[pmg-api.git] / PMG / Service / pmgproxy.pm

package PMG::Service::pmgproxy;

use strict;
use warnings;

use PVE::SafeSyslog;
use PVE::Daemon;
use HTTP::Response;
use URI;
use URI::Escape;

use URI::QueryParam;
use Data::Dumper;

use PVE::Tools;
use PVE::APIServer::Formatter;
use PVE::APIServer::Formatter::Standard;
use PVE::APIServer::Formatter::HTML;
use PVE::APIServer::AnyEvent;

use PMG::HTTPServer;
use PMG::API2;

use Template;

use base qw(PVE::Daemon);

my $cmdline = [$0, @ARGV];

my %daemon_options = (
    max_workers => 3,
    restart_on_error => 5,
    stop_wait_time => 15,
    leave_children_open_on_reload => 1,
    setuid => 'www-data',
    setgid => 'www-data',
    pidfile => '/var/run/pmgproxy/pmgproxy.pid',
);

my $daemon = __PACKAGE__->new('pmgproxy', $cmdline, %daemon_options);

sub add_dirs {
    my ($result_hash, $alias, $subdir) = @_;

    PVE::APIServer::AnyEvent::add_dirs($result_hash, $alias, $subdir);
}

my $gui_base_dir = "/usr/share/javascript/pmg-gui";
my $fontawesome_dir = "/usr/share/fonts-font-awesome";
my $xtermjs_dir = '/usr/share/pve-xtermjs';

sub init {
    my ($self) = @_;

    my $accept_lock_fn = "/var/lock/pmgproxy.lck";

    my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
	die "unable to open lock file '${accept_lock_fn}' - $!\n";

    my $family = PVE::Tools::get_host_address_family($self->{nodename});
    my $socket = $self->create_reusable_socket(8006, undef, $family);

    my $dirs = {};

    add_dirs($dirs, '/pve2/locale/', '/usr/share/pmg-i18n/');
    add_dirs($dirs, '/pve2/ext6/', '/usr/share/javascript/extjs/');
    add_dirs($dirs, '/pve2/images/' => "$gui_base_dir/images/");
    add_dirs($dirs, '/pve2/css/' => "$gui_base_dir/css/");
    add_dirs($dirs, '/pve2/js/' => "$gui_base_dir/js/");
    add_dirs($dirs, '/fontawesome/css/' => "$fontawesome_dir/css/");
    add_dirs($dirs, '/fontawesome/fonts/' => "$fontawesome_dir/fonts/");
    add_dirs($dirs, '/xtermjs/' => "$xtermjs_dir/");
    add_dirs($dirs, '/pmg-docs/' => '/usr/share/pmg-docs/');

    $self->{server_config} = {
	title => 'Proxmox Mail Gateway API',
	cookie_name => 'PMGAuthCookie',
	keep_alive => 100,
	max_conn => 500,
	max_requests => 1000,
	lockfile => $accept_lock_fn,
	socket => $socket,
	lockfh => $lockfh,
	debug => $self->{debug},
	trusted_env => 0, # not trusted, anyone can connect
	logfile => '/var/log/pmgproxy/pmgproxy.log',
	ssl => {
	    # Note: older versions are considered insecure, for example
	    # search for "Poodle"-Attac
	    method => 'any',
	    sslv2 => 0,
	    sslv3 => 0,
	    cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5',
	    cert_file => '/etc/pmg/pmg-api.pem',
	    dh => 'skip2048',
	},
	# Note: there is no authentication for those pages and dirs!
	pages => {
	    '/' => sub { get_index($self->{nodename}, @_) },
	    '/quarantine' => sub { get_index($self->{nodename}, @_) },
	    # avoid authentication when accessing favicon
	    '/favicon.ico' => {
		file => '/usr/share/doc/pmg-api/favicon.ico',
	    },
	    '/proxmoxlib.js' => {
		file => '/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js',
	    },
	},
	dirs => $dirs,
    };
}

sub run {
    my ($self) = @_;

    my $server = PMG::HTTPServer->new(%{$self->{server_config}});
    $server->run();
}

$daemon->register_start_command();
$daemon->register_restart_command(1);
$daemon->register_stop_command();
$daemon->register_status_command();

our $cmddef = {
    start => [ __PACKAGE__, 'start', []],
    restart => [ __PACKAGE__, 'restart', []],
    stop => [ __PACKAGE__, 'stop', []],
    status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
};

my $template_toolkit;

sub get_template_toolkit {

    return $template_toolkit if $template_toolkit;

    $template_toolkit = Template->new(
	{ INCLUDE_PATH => [$gui_base_dir, $xtermjs_dir]});

    return $template_toolkit;
}

sub get_index {
    my ($nodename, $server, $r, $args) = @_;

    my $lang = 'en';
    my $username;
    my $token = 'null';

    if (my $cookie = $r->header('Cookie')) {
	if (my $newlang = ($cookie =~ /(?:^|\s)PMGLangCookie=([^;]*)/)[0]) {
	    if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
		$lang = $newlang;
	    }
	}
	my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});

	if ($ticket =~ m/^PMGQUAR:/) {
	    $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
	} else {
	    $username = PMG::Ticket::verify_ticket($ticket, 1);
	}
    } else {
	if (defined($args->{ticket})) {
	    my $ticket = uri_unescape($args->{ticket});
	    $username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
	}
    }

    $token = PMG::Ticket::assemble_csrf_prevention_token($username)
	if defined($username);

    my $langfile = 0;

    if (-f  "/usr/share/pmg-i18n/pmg-lang-$lang.js") {
	$langfile = 1;
    }

    $username = '' if !$username;

    my $page = '';

    my $vars = {
	lang => $lang,
	langfile => $langfile,
	username => $username,
	token => $token,
	console => $args->{console},
	nodename => $nodename,
	debug => $args->{debug} || $server->{debug},
    };

    my $template_name;
    if (defined($args->{console}) && $args->{xtermjs}) {
	$template_name = "index.html.tpl"; # fixme: use better name
    } else {
	$template_name = "pmg-index.html.tt";
    }

    my $tt = get_template_toolkit();

    $tt->process($template_name, $vars, \$page) ||
	die $tt->error() . "\n";

    my $headers = HTTP::Headers->new(Content_Type => "text/html; charset=utf-8");
    my $resp = HTTP::Response->new(200, "OK", $headers, $page);

    return $resp;
}

1;
Commit	Line	Data
0854fb22 DM	1	package PMG::Service::pmgproxy;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::SafeSyslog;
	7	use PVE::Daemon;
	8	use HTTP::Response;
	9	use URI;
614ee52d DM	10	use URI::Escape;
614ee52d DM	11
0854fb22 DM	12	use URI::QueryParam;
	13	use Data::Dumper;
	14
	15	use PVE::Tools;
	16	use PVE::APIServer::Formatter;
	17	use PVE::APIServer::Formatter::Standard;
	18	use PVE::APIServer::Formatter::HTML;
	19	use PVE::APIServer::AnyEvent;
	20
	21	use PMG::HTTPServer;
	22	use PMG::API2;
	23
803b4163	24	use Template;
0854fb22 DM	25
	26	use base qw(PVE::Daemon);
	27
	28	my $cmdline = [$0, @ARGV];
	29
	30	my %daemon_options = (
	31	max_workers => 3,
	32	restart_on_error => 5,
	33	stop_wait_time => 15,
	34	leave_children_open_on_reload => 1,
	35	setuid => 'www-data',
	36	setgid => 'www-data',
	37	pidfile => '/var/run/pmgproxy/pmgproxy.pid',
	38	);
	39
	40	my $daemon = __PACKAGE__->new('pmgproxy', $cmdline, %daemon_options);
	41
	42	sub add_dirs {
	43	my ($result_hash, $alias, $subdir) = @_;
	44
	45	PVE::APIServer::AnyEvent::add_dirs($result_hash, $alias, $subdir);
	46	}
	47
572ff727	48	my $gui_base_dir = "/usr/share/javascript/pmg-gui";
61ab886a	49	my $fontawesome_dir = "/usr/share/fonts-font-awesome";
6466cf6d	50	my $xtermjs_dir = '/usr/share/pve-xtermjs';
803b4163	51
0854fb22 DM	52	sub init {
	53	my ($self) = @_;
	54
	55	my $accept_lock_fn = "/var/lock/pmgproxy.lck";
	56
	57	my $lockfh = IO::File->new(">>${accept_lock_fn}") \|\|
	58	die "unable to open lock file '${accept_lock_fn}' - $!\n";
	59
	60	my $family = PVE::Tools::get_host_address_family($self->{nodename});
	61	my $socket = $self->create_reusable_socket(8006, undef, $family);
	62
	63	my $dirs = {};
	64
7e7cdb14	65	add_dirs($dirs, '/pve2/locale/', '/usr/share/pmg-i18n/');
0854fb22	66	add_dirs($dirs, '/pve2/ext6/', '/usr/share/javascript/extjs/');
803b4163 DM	67	add_dirs($dirs, '/pve2/images/' => "$gui_base_dir/images/");
	68	add_dirs($dirs, '/pve2/css/' => "$gui_base_dir/css/");
	69	add_dirs($dirs, '/pve2/js/' => "$gui_base_dir/js/");
2ec2c08a DM	70	add_dirs($dirs, '/fontawesome/css/' => "$fontawesome_dir/css/");
2ec2c08a DM	71	add_dirs($dirs, '/fontawesome/fonts/' => "$fontawesome_dir/fonts/");
6466cf6d	72	add_dirs($dirs, '/xtermjs/' => "$xtermjs_dir/");
87546b89	73	add_dirs($dirs, '/pmg-docs/' => '/usr/share/pmg-docs/');
0854fb22 DM	74
	75	$self->{server_config} = {
	76	title => 'Proxmox Mail Gateway API',
2ec2c08a	77	cookie_name => 'PMGAuthCookie',
0854fb22 DM	78	keep_alive => 100,
	79	max_conn => 500,
	80	max_requests => 1000,
	81	lockfile => $accept_lock_fn,
	82	socket => $socket,
	83	lockfh => $lockfh,
	84	debug => $self->{debug},
	85	trusted_env => 0, # not trusted, anyone can connect
	86	logfile => '/var/log/pmgproxy/pmgproxy.log',
	87	ssl => {
	88	# Note: older versions are considered insecure, for example
	89	# search for "Poodle"-Attac
	90	method => 'any',
	91	sslv2 => 0,
	92	sslv3 => 0,
	93	cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5',
3278b571	94	cert_file => '/etc/pmg/pmg-api.pem',
0854fb22 DM	95	dh => 'skip2048',
	96	},
	97	# Note: there is no authentication for those pages and dirs!
	98	pages => {
	99	'/' => sub { get_index($self->{nodename}, @_) },
614ee52d	100	'/quarantine' => sub { get_index($self->{nodename}, @_) },
0854fb22	101	# avoid authentication when accessing favicon
cb159468	102	'/favicon.ico' => {
572ff727	103	file => '/usr/share/doc/pmg-api/favicon.ico',
cb159468	104	},
bbcc9ce6 DM	105	'/proxmoxlib.js' => {
	106	file => '/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js',
	107	},
0854fb22 DM	108	},
	109	dirs => $dirs,
	110	};
	111	}
	112
	113	sub run {
	114	my ($self) = @_;
	115
	116	my $server = PMG::HTTPServer->new(%{$self->{server_config}});
	117	$server->run();
	118	}
	119
	120	$daemon->register_start_command();
	121	$daemon->register_restart_command(1);
	122	$daemon->register_stop_command();
	123	$daemon->register_status_command();
	124
	125	our $cmddef = {
	126	start => [ __PACKAGE__, 'start', []],
	127	restart => [ __PACKAGE__, 'restart', []],
	128	stop => [ __PACKAGE__, 'stop', []],
	129	status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
	130	};
	131
9ff4a97a DM	132	my $template_toolkit;
	133
	134	sub get_template_toolkit {
	135
	136	return $template_toolkit if $template_toolkit;
	137
	138	$template_toolkit = Template->new(
6466cf6d	139	{ INCLUDE_PATH => [$gui_base_dir, $xtermjs_dir]});
9ff4a97a DM	140
	141	return $template_toolkit;
	142	}
	143
0854fb22 DM	144	sub get_index {
	145	my ($nodename, $server, $r, $args) = @_;
	146
	147	my $lang = 'en';
	148	my $username;
	149	my $token = 'null';
	150
	151	if (my $cookie = $r->header('Cookie')) {
	152	if (my $newlang = ($cookie =~ /(?:^\|\s)PMGLangCookie=([^;]*)/)[0]) {
	153	if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
	154	$lang = $newlang;
	155	}
	156	}
	157	my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});
614ee52d DM	158
	159	if ($ticket =~ m/^PMGQUAR:/) {
	160	$username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
	161	} else {
	162	$username = PMG::Ticket::verify_ticket($ticket, 1);
	163	}
	164	} else {
	165	if (defined($args->{ticket})) {
	166	my $ticket = uri_unescape($args->{ticket});
	167	$username = PMG::Ticket::verify_quarantine_ticket($ticket, 1);
0854fb22 DM	168	}
	169	}
	170
614ee52d DM	171	$token = PMG::Ticket::assemble_csrf_prevention_token($username)
	172	if defined($username);
	173
7e7cdb14 DM	174	my $langfile = 0;
	175
	176	if (-f "/usr/share/pmg-i18n/pmg-lang-$lang.js") {
	177	$langfile = 1;
	178	}
78c58e58	179
0854fb22 DM	180	$username = '' if !$username;
0854fb22 DM	181
803b4163 DM	182	my $page = '';
803b4163 DM	183
78c58e58 DM	184	my $vars = {
	185	lang => $lang,
	186	langfile => $langfile,
	187	username => $username,
	188	token => $token,
	189	console => $args->{console},
	190	nodename => $nodename,
	191	debug => $args->{debug} \|\| $server->{debug},
	192	};
	193
9ff4a97a	194	my $template_name;
6466cf6d	195	if (defined($args->{console}) && $args->{xtermjs}) {
9ff4a97a DM	196	$template_name = "index.html.tpl"; # fixme: use better name
	197	} else {
	198	$template_name = "pmg-index.html.tt";
	199	}
	200
	201	my $tt = get_template_toolkit();
	202
	203	$tt->process($template_name, $vars, \$page) \|\|
	204	die $tt->error() . "\n";
803b4163	205
0854fb22 DM	206	my $headers = HTTP::Headers->new(Content_Type => "text/html; charset=utf-8");
	207	my $resp = HTTP::Response->new(200, "OK", $headers, $page);
	208
	209	return $resp;
	210	}
	211
	212	1;