Go to file
Thomas Lamprecht 4703ba81ce server: rest: implement max URI path and query length request limits
Add a generous limit now and return the correct error (414 URI Too
Long). Otherwise we could to pretty larger GET requests, 64 KiB and
possible bigger (at 64 KiB my simple curl test failed due to
shell/curl limitations).

For now allow a 3072 characters as combined length of URI path and
query.

This is conform with the HTTP/1.1 RFCs (e.g., RFC 7231, 6.5.12 and
RFC 2616, 3.2.1) which do not specify any limits, upper or lower, but
require that all server accessible resources mus be reachable without
getting 414, which is normally fulfilled as we have various length
limits for stuff which could be in an URI, in place, e.g.:
 * user id: max. 64 chars
 * datastore: max. 32 chars

The only known problematic API endpoint is the catalog one, used in
the GUI's pxar file browser:
GET /api2/json/admin/datastore/<id>/catalog?..&filepath=<path>

The <path> is the encoded archive path, and can be arbitrary long.

But, this is a flawed design, as even without this new limit one can
easily generate archives which cannot be browsed anymore, as hyper
only accepts requests with max. 64 KiB in the URI.
So rather, we should move that to a GET-as-POST call, which has no
such limitations (and would not need to base32 encode the path).

Note: This change was inspired by adding a request access log, which
profits from such limits as we can then rely on certain atomicity
guarantees when writing requests to the log.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-16 10:40:39 +02:00
.cargo cargo: switch to use packaged crates by default 2020-01-03 09:40:33 +01:00
debian bump version to 0.9.1-1 2020-10-14 13:42:30 +02:00
docs Introduction: reword & link to encryption section 2020-10-15 12:20:33 +02:00
etc ship pbstest repo as sources.list.d file for beta 2020-07-08 19:09:31 +02:00
examples examples: fix HttpClient::new usage 2020-09-30 10:49:20 +02:00
src server: rest: implement max URI path and query length request limits 2020-10-16 10:40:39 +02:00
tests introduce Username, Realm and Userid api types 2020-08-10 12:05:01 +02:00
www ui: network: remove create VLAN option 2020-10-07 14:07:46 +02:00
zsh-completions Add zsh completion scripts 2020-02-27 06:50:14 +01:00
.gitignore .gitignore: add build directory 2020-07-22 09:19:29 +02:00
Cargo.toml bump version to 0.9.1-1 2020-10-14 13:42:30 +02:00
defines.mk Add zsh completion scripts 2020-02-27 06:50:14 +01:00
Makefile buildsys: upload client packages also to PMG repo 2020-09-08 16:48:31 +02:00
README.rst readme: allow to directly copy+paste+execute commands 2020-10-12 13:36:34 +02:00
rustfmt.toml import rustfmt.toml 2019-08-22 13:44:57 +02:00
TODO.rst [chore] bump to using pxar 0.2.0 2020-06-25 09:46:56 +02:00

``rustup`` Toolchain
====================

We normally want to build with the ``rustc`` Debian package. To do that
you can set the following ``rustup`` configuration:

    # rustup toolchain link system /usr
    # rustup default system


Versioning of proxmox helper crates
===================================

To use current git master code of the proxmox* helper crates, add::

   git = "git://git.proxmox.com/git/proxmox"

or::

   path = "../proxmox/proxmox"

to the proxmox dependency, and update the version to reflect the current,
pre-release version number (e.g., "0.1.1-dev.1" instead of "0.1.0").


Local cargo config
==================

This repository ships with a ``.cargo/config`` that replaces the crates.io
registry with packaged crates located in ``/usr/share/cargo/registry``.

A similar config is also applied building with dh_cargo. Cargo.lock needs to be
deleted when switching between packaged crates and crates.io, since the
checksums are not compatible.

To reference new dependencies (or updated versions) that are not yet packaged,
the dependency needs to point directly to a path or git source (e.g., see
example for proxmox crate above).


Build
=====
on Debian Buster

Setup:
  1. # echo 'deb http://download.proxmox.com/debian/devel/ buster main' >> /etc/apt/sources.list.d/proxmox-devel.list
  2. # sudo wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
  3. # sudo apt update
  4. # sudo apt install devscripts debcargo clang
  5. # git clone git://git.proxmox.com/git/proxmox-backup.git
  6. # sudo mk-build-deps -ir

Note: 2. may be skipped if you already added the PVE or PBS package repository

You are now able to build using the Makefile or cargo itself.