tronnet/user-manager-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix issue with proxmox session binding

Browse Source
This commit is contained in:
Arthur Lu
2026-03-27 23:02:36 +00:00
parent f17ae26506
commit a1a18af016
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/main.go
View File

@@ -90,6 +90,7 @@ func Run(configPath *string) {
})
router.DELETE("/ticket", func(c *gin.Context) {
// get session uuid from session cookie
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
@@ -97,8 +98,10 @@ func Run(configPath *string) {
return
}
uuid := SessionUUID.(string)
// delete uuid entry from user sessions
delete(UserSessions, uuid)
session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so session cookie is deleted
session.Save()
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
})

2
app/operations.go
View File

@@ -5,9 +5,11 @@ import (
)
func NewPool(backends *Backends, poolname string) (int, error) {
// only pve backend handles pools
return backends.pve.NewPool(poolname)
}
func DelPool(backends *Backends, poolname string) (int, error) {
// only pve backend handles pools
return backends.pve.DelPool(poolname)
}

10
app/pve/pve.go
View File

@@ -29,11 +29,17 @@ func NewClientFromCredentials(config common.PVEConfig, username common.Username,
client := proxmox.NewClient(config.URL,
proxmox.WithHTTPClient(&HTTPClient),
proxmox.WithCredentials(&proxmox.Credentials{Username: username.ToString(), Password: password}),
proxmox.WithCredentials(&proxmox.Credentials{Username: username.UserID, Realm: username.Realm, Password: password}),
)
// todo this should return an error code if the binding failed (ie fetch version to check if the auth was actually ok)
// check that the user is authenticated because proxmox.NewClient does not return an error
// version route is accessible to any authenticated user
_, err := client.Version(context.Background())
if err != nil { // could not get version so therefore the user is not authenticated
return nil, http.StatusUnauthorized, err
}
// todo this should return an error code if the binding failed (ie fetch version to check if the auth was actually ok)
return &ProxmoxClient{config: &config, client: client}, http.StatusOK, nil
}