2019-06-26 07:17:13 +00:00
|
|
|
use std::io::Write;
|
2020-09-15 09:15:00 +00:00
|
|
|
use std::sync::{Arc, Mutex, RwLock};
|
|
|
|
use std::time::Duration;
|
2019-01-17 10:29:38 +00:00
|
|
|
|
2020-04-17 12:11:25 +00:00
|
|
|
use anyhow::{bail, format_err, Error};
|
2019-05-20 12:19:24 +00:00
|
|
|
use futures::*;
|
2019-08-22 11:46:31 +00:00
|
|
|
use http::Uri;
|
|
|
|
use http::header::HeaderValue;
|
|
|
|
use http::{Request, Response};
|
|
|
|
use hyper::Body;
|
2019-09-02 13:14:55 +00:00
|
|
|
use hyper::client::{Client, HttpConnector};
|
2020-01-25 11:18:00 +00:00
|
|
|
use openssl::{ssl::{SslConnector, SslMethod}, x509::X509StoreContextRef};
|
2019-03-05 11:54:44 +00:00
|
|
|
use serde_json::{json, Value};
|
2019-12-13 10:55:52 +00:00
|
|
|
use percent_encoding::percent_encode;
|
2019-08-22 11:46:31 +00:00
|
|
|
use xdg::BaseDirectories;
|
2019-01-21 17:56:48 +00:00
|
|
|
|
2020-01-31 07:16:00 +00:00
|
|
|
use proxmox::{
|
2020-07-21 13:03:34 +00:00
|
|
|
api::error::HttpError,
|
2020-01-31 07:16:00 +00:00
|
|
|
sys::linux::tty,
|
2020-10-21 09:41:11 +00:00
|
|
|
tools::fs::{file_get_json, replace_file, CreateOptions},
|
2019-08-03 11:05:38 +00:00
|
|
|
};
|
|
|
|
|
2019-08-22 11:46:31 +00:00
|
|
|
use super::pipe_to_stream::PipeToSendStream;
|
2020-10-08 13:19:39 +00:00
|
|
|
use crate::api2::types::{Authid, Userid};
|
2020-10-19 11:59:33 +00:00
|
|
|
use crate::tools::{
|
|
|
|
self,
|
|
|
|
BroadcastFuture,
|
|
|
|
DEFAULT_ENCODE_SET,
|
2021-05-06 06:55:44 +00:00
|
|
|
http::{
|
|
|
|
build_authority,
|
|
|
|
HttpsConnector,
|
|
|
|
},
|
2020-10-19 11:59:33 +00:00
|
|
|
};
|
2019-06-05 06:41:20 +00:00
|
|
|
|
2020-12-21 13:56:11 +00:00
|
|
|
/// Timeout used for several HTTP operations that are expected to finish quickly but may block in
|
2021-02-24 10:55:37 +00:00
|
|
|
/// certain error conditions. Keep it generous, to avoid false-positive under high load.
|
|
|
|
const HTTP_TIMEOUT: Duration = Duration::from_secs(2 * 60);
|
2020-12-21 13:56:11 +00:00
|
|
|
|
2019-04-28 08:55:03 +00:00
|
|
|
#[derive(Clone)]
|
2019-08-10 07:12:17 +00:00
|
|
|
pub struct AuthInfo {
|
2020-10-08 13:19:39 +00:00
|
|
|
pub auth_id: Authid,
|
2020-01-05 09:31:19 +00:00
|
|
|
pub ticket: String,
|
|
|
|
pub token: String,
|
2019-04-28 08:55:03 +00:00
|
|
|
}
|
2019-02-20 13:18:27 +00:00
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
pub struct HttpClientOptions {
|
2020-01-27 08:34:02 +00:00
|
|
|
prefix: Option<String>,
|
2020-01-25 11:18:00 +00:00
|
|
|
password: Option<String>,
|
|
|
|
fingerprint: Option<String>,
|
|
|
|
interactive: bool,
|
|
|
|
ticket_cache: bool,
|
2020-01-25 14:37:34 +00:00
|
|
|
fingerprint_cache: bool,
|
2020-01-25 11:18:00 +00:00
|
|
|
verify_cert: bool,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl HttpClientOptions {
|
|
|
|
|
2021-01-25 13:42:57 +00:00
|
|
|
pub fn new_interactive(password: Option<String>, fingerprint: Option<String>) -> Self {
|
2020-01-25 11:18:00 +00:00
|
|
|
Self {
|
2021-01-25 13:42:57 +00:00
|
|
|
password,
|
|
|
|
fingerprint,
|
|
|
|
fingerprint_cache: true,
|
|
|
|
ticket_cache: true,
|
|
|
|
interactive: true,
|
|
|
|
prefix: Some("proxmox-backup".to_string()),
|
|
|
|
..Self::default()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn new_non_interactive(password: String, fingerprint: Option<String>) -> Self {
|
|
|
|
Self {
|
|
|
|
password: Some(password),
|
|
|
|
fingerprint,
|
|
|
|
..Self::default()
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
pub fn prefix(mut self, prefix: Option<String>) -> Self {
|
|
|
|
self.prefix = prefix;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
pub fn password(mut self, password: Option<String>) -> Self {
|
|
|
|
self.password = password;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn fingerprint(mut self, fingerprint: Option<String>) -> Self {
|
|
|
|
self.fingerprint = fingerprint;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn interactive(mut self, interactive: bool) -> Self {
|
|
|
|
self.interactive = interactive;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn ticket_cache(mut self, ticket_cache: bool) -> Self {
|
|
|
|
self.ticket_cache = ticket_cache;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
2020-01-25 14:37:34 +00:00
|
|
|
pub fn fingerprint_cache(mut self, fingerprint_cache: bool) -> Self {
|
|
|
|
self.fingerprint_cache = fingerprint_cache;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
pub fn verify_cert(mut self, verify_cert: bool) -> Self {
|
|
|
|
self.verify_cert = verify_cert;
|
|
|
|
self
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-25 13:42:57 +00:00
|
|
|
impl Default for HttpClientOptions {
|
|
|
|
fn default() -> Self {
|
|
|
|
Self {
|
|
|
|
prefix: None,
|
|
|
|
password: None,
|
|
|
|
fingerprint: None,
|
|
|
|
interactive: false,
|
|
|
|
ticket_cache: false,
|
|
|
|
fingerprint_cache: false,
|
|
|
|
verify_cert: true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-14 10:11:39 +00:00
|
|
|
/// HTTP(S) API client
|
2019-01-17 10:29:38 +00:00
|
|
|
pub struct HttpClient {
|
2019-09-02 13:14:55 +00:00
|
|
|
client: Client<HttpsConnector>,
|
2019-01-17 10:29:38 +00:00
|
|
|
server: String,
|
2020-09-29 14:18:58 +00:00
|
|
|
port: u16,
|
2020-01-25 11:18:00 +00:00
|
|
|
fingerprint: Arc<Mutex<Option<String>>>,
|
2020-10-08 13:19:39 +00:00
|
|
|
first_auth: Option<BroadcastFuture<()>>,
|
2020-09-15 09:15:00 +00:00
|
|
|
auth: Arc<RwLock<AuthInfo>>,
|
|
|
|
ticket_abort: futures::future::AbortHandle,
|
2020-01-25 11:18:00 +00:00
|
|
|
_options: HttpClientOptions,
|
2019-01-17 10:29:38 +00:00
|
|
|
}
|
|
|
|
|
2019-08-10 07:12:17 +00:00
|
|
|
/// Delete stored ticket data (logout)
|
2020-08-06 13:46:01 +00:00
|
|
|
pub fn delete_ticket_info(prefix: &str, server: &str, username: &Userid) -> Result<(), Error> {
|
2019-08-10 07:12:17 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
let base = BaseDirectories::with_prefix(prefix)?;
|
2019-08-10 07:12:17 +00:00
|
|
|
|
|
|
|
// usually /run/user/<uid>/...
|
|
|
|
let path = base.place_runtime_file("tickets")?;
|
|
|
|
|
|
|
|
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
|
|
|
|
|
|
|
let mut data = file_get_json(&path, Some(json!({})))?;
|
|
|
|
|
|
|
|
if let Some(map) = data[server].as_object_mut() {
|
2020-08-06 13:46:01 +00:00
|
|
|
map.remove(username.as_str());
|
2019-08-10 07:12:17 +00:00
|
|
|
}
|
|
|
|
|
2019-12-18 10:05:30 +00:00
|
|
|
replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
|
2019-08-10 07:12:17 +00:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<(), Error> {
|
2020-01-25 14:37:34 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
let base = BaseDirectories::with_prefix(prefix)?;
|
2020-01-25 14:37:34 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
// usually ~/.config/<prefix>/fingerprints
|
2020-01-25 14:37:34 +00:00
|
|
|
let path = base.place_config_file("fingerprints")?;
|
|
|
|
|
|
|
|
let raw = match std::fs::read_to_string(&path) {
|
|
|
|
Ok(v) => v,
|
|
|
|
Err(err) => {
|
|
|
|
if err.kind() == std::io::ErrorKind::NotFound {
|
|
|
|
String::new()
|
|
|
|
} else {
|
|
|
|
bail!("unable to read fingerprints from {:?} - {}", path, err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
let mut result = String::new();
|
|
|
|
|
|
|
|
raw.split('\n').for_each(|line| {
|
|
|
|
let items: Vec<String> = line.split_whitespace().map(String::from).collect();
|
|
|
|
if items.len() == 2 {
|
2021-01-20 16:23:55 +00:00
|
|
|
if items[0] == server {
|
2020-01-25 14:37:34 +00:00
|
|
|
// found, add later with new fingerprint
|
|
|
|
} else {
|
|
|
|
result.push_str(line);
|
|
|
|
result.push('\n');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
result.push_str(server);
|
|
|
|
result.push(' ');
|
|
|
|
result.push_str(fingerprint);
|
|
|
|
result.push('\n');
|
|
|
|
|
|
|
|
replace_file(path, result.as_bytes(), CreateOptions::new())?;
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
fn load_fingerprint(prefix: &str, server: &str) -> Option<String> {
|
2020-01-25 14:37:34 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
let base = BaseDirectories::with_prefix(prefix).ok()?;
|
2020-01-25 14:37:34 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
// usually ~/.config/<prefix>/fingerprints
|
2020-01-25 14:37:34 +00:00
|
|
|
let path = base.place_config_file("fingerprints").ok()?;
|
|
|
|
|
|
|
|
let raw = std::fs::read_to_string(&path).ok()?;
|
|
|
|
|
|
|
|
for line in raw.split('\n') {
|
|
|
|
let items: Vec<String> = line.split_whitespace().map(String::from).collect();
|
2021-01-20 16:23:55 +00:00
|
|
|
if items.len() == 2 && items[0] == server {
|
2020-10-14 09:33:45 +00:00
|
|
|
return Some(items[1].clone());
|
2020-01-25 14:37:34 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
None
|
|
|
|
}
|
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, token: &str) -> Result<(), Error> {
|
2019-03-05 11:54:44 +00:00
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
let base = BaseDirectories::with_prefix(prefix)?;
|
2019-03-05 11:54:44 +00:00
|
|
|
|
|
|
|
// usually /run/user/<uid>/...
|
|
|
|
let path = base.place_runtime_file("tickets")?;
|
|
|
|
|
|
|
|
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
|
|
|
|
2019-08-03 11:05:38 +00:00
|
|
|
let mut data = file_get_json(&path, Some(json!({})))?;
|
2019-03-05 11:54:44 +00:00
|
|
|
|
2020-09-12 13:10:47 +00:00
|
|
|
let now = proxmox::tools::time::epoch_i64();
|
2019-03-05 11:54:44 +00:00
|
|
|
|
|
|
|
data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
|
|
|
|
|
|
|
|
let mut new_data = json!({});
|
|
|
|
|
|
|
|
let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
|
|
|
|
|
|
|
|
let empty = serde_json::map::Map::new();
|
|
|
|
for (server, info) in data.as_object().unwrap_or(&empty) {
|
2020-10-20 09:29:16 +00:00
|
|
|
for (user, uinfo) in info.as_object().unwrap_or(&empty) {
|
2020-10-21 06:40:04 +00:00
|
|
|
if let Some(timestamp) = uinfo["timestamp"].as_i64() {
|
|
|
|
let age = now - timestamp;
|
|
|
|
if age < ticket_lifetime {
|
|
|
|
new_data[server][user] = uinfo.clone();
|
2019-03-05 11:54:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-12-18 10:05:30 +00:00
|
|
|
replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
|
2019-03-05 11:54:44 +00:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2020-08-06 13:46:01 +00:00
|
|
|
fn load_ticket_info(prefix: &str, server: &str, userid: &Userid) -> Option<(String, String)> {
|
2020-01-27 08:34:02 +00:00
|
|
|
let base = BaseDirectories::with_prefix(prefix).ok()?;
|
2019-03-05 11:54:44 +00:00
|
|
|
|
|
|
|
// usually /run/user/<uid>/...
|
2019-08-28 14:03:48 +00:00
|
|
|
let path = base.place_runtime_file("tickets").ok()?;
|
|
|
|
let data = file_get_json(&path, None).ok()?;
|
2020-09-12 13:10:47 +00:00
|
|
|
let now = proxmox::tools::time::epoch_i64();
|
2019-03-05 11:54:44 +00:00
|
|
|
let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
|
2020-08-06 13:46:01 +00:00
|
|
|
let uinfo = data[server][userid.as_str()].as_object()?;
|
2019-08-28 14:03:48 +00:00
|
|
|
let timestamp = uinfo["timestamp"].as_i64()?;
|
|
|
|
let age = now - timestamp;
|
|
|
|
|
|
|
|
if age < ticket_lifetime {
|
|
|
|
let ticket = uinfo["ticket"].as_str()?;
|
|
|
|
let token = uinfo["token"].as_str()?;
|
|
|
|
Some((ticket.to_owned(), token.to_owned()))
|
|
|
|
} else {
|
|
|
|
None
|
2019-03-05 11:54:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-05-05 08:29:15 +00:00
|
|
|
fn build_uri(server: &str, port: u16, path: &str, query: Option<String>) -> Result<Uri, Error> {
|
2021-05-07 06:41:20 +00:00
|
|
|
Uri::builder()
|
2021-05-06 06:55:44 +00:00
|
|
|
.scheme("https")
|
2021-05-07 06:41:20 +00:00
|
|
|
.authority(build_authority(server, port)?)
|
|
|
|
.path_and_query(match query {
|
|
|
|
Some(query) => format!("/{}?{}", path, query),
|
|
|
|
None => format!("/{}", path),
|
|
|
|
})
|
|
|
|
.build()
|
|
|
|
.map_err(|err| format_err!("error building uri - {}", err))
|
2021-05-05 08:29:15 +00:00
|
|
|
}
|
|
|
|
|
2019-01-17 10:29:38 +00:00
|
|
|
impl HttpClient {
|
2020-08-06 13:46:01 +00:00
|
|
|
pub fn new(
|
|
|
|
server: &str,
|
2020-09-29 14:18:58 +00:00
|
|
|
port: u16,
|
2020-10-08 13:19:39 +00:00
|
|
|
auth_id: &Authid,
|
2020-08-06 13:46:01 +00:00
|
|
|
mut options: HttpClientOptions,
|
|
|
|
) -> Result<Self, Error> {
|
2020-01-25 11:18:00 +00:00
|
|
|
|
|
|
|
let verified_fingerprint = Arc::new(Mutex::new(None));
|
|
|
|
|
2021-05-10 08:52:32 +00:00
|
|
|
let mut expected_fingerprint = options.fingerprint.take();
|
2020-02-11 10:54:43 +00:00
|
|
|
|
2021-05-10 08:52:32 +00:00
|
|
|
if expected_fingerprint.is_some() {
|
2020-02-11 10:54:43 +00:00
|
|
|
// do not store fingerprints passed via options in cache
|
|
|
|
options.fingerprint_cache = false;
|
|
|
|
} else if options.fingerprint_cache && options.prefix.is_some() {
|
2021-05-10 08:52:32 +00:00
|
|
|
expected_fingerprint = load_fingerprint(options.prefix.as_ref().unwrap(), server);
|
2020-01-25 14:37:34 +00:00
|
|
|
}
|
|
|
|
|
2020-01-27 08:34:02 +00:00
|
|
|
let mut ssl_connector_builder = SslConnector::builder(SslMethod::tls()).unwrap();
|
|
|
|
|
|
|
|
if options.verify_cert {
|
|
|
|
let server = server.to_string();
|
|
|
|
let verified_fingerprint = verified_fingerprint.clone();
|
|
|
|
let interactive = options.interactive;
|
|
|
|
let fingerprint_cache = options.fingerprint_cache;
|
|
|
|
let prefix = options.prefix.clone();
|
|
|
|
ssl_connector_builder.set_verify_callback(openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| {
|
2021-05-10 08:52:33 +00:00
|
|
|
match Self::verify_callback(valid, ctx, expected_fingerprint.as_ref(), interactive) {
|
|
|
|
Ok(None) => true,
|
|
|
|
Ok(Some(fingerprint)) => {
|
2020-01-27 08:34:02 +00:00
|
|
|
if fingerprint_cache && prefix.is_some() {
|
|
|
|
if let Err(err) = store_fingerprint(
|
|
|
|
prefix.as_ref().unwrap(), &server, &fingerprint) {
|
|
|
|
eprintln!("{}", err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*verified_fingerprint.lock().unwrap() = Some(fingerprint);
|
2021-05-10 08:52:33 +00:00
|
|
|
true
|
|
|
|
},
|
|
|
|
Err(err) => {
|
|
|
|
eprintln!("certificate validation failed - {}", err);
|
|
|
|
false
|
|
|
|
},
|
2020-01-27 08:34:02 +00:00
|
|
|
}
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
ssl_connector_builder.set_verify(openssl::ssl::SslVerifyMode::NONE);
|
|
|
|
}
|
|
|
|
|
2020-10-21 09:41:11 +00:00
|
|
|
let mut httpc = HttpConnector::new();
|
2020-01-27 08:34:02 +00:00
|
|
|
httpc.set_nodelay(true); // important for h2 download performance!
|
|
|
|
httpc.enforce_http(false); // we want https...
|
|
|
|
|
2020-10-19 07:36:01 +00:00
|
|
|
httpc.set_connect_timeout(Some(std::time::Duration::new(10, 0)));
|
2020-01-27 08:34:02 +00:00
|
|
|
let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
|
|
|
|
|
|
|
|
let client = Client::builder()
|
|
|
|
//.http2_initial_stream_window_size( (1 << 31) - 2)
|
|
|
|
//.http2_initial_connection_window_size( (1 << 31) - 2)
|
|
|
|
.build::<_, Body>(https);
|
2020-01-25 11:18:00 +00:00
|
|
|
|
|
|
|
let password = options.password.take();
|
2020-01-27 08:34:02 +00:00
|
|
|
let use_ticket_cache = options.ticket_cache && options.prefix.is_some();
|
2019-04-28 08:55:03 +00:00
|
|
|
|
2019-09-16 10:35:23 +00:00
|
|
|
let password = if let Some(password) = password {
|
|
|
|
password
|
2019-04-30 09:44:35 +00:00
|
|
|
} else {
|
2020-10-08 13:19:39 +00:00
|
|
|
let userid = if auth_id.is_token() {
|
|
|
|
bail!("API token secret must be provided!");
|
|
|
|
} else {
|
|
|
|
auth_id.user()
|
|
|
|
};
|
2020-01-25 11:18:00 +00:00
|
|
|
let mut ticket_info = None;
|
2020-01-27 08:34:02 +00:00
|
|
|
if use_ticket_cache {
|
2020-08-06 13:46:01 +00:00
|
|
|
ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, userid);
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
|
|
|
if let Some((ticket, _token)) = ticket_info {
|
|
|
|
ticket
|
|
|
|
} else {
|
2020-08-06 13:46:01 +00:00
|
|
|
Self::get_password(userid, options.interactive)?
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
2019-04-30 09:44:35 +00:00
|
|
|
};
|
|
|
|
|
2020-09-15 09:15:00 +00:00
|
|
|
let auth = Arc::new(RwLock::new(AuthInfo {
|
2020-10-08 13:19:39 +00:00
|
|
|
auth_id: auth_id.clone(),
|
2020-09-15 09:15:00 +00:00
|
|
|
ticket: password.clone(),
|
|
|
|
token: "".to_string(),
|
|
|
|
}));
|
|
|
|
|
|
|
|
let server2 = server.to_string();
|
|
|
|
let client2 = client.clone();
|
|
|
|
let auth2 = auth.clone();
|
|
|
|
let prefix2 = options.prefix.clone();
|
|
|
|
|
|
|
|
let renewal_future = async move {
|
|
|
|
loop {
|
2020-12-03 15:04:23 +00:00
|
|
|
tokio::time::sleep(Duration::new(60*15, 0)).await; // 15 minutes
|
2020-10-08 13:19:39 +00:00
|
|
|
let (auth_id, ticket) = {
|
2020-09-15 09:15:00 +00:00
|
|
|
let authinfo = auth2.read().unwrap().clone();
|
2020-10-08 13:19:39 +00:00
|
|
|
(authinfo.auth_id, authinfo.ticket)
|
2020-09-15 09:15:00 +00:00
|
|
|
};
|
2020-10-08 13:19:39 +00:00
|
|
|
match Self::credentials(client2.clone(), server2.clone(), port, auth_id.user().clone(), ticket).await {
|
2020-09-15 09:15:00 +00:00
|
|
|
Ok(auth) => {
|
2021-01-20 16:23:54 +00:00
|
|
|
if use_ticket_cache && prefix2.is_some() {
|
2020-10-08 13:19:39 +00:00
|
|
|
let _ = store_ticket_info(prefix2.as_ref().unwrap(), &server2, &auth.auth_id.to_string(), &auth.ticket, &auth.token);
|
2020-09-15 09:15:00 +00:00
|
|
|
}
|
|
|
|
*auth2.write().unwrap() = auth;
|
|
|
|
},
|
|
|
|
Err(err) => {
|
|
|
|
eprintln!("re-authentication failed: {}", err);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
let (renewal_future, ticket_abort) = futures::future::abortable(renewal_future);
|
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
let login_future = Self::credentials(
|
|
|
|
client.clone(),
|
|
|
|
server.to_owned(),
|
2020-09-29 14:18:58 +00:00
|
|
|
port,
|
2020-10-08 13:19:39 +00:00
|
|
|
auth_id.user().clone(),
|
2021-01-20 16:23:55 +00:00
|
|
|
password,
|
2020-01-27 08:34:02 +00:00
|
|
|
).map_ok({
|
|
|
|
let server = server.to_string();
|
|
|
|
let prefix = options.prefix.clone();
|
2020-09-15 09:15:00 +00:00
|
|
|
let authinfo = auth.clone();
|
2020-01-27 08:34:02 +00:00
|
|
|
|
|
|
|
move |auth| {
|
2021-01-20 16:23:54 +00:00
|
|
|
if use_ticket_cache && prefix.is_some() {
|
2020-10-08 13:19:39 +00:00
|
|
|
let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.auth_id.to_string(), &auth.ticket, &auth.token);
|
2020-01-27 08:34:02 +00:00
|
|
|
}
|
2020-09-15 09:15:00 +00:00
|
|
|
*authinfo.write().unwrap() = auth;
|
|
|
|
tokio::spawn(renewal_future);
|
2020-01-27 08:34:02 +00:00
|
|
|
}
|
|
|
|
});
|
2019-04-30 09:44:35 +00:00
|
|
|
|
2020-10-08 13:19:39 +00:00
|
|
|
let first_auth = if auth_id.is_token() {
|
|
|
|
// TODO check access here?
|
|
|
|
None
|
|
|
|
} else {
|
|
|
|
Some(BroadcastFuture::new(Box::new(login_future)))
|
|
|
|
};
|
|
|
|
|
2019-04-30 09:44:35 +00:00
|
|
|
Ok(Self {
|
2019-04-28 08:55:03 +00:00
|
|
|
client,
|
2019-01-17 10:29:38 +00:00
|
|
|
server: String::from(server),
|
2020-09-29 14:18:58 +00:00
|
|
|
port,
|
2020-01-25 11:18:00 +00:00
|
|
|
fingerprint: verified_fingerprint,
|
2020-09-15 09:15:00 +00:00
|
|
|
auth,
|
|
|
|
ticket_abort,
|
2020-10-08 13:19:39 +00:00
|
|
|
first_auth,
|
2020-01-25 11:18:00 +00:00
|
|
|
_options: options,
|
2019-04-30 09:44:35 +00:00
|
|
|
})
|
2019-01-17 10:29:38 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
/// Login
|
2019-08-10 07:12:17 +00:00
|
|
|
///
|
2020-05-30 14:37:33 +00:00
|
|
|
/// Login is done on demand, so this is only required if you need
|
2019-08-10 07:12:17 +00:00
|
|
|
/// access to authentication data in 'AuthInfo'.
|
2020-11-04 07:20:36 +00:00
|
|
|
///
|
|
|
|
/// Note: tickets a periodially re-newed, so one can use this
|
|
|
|
/// to query changed ticket.
|
2019-09-04 08:01:46 +00:00
|
|
|
pub async fn login(&self) -> Result<AuthInfo, Error> {
|
2020-10-08 13:19:39 +00:00
|
|
|
if let Some(future) = &self.first_auth {
|
|
|
|
future.listen().await?;
|
|
|
|
}
|
|
|
|
|
2020-09-15 09:15:00 +00:00
|
|
|
let authinfo = self.auth.read().unwrap();
|
|
|
|
Ok(authinfo.clone())
|
2019-08-10 07:12:17 +00:00
|
|
|
}
|
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
/// Returns the optional fingerprint passed to the new() constructor.
|
|
|
|
pub fn fingerprint(&self) -> Option<String> {
|
|
|
|
(*self.fingerprint.lock().unwrap()).clone()
|
|
|
|
}
|
|
|
|
|
2020-08-06 13:46:01 +00:00
|
|
|
fn get_password(username: &Userid, interactive: bool) -> Result<String, Error> {
|
2019-02-20 13:18:27 +00:00
|
|
|
// If we're on a TTY, query the user for a password
|
2020-01-25 11:18:00 +00:00
|
|
|
if interactive && tty::stdin_isatty() {
|
2020-01-27 09:42:19 +00:00
|
|
|
let msg = format!("Password for \"{}\": ", username);
|
|
|
|
return Ok(String::from_utf8(tty::read_password(&msg)?)?);
|
2019-02-20 13:18:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bail!("no password input mechanism available");
|
|
|
|
}
|
|
|
|
|
2020-01-25 11:18:00 +00:00
|
|
|
fn verify_callback(
|
2021-05-10 08:52:33 +00:00
|
|
|
openssl_valid: bool,
|
2021-05-10 08:52:32 +00:00
|
|
|
ctx: &mut X509StoreContextRef,
|
|
|
|
expected_fingerprint: Option<&String>,
|
2020-01-25 11:18:00 +00:00
|
|
|
interactive: bool,
|
2021-05-10 08:52:33 +00:00
|
|
|
) -> Result<Option<String>, Error> {
|
|
|
|
|
|
|
|
if openssl_valid {
|
|
|
|
return Ok(None);
|
|
|
|
}
|
2020-01-25 11:18:00 +00:00
|
|
|
|
|
|
|
let cert = match ctx.current_cert() {
|
|
|
|
Some(cert) => cert,
|
2021-05-10 08:52:33 +00:00
|
|
|
None => bail!("context lacks current certificate."),
|
2020-01-25 11:18:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
let depth = ctx.error_depth();
|
2021-05-10 08:52:33 +00:00
|
|
|
if depth != 0 { bail!("context depth != 0") }
|
2020-01-25 11:18:00 +00:00
|
|
|
|
|
|
|
let fp = match cert.digest(openssl::hash::MessageDigest::sha256()) {
|
|
|
|
Ok(fp) => fp,
|
2021-05-10 08:52:33 +00:00
|
|
|
Err(err) => bail!("failed to calculate certificate FP - {}", err), // should not happen
|
2020-01-25 11:18:00 +00:00
|
|
|
};
|
|
|
|
let fp_string = proxmox::tools::digest_to_hex(&fp);
|
|
|
|
let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
|
|
|
|
.collect::<Vec<&str>>().join(":");
|
|
|
|
|
|
|
|
if let Some(expected_fingerprint) = expected_fingerprint {
|
2021-05-10 08:52:31 +00:00
|
|
|
let expected_fingerprint = expected_fingerprint.to_lowercase();
|
|
|
|
if expected_fingerprint == fp_string {
|
2021-05-10 08:52:33 +00:00
|
|
|
return Ok(Some(fp_string));
|
2020-01-25 11:18:00 +00:00
|
|
|
} else {
|
2021-05-10 08:52:31 +00:00
|
|
|
eprintln!("WARNING: certificate fingerprint does not match expected fingerprint!");
|
|
|
|
eprintln!("expected: {}", expected_fingerprint);
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we're on a TTY, query the user
|
|
|
|
if interactive && tty::stdin_isatty() {
|
|
|
|
println!("fingerprint: {}", fp_string);
|
|
|
|
loop {
|
2020-05-26 09:52:36 +00:00
|
|
|
print!("Are you sure you want to continue connecting? (y/n): ");
|
2020-01-25 11:18:00 +00:00
|
|
|
let _ = std::io::stdout().flush();
|
2020-05-26 09:52:36 +00:00
|
|
|
use std::io::{BufRead, BufReader};
|
|
|
|
let mut line = String::new();
|
|
|
|
match BufReader::new(std::io::stdin()).read_line(&mut line) {
|
|
|
|
Ok(_) => {
|
|
|
|
let trimmed = line.trim();
|
|
|
|
if trimmed == "y" || trimmed == "Y" {
|
2021-05-10 08:52:33 +00:00
|
|
|
return Ok(Some(fp_string));
|
2020-05-26 09:52:36 +00:00
|
|
|
} else if trimmed == "n" || trimmed == "N" {
|
2021-05-10 08:52:33 +00:00
|
|
|
bail!("Certificate fingerprint was not confirmed.");
|
2020-05-26 09:52:36 +00:00
|
|
|
} else {
|
|
|
|
continue;
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
|
|
|
}
|
2021-05-10 08:52:33 +00:00
|
|
|
Err(err) => bail!("Certificate fingerprint was not confirmed - {}.", err),
|
2020-01-25 11:18:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-05-10 08:52:33 +00:00
|
|
|
|
|
|
|
bail!("Certificate fingerprint was not confirmed.");
|
2019-03-06 09:45:38 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn request(&self, mut req: Request<Body>) -> Result<Value, Error> {
|
2019-01-17 10:29:38 +00:00
|
|
|
|
2019-04-28 08:55:03 +00:00
|
|
|
let client = self.client.clone();
|
2019-01-17 10:29:38 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
let auth = self.login().await?;
|
2020-10-08 13:19:39 +00:00
|
|
|
if auth.auth_id.is_token() {
|
2020-10-30 12:10:38 +00:00
|
|
|
let enc_api_token = format!("PBSAPIToken {}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
|
2020-10-08 13:19:39 +00:00
|
|
|
req.headers_mut().insert("Authorization", HeaderValue::from_str(&enc_api_token).unwrap());
|
|
|
|
} else {
|
|
|
|
let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
|
|
|
|
req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
|
|
|
|
req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
|
|
|
|
}
|
2019-01-17 10:29:38 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
Self::api_request(client, req).await
|
2019-01-21 17:56:48 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn get(
|
2019-08-23 12:33:48 +00:00
|
|
|
&self,
|
|
|
|
path: &str,
|
|
|
|
data: Option<Value>,
|
2019-09-04 10:47:01 +00:00
|
|
|
) -> Result<Value, Error> {
|
2020-09-29 14:18:58 +00:00
|
|
|
let req = Self::request_builder(&self.server, self.port, "GET", path, data)?;
|
2019-09-04 10:47:01 +00:00
|
|
|
self.request(req).await
|
2019-03-06 09:45:38 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn delete(
|
2019-08-23 12:33:48 +00:00
|
|
|
&mut self,
|
|
|
|
path: &str,
|
|
|
|
data: Option<Value>,
|
2019-09-04 10:47:01 +00:00
|
|
|
) -> Result<Value, Error> {
|
2020-09-29 14:18:58 +00:00
|
|
|
let req = Self::request_builder(&self.server, self.port, "DELETE", path, data)?;
|
2019-09-04 10:47:01 +00:00
|
|
|
self.request(req).await
|
2019-03-06 09:45:38 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn post(
|
2019-08-23 12:33:48 +00:00
|
|
|
&mut self,
|
|
|
|
path: &str,
|
|
|
|
data: Option<Value>,
|
2019-09-04 10:47:01 +00:00
|
|
|
) -> Result<Value, Error> {
|
2020-09-29 14:18:58 +00:00
|
|
|
let req = Self::request_builder(&self.server, self.port, "POST", path, data)?;
|
2019-09-04 10:47:01 +00:00
|
|
|
self.request(req).await
|
2019-03-13 10:56:37 +00:00
|
|
|
}
|
|
|
|
|
2020-11-13 09:38:48 +00:00
|
|
|
pub async fn put(
|
|
|
|
&mut self,
|
|
|
|
path: &str,
|
|
|
|
data: Option<Value>,
|
|
|
|
) -> Result<Value, Error> {
|
|
|
|
let req = Self::request_builder(&self.server, self.port, "PUT", path, data)?;
|
|
|
|
self.request(req).await
|
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn download(
|
2019-08-23 12:33:48 +00:00
|
|
|
&mut self,
|
|
|
|
path: &str,
|
2019-09-04 10:47:01 +00:00
|
|
|
output: &mut (dyn Write + Send),
|
2020-06-12 09:46:42 +00:00
|
|
|
) -> Result<(), Error> {
|
2020-09-29 14:18:58 +00:00
|
|
|
let mut req = Self::request_builder(&self.server, self.port, "GET", path, None)?;
|
2019-03-13 10:56:37 +00:00
|
|
|
|
2019-04-28 08:55:03 +00:00
|
|
|
let client = self.client.clone();
|
2019-01-21 17:56:48 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
let auth = self.login().await?;
|
2019-02-20 13:09:55 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
|
|
|
|
req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
|
2019-03-03 10:29:00 +00:00
|
|
|
|
2021-01-11 10:24:52 +00:00
|
|
|
let resp = tokio::time::timeout(
|
|
|
|
HTTP_TIMEOUT,
|
|
|
|
client.request(req)
|
|
|
|
)
|
|
|
|
.await
|
|
|
|
.map_err(|_| format_err!("http download request timed out"))??;
|
2019-09-04 10:47:01 +00:00
|
|
|
let status = resp.status();
|
|
|
|
if !status.is_success() {
|
|
|
|
HttpClient::api_response(resp)
|
|
|
|
.map(|_| Err(format_err!("unknown error")))
|
|
|
|
.await?
|
|
|
|
} else {
|
|
|
|
resp.into_body()
|
2019-04-28 08:55:03 +00:00
|
|
|
.map_err(Error::from)
|
2019-09-04 10:47:01 +00:00
|
|
|
.try_fold(output, move |acc, chunk| async move {
|
|
|
|
acc.write_all(&chunk)?;
|
|
|
|
Ok::<_, Error>(acc)
|
2019-04-28 08:55:03 +00:00
|
|
|
})
|
2019-09-04 10:47:01 +00:00
|
|
|
.await?;
|
|
|
|
}
|
|
|
|
Ok(())
|
2019-03-03 10:29:00 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn upload(
|
2019-07-25 10:17:35 +00:00
|
|
|
&mut self,
|
|
|
|
content_type: &str,
|
|
|
|
body: Body,
|
|
|
|
path: &str,
|
|
|
|
data: Option<Value>,
|
2019-09-04 10:47:01 +00:00
|
|
|
) -> Result<Value, Error> {
|
2019-02-20 13:09:55 +00:00
|
|
|
|
2021-05-05 08:29:15 +00:00
|
|
|
let query = match data {
|
|
|
|
Some(data) => Some(tools::json_object_to_query(data)?),
|
|
|
|
None => None,
|
|
|
|
};
|
|
|
|
let url = build_uri(&self.server, self.port, path, query)?;
|
2019-02-20 13:09:55 +00:00
|
|
|
|
2019-04-28 08:55:03 +00:00
|
|
|
let req = Request::builder()
|
2019-02-20 13:09:55 +00:00
|
|
|
.method("POST")
|
|
|
|
.uri(url)
|
|
|
|
.header("User-Agent", "proxmox-backup-client/1.0")
|
2019-04-28 08:55:03 +00:00
|
|
|
.header("Content-Type", content_type)
|
|
|
|
.body(body).unwrap();
|
2019-02-20 13:09:55 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
self.request(req).await
|
2019-01-21 17:56:48 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
pub async fn start_h2_connection(
|
2019-06-26 10:09:18 +00:00
|
|
|
&self,
|
|
|
|
mut req: Request<Body>,
|
|
|
|
protocol_name: String,
|
2019-12-17 09:52:07 +00:00
|
|
|
) -> Result<(H2Client, futures::future::AbortHandle), Error> {
|
2019-04-29 09:57:58 +00:00
|
|
|
|
|
|
|
let client = self.client.clone();
|
2020-10-08 13:19:39 +00:00
|
|
|
let auth = self.login().await?;
|
|
|
|
|
|
|
|
if auth.auth_id.is_token() {
|
2020-10-30 12:10:38 +00:00
|
|
|
let enc_api_token = format!("PBSAPIToken {}:{}", auth.auth_id, percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
|
2020-10-08 13:19:39 +00:00
|
|
|
req.headers_mut().insert("Authorization", HeaderValue::from_str(&enc_api_token).unwrap());
|
|
|
|
} else {
|
|
|
|
let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
|
|
|
|
req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
|
|
|
|
req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
|
|
|
|
}
|
2019-04-29 09:57:58 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
req.headers_mut().insert("UPGRADE", HeaderValue::from_str(&protocol_name).unwrap());
|
2019-04-29 09:57:58 +00:00
|
|
|
|
2021-01-11 10:24:52 +00:00
|
|
|
let resp = tokio::time::timeout(
|
|
|
|
HTTP_TIMEOUT,
|
|
|
|
client.request(req)
|
|
|
|
)
|
|
|
|
.await
|
|
|
|
.map_err(|_| format_err!("http upgrade request timed out"))??;
|
2019-09-04 10:47:01 +00:00
|
|
|
let status = resp.status();
|
2019-04-29 09:57:58 +00:00
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
if status != http::StatusCode::SWITCHING_PROTOCOLS {
|
2019-12-27 12:41:31 +00:00
|
|
|
Self::api_response(resp).await?;
|
|
|
|
bail!("unknown error");
|
2019-09-04 10:47:01 +00:00
|
|
|
}
|
|
|
|
|
2020-12-04 08:11:29 +00:00
|
|
|
let upgraded = hyper::upgrade::on(resp).await?;
|
2019-09-04 10:47:01 +00:00
|
|
|
|
|
|
|
let max_window_size = (1 << 31) - 2;
|
|
|
|
|
|
|
|
let (h2, connection) = h2::client::Builder::new()
|
|
|
|
.initial_connection_window_size(max_window_size)
|
|
|
|
.initial_window_size(max_window_size)
|
|
|
|
.max_frame_size(4*1024*1024)
|
|
|
|
.handshake(upgraded)
|
|
|
|
.await?;
|
|
|
|
|
|
|
|
let connection = connection
|
2020-10-19 11:59:33 +00:00
|
|
|
.map_err(|_| eprintln!("HTTP/2.0 connection failed"));
|
2019-09-04 10:47:01 +00:00
|
|
|
|
2019-12-17 09:52:07 +00:00
|
|
|
let (connection, abort) = futures::future::abortable(connection);
|
2019-09-04 10:47:01 +00:00
|
|
|
// A cancellable future returns an Option which is None when cancelled and
|
|
|
|
// Some when it finished instead, since we don't care about the return type we
|
|
|
|
// need to map it away:
|
|
|
|
let connection = connection.map(|_| ());
|
|
|
|
|
|
|
|
// Spawn a new task to drive the connection state
|
2019-12-12 14:27:07 +00:00
|
|
|
tokio::spawn(connection);
|
2019-09-04 10:47:01 +00:00
|
|
|
|
|
|
|
// Wait until the `SendRequest` handle has available capacity.
|
|
|
|
let c = h2.ready().await?;
|
2019-12-17 09:52:07 +00:00
|
|
|
Ok((H2Client::new(c), abort))
|
2019-04-29 09:57:58 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 07:57:29 +00:00
|
|
|
async fn credentials(
|
2019-09-02 13:14:55 +00:00
|
|
|
client: Client<HttpsConnector>,
|
2019-04-30 09:44:35 +00:00
|
|
|
server: String,
|
2020-09-29 14:18:58 +00:00
|
|
|
port: u16,
|
2020-08-06 13:46:01 +00:00
|
|
|
username: Userid,
|
2019-04-30 09:44:35 +00:00
|
|
|
password: String,
|
2019-09-04 07:57:29 +00:00
|
|
|
) -> Result<AuthInfo, Error> {
|
|
|
|
let data = json!({ "username": username, "password": password });
|
2020-09-29 14:18:58 +00:00
|
|
|
let req = Self::request_builder(&server, port, "POST", "/api2/json/access/ticket", Some(data))?;
|
2019-09-04 07:57:29 +00:00
|
|
|
let cred = Self::api_request(client, req).await?;
|
|
|
|
let auth = AuthInfo {
|
2020-10-08 13:19:39 +00:00
|
|
|
auth_id: cred["data"]["username"].as_str().unwrap().parse()?,
|
2019-09-04 07:57:29 +00:00
|
|
|
ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
|
|
|
|
token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
|
|
|
|
};
|
|
|
|
|
|
|
|
Ok(auth)
|
2019-03-05 11:54:44 +00:00
|
|
|
}
|
|
|
|
|
2019-08-23 12:33:48 +00:00
|
|
|
async fn api_response(response: Response<Body>) -> Result<Value, Error> {
|
2019-05-22 11:24:33 +00:00
|
|
|
let status = response.status();
|
2019-12-12 14:27:07 +00:00
|
|
|
let data = hyper::body::to_bytes(response.into_body()).await?;
|
2019-08-23 12:33:48 +00:00
|
|
|
|
|
|
|
let text = String::from_utf8(data.to_vec()).unwrap();
|
|
|
|
if status.is_success() {
|
2019-10-25 16:04:37 +00:00
|
|
|
if text.is_empty() {
|
|
|
|
Ok(Value::Null)
|
|
|
|
} else {
|
2019-08-23 12:33:48 +00:00
|
|
|
let value: Value = serde_json::from_str(&text)?;
|
|
|
|
Ok(value)
|
|
|
|
}
|
|
|
|
} else {
|
2020-07-21 13:03:34 +00:00
|
|
|
Err(Error::from(HttpError::new(status, text)))
|
2019-08-23 12:33:48 +00:00
|
|
|
}
|
2019-05-22 11:24:33 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 10:47:01 +00:00
|
|
|
async fn api_request(
|
2019-09-02 13:14:55 +00:00
|
|
|
client: Client<HttpsConnector>,
|
2019-04-28 08:55:03 +00:00
|
|
|
req: Request<Body>
|
2019-09-04 10:47:01 +00:00
|
|
|
) -> Result<Value, Error> {
|
2019-03-05 11:54:44 +00:00
|
|
|
|
2021-01-11 10:24:52 +00:00
|
|
|
Self::api_response(
|
|
|
|
tokio::time::timeout(
|
|
|
|
HTTP_TIMEOUT,
|
|
|
|
client.request(req)
|
|
|
|
)
|
|
|
|
.await
|
|
|
|
.map_err(|_| format_err!("http request timed out"))??
|
|
|
|
).await
|
2019-02-13 13:31:43 +00:00
|
|
|
}
|
|
|
|
|
2019-10-12 10:57:08 +00:00
|
|
|
// Read-only access to server property
|
|
|
|
pub fn server(&self) -> &str {
|
|
|
|
&self.server
|
|
|
|
}
|
|
|
|
|
2020-09-29 14:18:58 +00:00
|
|
|
pub fn port(&self) -> u16 {
|
|
|
|
self.port
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn request_builder(server: &str, port: u16, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
|
2019-04-28 08:55:03 +00:00
|
|
|
if let Some(data) = data {
|
|
|
|
if method == "POST" {
|
2021-05-05 08:29:15 +00:00
|
|
|
let url = build_uri(server, port, path, None)?;
|
2019-04-28 08:55:03 +00:00
|
|
|
let request = Request::builder()
|
|
|
|
.method(method)
|
|
|
|
.uri(url)
|
|
|
|
.header("User-Agent", "proxmox-backup-client/1.0")
|
|
|
|
.header(hyper::header::CONTENT_TYPE, "application/json")
|
|
|
|
.body(Body::from(data.to_string()))?;
|
2021-05-05 08:29:15 +00:00
|
|
|
Ok(request)
|
2019-04-28 08:55:03 +00:00
|
|
|
} else {
|
2019-05-13 07:12:03 +00:00
|
|
|
let query = tools::json_object_to_query(data)?;
|
2021-05-05 08:29:15 +00:00
|
|
|
let url = build_uri(server, port, path, Some(query))?;
|
2019-05-13 07:12:03 +00:00
|
|
|
let request = Request::builder()
|
|
|
|
.method(method)
|
|
|
|
.uri(url)
|
|
|
|
.header("User-Agent", "proxmox-backup-client/1.0")
|
|
|
|
.header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
|
|
|
|
.body(Body::empty())?;
|
2021-05-05 08:29:15 +00:00
|
|
|
Ok(request)
|
2019-04-28 08:55:03 +00:00
|
|
|
}
|
2021-05-05 08:29:15 +00:00
|
|
|
} else {
|
|
|
|
let url = build_uri(server, port, path, None)?;
|
|
|
|
let request = Request::builder()
|
|
|
|
.method(method)
|
|
|
|
.uri(url)
|
|
|
|
.header("User-Agent", "proxmox-backup-client/1.0")
|
|
|
|
.header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
|
|
|
|
.body(Body::empty())?;
|
2019-01-21 17:56:48 +00:00
|
|
|
|
2021-05-05 08:29:15 +00:00
|
|
|
Ok(request)
|
|
|
|
}
|
2019-01-17 10:29:38 +00:00
|
|
|
}
|
|
|
|
}
|
2019-05-13 08:27:22 +00:00
|
|
|
|
2020-09-15 09:15:00 +00:00
|
|
|
impl Drop for HttpClient {
|
|
|
|
fn drop(&mut self) {
|
|
|
|
self.ticket_abort.abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-22 15:28:25 +00:00
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct H2Client {
|
|
|
|
h2: h2::client::SendRequest<bytes::Bytes>,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl H2Client {
|
|
|
|
|
|
|
|
pub fn new(h2: h2::client::SendRequest<bytes::Bytes>) -> Self {
|
|
|
|
Self { h2 }
|
|
|
|
}
|
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
pub async fn get(
|
|
|
|
&self,
|
|
|
|
path: &str,
|
|
|
|
param: Option<Value>
|
|
|
|
) -> Result<Value, Error> {
|
2019-09-20 10:23:06 +00:00
|
|
|
let req = Self::request_builder("localhost", "GET", path, param, None).unwrap();
|
2019-09-04 12:52:19 +00:00
|
|
|
self.request(req).await
|
2019-05-22 15:28:25 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
pub async fn put(
|
|
|
|
&self,
|
|
|
|
path: &str,
|
|
|
|
param: Option<Value>
|
|
|
|
) -> Result<Value, Error> {
|
2019-09-20 10:23:06 +00:00
|
|
|
let req = Self::request_builder("localhost", "PUT", path, param, None).unwrap();
|
2019-09-04 12:52:19 +00:00
|
|
|
self.request(req).await
|
2019-05-22 15:28:25 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
pub async fn post(
|
|
|
|
&self,
|
|
|
|
path: &str,
|
|
|
|
param: Option<Value>
|
|
|
|
) -> Result<Value, Error> {
|
2019-09-20 10:23:06 +00:00
|
|
|
let req = Self::request_builder("localhost", "POST", path, param, None).unwrap();
|
2019-09-04 12:52:19 +00:00
|
|
|
self.request(req).await
|
2019-05-22 15:28:25 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 11:57:05 +00:00
|
|
|
pub async fn download<W: Write + Send>(
|
2019-08-23 12:33:48 +00:00
|
|
|
&self,
|
|
|
|
path: &str,
|
|
|
|
param: Option<Value>,
|
2019-09-04 12:52:19 +00:00
|
|
|
mut output: W,
|
2020-06-12 09:46:42 +00:00
|
|
|
) -> Result<(), Error> {
|
2019-09-20 10:23:06 +00:00
|
|
|
let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
|
2019-06-27 07:01:41 +00:00
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
let response_future = self.send_request(request, None).await?;
|
2019-06-28 05:02:43 +00:00
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
let resp = response_future.await?;
|
|
|
|
|
|
|
|
let status = resp.status();
|
|
|
|
if !status.is_success() {
|
2019-09-05 11:25:17 +00:00
|
|
|
H2Client::h2api_response(resp).await?; // raise error
|
|
|
|
unreachable!();
|
2019-09-04 12:52:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
let mut body = resp.into_body();
|
2019-12-12 14:27:07 +00:00
|
|
|
while let Some(chunk) = body.data().await {
|
|
|
|
let chunk = chunk?;
|
|
|
|
body.flow_control().release_capacity(chunk.len())?;
|
2019-09-04 12:52:19 +00:00
|
|
|
output.write_all(&chunk)?;
|
|
|
|
}
|
|
|
|
|
2020-06-12 09:46:42 +00:00
|
|
|
Ok(())
|
2019-06-27 07:01:41 +00:00
|
|
|
}
|
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
pub async fn upload(
|
2019-08-23 12:33:48 +00:00
|
|
|
&self,
|
2019-09-20 10:40:23 +00:00
|
|
|
method: &str, // POST or PUT
|
2019-08-23 12:33:48 +00:00
|
|
|
path: &str,
|
|
|
|
param: Option<Value>,
|
2019-09-20 10:23:06 +00:00
|
|
|
content_type: &str,
|
2019-08-23 12:33:48 +00:00
|
|
|
data: Vec<u8>,
|
2019-09-04 12:52:19 +00:00
|
|
|
) -> Result<Value, Error> {
|
2019-09-20 10:40:23 +00:00
|
|
|
let request = Self::request_builder("localhost", method, path, param, Some(content_type)).unwrap();
|
2019-05-22 15:28:25 +00:00
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
let mut send_request = self.h2.clone().ready().await?;
|
|
|
|
|
|
|
|
let (response, stream) = send_request.send_request(request, false).unwrap();
|
2019-09-05 13:07:37 +00:00
|
|
|
|
|
|
|
PipeToSendStream::new(bytes::Bytes::from(data), stream).await?;
|
|
|
|
|
|
|
|
response
|
|
|
|
.map_err(Error::from)
|
|
|
|
.and_then(Self::h2api_response)
|
2019-09-04 12:52:19 +00:00
|
|
|
.await
|
2019-05-22 15:28:25 +00:00
|
|
|
}
|
2019-05-16 08:24:23 +00:00
|
|
|
|
2019-09-04 12:52:19 +00:00
|
|
|
async fn request(
|
2019-05-22 15:28:25 +00:00
|
|
|
&self,
|
2019-05-13 08:27:22 +00:00
|
|
|
request: Request<()>,
|
2019-09-04 12:52:19 +00:00
|
|
|
) -> Result<Value, Error> {
|
2019-05-13 08:27:22 +00:00
|
|
|
|
2019-05-22 15:28:25 +00:00
|
|
|
self.send_request(request, None)
|
2019-05-20 12:19:24 +00:00
|
|
|
.and_then(move |response| {
|
|
|
|
response
|
|
|
|
.map_err(Error::from)
|
|
|
|
.and_then(Self::h2api_response)
|
|
|
|
})
|
2019-09-04 12:52:19 +00:00
|
|
|
.await
|
2019-05-20 12:19:24 +00:00
|
|
|
}
|
|
|
|
|
2019-10-12 11:53:11 +00:00
|
|
|
pub fn send_request(
|
2019-05-22 15:28:25 +00:00
|
|
|
&self,
|
2019-05-20 12:19:24 +00:00
|
|
|
request: Request<()>,
|
|
|
|
data: Option<bytes::Bytes>,
|
2019-08-23 12:33:48 +00:00
|
|
|
) -> impl Future<Output = Result<h2::client::ResponseFuture, Error>> {
|
2019-05-20 12:19:24 +00:00
|
|
|
|
2019-05-22 15:28:25 +00:00
|
|
|
self.h2.clone()
|
2019-05-13 10:11:18 +00:00
|
|
|
.ready()
|
|
|
|
.map_err(Error::from)
|
2019-09-05 13:07:37 +00:00
|
|
|
.and_then(move |mut send_request| async move {
|
2019-05-20 12:19:24 +00:00
|
|
|
if let Some(data) = data {
|
|
|
|
let (response, stream) = send_request.send_request(request, false).unwrap();
|
2019-09-05 13:07:37 +00:00
|
|
|
PipeToSendStream::new(data, stream).await?;
|
|
|
|
Ok(response)
|
2019-05-20 12:19:24 +00:00
|
|
|
} else {
|
|
|
|
let (response, _stream) = send_request.send_request(request, true).unwrap();
|
2019-09-05 13:07:37 +00:00
|
|
|
Ok(response)
|
2019-05-20 12:19:24 +00:00
|
|
|
}
|
2019-05-13 08:27:22 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2019-09-28 16:22:48 +00:00
|
|
|
pub async fn h2api_response(
|
2019-08-23 12:33:48 +00:00
|
|
|
response: Response<h2::RecvStream>,
|
2019-09-05 12:56:52 +00:00
|
|
|
) -> Result<Value, Error> {
|
2019-05-13 08:27:22 +00:00
|
|
|
let status = response.status();
|
|
|
|
|
|
|
|
let (_head, mut body) = response.into_parts();
|
|
|
|
|
2019-09-05 12:56:52 +00:00
|
|
|
let mut data = Vec::new();
|
2019-12-12 14:27:07 +00:00
|
|
|
while let Some(chunk) = body.data().await {
|
|
|
|
let chunk = chunk?;
|
|
|
|
// Whenever data is received, the caller is responsible for
|
|
|
|
// releasing capacity back to the server once it has freed
|
|
|
|
// the data from memory.
|
2019-09-05 12:56:52 +00:00
|
|
|
// Let the server send more data.
|
2019-12-12 14:27:07 +00:00
|
|
|
body.flow_control().release_capacity(chunk.len())?;
|
2019-09-05 12:56:52 +00:00
|
|
|
data.extend(chunk);
|
|
|
|
}
|
|
|
|
|
|
|
|
let text = String::from_utf8(data.to_vec()).unwrap();
|
|
|
|
if status.is_success() {
|
2019-10-25 16:04:37 +00:00
|
|
|
if text.is_empty() {
|
|
|
|
Ok(Value::Null)
|
|
|
|
} else {
|
2019-09-05 12:56:52 +00:00
|
|
|
let mut value: Value = serde_json::from_str(&text)?;
|
|
|
|
if let Some(map) = value.as_object_mut() {
|
|
|
|
if let Some(data) = map.remove("data") {
|
|
|
|
return Ok(data);
|
2019-05-13 08:27:22 +00:00
|
|
|
}
|
|
|
|
}
|
2019-09-05 12:56:52 +00:00
|
|
|
bail!("got result without data property");
|
|
|
|
}
|
|
|
|
} else {
|
2020-07-21 13:03:34 +00:00
|
|
|
Err(Error::from(HttpError::new(status, text)))
|
2019-09-05 12:56:52 +00:00
|
|
|
}
|
2019-05-13 08:27:22 +00:00
|
|
|
}
|
|
|
|
|
2019-05-24 06:32:55 +00:00
|
|
|
// Note: We always encode parameters with the url
|
2019-09-20 10:23:06 +00:00
|
|
|
pub fn request_builder(
|
|
|
|
server: &str,
|
|
|
|
method: &str,
|
|
|
|
path: &str,
|
|
|
|
param: Option<Value>,
|
|
|
|
content_type: Option<&str>,
|
|
|
|
) -> Result<Request<()>, Error> {
|
2019-05-13 08:27:22 +00:00
|
|
|
let path = path.trim_matches('/');
|
|
|
|
|
2019-09-20 10:23:06 +00:00
|
|
|
let content_type = content_type.unwrap_or("application/x-www-form-urlencoded");
|
2021-05-05 08:29:15 +00:00
|
|
|
let query = match param {
|
|
|
|
Some(param) => {
|
|
|
|
let query = tools::json_object_to_query(param)?;
|
|
|
|
// We detected problem with hyper around 6000 characters - so we try to keep on the safe side
|
|
|
|
if query.len() > 4096 {
|
|
|
|
bail!("h2 query data too large ({} bytes) - please encode data inside body", query.len());
|
|
|
|
}
|
|
|
|
Some(query)
|
|
|
|
}
|
|
|
|
None => None,
|
|
|
|
};
|
2019-09-20 10:23:06 +00:00
|
|
|
|
2021-05-05 08:29:15 +00:00
|
|
|
let url = build_uri(server, 8007, path, query)?;
|
|
|
|
let request = Request::builder()
|
|
|
|
.method(method)
|
|
|
|
.uri(url)
|
|
|
|
.header("User-Agent", "proxmox-backup-client/1.0")
|
|
|
|
.header(hyper::header::CONTENT_TYPE, content_type)
|
|
|
|
.body(())?;
|
|
|
|
Ok(request)
|
2019-05-13 08:27:22 +00:00
|
|
|
}
|
|
|
|
}
|