ComputerScienceHouse · nogoodidea · Feb 27, 2024 · Feb 27, 2024 · Feb 27, 2024 · Feb 27, 2024
diff --git a/proxstar/__init__.py b/proxstar/__init__.py
@@ -412,6 +412,9 @@ def vm_renew(vmid):
 @app.route('/vm/<string:vmid>/disk/create/<int:size>', methods=['POST'])
 @auth.oidc_auth
 def create_disk(vmid, size):
+    ## are they trying to disk with zero size
+    if size <= 0:
+        return '', 400
     user = User(session['userinfo']['preferred_username'])
     connect_proxmox()
     if user.rtp or int(vmid) in user.allowed_vms:
@@ -563,80 +566,93 @@ def set_boot_order(vmid):
         return '', 403
 
 
-@app.route('/vm/create', methods=['GET', 'POST'])
+@app.route('/vm/create', methods=['GET'])
 @auth.oidc_auth
-def create():
+def get_create():
     user = User(session['userinfo']['preferred_username'])
     proxmox = connect_proxmox()
     if user.active or user.rtp:
-        if request.method == 'GET':
-            stored_isos = get_isos(proxmox, app.config['PROXMOX_ISO_STORAGE'])
-            pools = get_pools(proxmox, db)
-            for pool in get_shared_pools(db, user.name, True):
-                pools.append(pool.name)
-            templates = get_templates(db)
-            return render_template(
-                'create_vm.html',
-                user=user,
-                usage=user.usage,
-                limits=user.limits,
-                percents=user.usage_percent,
-                isos=stored_isos,
-                pools=pools,
-                templates=templates,
+        stored_isos = get_isos(proxmox, app.config['PROXMOX_ISO_STORAGE'])
+        pools = get_pools(proxmox, db)
+        for pool in get_shared_pools(db, user.name, True):
+            pools.append(pool.name)
+        templates = get_templates(db)
+        return render_template(
+            'create_vm.html',
+            user=user,
+            usage=user.usage,
+            limits=user.limits,
+            percents=user.usage_percent,
+            isos=stored_isos,
+            pools=pools,
+            templates=templates,
+        )
+    else:
+        return '', 403
+
+
+@app.route('/vm/create', methods=['POST'])
+@auth.oidc_auth
+def create():
+    user = User(session['userinfo']['preferred_username'])
+    if user.active or user.rtp:
+        name = request.form['name'].lower()
+        cores = request.form['cores']
+        memory = request.form['mem']
+        disk = request.form['disk']
+        username = request.form['user']
+        ## CHECK STUFF DEAR GOD
+        if int(cores) <= 0 or int(memory) <= 0 or int(disk) <= 0 or user == '':
+            return (
+                'VM creation with cores and/or mem and/or disk values that are less than 0',
+                400,
+            )
+
+        template = request.form['template']
+        iso = request.form['iso']
+        ssh_key = request.form['ssh_key']
+        if iso != 'none':
+            iso = '{}:iso/{}'.format(app.config['PROXMOX_ISO_STORAGE'], iso)
+        if not user.rtp:
+            if template == 'none':
+                usage_check = user.check_usage(0, 0, disk)
+            else:
+                usage_check = user.check_usage(cores, memory, disk)
+            username = user.name
+        else:
+            usage_check = None
+        if usage_check:
+            return usage_check
+        else:
+            valid, available = (
+                check_hostname(starrs, name) if app.config['USE_STARRS'] else (True, True)
             )
-        elif request.method == 'POST':
-            name = request.form['name'].lower()
-            cores = request.form['cores']
-            memory = request.form['mem']
-            template = request.form['template']
-            disk = request.form['disk']
-            iso = request.form['iso']
-            ssh_key = request.form['ssh_key']
-            if iso != 'none':
-                iso = '{}:iso/{}'.format(app.config['PROXMOX_ISO_STORAGE'], iso)
-            if not user.rtp:
+
+            if valid and available:
                 if template == 'none':
-                    usage_check = user.check_usage(0, 0, disk)
+                    q.enqueue(
+                        create_vm_task,
+                        username,
+                        name,
+                        cores,
+                        memory,
+                        disk,
+                        iso,
+                        job_timeout=300,
+                    )
                 else:
-                    usage_check = user.check_usage(cores, memory, disk)
-                username = user.name
-            else:
-                usage_check = None
-                username = request.form['user']
-            if usage_check:
-                return usage_check
-            else:
-                valid, available = (
-                    check_hostname(starrs, name) if app.config['USE_STARRS'] else (True, True)
-                )
-
-                if valid and available:
-                    if template == 'none':
-                        q.enqueue(
-                            create_vm_task,
-                            username,
-                            name,
-                            cores,
-                            memory,
-                            disk,
-                            iso,
-                            job_timeout=300,
-                        )
-                    else:
-                        q.enqueue(
-                            setup_template_task,
-                            template,
-                            name,
-                            username,
-                            ssh_key,
-                            cores,
-                            memory,
-                            job_timeout=600,
-                        )
-                        return '', 200
-            return '', 200
-        return None
+                    q.enqueue(
+                        setup_template_task,
+                        template,
+                        name,
+                        username,
+                        ssh_key,
+                        cores,
+                        memory,
+                        job_timeout=600,
+                    )
+                    return '', 200
+        return '', 200
     else:
         return '', 403
 

diff --git a/proxstar/static/js/script.js b/proxstar/static/js/script.js
@@ -238,12 +238,21 @@ $("#create-vm").click(function(){
         if (name && disk) {
             if (template != 'none' && !ssh_regex.test(ssh_key)) {
                 swal("Uh oh...", "Invalid SSH key!", "error");
+            // MAXIMUM BOUNDS CHECK
             } else if (disk > max_disk) {
                 swal("Uh oh...", `You do not have enough disk resources available! Please lower the VM disk size to ${max_disk}GB or lower.`, "error");
             } else if (template != 'none' && cores > max_cpu) {
                 swal("Uh oh...", `You do not have enough CPU resources available! Please lower the VM cores to ${max_cpu} or lower.`, "error");
             } else if (template != 'none' && mem/1024 > max_mem) {
                 swal("Uh oh...", `You do not have enough memory resources available! Please lower the VM memory to ${max_mem}GB or lower.`, "error");
+            // MINIMUM BOUNDS CHECK
+            else if(0 <= disk){
+              swal("Uh oh...", `Selected disk size is less than 0.`,"error");
+            }else if(0 <= cores){
+              swal("Uh oh...", `Selected cores amount is less than 0.`,"error");
+            }else if(0 <= mem){
+              swal("Uh oh...", `Selected memory size is less than 0.`,"error");
+            }
             } else {
                 fetch(`/hostname/${name}`, {
                     credentials: 'same-origin',
@@ -1155,4 +1164,4 @@ $(".delete-disk").click(function(){
     const vmid = $(this).data('vmid')
     const disk = $(this).data('disk')
     confirmDialog(`/vm/${vmid}/disk/${disk}/delete`, `Are you sure you want to delete ${disk}?`, "Delete", `Deleting ${disk}!`, `Unable to delete disk. Please try again later.`, `/vm/${vmid}`, true)
-});
+});