proxmox-rest-server: use new ServerAdapter trait instead of callbacks
Async callbacks are a PITA, so we now pass a single trait object which implements check_auth and get_index.
This commit is contained in:
parent
48176b0a77
commit
608806e884
|
@ -1,20 +1,24 @@
|
||||||
use std::sync::{Arc, Mutex};
|
use std::sync::Mutex;
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::future::Future;
|
use std::future::Future;
|
||||||
use std::pin::Pin;
|
use std::pin::Pin;
|
||||||
|
|
||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
|
use hyper::{Body, Response, Method};
|
||||||
|
use http::request::Parts;
|
||||||
|
use http::HeaderMap;
|
||||||
|
|
||||||
use proxmox::api::{api, router::SubdirMap, Router, RpcEnvironmentType, UserInformation};
|
use proxmox::api::{api, router::SubdirMap, Router, RpcEnvironmentType, UserInformation};
|
||||||
use proxmox::list_subdirs_api_method;
|
use proxmox::list_subdirs_api_method;
|
||||||
use proxmox_rest_server::{ApiAuth, ApiConfig, AuthError, RestServer, RestEnvironment};
|
use proxmox_rest_server::{ServerAdapter, ApiConfig, AuthError, RestServer, RestEnvironment};
|
||||||
// Create a Dummy User info and auth system
|
|
||||||
// Normally this would check and authenticate the user
|
// Create a Dummy User information system
|
||||||
struct DummyUserInfo;
|
struct DummyUserInfo;
|
||||||
|
|
||||||
impl UserInformation for DummyUserInfo {
|
impl UserInformation for DummyUserInfo {
|
||||||
fn is_superuser(&self, _userid: &str) -> bool {
|
fn is_superuser(&self, _userid: &str) -> bool {
|
||||||
|
// Always return true here, so we have access to everthing
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
fn is_group_member(&self, _userid: &str, group: &str) -> bool {
|
fn is_group_member(&self, _userid: &str, group: &str) -> bool {
|
||||||
|
@ -25,14 +29,17 @@ impl UserInformation for DummyUserInfo {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct DummyAuth;
|
struct MinimalServer;
|
||||||
|
|
||||||
impl ApiAuth for DummyAuth {
|
// implement the server adapter
|
||||||
fn check_auth<'a>(
|
impl ServerAdapter for MinimalServer {
|
||||||
&'a self,
|
|
||||||
_headers: &'a http::HeaderMap,
|
// normally this would check and authenticate the user
|
||||||
_method: &'a hyper::Method,
|
fn check_auth(
|
||||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
&self,
|
||||||
|
_headers: &HeaderMap,
|
||||||
|
_method: &Method,
|
||||||
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send>> {
|
||||||
Box::pin(async move {
|
Box::pin(async move {
|
||||||
// get some global/cached userinfo
|
// get some global/cached userinfo
|
||||||
let userinfo: Box<dyn UserInformation + Sync + Send> = Box::new(DummyUserInfo);
|
let userinfo: Box<dyn UserInformation + Sync + Send> = Box::new(DummyUserInfo);
|
||||||
|
@ -40,15 +47,14 @@ impl ApiAuth for DummyAuth {
|
||||||
Ok(("User".to_string(), userinfo))
|
Ok(("User".to_string(), userinfo))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// this should return the index page of the webserver
|
// this should return the index page of the webserver
|
||||||
// iow. what the user browses to
|
// iow. what the user browses to
|
||||||
|
fn get_index(
|
||||||
fn get_index<'a>(
|
&self,
|
||||||
_env: RestEnvironment,
|
_env: RestEnvironment,
|
||||||
_parts: http::request::Parts,
|
_parts: Parts,
|
||||||
) -> Pin<Box<dyn Future<Output = http::Response<hyper::Body>> + Send + 'a>> {
|
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
|
||||||
Box::pin(async move {
|
Box::pin(async move {
|
||||||
// build an index page
|
// build an index page
|
||||||
http::Response::builder()
|
http::Response::builder()
|
||||||
|
@ -56,6 +62,7 @@ fn get_index<'a>(
|
||||||
.unwrap()
|
.unwrap()
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// a few examples on how to do api calls with the Router
|
// a few examples on how to do api calls with the Router
|
||||||
|
|
||||||
|
@ -190,8 +197,7 @@ async fn run() -> Result<(), Error> {
|
||||||
"/var/tmp/",
|
"/var/tmp/",
|
||||||
&ROUTER,
|
&ROUTER,
|
||||||
RpcEnvironmentType::PUBLIC,
|
RpcEnvironmentType::PUBLIC,
|
||||||
Arc::new(DummyAuth {}),
|
MinimalServer,
|
||||||
&get_index,
|
|
||||||
)?;
|
)?;
|
||||||
let rest_server = RestServer::new(config);
|
let rest_server = RestServer::new(config);
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@ use std::path::PathBuf;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
use std::fs::metadata;
|
use std::fs::metadata;
|
||||||
use std::sync::{Arc, Mutex, RwLock};
|
use std::sync::{Arc, Mutex, RwLock};
|
||||||
use std::future::Future;
|
|
||||||
use std::pin::Pin;
|
use std::pin::Pin;
|
||||||
|
|
||||||
use anyhow::{bail, Error, format_err};
|
use anyhow::{bail, Error, format_err};
|
||||||
|
@ -16,9 +15,8 @@ use serde::Serialize;
|
||||||
use proxmox::api::{ApiMethod, Router, RpcEnvironmentType, UserInformation};
|
use proxmox::api::{ApiMethod, Router, RpcEnvironmentType, UserInformation};
|
||||||
use proxmox::tools::fs::{create_path, CreateOptions};
|
use proxmox::tools::fs::{create_path, CreateOptions};
|
||||||
|
|
||||||
use crate::{ApiAuth, AuthError, FileLogger, FileLogOptions, CommandSocket, RestEnvironment};
|
use crate::{ServerAdapter, AuthError, FileLogger, FileLogOptions, CommandSocket, RestEnvironment};
|
||||||
|
|
||||||
pub type GetIndexFn = &'static (dyn Fn(RestEnvironment, Parts) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> + Send + Sync);
|
|
||||||
|
|
||||||
/// REST server configuration
|
/// REST server configuration
|
||||||
pub struct ApiConfig {
|
pub struct ApiConfig {
|
||||||
|
@ -30,8 +28,7 @@ pub struct ApiConfig {
|
||||||
template_files: RwLock<HashMap<String, (SystemTime, PathBuf)>>,
|
template_files: RwLock<HashMap<String, (SystemTime, PathBuf)>>,
|
||||||
request_log: Option<Arc<Mutex<FileLogger>>>,
|
request_log: Option<Arc<Mutex<FileLogger>>>,
|
||||||
auth_log: Option<Arc<Mutex<FileLogger>>>,
|
auth_log: Option<Arc<Mutex<FileLogger>>>,
|
||||||
api_auth: Arc<dyn ApiAuth + Send + Sync>,
|
adapter: Pin<Box<dyn ServerAdapter + Send + Sync>>,
|
||||||
get_index_fn: GetIndexFn,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ApiConfig {
|
impl ApiConfig {
|
||||||
|
@ -53,8 +50,7 @@ impl ApiConfig {
|
||||||
basedir: B,
|
basedir: B,
|
||||||
router: &'static Router,
|
router: &'static Router,
|
||||||
env_type: RpcEnvironmentType,
|
env_type: RpcEnvironmentType,
|
||||||
api_auth: Arc<dyn ApiAuth + Send + Sync>,
|
adapter: impl ServerAdapter + 'static,
|
||||||
get_index_fn: GetIndexFn,
|
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
basedir: basedir.into(),
|
basedir: basedir.into(),
|
||||||
|
@ -65,8 +61,7 @@ impl ApiConfig {
|
||||||
template_files: RwLock::new(HashMap::new()),
|
template_files: RwLock::new(HashMap::new()),
|
||||||
request_log: None,
|
request_log: None,
|
||||||
auth_log: None,
|
auth_log: None,
|
||||||
api_auth,
|
adapter: Box::pin(adapter),
|
||||||
get_index_fn,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,7 +70,7 @@ impl ApiConfig {
|
||||||
rest_env: RestEnvironment,
|
rest_env: RestEnvironment,
|
||||||
parts: Parts,
|
parts: Parts,
|
||||||
) -> Response<Body> {
|
) -> Response<Body> {
|
||||||
(self.get_index_fn)(rest_env, parts).await
|
self.adapter.get_index(rest_env, parts).await
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) async fn check_auth(
|
pub(crate) async fn check_auth(
|
||||||
|
@ -83,7 +78,7 @@ impl ApiConfig {
|
||||||
headers: &http::HeaderMap,
|
headers: &http::HeaderMap,
|
||||||
method: &hyper::Method,
|
method: &hyper::Method,
|
||||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
||||||
self.api_auth.check_auth(headers, method).await
|
self.adapter.check_auth(headers, method).await
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn find_method(
|
pub(crate) fn find_method(
|
||||||
|
|
|
@ -21,6 +21,9 @@ use std::pin::Pin;
|
||||||
|
|
||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
use nix::unistd::Pid;
|
use nix::unistd::Pid;
|
||||||
|
use hyper::{Body, Response, Method};
|
||||||
|
use http::request::Parts;
|
||||||
|
use http::HeaderMap;
|
||||||
|
|
||||||
use proxmox::tools::fd::Fd;
|
use proxmox::tools::fd::Fd;
|
||||||
use proxmox::sys::linux::procfs::PidStat;
|
use proxmox::sys::linux::procfs::PidStat;
|
||||||
|
@ -70,17 +73,26 @@ impl From<Error> for AuthError {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// User Authentication trait
|
/// User Authentication and index/root page generation methods
|
||||||
pub trait ApiAuth {
|
pub trait ServerAdapter: Send + Sync {
|
||||||
|
|
||||||
|
/// Returns the index/root page
|
||||||
|
fn get_index(
|
||||||
|
&self,
|
||||||
|
rest_env: RestEnvironment,
|
||||||
|
parts: Parts,
|
||||||
|
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>>;
|
||||||
|
|
||||||
/// Extract user credentials from headers and check them.
|
/// Extract user credentials from headers and check them.
|
||||||
///
|
///
|
||||||
/// If credenthials are valid, returns the username and a
|
/// If credenthials are valid, returns the username and a
|
||||||
/// [UserInformation] object to query additional user data.
|
/// [UserInformation] object to query additional user data.
|
||||||
fn check_auth<'a>(
|
fn check_auth<'a>(
|
||||||
&'a self,
|
&'a self,
|
||||||
headers: &'a http::HeaderMap,
|
headers: &'a HeaderMap,
|
||||||
method: &'a hyper::Method,
|
method: &'a Method,
|
||||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>>;
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>>;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
lazy_static::lazy_static!{
|
lazy_static::lazy_static!{
|
||||||
|
|
|
@ -7,23 +7,17 @@ use std::os::unix::{
|
||||||
};
|
};
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
use std::sync::{Arc, Mutex};
|
use std::sync::{Arc, Mutex};
|
||||||
use std::future::Future;
|
|
||||||
use std::pin::Pin;
|
|
||||||
|
|
||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use log::{error, info};
|
use log::{error, info};
|
||||||
use tokio::sync::mpsc;
|
use tokio::sync::mpsc;
|
||||||
use tokio_stream::wrappers::ReceiverStream;
|
use tokio_stream::wrappers::ReceiverStream;
|
||||||
use http::request::Parts;
|
|
||||||
use http::Response;
|
|
||||||
use hyper::{Body, StatusCode};
|
|
||||||
use hyper::header;
|
|
||||||
|
|
||||||
use proxmox::api::RpcEnvironmentType;
|
use proxmox::api::RpcEnvironmentType;
|
||||||
|
|
||||||
use pbs_client::DEFAULT_VSOCK_PORT;
|
use pbs_client::DEFAULT_VSOCK_PORT;
|
||||||
use proxmox_rest_server::{ApiConfig, RestServer, RestEnvironment};
|
use proxmox_rest_server::{ApiConfig, RestServer};
|
||||||
|
|
||||||
mod proxmox_restore_daemon;
|
mod proxmox_restore_daemon;
|
||||||
use proxmox_restore_daemon::*;
|
use proxmox_restore_daemon::*;
|
||||||
|
@ -93,29 +87,14 @@ fn setup_system_env() -> Result<(), Error> {
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_index<'a>(
|
|
||||||
_env: RestEnvironment,
|
|
||||||
_parts: Parts,
|
|
||||||
) -> Pin<Box<dyn Future<Output = http::Response<Body>> + Send + 'a>> {
|
|
||||||
Box::pin(async move {
|
|
||||||
|
|
||||||
let index = "<center><h1>Proxmox Backup Restore Daemon/h1></center>";
|
|
||||||
|
|
||||||
Response::builder()
|
|
||||||
.status(StatusCode::OK)
|
|
||||||
.header(header::CONTENT_TYPE, "text/html")
|
|
||||||
.body(index.into())
|
|
||||||
.unwrap()
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn run() -> Result<(), Error> {
|
async fn run() -> Result<(), Error> {
|
||||||
watchdog_init();
|
watchdog_init();
|
||||||
|
|
||||||
let auth_config = Arc::new(
|
let adaptor = StaticAuthAdapter::new()
|
||||||
auth::ticket_auth().map_err(|err| format_err!("reading ticket file failed: {}", err))?,
|
.map_err(|err| format_err!("reading ticket file failed: {}", err))?;
|
||||||
);
|
|
||||||
let config = ApiConfig::new("", &ROUTER, RpcEnvironmentType::PUBLIC, auth_config, &get_index)?;
|
let config = ApiConfig::new("", &ROUTER, RpcEnvironmentType::PUBLIC, adaptor)?;
|
||||||
let rest_server = RestServer::new(config);
|
let rest_server = RestServer::new(config);
|
||||||
|
|
||||||
let vsock_fd = get_vsock_fd()?;
|
let vsock_fd = get_vsock_fd()?;
|
||||||
|
|
|
@ -5,10 +5,13 @@ use std::future::Future;
|
||||||
use std::pin::Pin;
|
use std::pin::Pin;
|
||||||
|
|
||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
|
use hyper::{Body, Response, Method, StatusCode};
|
||||||
|
use http::request::Parts;
|
||||||
|
use http::HeaderMap;
|
||||||
|
|
||||||
use proxmox::api::UserInformation;
|
use proxmox::api::UserInformation;
|
||||||
|
|
||||||
use proxmox_rest_server::{ApiAuth, AuthError};
|
use proxmox_rest_server::{ServerAdapter, AuthError, RestEnvironment};
|
||||||
|
|
||||||
const TICKET_FILE: &str = "/ticket";
|
const TICKET_FILE: &str = "/ticket";
|
||||||
|
|
||||||
|
@ -22,15 +25,30 @@ impl UserInformation for SimpleUserInformation {
|
||||||
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct StaticAuth {
|
pub struct StaticAuthAdapter {
|
||||||
ticket: String,
|
ticket: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ApiAuth for StaticAuth {
|
impl StaticAuthAdapter {
|
||||||
|
|
||||||
|
pub fn new() -> Result<Self, Error> {
|
||||||
|
let mut ticket_file = File::open(TICKET_FILE)?;
|
||||||
|
let mut ticket = String::new();
|
||||||
|
let len = ticket_file.read_to_string(&mut ticket)?;
|
||||||
|
if len <= 0 {
|
||||||
|
bail!("invalid ticket: cannot be empty");
|
||||||
|
}
|
||||||
|
Ok(StaticAuthAdapter { ticket })
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
impl ServerAdapter for StaticAuthAdapter {
|
||||||
|
|
||||||
fn check_auth<'a>(
|
fn check_auth<'a>(
|
||||||
&'a self,
|
&'a self,
|
||||||
headers: &'a http::HeaderMap,
|
headers: &'a HeaderMap,
|
||||||
_method: &'a hyper::Method,
|
_method: &'a Method,
|
||||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||||
Box::pin(async move {
|
Box::pin(async move {
|
||||||
|
|
||||||
|
@ -47,14 +65,21 @@ impl ApiAuth for StaticAuth {
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
pub fn ticket_auth() -> Result<StaticAuth, Error> {
|
fn get_index(
|
||||||
let mut ticket_file = File::open(TICKET_FILE)?;
|
&self,
|
||||||
let mut ticket = String::new();
|
_env: RestEnvironment,
|
||||||
let len = ticket_file.read_to_string(&mut ticket)?;
|
_parts: Parts,
|
||||||
if len <= 0 {
|
) -> Pin<Box<dyn Future<Output = http::Response<Body>> + Send>> {
|
||||||
bail!("invalid ticket: cannot be empty");
|
Box::pin(async move {
|
||||||
|
|
||||||
|
let index = "<center><h1>Proxmox Backup Restore Daemon/h1></center>";
|
||||||
|
|
||||||
|
Response::builder()
|
||||||
|
.status(StatusCode::OK)
|
||||||
|
.header(hyper::header::CONTENT_TYPE, "text/html")
|
||||||
|
.body(index.into())
|
||||||
|
.unwrap()
|
||||||
|
})
|
||||||
}
|
}
|
||||||
Ok(StaticAuth { ticket })
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ mod api;
|
||||||
pub use api::*;
|
pub use api::*;
|
||||||
|
|
||||||
pub mod auth;
|
pub mod auth;
|
||||||
|
pub use auth::*;
|
||||||
|
|
||||||
mod watchdog;
|
mod watchdog;
|
||||||
pub use watchdog::*;
|
pub use watchdog::*;
|
||||||
|
|
|
@ -5,16 +5,17 @@ use anyhow::{bail, Error};
|
||||||
use futures::*;
|
use futures::*;
|
||||||
use http::request::Parts;
|
use http::request::Parts;
|
||||||
use http::Response;
|
use http::Response;
|
||||||
use hyper::{Body, StatusCode};
|
use hyper::{Body, Method, StatusCode};
|
||||||
use hyper::header;
|
use http::HeaderMap;
|
||||||
|
|
||||||
use proxmox::try_block;
|
use proxmox::try_block;
|
||||||
use proxmox::api::RpcEnvironmentType;
|
use proxmox::api::RpcEnvironmentType;
|
||||||
use proxmox::tools::fs::CreateOptions;
|
use proxmox::tools::fs::CreateOptions;
|
||||||
|
use proxmox::api::UserInformation;
|
||||||
|
|
||||||
use proxmox_rest_server::{daemon, ApiConfig, RestServer, RestEnvironment};
|
use proxmox_rest_server::{daemon, AuthError, ApiConfig, RestServer, RestEnvironment, ServerAdapter};
|
||||||
|
|
||||||
use proxmox_backup::server::auth::default_api_auth;
|
use proxmox_backup::server::auth::check_pbs_auth;
|
||||||
use proxmox_backup::auth_helpers::*;
|
use proxmox_backup::auth_helpers::*;
|
||||||
use proxmox_backup::config;
|
use proxmox_backup::config;
|
||||||
|
|
||||||
|
@ -27,22 +28,38 @@ fn main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_index<'a>(
|
struct ProxmoxBackupApiAdapter;
|
||||||
|
|
||||||
|
impl ServerAdapter for ProxmoxBackupApiAdapter {
|
||||||
|
|
||||||
|
fn get_index(
|
||||||
|
&self,
|
||||||
_env: RestEnvironment,
|
_env: RestEnvironment,
|
||||||
_parts: Parts,
|
_parts: Parts,
|
||||||
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send + 'a>> {
|
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
|
||||||
Box::pin(async move {
|
Box::pin(async move {
|
||||||
|
|
||||||
let index = "<center><h1>Proxmox Backup API Server</h1></center>";
|
let index = "<center><h1>Proxmox Backup API Server</h1></center>";
|
||||||
|
|
||||||
Response::builder()
|
Response::builder()
|
||||||
.status(StatusCode::OK)
|
.status(StatusCode::OK)
|
||||||
.header(header::CONTENT_TYPE, "text/html")
|
.header(hyper::header::CONTENT_TYPE, "text/html")
|
||||||
.body(index.into())
|
.body(index.into())
|
||||||
.unwrap()
|
.unwrap()
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn check_auth<'a>(
|
||||||
|
&'a self,
|
||||||
|
headers: &'a HeaderMap,
|
||||||
|
method: &'a Method,
|
||||||
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||||
|
Box::pin(async move {
|
||||||
|
check_pbs_auth(headers, method).await
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async fn run() -> Result<(), Error> {
|
async fn run() -> Result<(), Error> {
|
||||||
if let Err(err) = syslog::init(
|
if let Err(err) = syslog::init(
|
||||||
syslog::Facility::LOG_DAEMON,
|
syslog::Facility::LOG_DAEMON,
|
||||||
|
@ -78,8 +95,7 @@ async fn run() -> Result<(), Error> {
|
||||||
pbs_buildcfg::JS_DIR,
|
pbs_buildcfg::JS_DIR,
|
||||||
&proxmox_backup::api2::ROUTER,
|
&proxmox_backup::api2::ROUTER,
|
||||||
RpcEnvironmentType::PRIVILEGED,
|
RpcEnvironmentType::PRIVILEGED,
|
||||||
default_api_auth(),
|
ProxmoxBackupApiAdapter,
|
||||||
&get_index,
|
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
let backup_user = pbs_config::backup_user()?;
|
let backup_user = pbs_config::backup_user()?;
|
||||||
|
|
|
@ -15,21 +15,23 @@ use url::form_urlencoded;
|
||||||
use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
|
use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
|
||||||
use tokio_stream::wrappers::ReceiverStream;
|
use tokio_stream::wrappers::ReceiverStream;
|
||||||
use serde_json::{json, Value};
|
use serde_json::{json, Value};
|
||||||
|
use http::{Method, HeaderMap};
|
||||||
|
|
||||||
use proxmox::try_block;
|
use proxmox::try_block;
|
||||||
use proxmox::api::{RpcEnvironment, RpcEnvironmentType};
|
use proxmox::api::{RpcEnvironment, RpcEnvironmentType, UserInformation};
|
||||||
use proxmox::sys::linux::socket::set_tcp_keepalive;
|
use proxmox::sys::linux::socket::set_tcp_keepalive;
|
||||||
use proxmox::tools::fs::CreateOptions;
|
use proxmox::tools::fs::CreateOptions;
|
||||||
|
|
||||||
use pbs_tools::task_log;
|
use pbs_tools::task_log;
|
||||||
use pbs_datastore::DataStore;
|
use pbs_datastore::DataStore;
|
||||||
use proxmox_rest_server::{
|
use proxmox_rest_server::{
|
||||||
rotate_task_log_archive, extract_cookie , ApiConfig, RestServer, RestEnvironment, WorkerTask,
|
rotate_task_log_archive, extract_cookie , AuthError, ApiConfig, RestServer, RestEnvironment,
|
||||||
|
ServerAdapter, WorkerTask,
|
||||||
};
|
};
|
||||||
|
|
||||||
use proxmox_backup::{
|
use proxmox_backup::{
|
||||||
server::{
|
server::{
|
||||||
auth::default_api_auth,
|
auth::check_pbs_auth,
|
||||||
jobstate::{
|
jobstate::{
|
||||||
self,
|
self,
|
||||||
Job,
|
Job,
|
||||||
|
@ -81,6 +83,29 @@ fn main() -> Result<(), Error> {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
struct ProxmoxBackupProxyAdapter;
|
||||||
|
|
||||||
|
impl ServerAdapter for ProxmoxBackupProxyAdapter {
|
||||||
|
|
||||||
|
fn get_index(
|
||||||
|
&self,
|
||||||
|
env: RestEnvironment,
|
||||||
|
parts: Parts,
|
||||||
|
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
|
||||||
|
Box::pin(get_index_future(env, parts))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn check_auth<'a>(
|
||||||
|
&'a self,
|
||||||
|
headers: &'a HeaderMap,
|
||||||
|
method: &'a Method,
|
||||||
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
||||||
|
Box::pin(async move {
|
||||||
|
check_pbs_auth(headers, method).await
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
|
fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
|
||||||
if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
|
if let Some(Ok(cookie)) = headers.get("COOKIE").map(|v| v.to_str()) {
|
||||||
return extract_cookie(cookie, "PBSLangCookie");
|
return extract_cookie(cookie, "PBSLangCookie");
|
||||||
|
@ -88,13 +113,6 @@ fn extract_lang_header(headers: &http::HeaderMap) -> Option<String> {
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_index<'a>(
|
|
||||||
env: RestEnvironment,
|
|
||||||
parts: Parts,
|
|
||||||
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send + 'a>> {
|
|
||||||
Box::pin(get_index_future(env, parts))
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn get_index_future(
|
async fn get_index_future(
|
||||||
env: RestEnvironment,
|
env: RestEnvironment,
|
||||||
parts: Parts,
|
parts: Parts,
|
||||||
|
@ -191,8 +209,7 @@ async fn run() -> Result<(), Error> {
|
||||||
pbs_buildcfg::JS_DIR,
|
pbs_buildcfg::JS_DIR,
|
||||||
&proxmox_backup::api2::ROUTER,
|
&proxmox_backup::api2::ROUTER,
|
||||||
RpcEnvironmentType::PUBLIC,
|
RpcEnvironmentType::PUBLIC,
|
||||||
default_api_auth(),
|
ProxmoxBackupProxyAdapter,
|
||||||
&get_index,
|
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
config.add_alias("novnc", "/usr/share/novnc-pve");
|
config.add_alias("novnc", "/usr/share/novnc-pve");
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
//! Provides authentication primitives for the HTTP server
|
//! Provides authentication primitives for the HTTP server
|
||||||
|
|
||||||
use std::sync::Arc;
|
|
||||||
use std::future::Future;
|
|
||||||
use std::pin::Pin;
|
|
||||||
|
|
||||||
use anyhow::format_err;
|
use anyhow::format_err;
|
||||||
|
|
||||||
use proxmox::api::UserInformation;
|
use proxmox::api::UserInformation;
|
||||||
|
@ -11,7 +7,7 @@ use proxmox::api::UserInformation;
|
||||||
use pbs_tools::ticket::{self, Ticket};
|
use pbs_tools::ticket::{self, Ticket};
|
||||||
use pbs_config::{token_shadow, CachedUserInfo};
|
use pbs_config::{token_shadow, CachedUserInfo};
|
||||||
use pbs_api_types::{Authid, Userid};
|
use pbs_api_types::{Authid, Userid};
|
||||||
use proxmox_rest_server::{ApiAuth, AuthError, extract_cookie};
|
use proxmox_rest_server::{AuthError, extract_cookie};
|
||||||
|
|
||||||
use crate::auth_helpers::*;
|
use crate::auth_helpers::*;
|
||||||
|
|
||||||
|
@ -28,12 +24,6 @@ enum AuthData {
|
||||||
ApiToken(String),
|
ApiToken(String),
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct UserApiAuth {}
|
|
||||||
pub fn default_api_auth() -> Arc<UserApiAuth> {
|
|
||||||
Arc::new(UserApiAuth {})
|
|
||||||
}
|
|
||||||
|
|
||||||
impl UserApiAuth {
|
|
||||||
fn extract_auth_data(headers: &http::HeaderMap) -> Option<AuthData> {
|
fn extract_auth_data(headers: &http::HeaderMap) -> Option<AuthData> {
|
||||||
if let Some(raw_cookie) = headers.get(header::COOKIE) {
|
if let Some(raw_cookie) = headers.get(header::COOKIE) {
|
||||||
if let Ok(cookie) = raw_cookie.to_str() {
|
if let Ok(cookie) = raw_cookie.to_str() {
|
||||||
|
@ -59,8 +49,7 @@ impl UserApiAuth {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn check_auth_async(
|
pub async fn check_pbs_auth(
|
||||||
&self,
|
|
||||||
headers: &http::HeaderMap,
|
headers: &http::HeaderMap,
|
||||||
method: &hyper::Method,
|
method: &hyper::Method,
|
||||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
||||||
|
@ -69,7 +58,7 @@ impl UserApiAuth {
|
||||||
|
|
||||||
let user_info = CachedUserInfo::new()?;
|
let user_info = CachedUserInfo::new()?;
|
||||||
|
|
||||||
let auth_data = Self::extract_auth_data(headers);
|
let auth_data = extract_auth_data(headers);
|
||||||
match auth_data {
|
match auth_data {
|
||||||
Some(AuthData::User(user_auth_data)) => {
|
Some(AuthData::User(user_auth_data)) => {
|
||||||
let ticket = user_auth_data.ticket.clone();
|
let ticket = user_auth_data.ticket.clone();
|
||||||
|
@ -125,14 +114,3 @@ impl UserApiAuth {
|
||||||
None => Err(AuthError::NoData),
|
None => Err(AuthError::NoData),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
impl ApiAuth for UserApiAuth {
|
|
||||||
fn check_auth<'a>(
|
|
||||||
&'a self,
|
|
||||||
headers: &'a http::HeaderMap,
|
|
||||||
method: &'a hyper::Method,
|
|
||||||
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
|
||||||
Box::pin(self.check_auth_async(headers, method))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue