summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJannik Schönartz2020-06-08 02:31:55 +0200
committerJannik Schönartz2020-06-08 02:31:55 +0200
commit12c2d252cf76c45bb8a2b457812540400465de3b (patch)
tree227196cf5ee33fbfb8b9fb326a21cccdac64d599
parent[users/ipxe/backends] PM integration (diff)
downloadbas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.gz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.xz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.zip
[server] PM integration in all missing api-points but groups
-rw-r--r--server/api/backends.js1
-rw-r--r--server/api/backendtypes.js8
-rw-r--r--server/api/clients.js18
-rw-r--r--server/api/events.js21
-rw-r--r--server/api/ipranges.js18
-rw-r--r--server/api/ipxeconfigs.js18
-rw-r--r--server/api/ipxeentries.js18
-rw-r--r--server/api/permissions.js14
-rw-r--r--server/api/registration.js18
-rw-r--r--server/api/roles.js18
-rw-r--r--server/api/systemlog.js14
-rw-r--r--server/api/users.js4
-rw-r--r--server/api/wakerequests.js14
-rw-r--r--server/lib/permissions/modules/clients.json12
-rw-r--r--server/lib/permissions/modules/eventmanager.json12
-rw-r--r--server/lib/permissions/modules/events.json12
-rw-r--r--server/lib/permissions/modules/groups.json12
-rw-r--r--server/lib/permissions/modules/ipranges.json12
-rw-r--r--server/lib/permissions/modules/ipxeconfigs.json12
-rw-r--r--server/lib/permissions/modules/ipxeentries.json12
-rw-r--r--server/lib/permissions/modules/permissionmanager.json12
-rw-r--r--server/lib/permissions/modules/permissions.json7
-rw-r--r--server/lib/permissions/modules/registration.json12
-rw-r--r--server/lib/permissions/modules/roles.json12
-rw-r--r--server/lib/permissions/modules/systemlog.json7
-rw-r--r--server/lib/permissions/modules/wakerequests.json7
-rw-r--r--server/lib/wolhelper.js7
27 files changed, 299 insertions, 33 deletions
diff --git a/server/api/backends.js b/server/api/backends.js
index 872e0f6..63b4cb9 100644
--- a/server/api/backends.js
+++ b/server/api/backends.js
@@ -22,7 +22,6 @@ noAuthRouter.getAsync('/:id/test', async (req, res) => {
// Permission check middleware
router.all(['', '/:id', '/:id/:function'], async (req, res, next) => {
- console.log(req.params)
switch (req.method) {
case 'GET':
switch (req.params.function) {
diff --git a/server/api/backendtypes.js b/server/api/backendtypes.js
index ef371d8..90815b0 100644
--- a/server/api/backendtypes.js
+++ b/server/api/backendtypes.js
@@ -2,14 +2,14 @@
const path = require('path')
const ExternalBackends = require(path.join(__appdir, 'lib', 'external-backends'))
var express = require('express')
-var router = express.Router()
+var noAuthRouter = express.Router()
// GET requests.
/*
* @return: Returns a list of all available backend types.
*/
-router.get('/', (req, res) => {
+noAuthRouter.get('/', (req, res) => {
const backends = new ExternalBackends()
var files = backends.getBackends()
@@ -25,7 +25,7 @@ router.get('/', (req, res) => {
*
* @return: Returns the credentials structure and fields of a backend type.
*/
-router.get('/:type', (req, res) => {
+noAuthRouter.get('/:type', (req, res) => {
const backendType = req.params.type
const b = new ExternalBackends()
const instance = b.getInstance(backendType)
@@ -35,4 +35,4 @@ router.get('/:type', (req, res) => {
res.status(200).send(instance.getCredentials())
})
-module.exports.router = router
+module.exports.noAuthRouter = noAuthRouter
diff --git a/server/api/clients.js b/server/api/clients.js
index 4222f49..1a5c274 100644
--- a/server/api/clients.js
+++ b/server/api/clients.js
@@ -10,6 +10,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
const groupHelper = require(path.join(__appdir, 'lib', 'grouphelper'))
+// Permission check middleware
+router.all(['', '/:id'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('clients.view')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('clients.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/events.js b/server/api/events.js
index 7e330e5..310a64a 100644
--- a/server/api/events.js
+++ b/server/api/events.js
@@ -11,6 +11,27 @@ socket.connect('ipc:///tmp/bas_zeromq_events')
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('events.view')) return res.status(403).send({ error: 'Missing permission', permission: 'events.view' })
+ break
+
+ case 'POST':
+ // TODO: REMOVE blacklist free pass IF PM uses own blacklist function --> HELPER LIB?!
+ if (req.params.x === 'blacklist') break
+
+ if (!await req.user.hasPermission('events.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'events.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipranges.js b/server/api/ipranges.js
index 7750658..23fa76a 100644
--- a/server/api/ipranges.js
+++ b/server/api/ipranges.js
@@ -8,6 +8,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const iphelper = require(path.join(__appdir, 'lib', 'iphelper'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipxeconfigs.js b/server/api/ipxeconfigs.js
index 3c6f6eb..6845952 100644
--- a/server/api/ipxeconfigs.js
+++ b/server/api/ipxeconfigs.js
@@ -8,6 +8,24 @@ var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipxeconfigs.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.view' })
+ break
+
+ case 'POST': case 'PUT': case 'DELETE':
+ if (!await req.user.hasPermission('ipxeconfigs.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipxeentries.js b/server/api/ipxeentries.js
index 1003754..53b3731 100644
--- a/server/api/ipxeentries.js
+++ b/server/api/ipxeentries.js
@@ -6,6 +6,24 @@ const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/permissions.js b/server/api/permissions.js
index 45f656a..ca943a2 100644
--- a/server/api/permissions.js
+++ b/server/api/permissions.js
@@ -5,6 +5,20 @@ var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('permissions.view')) return res.status(403).send({ error: 'Missing permission', permission: 'permissions.view' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
/*
* @return: Returns if current user has given permission.
*/
diff --git a/server/api/registration.js b/server/api/registration.js
index 86bf185..fd10fba 100644
--- a/server/api/registration.js
+++ b/server/api/registration.js
@@ -13,6 +13,24 @@ const url = config.https.host // + ':' + config.https.port
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/hooks', '/:y', '/hooks/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('registration.view')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('registration.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// GET requests.
/*
diff --git a/server/api/roles.js b/server/api/roles.js
index c7726b8..ba1c2a2 100644
--- a/server/api/roles.js
+++ b/server/api/roles.js
@@ -7,6 +7,24 @@ var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('roles.view')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.view' })
+ break
+
+ case 'POST':
+ if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
/*
* /<ROLE_ID>
*
diff --git a/server/api/systemlog.js b/server/api/systemlog.js
index 4d7a69a..6d69f71 100644
--- a/server/api/systemlog.js
+++ b/server/api/systemlog.js
@@ -5,6 +5,20 @@ var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('systemlog.view')) return res.status(403).send({ error: 'Missing permission', permission: 'systemlog.view' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/users.js b/server/api/users.js
index a4940e0..2edac8d 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -8,10 +8,10 @@ var authentication = require(path.join(__appdir, 'lib', 'authentication'))
const log = require(path.join(__appdir, 'lib', 'log'))
// Permission check middleware
-router.all(['', '/:id'], async (req, res, next) => {
+router.all(['', '/:x'], async (req, res, next) => {
// User is allowed to edit his own information even without any permissions.
let currentInfo = false
- if (req.params.id && req.params.id === 'current') currentInfo = true
+ if (req.params.x && req.params.x === 'current') currentInfo = true
switch (req.method) {
case 'GET':
diff --git a/server/api/wakerequests.js b/server/api/wakerequests.js
index 811fea9..6f6faf3 100644
--- a/server/api/wakerequests.js
+++ b/server/api/wakerequests.js
@@ -7,6 +7,20 @@ const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'POST':
+ if (!await req.user.hasPermission('wakerequests.send')) return res.status(403).send({ error: 'Missing permission', permission: 'wakerequests.send' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
router.postAsync('', async (req, res) => {
const clients = await db.client.findAll({ where: { id: req.body.clients } })
await log({
diff --git a/server/lib/permissions/modules/clients.json b/server/lib/permissions/modules/clients.json
new file mode 100644
index 0000000..7e69f9e
--- /dev/null
+++ b/server/lib/permissions/modules/clients.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all clients and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit clients.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/eventmanager.json b/server/lib/permissions/modules/eventmanager.json
deleted file mode 100644
index 97507ff..0000000
--- a/server/lib/permissions/modules/eventmanager.json
+++ /dev/null
@@ -1,12 +0,0 @@
-[
- {
- "name": "view",
- "description": "View Events",
- "groupdependent": false
- },
- {
- "name": "edit",
- "description": "Edit Events",
- "groupdependent": false
- }
-] \ No newline at end of file
diff --git a/server/lib/permissions/modules/events.json b/server/lib/permissions/modules/events.json
new file mode 100644
index 0000000..3a7d6c8
--- /dev/null
+++ b/server/lib/permissions/modules/events.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all events and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit events.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/groups.json b/server/lib/permissions/modules/groups.json
new file mode 100644
index 0000000..4fdb010
--- /dev/null
+++ b/server/lib/permissions/modules/groups.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all groups and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit groups.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/ipranges.json b/server/lib/permissions/modules/ipranges.json
new file mode 100644
index 0000000..0127314
--- /dev/null
+++ b/server/lib/permissions/modules/ipranges.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all ipranges including their informations.",
+ "groupdependent": false
+ },
+ {
+ "name": "edit",
+ "description": "Edit and delete ipranges.",
+ "groupdependent": false
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/ipxeconfigs.json b/server/lib/permissions/modules/ipxeconfigs.json
new file mode 100644
index 0000000..1a3f761
--- /dev/null
+++ b/server/lib/permissions/modules/ipxeconfigs.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all ipxe configs and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit ipxe configs.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/ipxeentries.json b/server/lib/permissions/modules/ipxeentries.json
new file mode 100644
index 0000000..466e379
--- /dev/null
+++ b/server/lib/permissions/modules/ipxeentries.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all ipxe entries and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit ipxe entries.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/permissionmanager.json b/server/lib/permissions/modules/permissionmanager.json
deleted file mode 100644
index ee9b12b..0000000
--- a/server/lib/permissions/modules/permissionmanager.json
+++ /dev/null
@@ -1,12 +0,0 @@
-[
- {
- "name": "view",
- "description": "View Roles",
- "groupdependent": false
- },
- {
- "name": "edit",
- "description": "Edit Roles",
- "groupdependent": false
- }
-] \ No newline at end of file
diff --git a/server/lib/permissions/modules/permissions.json b/server/lib/permissions/modules/permissions.json
new file mode 100644
index 0000000..b7e15f5
--- /dev/null
+++ b/server/lib/permissions/modules/permissions.json
@@ -0,0 +1,7 @@
+[
+ {
+ "name": "view",
+ "description": "View a list of all permissions and check them for a user.",
+ "groupdependent": false
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/registration.json b/server/lib/permissions/modules/registration.json
new file mode 100644
index 0000000..d7bd7d8
--- /dev/null
+++ b/server/lib/permissions/modules/registration.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all registration hooks including their informations.",
+ "groupdependent": false
+ },
+ {
+ "name": "edit",
+ "description": "Edit and delete registration hooks.",
+ "groupdependent": false
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/roles.json b/server/lib/permissions/modules/roles.json
new file mode 100644
index 0000000..73e7a4a
--- /dev/null
+++ b/server/lib/permissions/modules/roles.json
@@ -0,0 +1,12 @@
+[
+ {
+ "name": "view",
+ "description": "View all roles and their information.",
+ "groupdependent": true
+ },
+ {
+ "name": "edit",
+ "description": "Create, delete, edit roles.",
+ "groupdependent": true
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/systemlog.json b/server/lib/permissions/modules/systemlog.json
new file mode 100644
index 0000000..5a80bc3
--- /dev/null
+++ b/server/lib/permissions/modules/systemlog.json
@@ -0,0 +1,7 @@
+[
+ {
+ "name": "view",
+ "description": "View the systemlog.",
+ "groupdependent": false
+ }
+] \ No newline at end of file
diff --git a/server/lib/permissions/modules/wakerequests.json b/server/lib/permissions/modules/wakerequests.json
new file mode 100644
index 0000000..1f4c000
--- /dev/null
+++ b/server/lib/permissions/modules/wakerequests.json
@@ -0,0 +1,7 @@
+[
+ {
+ "name": "send",
+ "description": "Send wake-on-lan requests to clients.",
+ "groupdependent": false
+ }
+] \ No newline at end of file
diff --git a/server/lib/wolhelper.js b/server/lib/wolhelper.js
index c840e44..eaca0e6 100644
--- a/server/lib/wolhelper.js
+++ b/server/lib/wolhelper.js
@@ -8,7 +8,10 @@ function wakeUp (clients) {
const loop = () => {
setTimeout(() => {
let client = clients[i]
- if (client.mac !== null && client.ip !== null) {
+
+ // Regex for mac address
+ const regex = /^([0-9A-F]{2}[:-]){5}([0-9A-F]{2})$/
+ if (client.mac !== null && client.ip !== null && regex.test(client.mac)) {
console.log('Waking up: ' + client.name + ' (' + client.mac + ')')
wol.wake(client.mac, { address: client.ip.slice(0, client.ip.lastIndexOf('.') + 1) + '255' }, err => { if (err) console.log(err) })
log({
@@ -20,7 +23,7 @@ function wakeUp (clients) {
} else {
log({
category: 'ERROR_WAKE_ON_LAN',
- description: 'Client is missing ip or mac address.',
+ description: 'Client has an invalid ip or mac address.',
client,
clientId: client.id
})