[proxmox.git] / proxmox-rest-server / src / environment.rs

use std::net::SocketAddr;
use std::sync::Arc;

use serde_json::{json, Value};

use proxmox_router::{RpcEnvironment, RpcEnvironmentType};

use crate::ApiConfig;

/// Encapsulates information about the runtime environment
pub struct RestEnvironment {
    env_type: RpcEnvironmentType,
    result_attributes: Value,
    auth_id: Option<String>,
    client_ip: Option<SocketAddr>,
    api: Arc<ApiConfig>,
}

impl RestEnvironment {
    pub fn new(env_type: RpcEnvironmentType, api: Arc<ApiConfig>) -> Self {
        Self {
            result_attributes: json!({}),
            auth_id: None,
            client_ip: None,
            env_type,
            api,
        }
    }

    pub fn api_config(&self) -> &ApiConfig {
        &self.api
    }

    pub fn log_auth(&self, auth_id: &str) {
        let msg = format!("successful auth for user '{}'", auth_id);
        log::debug!("{}", msg); // avoid noisy syslog, admins can already check the auth log
        if let Some(auth_logger) = self.api.get_auth_log() {
            auth_logger.lock().unwrap().log(&msg);
        }
    }

    pub fn log_failed_auth(&self, failed_auth_id: Option<String>, msg: &str) {
        let msg = match (self.client_ip, failed_auth_id) {
            (Some(peer), Some(user)) => {
                format!(
                    "authentication failure; rhost={} user={} msg={}",
                    peer, user, msg
                )
            }
            (Some(peer), None) => {
                format!("authentication failure; rhost={} msg={}", peer, msg)
            }
            (None, Some(user)) => {
                format!(
                    "authentication failure; rhost=unknown user={} msg={}",
                    user, msg
                )
            }
            (None, None) => {
                format!("authentication failure; rhost=unknown msg={}", msg)
            }
        };
        log::error!("{}", msg);
        if let Some(auth_logger) = self.api.get_auth_log() {
            auth_logger.lock().unwrap().log(&msg);
        }
    }
}

impl RpcEnvironment for RestEnvironment {
    fn result_attrib_mut(&mut self) -> &mut Value {
        &mut self.result_attributes
    }

    fn result_attrib(&self) -> &Value {
        &self.result_attributes
    }

    fn env_type(&self) -> RpcEnvironmentType {
        self.env_type
    }

    fn set_auth_id(&mut self, auth_id: Option<String>) {
        self.auth_id = auth_id;
    }

    fn get_auth_id(&self) -> Option<String> {
        self.auth_id.clone()
    }

    fn set_client_ip(&mut self, client_ip: Option<SocketAddr>) {
        self.client_ip = client_ip;
    }

    fn get_client_ip(&self) -> Option<SocketAddr> {
        self.client_ip
    }
}
Commit	Line	Data
7c1bd58a	1	use std::net::SocketAddr;
2bda552b	2	use std::sync::Arc;
7c1bd58a	3
3f633844	4	use serde_json::{json, Value};
a0a545c7	5
09046671	6	use proxmox_router::{RpcEnvironment, RpcEnvironmentType};
ac21864d	7
7c1bd58a DM	8	use crate::ApiConfig;
7c1bd58a DM	9
ff995ce0	10	/// Encapsulates information about the runtime environment
a0a545c7	11	pub struct RestEnvironment {
23db3948	12	env_type: RpcEnvironmentType,
3f633844	13	result_attributes: Value,
ed512bc2	14	auth_id: Option<String>,
7c1bd58a DM	15	client_ip: Option<SocketAddr>,
7c1bd58a DM	16	api: Arc<ApiConfig>,
a0a545c7 DM	17	}
	18
	19	impl RestEnvironment {
7c1bd58a	20	pub fn new(env_type: RpcEnvironmentType, api: Arc<ApiConfig>) -> Self {
23db3948	21	Self {
3f633844	22	result_attributes: json!({}),
ed512bc2	23	auth_id: None,
e4bece49	24	client_ip: None,
23db3948	25	env_type,
7c1bd58a	26	api,
23db3948	27	}
a0a545c7	28	}
7c1bd58a DM	29
	30	pub fn api_config(&self) -> &ApiConfig {
	31	&self.api
	32	}
	33
	34	pub fn log_auth(&self, auth_id: &str) {
	35	let msg = format!("successful auth for user '{}'", auth_id);
c4cff127	36	log::debug!("{}", msg); // avoid noisy syslog, admins can already check the auth log
7c1bd58a DM	37	if let Some(auth_logger) = self.api.get_auth_log() {
	38	auth_logger.lock().unwrap().log(&msg);
	39	}
	40	}
	41
	42	pub fn log_failed_auth(&self, failed_auth_id: Option<String>, msg: &str) {
	43	let msg = match (self.client_ip, failed_auth_id) {
	44	(Some(peer), Some(user)) => {
2bda552b TL	45	format!(
	46	"authentication failure; rhost={} user={} msg={}",
	47	peer, user, msg
	48	)
7c1bd58a DM	49	}
	50	(Some(peer), None) => {
	51	format!("authentication failure; rhost={} msg={}", peer, msg)
	52	}
	53	(None, Some(user)) => {
2bda552b TL	54	format!(
	55	"authentication failure; rhost=unknown user={} msg={}",
	56	user, msg
	57	)
7c1bd58a DM	58	}
	59	(None, None) => {
	60	format!("authentication failure; rhost=unknown msg={}", msg)
	61	}
	62	};
	63	log::error!("{}", msg);
	64	if let Some(auth_logger) = self.api.get_auth_log() {
	65	auth_logger.lock().unwrap().log(&msg);
	66	}
	67	}
a0a545c7 DM	68	}
	69
	70	impl RpcEnvironment for RestEnvironment {
2bda552b	71	fn result_attrib_mut(&mut self) -> &mut Value {
3f633844	72	&mut self.result_attributes
a0a545c7 DM	73	}
a0a545c7 DM	74
3f633844 DM	75	fn result_attrib(&self) -> &Value {
3f633844 DM	76	&self.result_attributes
a0a545c7	77	}
23db3948 DM	78
	79	fn env_type(&self) -> RpcEnvironmentType {
	80	self.env_type
	81	}
42e06fc5	82
ed512bc2 FG	83	fn set_auth_id(&mut self, auth_id: Option<String>) {
ed512bc2 FG	84	self.auth_id = auth_id;
42e06fc5 DM	85	}
42e06fc5 DM	86
ed512bc2 FG	87	fn get_auth_id(&self) -> Option<String> {
ed512bc2 FG	88	self.auth_id.clone()
42e06fc5	89	}
e4bece49	90
7c1bd58a	91	fn set_client_ip(&mut self, client_ip: Option<SocketAddr>) {
e4bece49 TL	92	self.client_ip = client_ip;
	93	}
	94
7c1bd58a	95	fn get_client_ip(&self) -> Option<SocketAddr> {
28f3b0df	96	self.client_ip
e4bece49	97	}
a0a545c7	98	}