeAvailPci = nodeAvailPci.filter(nodeAvail => userAvailPci.some((userAvail) => {
@ -77,6 +82,11 @@ router.post(`${basePath}/resources`, async (req, res) => {
 		swap: req.body.swap,
 		boot: req.body.boot
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -96,7 +106,7 @@ router.post(`${basePath}/resources`, async (req, res) => {
 		request.cpu = params.proctype;
 	}
 	// check resource approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: "Could not fulfil request." });
 		res.end();
 		return;
@ -154,13 +164,18 @@ router.post(`${basePath}/create`, async (req, res) => {
 		rootfslocation: req.body.rootfslocation,
 		rootfssize: req.body.rootfssize
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	// get user db config
-	const user = await db.getUser(req.cookies.username);
+	const user = await db.getUser(userObj);
 	const vmid = Number.parseInt(params.vmid);
 	const vmidMin = user.cluster.vmid.min;
 	const vmidMax = user.cluster.vmid.max;
@ -171,8 +186,14 @@ router.post(`${basePath}/create`, async (req, res) => {
 		return;
 	}
 	// check node is within allowed list
-	if (!user.nodes.includes(params.node)) {
+	if (user.cluster.nodes[params.node] !== true) {
-		res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.nodes}].` });
+		res.status(500).send({ error: `Requested node ${params.node} is not in allowed nodes [${user.cluster.nodes}].` });
 		res.end();
 		return;
 	}
 	// check if pool is in user allowed pools
 	if (user.cluster.pools[params.pool] !== true) {
 		res.status(500).send({ error: `Requested pool ${params.pool} not in allowed pools [${user.pools}]` });
 		res.end();
 		return;
 	}
@ -197,7 +218,7 @@ router.post(`${basePath}/create`, async (req, res) => {
 		}
 	}
 	// check resource approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) { // check resource approval
+	if (!await approveResources(req, userObj, request, params.node)) { // check resource approval
 		res.status(500).send({ request, error: "Not enough resources to satisfy request." });
 		res.end();
 		return;
@ -207,7 +228,7 @@ router.post(`${basePath}/create`, async (req, res) => {
 		vmid: params.vmid,
 		cores: Number(params.cores),
 		memory: Number(params.memory),
-		pool: params.pool // TODO allow user to select pool to assign VM
+		pool: params.pool
 	};
 	for (const key of Object.keys(user.templates.instances[params.type])) {
 		action[key] = user.templates.instances[params.type][key].value;
--- a/src/routes/cluster/disk.js
+++ b/src/routes/cluster/disk.js
@ -129,6 +129,11 @@ router.post("/:disk/resize", async (req, res) => {
 		disk: req.params.disk,
 		size: req.body.size
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -149,7 +154,7 @@ router.post("/:disk/resize", async (req, res) => {
 	const request = {};
 	request[storage] = Number(params.size * 1024 ** 3); // setup request object
 	// check request approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: `Storage ${storage} could not fulfill request of size ${params.size}G.` });
 		res.end();
 		return;
@ -186,6 +191,11 @@ router.post("/:disk/move", async (req, res) => {
 		storage: req.body.storage,
 		delete: req.body.delete
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -209,7 +219,7 @@ router.post("/:disk/move", async (req, res) => {
 		request[dstStorage] = Number(size); // always decrease destination storage by size
 	}
 	// check request approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
 		res.end();
 		return;
@ -304,6 +314,11 @@ router.post("/:disk/create", async (req, res) => {
 		size: req.body.size,
 		iso: req.body.iso
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -324,7 +339,7 @@ router.post("/:disk/create", async (req, res) => {
 		// setup request
 		request[params.storage] = Number(params.size * 1024 ** 3);
 		// check request approval
-		if (!await approveResources(req, req.cookies.username, request, params.node)) {
+		if (!await approveResources(req, userObj, request, params.node)) {
 			res.status(500).send({ request, error: `Storage ${params.storage} could not fulfill request of size ${params.size}G.` });
 			res.end();
 			return;
--- a/src/routes/cluster/net.js
+++ b/src/routes/cluster/net.js
@ -31,6 +31,11 @@ router.post("/:netid/create", async (req, res) => {
 		rate: req.body.rate,
 		name: req.body.name
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -54,13 +59,13 @@ router.post("/:netid/create", async (req, res) => {
 		network: Number(params.rate)
 	};
 	// check resource approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
 		res.end();
 		return;
 	}
 	// setup action
-	const nc = db.getUser(req.cookies.username).templates.network[params.type];
+	const nc = db.getUser(userObj).templates.network[params.type];
 	const action = {};
 	if (params.type === "lxc") {
 		action[`net${params.netid}`] = `name=${params.name},bridge=${nc.bridge},ip=${nc.ip},ip6=${nc.ip6},tag=${nc.vlan},type=${nc.type},rate=${params.rate}`;
@ -98,6 +103,11 @@ router.post("/:netid/modify", async (req, res) => {
 		netid: req.params.netid.replace("net", ""),
 		rate: req.body.rate
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth for specific instance
 	const vmpath = `/nodes/${params.node}/${params.type}/${params.vmid}`;
 	const auth = await checkAuth(req.cookies, res, vmpath);
@ -118,7 +128,7 @@ router.post("/:netid/modify", async (req, res) => {
 		network: Number(params.rate) - Number(currentNetworkRate)
 	};
 	// check resource approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: `Could not fulfil network request of ${params.rate}MB/s.` });
 		res.end();
 		return;
--- a/src/routes/cluster/pci.js
+++ b/src/routes/cluster/pci.js
@ -74,6 +74,11 @@ router.post("/:hostpci/modify", async (req, res) => {
 		device: req.body.device,
 		pcie: req.body.pcie
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check if type is qemu
 	if (params.type !== "qemu") {
 		res.status(500).send({ error: "Type must be qemu (vm)." });
@ -102,7 +107,7 @@ router.post("/:hostpci/modify", async (req, res) => {
 		const deviceData = await global.pve.getDeviceInfo(params.node, params.device);
 		const request = { pci: deviceData.device_name };
 		// check resource approval
-		if (!await approveResources(req, req.cookies.username, request, params.node)) {
+		if (!await approveResources(req, userObj, request, params.node)) {
 			res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
 			res.end();
 			return;
@ -156,6 +161,11 @@ router.post("/create", async (req, res) => {
 		device: req.body.device,
 		pcie: req.body.pcie
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check if type is qemu
 	if (params.type !== "qemu") {
 		res.status(500).send({ error: "Type must be qemu (vm)." });
@ -182,7 +192,7 @@ router.post("/create", async (req, res) => {
 		pci: deviceData.device_name
 	};
 	// check resource approval
-	if (!await approveResources(req, req.cookies.username, request, params.node)) {
+	if (!await approveResources(req, userObj, request, params.node)) {
 		res.status(500).send({ request, error: `Could not fulfil request for ${deviceData.device_name}.` });
 		res.end();
 		return;
--- a/src/routes/cluster/user.js
+++ b/src/routes/cluster/user.js
@ -1,75 +0,0 @@
 import { Router } from "express";
 export const router = Router({ mergeParams: true }); ;
 const config = global.config;
 const checkAuth = global.utils.checkAuth;
 const getUserResources = global.utils.getUserResources;
 /**
 * GET - get db user resource information including allocated, free, and maximum resource values along with resource metadata
 * responses:
 * - 200: {avail: Object, max: Object, used: Object, resources: Object}
 * - 401: {auth: false}
 */
 router.get("/dynamic/resources", async (req, res) => {
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	const resources = await getUserResources(req, req.cookies.username);
 	res.status(200).send(resources);
 });
 /**
 * GET - get db user configuration by key
 * request:
 * - key: string - user config key
 * responses:
 * - 200: Object
 * - 401: {auth: false}
 * - 401: {auth: false, error: string}
 */
 router.get("/config/:key", async (req, res) => {
 	const params = {
 		key: req.params.key
 	};
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	const allowKeys = ["resources", "cluster", "nodes"];
 	if (allowKeys.includes(params.key)) {
 		const config = global.db.getUser(req.cookies.username);
 		res.status(200).send(config[params.key]);
 	}
 	else {
 		res.status(401).send({ auth: false, error: `User is not authorized to access /user/config/${params.key}.` });
 	}
 });
 /**
 * GET - get user accessible iso files
 * response:
 * - 200: Array.<Object>
 * - 401: {auth: false}
 */
 router.get("/iso", async (req, res) => {
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	// get user iso config
 	const userIsoConfig = config.useriso;
 	// get all isos
 	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
 	const userIsos = [];
 	isos.forEach((iso) => {
 		iso.name = iso.volid.replace(`${userIsoConfig.storage}:iso/`, "");
 		userIsos.push(iso);
 	});
 	userIsos.sort();
 	res.status(200).send(userIsos);
 });
--- a/src/routes/sync.js
+++ b/src/routes/sync.js
@ -167,7 +167,10 @@ if (schemes.interrupt.enabled) {
 		else {
 			wsServer.handleUpgrade(req, socket, head, (socket) => {
 				// get the user pools
-				const pools = global.db.getUser(cookies.username).cluster.pools;
+				const userRealm = cookies.username.split("@").at(-1);
 				const userID = cookies.username.replace(`@${userRealm}`, "");
 				const userObj = { id: userID, realm: userRealm };
 				const pools = Object.keys(global.db.getUser(userObj).cluster.pools);
 				// emit the connection to initialize socket
 				wsServer.emit("connection", socket, cookies.username, pools);
 			});
--- a/src/routes/user.js
+++ b/src/routes/user.js
@ -1,6 +1,7 @@
 import { Router } from "express";
 export const router = Router({ mergeParams: true }); ;
 const config = global.config;
 const checkAuth = global.utils.checkAuth;
 const getUserResources = global.utils.getUserResources;
@ -16,7 +17,12 @@ router.get("/dynamic/resources", async (req, res) => {
 	if (!auth) {
 		return;
 	}
-	const resources = await getUserResources(req, req.cookies.username);
+
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	const resources = await getUserResources(req, userObj);
 	res.status(200).send(resources);
 });
@ -33,14 +39,19 @@ router.get("/config/:key", async (req, res) => {
 	const params = {
 		key: req.params.key
 	};
 	const userRealm = req.cookies.username.split("@").at(-1);
 	const userID = req.cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
-	const allowKeys = ["resources", "cluster", "nodes"];
+	const allowKeys = ["resources", "cluster"];
 	if (allowKeys.includes(params.key)) {
-		const config = global.db.getUser(req.cookies.username);
+		const config = global.db.getUser(userObj);
 		res.status(200).send(config[params.key]);
 	}
 	else {
@ -54,14 +65,14 @@ router.get("/config/:key", async (req, res) => {
 * - 200: Array.<Object>
 * - 401: {auth: false}
 */
-router.get("/iso", async (req, res) => {
+router.get("/vm-isos", async (req, res) => {
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	// get user iso config
-	const userIsoConfig = global.config.useriso;
+	const userIsoConfig = config.useriso;
 	// get all isos
 	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=iso`, "GET", { token: true })).data.data;
 	const userIsos = [];
@ -72,3 +83,28 @@ router.get("/iso", async (req, res) => {
 	userIsos.sort();
 	res.status(200).send(userIsos);
 });
 /**
 * GET - get user accessible container template files
 * response:
 * - 200: Array.<Object>
 * - 401: {auth: false}
 */
 router.get("/ct-templates", async (req, res) => {
 	// check auth
 	const auth = await checkAuth(req.cookies, res);
 	if (!auth) {
 		return;
 	}
 	// get user iso config
 	const userIsoConfig = config.useriso;
 	// get all isos
 	const isos = (await global.pve.requestPVE(`/nodes/${userIsoConfig.node}/storage/${userIsoConfig.storage}/content?content=vztmpl`, "GET", { token: true })).data.data;
 	const userIsos = [];
 	isos.forEach((iso) => {
 		iso.name = iso.volid.replace(`${userIsoConfig.storage}:vztmpl/`, "");
 		userIsos.push(iso);
 	});
 	userIsos.sort();
 	res.status(200).send(userIsos);
 });
--- a/src/utils.js
+++ b/src/utils.js
@ -15,7 +15,11 @@ import { exit } from "process";
 export async function checkAuth (cookies, res, vmpath = null) {
 	let auth = false;
-	if (global.db.getUser(cookies.username) === null) {
+	const userRealm = cookies.username.split("@").at(-1);
 	const userID = cookies.username.replace(`@${userRealm}`, "");
 	const userObj = { id: userID, realm: userRealm };
 	if (global.db.getUser(userObj) === null) {
 		auth = false;
 		res.status(401).send({ auth, path: vmpath ? `${vmpath}/config` : "/version", error: `User ${cookies.username} not found in localdb.` });
 		res.end();
@ -104,12 +108,12 @@ async function getAllInstanceConfigs (req, diskprefixes) {
 /**
 * Get user resource data including used, available, and maximum resources.
 * @param {Object} req ProxmoxAAS API request object.
- * @param {string} username of user to get resource data.
+ * @param {{id: string, realm: string}} user object of user to get resource data.
 * @returns {{used: Object, avail: Object, max: Object, resources: Object}} used, available, maximum, and resource metadata for the specified user.
 */
-export async function getUserResources (req, username) {
+export async function getUserResources (req, user) {
 	const dbResources = global.config.resources;
-	const userResources = global.db.getUser(username).resources;
+	const userResources = global.db.getUser(user).resources;
 	// setup disk prefixes object
 	const diskprefixes = [];
@ -258,13 +262,13 @@ export async function getUserResources (req, username) {
 /**
 * Check approval for user requesting additional resources. Generally, subtracts the request from available resources and ensures request can be fulfilled by the available resources.
 * @param {Object} req ProxmoxAAS API request object.
- * @param {string} username of user requesting additional resources.
+ * @param {{id: string, realm: string}} user object of user requesting additional resources.
 * @param {Object} request k-v pairs of resources and requested amounts
 * @returns {boolean} true if the available resources can fullfill the requested resources, false otherwise.
 */
-export async function approveResources (req, username, request, node) {
+export async function approveResources (req, user, request, node) {
 	const dbResources = global.config.resources;
-	const userResources = await getUserResources(req, username);
+	const userResources = await getUserResources(req, user);
 	let approved = true;
 	Object.keys(request).every((key) => {
 		// if requested resource is not specified in user resources, assume it's not allowed
--- a/template.localdb.json
+++ b/template.localdb.json
@ -71,20 +71,20 @@
 					}
 				}
 			},
 			"nodes": [
 				"example-node-0",
 				"example-node-1",
 				"example-node-2"
 			],
 			"cluster": {
 				"nodes": {
 					"example-node-0": true,
 					"example-node-1": true,
 					"example-node-2": true
 				},
 				"vmid": {
 					"min": 100,
 					"max": 199
 				},
-				"pools": [
+				"pools": {
-					"examplepool1",
+					"example-pool-1": true,
-					"examplepool2"
+					"example-pool-2": true
-				]
+				}
 			},
 			"templates": {
 				"instances": {