From 12c2d252cf76c45bb8a2b457812540400465de3b Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Mon, 8 Jun 2020 00:31:55 +0000 Subject: [server] PM integration in all missing api-points but groups --- server/api/backends.js | 1 - server/api/backendtypes.js | 8 ++++---- server/api/clients.js | 18 ++++++++++++++++++ server/api/events.js | 21 +++++++++++++++++++++ server/api/ipranges.js | 18 ++++++++++++++++++ server/api/ipxeconfigs.js | 18 ++++++++++++++++++ server/api/ipxeentries.js | 18 ++++++++++++++++++ server/api/permissions.js | 14 ++++++++++++++ server/api/registration.js | 18 ++++++++++++++++++ server/api/roles.js | 18 ++++++++++++++++++ server/api/systemlog.js | 14 ++++++++++++++ server/api/users.js | 4 ++-- server/api/wakerequests.js | 14 ++++++++++++++ server/lib/permissions/modules/clients.json | 12 ++++++++++++ server/lib/permissions/modules/eventmanager.json | 12 ------------ server/lib/permissions/modules/events.json | 12 ++++++++++++ server/lib/permissions/modules/groups.json | 12 ++++++++++++ server/lib/permissions/modules/ipranges.json | 12 ++++++++++++ server/lib/permissions/modules/ipxeconfigs.json | 12 ++++++++++++ server/lib/permissions/modules/ipxeentries.json | 12 ++++++++++++ .../lib/permissions/modules/permissionmanager.json | 12 ------------ server/lib/permissions/modules/permissions.json | 7 +++++++ server/lib/permissions/modules/registration.json | 12 ++++++++++++ server/lib/permissions/modules/roles.json | 12 ++++++++++++ server/lib/permissions/modules/systemlog.json | 7 +++++++ server/lib/permissions/modules/wakerequests.json | 7 +++++++ server/lib/wolhelper.js | 7 +++++-- 27 files changed, 299 insertions(+), 33 deletions(-) create mode 100644 server/lib/permissions/modules/clients.json delete mode 100644 server/lib/permissions/modules/eventmanager.json create mode 100644 server/lib/permissions/modules/events.json create mode 100644 server/lib/permissions/modules/groups.json create mode 100644 server/lib/permissions/modules/ipranges.json create mode 100644 server/lib/permissions/modules/ipxeconfigs.json create mode 100644 server/lib/permissions/modules/ipxeentries.json delete mode 100644 server/lib/permissions/modules/permissionmanager.json create mode 100644 server/lib/permissions/modules/permissions.json create mode 100644 server/lib/permissions/modules/registration.json create mode 100644 server/lib/permissions/modules/roles.json create mode 100644 server/lib/permissions/modules/systemlog.json create mode 100644 server/lib/permissions/modules/wakerequests.json diff --git a/server/api/backends.js b/server/api/backends.js index 872e0f6..63b4cb9 100644 --- a/server/api/backends.js +++ b/server/api/backends.js @@ -22,7 +22,6 @@ noAuthRouter.getAsync('/:id/test', async (req, res) => { // Permission check middleware router.all(['', '/:id', '/:id/:function'], async (req, res, next) => { - console.log(req.params) switch (req.method) { case 'GET': switch (req.params.function) { diff --git a/server/api/backendtypes.js b/server/api/backendtypes.js index ef371d8..90815b0 100644 --- a/server/api/backendtypes.js +++ b/server/api/backendtypes.js @@ -2,14 +2,14 @@ const path = require('path') const ExternalBackends = require(path.join(__appdir, 'lib', 'external-backends')) var express = require('express') -var router = express.Router() +var noAuthRouter = express.Router() // GET requests. /* * @return: Returns a list of all available backend types. */ -router.get('/', (req, res) => { +noAuthRouter.get('/', (req, res) => { const backends = new ExternalBackends() var files = backends.getBackends() @@ -25,7 +25,7 @@ router.get('/', (req, res) => { * * @return: Returns the credentials structure and fields of a backend type. */ -router.get('/:type', (req, res) => { +noAuthRouter.get('/:type', (req, res) => { const backendType = req.params.type const b = new ExternalBackends() const instance = b.getInstance(backendType) @@ -35,4 +35,4 @@ router.get('/:type', (req, res) => { res.status(200).send(instance.getCredentials()) }) -module.exports.router = router +module.exports.noAuthRouter = noAuthRouter diff --git a/server/api/clients.js b/server/api/clients.js index 4222f49..1a5c274 100644 --- a/server/api/clients.js +++ b/server/api/clients.js @@ -10,6 +10,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const log = require(path.join(__appdir, 'lib', 'log')) const groupHelper = require(path.join(__appdir, 'lib', 'grouphelper')) +// Permission check middleware +router.all(['', '/:id'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('clients.view')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.view' }) + break + + case 'POST': case 'DELETE': + if (!await req.user.hasPermission('clients.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/events.js b/server/api/events.js index 7e330e5..310a64a 100644 --- a/server/api/events.js +++ b/server/api/events.js @@ -11,6 +11,27 @@ socket.connect('ipc:///tmp/bas_zeromq_events') const log = require(path.join(__appdir, 'lib', 'log')) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('events.view')) return res.status(403).send({ error: 'Missing permission', permission: 'events.view' }) + break + + case 'POST': + // TODO: REMOVE blacklist free pass IF PM uses own blacklist function --> HELPER LIB?! + if (req.params.x === 'blacklist') break + + if (!await req.user.hasPermission('events.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'events.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/ipranges.js b/server/api/ipranges.js index 7750658..23fa76a 100644 --- a/server/api/ipranges.js +++ b/server/api/ipranges.js @@ -8,6 +8,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const iphelper = require(path.join(__appdir, 'lib', 'iphelper')) const log = require(path.join(__appdir, 'lib', 'log')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' }) + break + + case 'POST': case 'DELETE': + if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/ipxeconfigs.js b/server/api/ipxeconfigs.js index 3c6f6eb..6845952 100644 --- a/server/api/ipxeconfigs.js +++ b/server/api/ipxeconfigs.js @@ -8,6 +8,24 @@ var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const log = require(path.join(__appdir, 'lib', 'log')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('ipxeconfigs.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.view' }) + break + + case 'POST': case 'PUT': case 'DELETE': + if (!await req.user.hasPermission('ipxeconfigs.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/ipxeentries.js b/server/api/ipxeentries.js index 1003754..53b3731 100644 --- a/server/api/ipxeentries.js +++ b/server/api/ipxeentries.js @@ -6,6 +6,24 @@ const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' }) + break + + case 'POST': case 'DELETE': + if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/permissions.js b/server/api/permissions.js index 45f656a..ca943a2 100644 --- a/server/api/permissions.js +++ b/server/api/permissions.js @@ -5,6 +5,20 @@ var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('permissions.view')) return res.status(403).send({ error: 'Missing permission', permission: 'permissions.view' }) + break + + default: + return res.status(400).send() + } + + next() +}) + /* * @return: Returns if current user has given permission. */ diff --git a/server/api/registration.js b/server/api/registration.js index 86bf185..fd10fba 100644 --- a/server/api/registration.js +++ b/server/api/registration.js @@ -13,6 +13,24 @@ const url = config.https.host // + ':' + config.https.port const log = require(path.join(__appdir, 'lib', 'log')) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) +// Permission check middleware +router.all(['', '/hooks', '/:y', '/hooks/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('registration.view')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.view' }) + break + + case 'POST': case 'DELETE': + if (!await req.user.hasPermission('registration.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // GET requests. /* diff --git a/server/api/roles.js b/server/api/roles.js index c7726b8..ba1c2a2 100644 --- a/server/api/roles.js +++ b/server/api/roles.js @@ -7,6 +7,24 @@ var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const log = require(path.join(__appdir, 'lib', 'log')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('roles.view')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.view' }) + break + + case 'POST': + if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + /* * / * diff --git a/server/api/systemlog.js b/server/api/systemlog.js index 4d7a69a..6d69f71 100644 --- a/server/api/systemlog.js +++ b/server/api/systemlog.js @@ -5,6 +5,20 @@ var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('systemlog.view')) return res.status(403).send({ error: 'Missing permission', permission: 'systemlog.view' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# diff --git a/server/api/users.js b/server/api/users.js index a4940e0..2edac8d 100644 --- a/server/api/users.js +++ b/server/api/users.js @@ -8,10 +8,10 @@ var authentication = require(path.join(__appdir, 'lib', 'authentication')) const log = require(path.join(__appdir, 'lib', 'log')) // Permission check middleware -router.all(['', '/:id'], async (req, res, next) => { +router.all(['', '/:x'], async (req, res, next) => { // User is allowed to edit his own information even without any permissions. let currentInfo = false - if (req.params.id && req.params.id === 'current') currentInfo = true + if (req.params.x && req.params.x === 'current') currentInfo = true switch (req.method) { case 'GET': diff --git a/server/api/wakerequests.js b/server/api/wakerequests.js index 811fea9..6f6faf3 100644 --- a/server/api/wakerequests.js +++ b/server/api/wakerequests.js @@ -7,6 +7,20 @@ const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) const log = require(path.join(__appdir, 'lib', 'log')) +// Permission check middleware +router.all(['', '/:x'], async (req, res, next) => { + switch (req.method) { + case 'POST': + if (!await req.user.hasPermission('wakerequests.send')) return res.status(403).send({ error: 'Missing permission', permission: 'wakerequests.send' }) + break + + default: + return res.status(400).send() + } + + next() +}) + router.postAsync('', async (req, res) => { const clients = await db.client.findAll({ where: { id: req.body.clients } }) await log({ diff --git a/server/lib/permissions/modules/clients.json b/server/lib/permissions/modules/clients.json new file mode 100644 index 0000000..7e69f9e --- /dev/null +++ b/server/lib/permissions/modules/clients.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all clients and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit clients.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/eventmanager.json b/server/lib/permissions/modules/eventmanager.json deleted file mode 100644 index 97507ff..0000000 --- a/server/lib/permissions/modules/eventmanager.json +++ /dev/null @@ -1,12 +0,0 @@ -[ - { - "name": "view", - "description": "View Events", - "groupdependent": false - }, - { - "name": "edit", - "description": "Edit Events", - "groupdependent": false - } -] \ No newline at end of file diff --git a/server/lib/permissions/modules/events.json b/server/lib/permissions/modules/events.json new file mode 100644 index 0000000..3a7d6c8 --- /dev/null +++ b/server/lib/permissions/modules/events.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all events and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit events.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/groups.json b/server/lib/permissions/modules/groups.json new file mode 100644 index 0000000..4fdb010 --- /dev/null +++ b/server/lib/permissions/modules/groups.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all groups and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit groups.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/ipranges.json b/server/lib/permissions/modules/ipranges.json new file mode 100644 index 0000000..0127314 --- /dev/null +++ b/server/lib/permissions/modules/ipranges.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all ipranges including their informations.", + "groupdependent": false + }, + { + "name": "edit", + "description": "Edit and delete ipranges.", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/ipxeconfigs.json b/server/lib/permissions/modules/ipxeconfigs.json new file mode 100644 index 0000000..1a3f761 --- /dev/null +++ b/server/lib/permissions/modules/ipxeconfigs.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all ipxe configs and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit ipxe configs.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/ipxeentries.json b/server/lib/permissions/modules/ipxeentries.json new file mode 100644 index 0000000..466e379 --- /dev/null +++ b/server/lib/permissions/modules/ipxeentries.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all ipxe entries and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit ipxe entries.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/permissionmanager.json b/server/lib/permissions/modules/permissionmanager.json deleted file mode 100644 index ee9b12b..0000000 --- a/server/lib/permissions/modules/permissionmanager.json +++ /dev/null @@ -1,12 +0,0 @@ -[ - { - "name": "view", - "description": "View Roles", - "groupdependent": false - }, - { - "name": "edit", - "description": "Edit Roles", - "groupdependent": false - } -] \ No newline at end of file diff --git a/server/lib/permissions/modules/permissions.json b/server/lib/permissions/modules/permissions.json new file mode 100644 index 0000000..b7e15f5 --- /dev/null +++ b/server/lib/permissions/modules/permissions.json @@ -0,0 +1,7 @@ +[ + { + "name": "view", + "description": "View a list of all permissions and check them for a user.", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/registration.json b/server/lib/permissions/modules/registration.json new file mode 100644 index 0000000..d7bd7d8 --- /dev/null +++ b/server/lib/permissions/modules/registration.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all registration hooks including their informations.", + "groupdependent": false + }, + { + "name": "edit", + "description": "Edit and delete registration hooks.", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/roles.json b/server/lib/permissions/modules/roles.json new file mode 100644 index 0000000..73e7a4a --- /dev/null +++ b/server/lib/permissions/modules/roles.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View all roles and their information.", + "groupdependent": true + }, + { + "name": "edit", + "description": "Create, delete, edit roles.", + "groupdependent": true + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/systemlog.json b/server/lib/permissions/modules/systemlog.json new file mode 100644 index 0000000..5a80bc3 --- /dev/null +++ b/server/lib/permissions/modules/systemlog.json @@ -0,0 +1,7 @@ +[ + { + "name": "view", + "description": "View the systemlog.", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/wakerequests.json b/server/lib/permissions/modules/wakerequests.json new file mode 100644 index 0000000..1f4c000 --- /dev/null +++ b/server/lib/permissions/modules/wakerequests.json @@ -0,0 +1,7 @@ +[ + { + "name": "send", + "description": "Send wake-on-lan requests to clients.", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/wolhelper.js b/server/lib/wolhelper.js index c840e44..eaca0e6 100644 --- a/server/lib/wolhelper.js +++ b/server/lib/wolhelper.js @@ -8,7 +8,10 @@ function wakeUp (clients) { const loop = () => { setTimeout(() => { let client = clients[i] - if (client.mac !== null && client.ip !== null) { + + // Regex for mac address + const regex = /^([0-9A-F]{2}[:-]){5}([0-9A-F]{2})$/ + if (client.mac !== null && client.ip !== null && regex.test(client.mac)) { console.log('Waking up: ' + client.name + ' (' + client.mac + ')') wol.wake(client.mac, { address: client.ip.slice(0, client.ip.lastIndexOf('.') + 1) + '255' }, err => { if (err) console.log(err) }) log({ @@ -20,7 +23,7 @@ function wakeUp (clients) { } else { log({ category: 'ERROR_WAKE_ON_LAN', - description: 'Client is missing ip or mac address.', + description: 'Client has an invalid ip or mac address.', client, clientId: client.id }) -- cgit v1.2.3-55-g7522