summaryrefslogblamecommitdiffstats
path: root/server/api/ipranges.js
blob: 23fa76a5ddc736284520ddba80abc826d5af3050 (plain) (tree)
1
2
3
4
5
6
7
8
9


                                                         




                                                                        
                                                      
 

















                                                                                                                                                   



                                                                               
                                                                                                      













                                                                                                
                                                       







                                                                                                       












































                                                                                                                                                                     






                                                         


                                                                                                                                             

                              
      



                                                                        




                                                                                                                                                              

                                

        















                                                                                



                                                                               
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const iphelper = require(path.join(__appdir, 'lib', 'iphelper'))
const log = require(path.join(__appdir, 'lib', 'log'))

// Permission check middleware
router.all(['', '/:x'], async (req, res, next) => {
  switch (req.method) {
    case 'GET':
      if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' })
      break

    case 'POST': case 'DELETE':
      if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' })
      break

    default:
      return res.status(400).send()
  }

  next()
})

// ############################################################################
// ###########################  GET requests  #################################

router.getAsync('', async (req, res) => {
  const ipranges = await db.iprange.findAll({ order: [['group', 'name', 'ASC']], include: ['group'] })
  ipranges.forEach(iprange => {
    iprange.startIp = iphelper.toIPv4(iprange.startIp)
    iprange.endIp = iphelper.toIPv4(iprange.endIp)
  })
  res.send(ipranges)
})

router.getAsync('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const iprange = await db.iprange.findOne({ where: { id: req.params.id }, include: ['group'] })
  if (iprange) {
    iprange.startIp = iphelper.toIPv4(iprange.startIp)
    iprange.endIp = iphelper.toIPv4(iprange.endIp)
    res.status(200).send(iprange)
  } else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ##########################  POST requests  #################################

router.postAsync(['', '/:id'], async (req, res) => {
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    if (!Array.isArray(req.body.ids)) return HttpResponse.invalidBodyValue('ids', 'an array').send(res)

    const user = await db.user.findOne({ where: { id: req.user.id } })

    // Only need to log batch request if there is more than one client to delete.
    if (req.body.ids.length > 1) {
      await log({
        category: 'IPRANGE_BATCH_DELETE',
        description: 'IP range batch deletion of ' + req.body.ids.length + ' ip ranges initiated by user.',
        user,
        userId: req.user.id
      })
    }

    let deletionCounter = 0
    // Delete every iprange on its own, to get a better log
    for (let index in req.body.ids) {
      const iprange = await db.iprange.findOne({ where: { id: req.body.ids[index] } })
      const count = await db.iprange.destroy({ where: { id: req.body.ids[index] } })
      if (count !== 1) {
        await log({
          category: 'ERROR_IPRANGE_DELETE',
          description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' could not be deleted.',
          user,
          userId: req.user.id
        })
      } else {
        await log({
          category: 'IPRANGE_DELETE',
          description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' successfully deleted.',
          user,
          userId: req.user.id
        })
        deletionCounter++
      }
    }
    if (req.body.ids.length > 1) {
      log({
        category: 'IPRANGE_BATCH_DELETE',
        description: deletionCounter + '/' + req.body.ids.length + ' ip ranges successfully deleted.',
        user,
        userId: req.user.id
      })
    }

    return HttpResponse.successBatch('deleted', 'client', deletionCounter).send(res)
  }
  let iprange
  let action = 'updated'
  req.body.startIp = iphelper.toDecimal(req.body.startIp)
  req.body.endIp = iphelper.toDecimal(req.body.endIp)
  if (req.params.id === undefined) {
    iprange = await db.iprange.create(req.body)
    await log({
      category: 'IPRANGE_CREATE',
      description: 'IP range from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp) + ' successfully created',
      userId: req.user.id,
      groupId: iprange.groupId
    })
    action = 'created'
  } else if (req.params.id > 0) {
    iprange = await db.iprange.findOne({ where: { id: req.params.id } })
    if (!iprange) return HttpResponse.notFound(req.params.id).send(res)
    else {
      await iprange.update(req.body)
      await log({
        category: 'IPRANGE_EDIT',
        description: '[' + iprange.id + '] IP range successfully edited from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp),
        userId: req.user.id,
        groupId: iprange.groupId
      })
    }
  } else {
    return HttpResponse.invalidId().send(res)
  }
  HttpResponse.success(action, 'iprange', iprange.id).send(res)
})

// ############################################################################
// ##########################  DELETE requests  ###############################

router.delete('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const count = await db.iprange.destroy({ where: { id: req.params.id } })
  if (count) HttpResponse.success('deleted', 'iprange', req.params.id).send(res)
  else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ############################################################################

module.exports.router = router