summaryrefslogtreecommitdiffstats
path: root/server/api/ipranges.js
blob: 23fa76a5ddc736284520ddba80abc826d5af3050 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const iphelper = require(path.join(__appdir, 'lib', 'iphelper'))
const log = require(path.join(__appdir, 'lib', 'log'))

// Permission check middleware
router.all(['', '/:x'], async (req, res, next) => {
  switch (req.method) {
    case 'GET':
      if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' })
      break

    case 'POST': case 'DELETE':
      if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' })
      break

    default:
      return res.status(400).send()
  }

  next()
})

// ############################################################################
// ###########################  GET requests  #################################

router.getAsync('', async (req, res) => {
  const ipranges = await db.iprange.findAll({ order: [['group', 'name', 'ASC']], include: ['group'] })
  ipranges.forEach(iprange => {
    iprange.startIp = iphelper.toIPv4(iprange.startIp)
    iprange.endIp = iphelper.toIPv4(iprange.endIp)
  })
  res.send(ipranges)
})

router.getAsync('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const iprange = await db.iprange.findOne({ where: { id: req.params.id }, include: ['group'] })
  if (iprange) {
    iprange.startIp = iphelper.toIPv4(iprange.startIp)
    iprange.endIp = iphelper.toIPv4(iprange.endIp)
    res.status(200).send(iprange)
  } else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ##########################  POST requests  #################################

router.postAsync(['', '/:id'], async (req, res) => {
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    if (!Array.isArray(req.body.ids)) return HttpResponse.invalidBodyValue('ids', 'an array').send(res)

    const user = await db.user.findOne({ where: { id: req.user.id } })

    // Only need to log batch request if there is more than one client to delete.
    if (req.body.ids.length > 1) {
      await log({
        category: 'IPRANGE_BATCH_DELETE',
        description: 'IP range batch deletion of ' + req.body.ids.length + ' ip ranges initiated by user.',
        user,
        userId: req.user.id
      })
    }

    let deletionCounter = 0
    // Delete every iprange on its own, to get a better log
    for (let index in req.body.ids) {
      const iprange = await db.iprange.findOne({ where: { id: req.body.ids[index] } })
      const count = await db.iprange.destroy({ where: { id: req.body.ids[index] } })
      if (count !== 1) {
        await log({
          category: 'ERROR_IPRANGE_DELETE',
          description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' could not be deleted.',
          user,
          userId: req.user.id
        })
      } else {
        await log({
          category: 'IPRANGE_DELETE',
          description: '[' + iprange.id + '] IP range from ' + iphelper.toIPv4(iprange.startIp) + ' to ' + iphelper.toIPv4(iprange.endIp) + ' successfully deleted.',
          user,
          userId: req.user.id
        })
        deletionCounter++
      }
    }
    if (req.body.ids.length > 1) {
      log({
        category: 'IPRANGE_BATCH_DELETE',
        description: deletionCounter + '/' + req.body.ids.length + ' ip ranges successfully deleted.',
        user,
        userId: req.user.id
      })
    }

    return HttpResponse.successBatch('deleted', 'client', deletionCounter).send(res)
  }
  let iprange
  let action = 'updated'
  req.body.startIp = iphelper.toDecimal(req.body.startIp)
  req.body.endIp = iphelper.toDecimal(req.body.endIp)
  if (req.params.id === undefined) {
    iprange = await db.iprange.create(req.body)
    await log({
      category: 'IPRANGE_CREATE',
      description: 'IP range from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp) + ' successfully created',
      userId: req.user.id,
      groupId: iprange.groupId
    })
    action = 'created'
  } else if (req.params.id > 0) {
    iprange = await db.iprange.findOne({ where: { id: req.params.id } })
    if (!iprange) return HttpResponse.notFound(req.params.id).send(res)
    else {
      await iprange.update(req.body)
      await log({
        category: 'IPRANGE_EDIT',
        description: '[' + iprange.id + '] IP range successfully edited from ' + iphelper.toIPv4(req.body.startIp) + ' to ' + iphelper.toIPv4(req.body.endIp),
        userId: req.user.id,
        groupId: iprange.groupId
      })
    }
  } else {
    return HttpResponse.invalidId().send(res)
  }
  HttpResponse.success(action, 'iprange', iprange.id).send(res)
})

// ############################################################################
// ##########################  DELETE requests  ###############################

router.delete('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const count = await db.iprange.destroy({ where: { id: req.params.id } })
  if (count) HttpResponse.success('deleted', 'iprange', req.params.id).send(res)
  else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ############################################################################

module.exports.router = router