]> git.proxmox.com Git - proxmox-backup.git/blame - src/api2/admin/datastore.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
proxy: add scheduling for verification jobs
[proxmox-backup.git] / src / api2 / admin / datastore.rs
CommitLineData
cad540e9 1use std::collections::{HashSet, HashMap};
d33d8f4e
DC		 2use std::ffi::OsStr;
3use std::os::unix::ffi::OsStrExt;
6b809ff5 4use std::sync::{Arc, Mutex};
53a561a2 5use std::path::{Path, PathBuf};
804f6143 6use std::pin::Pin;
cad540e9 7
6ef9bb59 8use anyhow::{bail, format_err, Error};
9e47c0a5 9use futures::*;
cad540e9
WB		 10use hyper::http::request::Parts;
11use hyper::{header, Body, Response, StatusCode};
15e9b4ed
DM		 12use serde_json::{json, Value};
13
bb34b589
DM		 14use proxmox::api::{
15 api, ApiResponseFuture, ApiHandler, ApiMethod, Router,
e7cb4dc5
WB		 16 RpcEnvironment, RpcEnvironmentType, Permission
17};
cad540e9
WB		 18use proxmox::api::router::SubdirMap;
19use proxmox::api::schema::*;
60f9a6ea 20use proxmox::tools::fs::{replace_file, CreateOptions};
9ea4bce4 21use proxmox::{http_err, identity, list_subdirs_api_method, sortable};
e18a6c9e 22
804f6143 23use pxar::accessor::aio::{Accessor, FileContents, FileEntry};
d33d8f4e
DC		 24use pxar::EntryKind;
25
cad540e9 26use crate::api2::types::*;
431cc7b1 27use crate::api2::node::rrd::create_value_from_rrd;
e5064ba6 28use crate::backup::*;
cad540e9 29use crate::config::datastore;
54552dda
DM		 30use crate::config::cached_user_info::CachedUserInfo;
31
0f778e06 32use crate::server::WorkerTask;
804f6143
DC		 33use crate::tools::{
34 self,
35 zip::{ZipEncoder, ZipEntry},
36 AsyncChannelWriter, AsyncReaderStream, WrappedReaderStream,
37};
38
d00e1a21
DM		 39use crate::config::acl::{
40 PRIV_DATASTORE_AUDIT,
54552dda 41 PRIV_DATASTORE_MODIFY,
d00e1a21
DM		 42 PRIV_DATASTORE_READ,
43 PRIV_DATASTORE_PRUNE,
54552dda 44 PRIV_DATASTORE_BACKUP,
d00e1a21 45};
1629d2ad 46
e7cb4dc5
WB		 47fn check_backup_owner(
48 store: &DataStore,
49 group: &BackupGroup,
50 userid: &Userid,
51) -> Result<(), Error> {
54552dda
DM		 52 let owner = store.get_owner(group)?;
53 if &owner != userid {
54 bail!("backup owner check failed ({} != {})", userid, owner);
55 }
56 Ok(())
57}
58
e7cb4dc5
WB		 59fn read_backup_index(
60 store: &DataStore,
61 backup_dir: &BackupDir,
62) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
8c70e3eb 63
ff86ef00 64 let (manifest, index_size) = store.load_manifest(backup_dir)?;
8c70e3eb 65
09b1f7b2
DM		 66 let mut result = Vec::new();
67 for item in manifest.files() {
68 result.push(BackupContent {
69 filename: item.filename.clone(),
f28d9088 70 crypt_mode: Some(item.crypt_mode),
09b1f7b2
DM		 71 size: Some(item.size),
72 });
8c70e3eb
DM		 73 }
74
09b1f7b2 75 result.push(BackupContent {
96d65fbc 76 filename: MANIFEST_BLOB_NAME.to_string(),
882c0823
FG		 77 crypt_mode: match manifest.signature {
78 Some(_) => Some(CryptMode::SignOnly),
79 None => Some(CryptMode::None),
80 },
09b1f7b2
DM		 81 size: Some(index_size),
82 });
4f1e40a2 83
70030b43 84 Ok((manifest, result))
8c70e3eb
DM		 85}
86
1c090810
DC		 87fn get_all_snapshot_files(
88 store: &DataStore,
89 info: &BackupInfo,
70030b43
DM		 90) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
91
92 let (manifest, mut files) = read_backup_index(&store, &info.backup_dir)?;
1c090810
DC		 93
94 let file_set = files.iter().fold(HashSet::new(), |mut acc, item| {
95 acc.insert(item.filename.clone());
96 acc
97 });
98
99 for file in &info.files {
100 if file_set.contains(file) { continue; }
f28d9088
WB		 101 files.push(BackupContent {
102 filename: file.to_string(),
103 size: None,
104 crypt_mode: None,
105 });
1c090810
DC		 106 }
107
70030b43 108 Ok((manifest, files))
1c090810
DC		 109}
110
8f579717
DM		 111fn group_backups(backup_list: Vec<BackupInfo>) -> HashMap<String, Vec<BackupInfo>> {
112
113 let mut group_hash = HashMap::new();
114
115 for info in backup_list {
9b492eb2 116 let group_id = info.backup_dir.group().group_path().to_str().unwrap().to_owned();
8f579717
DM		 117 let time_list = group_hash.entry(group_id).or_insert(vec![]);
118 time_list.push(info);
119 }
120
121 group_hash
122}
123
b31c8019
DM		 124#[api(
125 input: {
126 properties: {
127 store: {
128 schema: DATASTORE_SCHEMA,
129 },
130 },
131 },
132 returns: {
133 type: Array,
134 description: "Returns the list of backup groups.",
135 items: {
136 type: GroupListItem,
137 }
138 },
bb34b589 139 access: {
54552dda
DM		 140 permission: &Permission::Privilege(
141 &["datastore", "{store}"],
142 PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP,
143 true),
bb34b589 144 },
b31c8019
DM		 145)]
146/// List backup groups.
ad20d198 147fn list_groups(
b31c8019 148 store: String,
54552dda 149 rpcenv: &mut dyn RpcEnvironment,
b31c8019 150) -> Result<Vec<GroupListItem>, Error> {
812c6f87 151
e7cb4dc5 152 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 153 let user_info = CachedUserInfo::new()?;
e7cb4dc5 154 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 155
b31c8019 156 let datastore = DataStore::lookup_datastore(&store)?;
812c6f87 157
c0977501 158 let backup_list = BackupInfo::list_backups(&datastore.base_path())?;
812c6f87
DM		 159
160 let group_hash = group_backups(backup_list);
161
b31c8019 162 let mut groups = Vec::new();
812c6f87
DM		 163
164 for (_group_id, mut list) in group_hash {
165
2b01a225 166 BackupInfo::sort_list(&mut list, false);
812c6f87
DM		 167
168 let info = &list[0];
54552dda 169
9b492eb2 170 let group = info.backup_dir.group();
812c6f87 171
54552dda 172 let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
04b0ca8b 173 let owner = datastore.get_owner(group)?;
20813274
WB		 174 if !list_all && owner != userid {
175 continue;
54552dda
DM		 176 }
177
b31c8019
DM		 178 let result_item = GroupListItem {
179 backup_type: group.backup_type().to_string(),
180 backup_id: group.backup_id().to_string(),
6a7be83e 181 last_backup: info.backup_dir.backup_time(),
b31c8019
DM		 182 backup_count: list.len() as u64,
183 files: info.files.clone(),
04b0ca8b 184 owner: Some(owner),
b31c8019
DM		 185 };
186 groups.push(result_item);
812c6f87
DM		 187 }
188
b31c8019 189 Ok(groups)
812c6f87 190}
8f579717 191
09b1f7b2
DM		 192#[api(
193 input: {
194 properties: {
195 store: {
196 schema: DATASTORE_SCHEMA,
197 },
198 "backup-type": {
199 schema: BACKUP_TYPE_SCHEMA,
200 },
201 "backup-id": {
202 schema: BACKUP_ID_SCHEMA,
203 },
204 "backup-time": {
205 schema: BACKUP_TIME_SCHEMA,
206 },
207 },
208 },
209 returns: {
210 type: Array,
211 description: "Returns the list of archive files inside a backup snapshots.",
212 items: {
213 type: BackupContent,
214 }
215 },
bb34b589 216 access: {
54552dda
DM		 217 permission: &Permission::Privilege(
218 &["datastore", "{store}"],
219 PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
220 true),
bb34b589 221 },
09b1f7b2
DM		 222)]
223/// List snapshot files.
ea5f547f 224pub fn list_snapshot_files(
09b1f7b2
DM		 225 store: String,
226 backup_type: String,
227 backup_id: String,
228 backup_time: i64,
01a13423 229 _info: &ApiMethod,
54552dda 230 rpcenv: &mut dyn RpcEnvironment,
09b1f7b2 231) -> Result<Vec<BackupContent>, Error> {
01a13423 232
e7cb4dc5 233 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 234 let user_info = CachedUserInfo::new()?;
e7cb4dc5 235 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 236
09b1f7b2 237 let datastore = DataStore::lookup_datastore(&store)?;
54552dda 238
e0e5b442 239 let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
01a13423 240
54552dda 241 let allowed = (user_privs & (PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)) != 0;
e7cb4dc5 242 if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }
54552dda 243
d7c24397 244 let info = BackupInfo::new(&datastore.base_path(), snapshot)?;
01a13423 245
70030b43
DM		 246 let (_manifest, files) = get_all_snapshot_files(&datastore, &info)?;
247
248 Ok(files)
01a13423
DM		 249}
250
68a6a0ee
DM		 251#[api(
252 input: {
253 properties: {
254 store: {
255 schema: DATASTORE_SCHEMA,
256 },
257 "backup-type": {
258 schema: BACKUP_TYPE_SCHEMA,
259 },
260 "backup-id": {
261 schema: BACKUP_ID_SCHEMA,
262 },
263 "backup-time": {
264 schema: BACKUP_TIME_SCHEMA,
265 },
266 },
267 },
bb34b589 268 access: {
54552dda
DM		 269 permission: &Permission::Privilege(
270 &["datastore", "{store}"],
271 PRIV_DATASTORE_MODIFY| PRIV_DATASTORE_PRUNE,
272 true),
bb34b589 273 },
68a6a0ee
DM		 274)]
275/// Delete backup snapshot.
276fn delete_snapshot(
277 store: String,
278 backup_type: String,
279 backup_id: String,
280 backup_time: i64,
6f62c924 281 _info: &ApiMethod,
54552dda 282 rpcenv: &mut dyn RpcEnvironment,
6f62c924
DM		 283) -> Result<Value, Error> {
284
e7cb4dc5 285 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 286 let user_info = CachedUserInfo::new()?;
e7cb4dc5 287 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 288
e0e5b442 289 let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
6f62c924 290
68a6a0ee 291 let datastore = DataStore::lookup_datastore(&store)?;
6f62c924 292
54552dda 293 let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
e7cb4dc5 294 if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }
54552dda 295
c9756b40 296 datastore.remove_backup_dir(&snapshot, false)?;
6f62c924
DM		 297
298 Ok(Value::Null)
299}
300
fc189b19
DM		 301#[api(
302 input: {
303 properties: {
304 store: {
305 schema: DATASTORE_SCHEMA,
306 },
307 "backup-type": {
308 optional: true,
309 schema: BACKUP_TYPE_SCHEMA,
310 },
311 "backup-id": {
312 optional: true,
313 schema: BACKUP_ID_SCHEMA,
314 },
315 },
316 },
317 returns: {
318 type: Array,
319 description: "Returns the list of snapshots.",
320 items: {
321 type: SnapshotListItem,
322 }
323 },
bb34b589 324 access: {
54552dda
DM		 325 permission: &Permission::Privilege(
326 &["datastore", "{store}"],
327 PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP,
328 true),
bb34b589 329 },
fc189b19
DM		 330)]
331/// List backup snapshots.
f24fc116 332pub fn list_snapshots (
54552dda
DM		 333 store: String,
334 backup_type: Option<String>,
335 backup_id: Option<String>,
336 _param: Value,
184f17af 337 _info: &ApiMethod,
54552dda 338 rpcenv: &mut dyn RpcEnvironment,
fc189b19 339) -> Result<Vec<SnapshotListItem>, Error> {
184f17af 340
e7cb4dc5 341 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 342 let user_info = CachedUserInfo::new()?;
e7cb4dc5 343 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
184f17af 344
54552dda 345 let datastore = DataStore::lookup_datastore(&store)?;
184f17af 346
c0977501 347 let base_path = datastore.base_path();
184f17af 348
15c847f1 349 let backup_list = BackupInfo::list_backups(&base_path)?;
184f17af
DM		 350
351 let mut snapshots = vec![];
352
c0977501 353 for info in backup_list {
15c847f1 354 let group = info.backup_dir.group();
54552dda 355 if let Some(ref backup_type) = backup_type {
15c847f1
DM		 356 if backup_type != group.backup_type() { continue; }
357 }
54552dda 358 if let Some(ref backup_id) = backup_id {
15c847f1
DM		 359 if backup_id != group.backup_id() { continue; }
360 }
a17a0e7a 361
54552dda 362 let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
04b0ca8b
DC		 363 let owner = datastore.get_owner(group)?;
364
20813274
WB		 365 if !list_all && owner != userid {
366 continue;
54552dda
DM		 367 }
368
1c090810
DC		 369 let mut size = None;
370
3b2046d2 371 let (comment, verification, files) = match get_all_snapshot_files(&datastore, &info) {
70030b43 372 Ok((manifest, files)) => {
1c090810 373 size = Some(files.iter().map(|x| x.size.unwrap_or(0)).sum());
70030b43
DM		 374 // extract the first line from notes
375 let comment: Option<String> = manifest.unprotected["notes"]
376 .as_str()
377 .and_then(|notes| notes.lines().next())
378 .map(String::from);
379
3b2046d2
TL		 380 let verify = manifest.unprotected["verify_state"].clone();
381 let verify: Option<SnapshotVerifyState> = match serde_json::from_value(verify) {
382 Ok(verify) => verify,
383 Err(err) => {
384 eprintln!("error parsing verification state : '{}'", err);
385 None
386 }
387 };
388
389 (comment, verify, files)
1c090810
DC		 390 },
391 Err(err) => {
392 eprintln!("error during snapshot file listing: '{}'", err);
70030b43 393 (
3b2046d2 394 None,
70030b43
DM		 395 None,
396 info
397 .files
398 .iter()
399 .map(|x| BackupContent {
400 filename: x.to_string(),
401 size: None,
402 crypt_mode: None,
403 })
404 .collect()
405 )
1c090810
DC		 406 },
407 };
408
409 let result_item = SnapshotListItem {
fc189b19
DM		 410 backup_type: group.backup_type().to_string(),
411 backup_id: group.backup_id().to_string(),
6a7be83e 412 backup_time: info.backup_dir.backup_time(),
70030b43 413 comment,
3b2046d2 414 verification,
1c090810
DC		 415 files,
416 size,
04b0ca8b 417 owner: Some(owner),
fc189b19 418 };
a17a0e7a 419
a17a0e7a 420 snapshots.push(result_item);
184f17af
DM		 421 }
422
fc189b19 423 Ok(snapshots)
184f17af
DM		 424}
425
1dc117bb
DM		 426#[api(
427 input: {
428 properties: {
429 store: {
430 schema: DATASTORE_SCHEMA,
431 },
432 },
433 },
434 returns: {
435 type: StorageStatus,
436 },
bb34b589 437 access: {
54552dda 438 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP, true),
bb34b589 439 },
1dc117bb
DM		 440)]
441/// Get datastore status.
ea5f547f 442pub fn status(
1dc117bb 443 store: String,
0eecf38f
DM		 444 _info: &ApiMethod,
445 _rpcenv: &mut dyn RpcEnvironment,
1dc117bb 446) -> Result<StorageStatus, Error> {
1dc117bb 447 let datastore = DataStore::lookup_datastore(&store)?;
33070956 448 crate::tools::disks::disk_usage(&datastore.base_path())
0eecf38f
DM		 449}
450
c2009e53
DM		 451#[api(
452 input: {
453 properties: {
454 store: {
455 schema: DATASTORE_SCHEMA,
456 },
457 "backup-type": {
458 schema: BACKUP_TYPE_SCHEMA,
459 optional: true,
460 },
461 "backup-id": {
462 schema: BACKUP_ID_SCHEMA,
463 optional: true,
464 },
465 "backup-time": {
466 schema: BACKUP_TIME_SCHEMA,
467 optional: true,
468 },
469 },
470 },
471 returns: {
472 schema: UPID_SCHEMA,
473 },
474 access: {
475 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP, true), // fixme
476 },
477)]
478/// Verify backups.
479///
480/// This function can verify a single backup snapshot, all backup from a backup group,
481/// or all backups in the datastore.
482pub fn verify(
483 store: String,
484 backup_type: Option<String>,
485 backup_id: Option<String>,
486 backup_time: Option<i64>,
487 rpcenv: &mut dyn RpcEnvironment,
488) -> Result<Value, Error> {
489 let datastore = DataStore::lookup_datastore(&store)?;
490
8ea00f6e 491 let worker_id;
c2009e53
DM		 492
493 let mut backup_dir = None;
494 let mut backup_group = None;
495
496 match (backup_type, backup_id, backup_time) {
497 (Some(backup_type), Some(backup_id), Some(backup_time)) => {
2162e2c1 498 worker_id = format!("{}_{}_{}_{:08X}", store, backup_type, backup_id, backup_time);
e0e5b442 499 let dir = BackupDir::new(backup_type, backup_id, backup_time)?;
c2009e53
DM		 500 backup_dir = Some(dir);
501 }
502 (Some(backup_type), Some(backup_id), None) => {
2162e2c1 503 worker_id = format!("{}_{}_{}", store, backup_type, backup_id);
c2009e53 504 let group = BackupGroup::new(backup_type, backup_id);
c2009e53
DM		 505 backup_group = Some(group);
506 }
507 (None, None, None) => {
8ea00f6e 508 worker_id = store.clone();
c2009e53 509 }
5a718dce 510 _ => bail!("parameters do not specify a backup group or snapshot"),
c2009e53
DM		 511 }
512
e7cb4dc5 513 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
c2009e53
DM		 514 let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };
515
516 let upid_str = WorkerTask::new_thread(
e7cb4dc5
WB		 517 "verify",
518 Some(worker_id.clone()),
519 userid,
520 to_stdout,
521 move |worker| {
4f09d310
DM		 522 let verified_chunks = Arc::new(Mutex::new(HashSet::with_capacity(1024*16)));
523 let corrupt_chunks = Arc::new(Mutex::new(HashSet::with_capacity(64)));
524
adfdc369 525 let failed_dirs = if let Some(backup_dir) = backup_dir {
adfdc369 526 let mut res = Vec::new();
f6b1d1cc
WB		 527 if !verify_backup_dir(
528 datastore,
529 &backup_dir,
530 verified_chunks,
531 corrupt_chunks,
532 worker.clone(),
533 worker.upid().clone(),
534 )? {
adfdc369
DC		 535 res.push(backup_dir.to_string());
536 }
537 res
c2009e53 538 } else if let Some(backup_group) = backup_group {
63d9aca9
DM		 539 let (_count, failed_dirs) = verify_backup_group(
540 datastore,
541 &backup_group,
542 verified_chunks,
543 corrupt_chunks,
544 None,
545 worker.clone(),
f6b1d1cc 546 worker.upid(),
63d9aca9
DM		 547 )?;
548 failed_dirs
c2009e53 549 } else {
f6b1d1cc 550 verify_all_backups(datastore, worker.clone(), worker.upid())?
c2009e53 551 };
adfdc369
DC		 552 if failed_dirs.len() > 0 {
553 worker.log("Failed to verify following snapshots:");
554 for dir in failed_dirs {
555 worker.log(format!("\t{}", dir));
556 }
1ffe0301 557 bail!("verification failed - please check the log for details");
c2009e53
DM		 558 }
559 Ok(())
e7cb4dc5
WB		 560 },
561 )?;
c2009e53
DM		 562
563 Ok(json!(upid_str))
564}
565
255f378a
DM		 566#[macro_export]
567macro_rules! add_common_prune_prameters {
552c2259
DM		 568 ( [ $( $list1:tt )* ] ) => {
569 add_common_prune_prameters!([$( $list1 )* ] , [])
570 };
571 ( [ $( $list1:tt )* ] , [ $( $list2:tt )* ] ) => {
255f378a 572 [
552c2259 573 $( $list1 )*
255f378a 574 (
552c2259 575 "keep-daily",
255f378a 576 true,
49ff1092 577 &PRUNE_SCHEMA_KEEP_DAILY,
255f378a 578 ),
102d8d41
DM		 579 (
580 "keep-hourly",
581 true,
49ff1092 582 &PRUNE_SCHEMA_KEEP_HOURLY,
102d8d41 583 ),
255f378a 584 (
552c2259 585 "keep-last",
255f378a 586 true,
49ff1092 587 &PRUNE_SCHEMA_KEEP_LAST,
255f378a
DM		 588 ),
589 (
552c2259 590 "keep-monthly",
255f378a 591 true,
49ff1092 592 &PRUNE_SCHEMA_KEEP_MONTHLY,
255f378a
DM		 593 ),
594 (
552c2259 595 "keep-weekly",
255f378a 596 true,
49ff1092 597 &PRUNE_SCHEMA_KEEP_WEEKLY,
255f378a
DM		 598 ),
599 (
600 "keep-yearly",
601 true,
49ff1092 602 &PRUNE_SCHEMA_KEEP_YEARLY,
255f378a 603 ),
552c2259 604 $( $list2 )*
255f378a
DM		 605 ]
606 }
0eecf38f
DM		 607}
608
db1e061d
DM		 609pub const API_RETURN_SCHEMA_PRUNE: Schema = ArraySchema::new(
610 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
660a3489 611 &PruneListItem::API_SCHEMA
db1e061d
DM		 612).schema();
613
0ab08ac9
DM		 614const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
615 &ApiHandler::Sync(&prune),
255f378a 616 &ObjectSchema::new(
0ab08ac9
DM		 617 "Prune the datastore.",
618 &add_common_prune_prameters!([
619 ("backup-id", false, &BACKUP_ID_SCHEMA),
620 ("backup-type", false, &BACKUP_TYPE_SCHEMA),
3b03abfe
DM		 621 ("dry-run", true, &BooleanSchema::new(
622 "Just show what prune would do, but do not delete anything.")
623 .schema()
624 ),
0ab08ac9 625 ],[
66c49c21 626 ("store", false, &DATASTORE_SCHEMA),
0ab08ac9 627 ])
db1e061d
DM		 628 ))
629 .returns(&API_RETURN_SCHEMA_PRUNE)
630 .access(None, &Permission::Privilege(
54552dda
DM		 631 &["datastore", "{store}"],
632 PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE,
633 true)
634);
255f378a 635
83b7db02
DM		 636fn prune(
637 param: Value,
638 _info: &ApiMethod,
54552dda 639 rpcenv: &mut dyn RpcEnvironment,
83b7db02
DM		 640) -> Result<Value, Error> {
641
54552dda 642 let store = tools::required_string_param(&param, "store")?;
9fdc3ef4
DM		 643 let backup_type = tools::required_string_param(&param, "backup-type")?;
644 let backup_id = tools::required_string_param(&param, "backup-id")?;
645
e7cb4dc5 646 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 647 let user_info = CachedUserInfo::new()?;
e7cb4dc5 648 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 649
3b03abfe
DM		 650 let dry_run = param["dry-run"].as_bool().unwrap_or(false);
651
9fdc3ef4
DM		 652 let group = BackupGroup::new(backup_type, backup_id);
653
54552dda
DM		 654 let datastore = DataStore::lookup_datastore(&store)?;
655
656 let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
e7cb4dc5 657 if !allowed { check_backup_owner(&datastore, &group, &userid)?; }
83b7db02 658
9e3f0088
DM		 659 let prune_options = PruneOptions {
660 keep_last: param["keep-last"].as_u64(),
102d8d41 661 keep_hourly: param["keep-hourly"].as_u64(),
9e3f0088
DM		 662 keep_daily: param["keep-daily"].as_u64(),
663 keep_weekly: param["keep-weekly"].as_u64(),
664 keep_monthly: param["keep-monthly"].as_u64(),
665 keep_yearly: param["keep-yearly"].as_u64(),
666 };
8f579717 667
503995c7
DM		 668 let worker_id = format!("{}_{}_{}", store, backup_type, backup_id);
669
dda70154
DM		 670 let mut prune_result = Vec::new();
671
672 let list = group.list_backups(&datastore.base_path())?;
673
674 let mut prune_info = compute_prune_info(list, &prune_options)?;
675
676 prune_info.reverse(); // delete older snapshots first
677
678 let keep_all = !prune_options.keeps_something();
679
680 if dry_run {
681 for (info, mut keep) in prune_info {
682 if keep_all { keep = true; }
683
684 let backup_time = info.backup_dir.backup_time();
685 let group = info.backup_dir.group();
686
687 prune_result.push(json!({
688 "backup-type": group.backup_type(),
689 "backup-id": group.backup_id(),
6a7be83e 690 "backup-time": backup_time,
dda70154
DM		 691 "keep": keep,
692 }));
693 }
694 return Ok(json!(prune_result));
695 }
696
697
163e9bbe 698 // We use a WorkerTask just to have a task log, but run synchrounously
e7cb4dc5 699 let worker = WorkerTask::new("prune", Some(worker_id), Userid::root_userid().clone(), true)?;
dda70154 700
f1539300
SR		 701 if keep_all {
702 worker.log("No prune selection - keeping all files.");
703 } else {
704 worker.log(format!("retention options: {}", prune_options.cli_options_string()));
705 worker.log(format!("Starting prune on store \"{}\" group \"{}/{}\"",
706 store, backup_type, backup_id));
707 }
3b03abfe 708
f1539300
SR		 709 for (info, mut keep) in prune_info {
710 if keep_all { keep = true; }
dda70154 711
f1539300
SR		 712 let backup_time = info.backup_dir.backup_time();
713 let timestamp = info.backup_dir.backup_time_string();
714 let group = info.backup_dir.group();
3b03abfe 715
3b03abfe 716
f1539300
SR		 717 let msg = format!(
718 "{}/{}/{} {}",
719 group.backup_type(),
720 group.backup_id(),
721 timestamp,
722 if keep { "keep" } else { "remove" },
723 );
724
725 worker.log(msg);
726
727 prune_result.push(json!({
728 "backup-type": group.backup_type(),
729 "backup-id": group.backup_id(),
730 "backup-time": backup_time,
731 "keep": keep,
732 }));
733
734 if !(dry_run || keep) {
735 if let Err(err) = datastore.remove_backup_dir(&info.backup_dir, false) {
736 worker.warn(
737 format!(
738 "failed to remove dir {:?}: {}",
739 info.backup_dir.relative_path(), err
740 )
741 );
8f0b4c1f 742 }
8f579717 743 }
f1539300 744 }
dd8e744f 745
f1539300 746 worker.log_result(&Ok(()));
83b7db02 747
dda70154 748 Ok(json!(prune_result))
83b7db02
DM		 749}
750
dfc58d47
DM		 751#[api(
752 input: {
753 properties: {
754 store: {
755 schema: DATASTORE_SCHEMA,
756 },
757 },
758 },
759 returns: {
760 schema: UPID_SCHEMA,
761 },
bb34b589 762 access: {
54552dda 763 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, false),
bb34b589 764 },
dfc58d47
DM		 765)]
766/// Start garbage collection.
6049b71f 767fn start_garbage_collection(
dfc58d47 768 store: String,
6049b71f 769 _info: &ApiMethod,
dd5495d6 770 rpcenv: &mut dyn RpcEnvironment,
6049b71f 771) -> Result<Value, Error> {
15e9b4ed 772
3e6a7dee 773 let datastore = DataStore::lookup_datastore(&store)?;
15e9b4ed 774
5a778d92 775 println!("Starting garbage collection on store {}", store);
15e9b4ed 776
0f778e06 777 let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };
15e9b4ed 778
0f778e06 779 let upid_str = WorkerTask::new_thread(
e7cb4dc5
WB		 780 "garbage_collection",
781 Some(store.clone()),
782 Userid::root_userid().clone(),
783 to_stdout,
784 move |worker| {
0f778e06 785 worker.log(format!("starting garbage collection on store {}", store));
f6b1d1cc 786 datastore.garbage_collection(&*worker, worker.upid())
e7cb4dc5
WB		 787 },
788 )?;
0f778e06
DM		 789
790 Ok(json!(upid_str))
15e9b4ed
DM		 791}
792
a92830dc
DM		 793#[api(
794 input: {
795 properties: {
796 store: {
797 schema: DATASTORE_SCHEMA,
798 },
799 },
800 },
801 returns: {
802 type: GarbageCollectionStatus,
bb34b589
DM		 803 },
804 access: {
805 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
806 },
a92830dc
DM		 807)]
808/// Garbage collection status.
5eeea607 809pub fn garbage_collection_status(
a92830dc 810 store: String,
6049b71f 811 _info: &ApiMethod,
dd5495d6 812 _rpcenv: &mut dyn RpcEnvironment,
a92830dc 813) -> Result<GarbageCollectionStatus, Error> {
691c89a0 814
f2b99c34
DM		 815 let datastore = DataStore::lookup_datastore(&store)?;
816
f2b99c34 817 let status = datastore.last_gc_status();
691c89a0 818
a92830dc 819 Ok(status)
691c89a0
DM		 820}
821
bb34b589 822#[api(
30fb6025
DM		 823 returns: {
824 description: "List the accessible datastores.",
825 type: Array,
826 items: {
827 description: "Datastore name and description.",
828 properties: {
829 store: {
830 schema: DATASTORE_SCHEMA,
831 },
832 comment: {
833 optional: true,
834 schema: SINGLE_LINE_COMMENT_SCHEMA,
835 },
836 },
837 },
838 },
bb34b589 839 access: {
54552dda 840 permission: &Permission::Anybody,
bb34b589
DM		 841 },
842)]
843/// Datastore list
6049b71f
DM		 844fn get_datastore_list(
845 _param: Value,
846 _info: &ApiMethod,
54552dda 847 rpcenv: &mut dyn RpcEnvironment,
6049b71f 848) -> Result<Value, Error> {
15e9b4ed 849
d0187a51 850 let (config, _digest) = datastore::config()?;
15e9b4ed 851
e7cb4dc5 852 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda
DM		 853 let user_info = CachedUserInfo::new()?;
854
30fb6025 855 let mut list = Vec::new();
54552dda 856
30fb6025 857 for (store, (_, data)) in &config.sections {
e7cb4dc5 858 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 859 let allowed = (user_privs & (PRIV_DATASTORE_AUDIT| PRIV_DATASTORE_BACKUP)) != 0;
30fb6025
DM		 860 if allowed {
861 let mut entry = json!({ "store": store });
862 if let Some(comment) = data["comment"].as_str() {
863 entry["comment"] = comment.into();
864 }
865 list.push(entry);
866 }
54552dda
DM		 867 }
868
30fb6025 869 Ok(list.into())
15e9b4ed
DM		 870}
871
0ab08ac9
DM		 872#[sortable]
873pub const API_METHOD_DOWNLOAD_FILE: ApiMethod = ApiMethod::new(
874 &ApiHandler::AsyncHttp(&download_file),
875 &ObjectSchema::new(
876 "Download single raw file from backup snapshot.",
877 &sorted!([
66c49c21 878 ("store", false, &DATASTORE_SCHEMA),
0ab08ac9
DM		 879 ("backup-type", false, &BACKUP_TYPE_SCHEMA),
880 ("backup-id", false, &BACKUP_ID_SCHEMA),
881 ("backup-time", false, &BACKUP_TIME_SCHEMA),
4191018c 882 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
0ab08ac9
DM		 883 ]),
884 )
54552dda
DM		 885).access(None, &Permission::Privilege(
886 &["datastore", "{store}"],
887 PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
888 true)
889);
691c89a0 890
9e47c0a5
DM		 891fn download_file(
892 _parts: Parts,
893 _req_body: Body,
894 param: Value,
255f378a 895 _info: &ApiMethod,
54552dda 896 rpcenv: Box<dyn RpcEnvironment>,
bb084b9c 897) -> ApiResponseFuture {
9e47c0a5 898
ad51d02a
DM		 899 async move {
900 let store = tools::required_string_param(&param, "store")?;
ad51d02a 901 let datastore = DataStore::lookup_datastore(store)?;
f14a8c9a 902
e7cb4dc5 903 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
54552dda 904 let user_info = CachedUserInfo::new()?;
e7cb4dc5 905 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
54552dda 906
ad51d02a 907 let file_name = tools::required_string_param(&param, "file-name")?.to_owned();
9e47c0a5 908
ad51d02a
DM		 909 let backup_type = tools::required_string_param(&param, "backup-type")?;
910 let backup_id = tools::required_string_param(&param, "backup-id")?;
911 let backup_time = tools::required_integer_param(&param, "backup-time")?;
9e47c0a5 912
e0e5b442 913 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
54552dda
DM		 914
915 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 916 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
54552dda 917
abdb9763 918 println!("Download {} from {} ({}/{})", file_name, store, backup_dir, file_name);
9e47c0a5 919
ad51d02a
DM		 920 let mut path = datastore.base_path();
921 path.push(backup_dir.relative_path());
922 path.push(&file_name);
923
ba694720 924 let file = tokio::fs::File::open(&path)
8aa67ee7
WB		 925 .await
926 .map_err(|err| http_err!(BAD_REQUEST, "File open failed: {}", err))?;
ad51d02a 927
db0cb9ce 928 let payload = tokio_util::codec::FramedRead::new(file, tokio_util::codec::BytesCodec::new())
ba694720
DC		 929 .map_ok(|bytes| hyper::body::Bytes::from(bytes.freeze()))
930 .map_err(move |err| {
931 eprintln!("error during streaming of '{:?}' - {}", &path, err);
932 err
933 });
ad51d02a 934 let body = Body::wrap_stream(payload);
9e47c0a5 935
ad51d02a
DM		 936 // fixme: set other headers ?
937 Ok(Response::builder()
938 .status(StatusCode::OK)
939 .header(header::CONTENT_TYPE, "application/octet-stream")
940 .body(body)
941 .unwrap())
942 }.boxed()
9e47c0a5
DM		 943}
944
6ef9bb59
DC		 945#[sortable]
946pub const API_METHOD_DOWNLOAD_FILE_DECODED: ApiMethod = ApiMethod::new(
947 &ApiHandler::AsyncHttp(&download_file_decoded),
948 &ObjectSchema::new(
949 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
950 &sorted!([
951 ("store", false, &DATASTORE_SCHEMA),
952 ("backup-type", false, &BACKUP_TYPE_SCHEMA),
953 ("backup-id", false, &BACKUP_ID_SCHEMA),
954 ("backup-time", false, &BACKUP_TIME_SCHEMA),
955 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
956 ]),
957 )
958).access(None, &Permission::Privilege(
959 &["datastore", "{store}"],
960 PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
961 true)
962);
963
964fn download_file_decoded(
965 _parts: Parts,
966 _req_body: Body,
967 param: Value,
968 _info: &ApiMethod,
969 rpcenv: Box<dyn RpcEnvironment>,
970) -> ApiResponseFuture {
971
972 async move {
973 let store = tools::required_string_param(&param, "store")?;
974 let datastore = DataStore::lookup_datastore(store)?;
975
e7cb4dc5 976 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
6ef9bb59 977 let user_info = CachedUserInfo::new()?;
e7cb4dc5 978 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
6ef9bb59
DC		 979
980 let file_name = tools::required_string_param(&param, "file-name")?.to_owned();
981
982 let backup_type = tools::required_string_param(&param, "backup-type")?;
983 let backup_id = tools::required_string_param(&param, "backup-id")?;
984 let backup_time = tools::required_integer_param(&param, "backup-time")?;
985
e0e5b442 986 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
6ef9bb59
DC		 987
988 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 989 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
6ef9bb59 990
2d55beec 991 let (manifest, files) = read_backup_index(&datastore, &backup_dir)?;
6ef9bb59 992 for file in files {
f28d9088 993 if file.filename == file_name && file.crypt_mode == Some(CryptMode::Encrypt) {
6ef9bb59
DC		 994 bail!("cannot decode '{}' - is encrypted", file_name);
995 }
996 }
997
998 println!("Download {} from {} ({}/{})", file_name, store, backup_dir, file_name);
999
1000 let mut path = datastore.base_path();
1001 path.push(backup_dir.relative_path());
1002 path.push(&file_name);
1003
1004 let extension = file_name.rsplitn(2, '.').next().unwrap();
1005
1006 let body = match extension {
1007 "didx" => {
1008 let index = DynamicIndexReader::open(&path)
1009 .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?;
2d55beec
FG		 1010 let (csum, size) = index.compute_csum();
1011 manifest.verify_file(&file_name, &csum, size)?;
6ef9bb59 1012
14f6c9cb 1013 let chunk_reader = LocalChunkReader::new(datastore, None, CryptMode::None);
6ef9bb59 1014 let reader = AsyncIndexReader::new(index, chunk_reader);
f386f512 1015 Body::wrap_stream(AsyncReaderStream::new(reader)
6ef9bb59
DC		 1016 .map_err(move |err| {
1017 eprintln!("error during streaming of '{:?}' - {}", path, err);
1018 err
1019 }))
1020 },
1021 "fidx" => {
1022 let index = FixedIndexReader::open(&path)
1023 .map_err(|err| format_err!("unable to read fixed index '{:?}' - {}", &path, err))?;
1024
2d55beec
FG		 1025 let (csum, size) = index.compute_csum();
1026 manifest.verify_file(&file_name, &csum, size)?;
1027
14f6c9cb 1028 let chunk_reader = LocalChunkReader::new(datastore, None, CryptMode::None);
6ef9bb59 1029 let reader = AsyncIndexReader::new(index, chunk_reader);
f386f512 1030 Body::wrap_stream(AsyncReaderStream::with_buffer_size(reader, 4*1024*1024)
6ef9bb59
DC		 1031 .map_err(move |err| {
1032 eprintln!("error during streaming of '{:?}' - {}", path, err);
1033 err
1034 }))
1035 },
1036 "blob" => {
1037 let file = std::fs::File::open(&path)
8aa67ee7 1038 .map_err(|err| http_err!(BAD_REQUEST, "File open failed: {}", err))?;
6ef9bb59 1039
2d55beec
FG		 1040 // FIXME: load full blob to verify index checksum?
1041
6ef9bb59
DC		 1042 Body::wrap_stream(
1043 WrappedReaderStream::new(DataBlobReader::new(file, None)?)
1044 .map_err(move |err| {
1045 eprintln!("error during streaming of '{:?}' - {}", path, err);
1046 err
1047 })
1048 )
1049 },
1050 extension => {
1051 bail!("cannot download '{}' files", extension);
1052 },
1053 };
1054
1055 // fixme: set other headers ?
1056 Ok(Response::builder()
1057 .status(StatusCode::OK)
1058 .header(header::CONTENT_TYPE, "application/octet-stream")
1059 .body(body)
1060 .unwrap())
1061 }.boxed()
1062}
1063
552c2259 1064#[sortable]
0ab08ac9
DM		 1065pub const API_METHOD_UPLOAD_BACKUP_LOG: ApiMethod = ApiMethod::new(
1066 &ApiHandler::AsyncHttp(&upload_backup_log),
255f378a 1067 &ObjectSchema::new(
54552dda 1068 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
552c2259 1069 &sorted!([
66c49c21 1070 ("store", false, &DATASTORE_SCHEMA),
255f378a 1071 ("backup-type", false, &BACKUP_TYPE_SCHEMA),
0ab08ac9 1072 ("backup-id", false, &BACKUP_ID_SCHEMA),
255f378a 1073 ("backup-time", false, &BACKUP_TIME_SCHEMA),
552c2259 1074 ]),
9e47c0a5 1075 )
54552dda
DM		 1076).access(
1077 Some("Only the backup creator/owner is allowed to do this."),
1078 &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP, false)
1079);
9e47c0a5 1080
07ee2235
DM		 1081fn upload_backup_log(
1082 _parts: Parts,
1083 req_body: Body,
1084 param: Value,
255f378a 1085 _info: &ApiMethod,
54552dda 1086 rpcenv: Box<dyn RpcEnvironment>,
bb084b9c 1087) -> ApiResponseFuture {
07ee2235 1088
ad51d02a
DM		 1089 async move {
1090 let store = tools::required_string_param(&param, "store")?;
ad51d02a 1091 let datastore = DataStore::lookup_datastore(store)?;
07ee2235 1092
96d65fbc 1093 let file_name = CLIENT_LOG_BLOB_NAME;
07ee2235 1094
ad51d02a
DM		 1095 let backup_type = tools::required_string_param(&param, "backup-type")?;
1096 let backup_id = tools::required_string_param(&param, "backup-id")?;
1097 let backup_time = tools::required_integer_param(&param, "backup-time")?;
07ee2235 1098
e0e5b442 1099 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
07ee2235 1100
e7cb4dc5
WB		 1101 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
1102 check_backup_owner(&datastore, backup_dir.group(), &userid)?;
54552dda 1103
ad51d02a
DM		 1104 let mut path = datastore.base_path();
1105 path.push(backup_dir.relative_path());
1106 path.push(&file_name);
07ee2235 1107
ad51d02a
DM		 1108 if path.exists() {
1109 bail!("backup already contains a log.");
1110 }
e128d4e8 1111
ad51d02a 1112 println!("Upload backup log to {}/{}/{}/{}/{}", store,
6a7be83e 1113 backup_type, backup_id, backup_dir.backup_time_string(), file_name);
ad51d02a
DM		 1114
1115 let data = req_body
1116 .map_err(Error::from)
1117 .try_fold(Vec::new(), |mut acc, chunk| {
1118 acc.extend_from_slice(&*chunk);
1119 future::ok::<_, Error>(acc)
1120 })
1121 .await?;
1122
39f18b30
DM		 1123 // always verify blob/CRC at server side
1124 let blob = DataBlob::load_from_reader(&mut &data[..])?;
1125
1126 replace_file(&path, blob.raw_data(), CreateOptions::new())?;
ad51d02a
DM		 1127
1128 // fixme: use correct formatter
1129 Ok(crate::server::formatter::json_response(Ok(Value::Null)))
1130 }.boxed()
07ee2235
DM		 1131}
1132
5b1cfa01
DC		 1133#[api(
1134 input: {
1135 properties: {
1136 store: {
1137 schema: DATASTORE_SCHEMA,
1138 },
1139 "backup-type": {
1140 schema: BACKUP_TYPE_SCHEMA,
1141 },
1142 "backup-id": {
1143 schema: BACKUP_ID_SCHEMA,
1144 },
1145 "backup-time": {
1146 schema: BACKUP_TIME_SCHEMA,
1147 },
1148 "filepath": {
1149 description: "Base64 encoded path.",
1150 type: String,
1151 }
1152 },
1153 },
1154 access: {
1155 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP, true),
1156 },
1157)]
1158/// Get the entries of the given path of the catalog
1159fn catalog(
1160 store: String,
1161 backup_type: String,
1162 backup_id: String,
1163 backup_time: i64,
1164 filepath: String,
1165 _param: Value,
1166 _info: &ApiMethod,
1167 rpcenv: &mut dyn RpcEnvironment,
1168) -> Result<Value, Error> {
1169 let datastore = DataStore::lookup_datastore(&store)?;
1170
e7cb4dc5 1171 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
5b1cfa01 1172 let user_info = CachedUserInfo::new()?;
e7cb4dc5 1173 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
5b1cfa01 1174
e0e5b442 1175 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
5b1cfa01
DC		 1176
1177 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 1178 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
5b1cfa01 1179
9238cdf5
FG		 1180 let file_name = CATALOG_NAME;
1181
2d55beec 1182 let (manifest, files) = read_backup_index(&datastore, &backup_dir)?;
9238cdf5
FG		 1183 for file in files {
1184 if file.filename == file_name && file.crypt_mode == Some(CryptMode::Encrypt) {
1185 bail!("cannot decode '{}' - is encrypted", file_name);
1186 }
1187 }
1188
5b1cfa01
DC		 1189 let mut path = datastore.base_path();
1190 path.push(backup_dir.relative_path());
9238cdf5 1191 path.push(file_name);
5b1cfa01
DC		 1192
1193 let index = DynamicIndexReader::open(&path)
1194 .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?;
1195
2d55beec
FG		 1196 let (csum, size) = index.compute_csum();
1197 manifest.verify_file(&file_name, &csum, size)?;
1198
14f6c9cb 1199 let chunk_reader = LocalChunkReader::new(datastore, None, CryptMode::None);
5b1cfa01
DC		 1200 let reader = BufferedDynamicReader::new(index, chunk_reader);
1201
1202 let mut catalog_reader = CatalogReader::new(reader);
1203 let mut current = catalog_reader.root()?;
1204 let mut components = vec![];
1205
1206
1207 if filepath != "root" {
1208 components = base64::decode(filepath)?;
1209 if components.len() > 0 && components[0] == '/' as u8 {
1210 components.remove(0);
1211 }
1212 for component in components.split(|c| *c == '/' as u8) {
1213 if let Some(entry) = catalog_reader.lookup(&current, component)? {
1214 current = entry;
1215 } else {
1216 bail!("path {:?} not found in catalog", &String::from_utf8_lossy(&components));
1217 }
1218 }
1219 }
1220
1221 let mut res = Vec::new();
1222
1223 for direntry in catalog_reader.read_dir(&current)? {
1224 let mut components = components.clone();
1225 components.push('/' as u8);
1226 components.extend(&direntry.name);
1227 let path = base64::encode(components);
1228 let text = String::from_utf8_lossy(&direntry.name);
1229 let mut entry = json!({
1230 "filepath": path,
1231 "text": text,
1232 "type": CatalogEntryType::from(&direntry.attr).to_string(),
1233 "leaf": true,
1234 });
1235 match direntry.attr {
1236 DirEntryAttribute::Directory { start: _ } => {
1237 entry["leaf"] = false.into();
1238 },
1239 DirEntryAttribute::File { size, mtime } => {
1240 entry["size"] = size.into();
1241 entry["mtime"] = mtime.into();
1242 },
1243 _ => {},
1244 }
1245 res.push(entry);
1246 }
1247
1248 Ok(res.into())
1249}
1250
53a561a2
WB		 1251fn recurse_files<'a, T, W>(
1252 zip: &'a mut ZipEncoder<W>,
1253 decoder: &'a mut Accessor<T>,
1254 prefix: &'a Path,
804f6143 1255 file: FileEntry<T>,
53a561a2 1256) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'a>>
804f6143
DC		 1257where
1258 T: Clone + pxar::accessor::ReadAt + Unpin + Send + Sync + 'static,
1259 W: tokio::io::AsyncWrite + Unpin + Send + 'static,
1260{
1261 Box::pin(async move {
1262 let metadata = file.entry().metadata();
1263 let path = file.entry().path().strip_prefix(&prefix)?.to_path_buf();
1264
1265 match file.kind() {
1266 EntryKind::File { .. } => {
1267 let entry = ZipEntry::new(
1268 path,
1269 metadata.stat.mtime.secs,
1270 metadata.stat.mode as u16,
1271 true,
1272 );
1273 zip.add_entry(entry, Some(file.contents().await?))
e832860a
WB		 1274 .await
1275 .map_err(|err| format_err!("could not send file entry: {}", err))?;
804f6143
DC		 1276 }
1277 EntryKind::Hardlink(_) => {
1278 let realfile = decoder.follow_hardlink(&file).await?;
1279 let entry = ZipEntry::new(
1280 path,
1281 metadata.stat.mtime.secs,
1282 metadata.stat.mode as u16,
1283 true,
1284 );
1285 zip.add_entry(entry, Some(realfile.contents().await?))
e832860a
WB		 1286 .await
1287 .map_err(|err| format_err!("could not send file entry: {}", err))?;
804f6143
DC		 1288 }
1289 EntryKind::Directory => {
1290 let dir = file.enter_directory().await?;
1291 let mut readdir = dir.read_dir();
1292 let entry = ZipEntry::new(
1293 path,
1294 metadata.stat.mtime.secs,
1295 metadata.stat.mode as u16,
1296 false,
1297 );
1298 zip.add_entry::<FileContents<T>>(entry, None).await?;
1299 while let Some(entry) = readdir.next().await {
1300 let entry = entry?.decode_entry().await?;
53a561a2 1301 recurse_files(zip, decoder, prefix, entry).await?;
804f6143
DC		 1302 }
1303 }
1304 _ => {} // ignore all else
1305 };
1306
53a561a2 1307 Ok(())
804f6143
DC		 1308 })
1309}
1310
d33d8f4e
DC		 1311#[sortable]
1312pub const API_METHOD_PXAR_FILE_DOWNLOAD: ApiMethod = ApiMethod::new(
1313 &ApiHandler::AsyncHttp(&pxar_file_download),
1314 &ObjectSchema::new(
1ffe0301 1315 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
d33d8f4e
DC		 1316 &sorted!([
1317 ("store", false, &DATASTORE_SCHEMA),
1318 ("backup-type", false, &BACKUP_TYPE_SCHEMA),
1319 ("backup-id", false, &BACKUP_ID_SCHEMA),
1320 ("backup-time", false, &BACKUP_TIME_SCHEMA),
1321 ("filepath", false, &StringSchema::new("Base64 encoded path").schema()),
1322 ]),
1323 )
1324).access(None, &Permission::Privilege(
1325 &["datastore", "{store}"],
1326 PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP,
1327 true)
1328);
1329
1330fn pxar_file_download(
1331 _parts: Parts,
1332 _req_body: Body,
1333 param: Value,
1334 _info: &ApiMethod,
1335 rpcenv: Box<dyn RpcEnvironment>,
1336) -> ApiResponseFuture {
1337
1338 async move {
1339 let store = tools::required_string_param(&param, "store")?;
1340 let datastore = DataStore::lookup_datastore(&store)?;
1341
e7cb4dc5 1342 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
d33d8f4e 1343 let user_info = CachedUserInfo::new()?;
e7cb4dc5 1344 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
d33d8f4e
DC		 1345
1346 let filepath = tools::required_string_param(&param, "filepath")?.to_owned();
1347
1348 let backup_type = tools::required_string_param(&param, "backup-type")?;
1349 let backup_id = tools::required_string_param(&param, "backup-id")?;
1350 let backup_time = tools::required_integer_param(&param, "backup-time")?;
1351
e0e5b442 1352 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
d33d8f4e
DC		 1353
1354 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 1355 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
d33d8f4e 1356
d33d8f4e
DC		 1357 let mut components = base64::decode(&filepath)?;
1358 if components.len() > 0 && components[0] == '/' as u8 {
1359 components.remove(0);
1360 }
1361
1362 let mut split = components.splitn(2, |c| *c == '/' as u8);
9238cdf5 1363 let pxar_name = std::str::from_utf8(split.next().unwrap())?;
d33d8f4e 1364 let file_path = split.next().ok_or(format_err!("filepath looks strange '{}'", filepath))?;
2d55beec 1365 let (manifest, files) = read_backup_index(&datastore, &backup_dir)?;
9238cdf5
FG		 1366 for file in files {
1367 if file.filename == pxar_name && file.crypt_mode == Some(CryptMode::Encrypt) {
1368 bail!("cannot decode '{}' - is encrypted", pxar_name);
1369 }
1370 }
d33d8f4e 1371
9238cdf5
FG		 1372 let mut path = datastore.base_path();
1373 path.push(backup_dir.relative_path());
1374 path.push(pxar_name);
d33d8f4e
DC		 1375
1376 let index = DynamicIndexReader::open(&path)
1377 .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?;
1378
2d55beec
FG		 1379 let (csum, size) = index.compute_csum();
1380 manifest.verify_file(&pxar_name, &csum, size)?;
1381
14f6c9cb 1382 let chunk_reader = LocalChunkReader::new(datastore, None, CryptMode::None);
d33d8f4e
DC		 1383 let reader = BufferedDynamicReader::new(index, chunk_reader);
1384 let archive_size = reader.archive_size();
1385 let reader = LocalDynamicReadAt::new(reader);
1386
1387 let decoder = Accessor::new(reader, archive_size).await?;
1388 let root = decoder.open_root().await?;
1389 let file = root
1390 .lookup(OsStr::from_bytes(file_path)).await?
1391 .ok_or(format_err!("error opening '{:?}'", file_path))?;
1392
804f6143
DC		 1393 let body = match file.kind() {
1394 EntryKind::File { .. } => Body::wrap_stream(
1395 AsyncReaderStream::new(file.contents().await?).map_err(move |err| {
1396 eprintln!("error during streaming of file '{:?}' - {}", filepath, err);
1397 err
1398 }),
1399 ),
1400 EntryKind::Hardlink(_) => Body::wrap_stream(
1401 AsyncReaderStream::new(decoder.follow_hardlink(&file).await?.contents().await?)
1402 .map_err(move |err| {
1403 eprintln!(
1404 "error during streaming of hardlink '{:?}' - {}",
1405 filepath, err
1406 );
1407 err
1408 }),
1409 ),
1410 EntryKind::Directory => {
1411 let (sender, receiver) = tokio::sync::mpsc::channel(100);
1412 let mut prefix = PathBuf::new();
1413 let mut components = file.entry().path().components();
1414 components.next_back(); // discar last
1415 for comp in components {
1416 prefix.push(comp);
1417 }
d33d8f4e 1418
804f6143 1419 let channelwriter = AsyncChannelWriter::new(sender, 1024 * 1024);
804f6143
DC		 1420
1421 crate::server::spawn_internal_task(async move {
53a561a2
WB		 1422 let mut zipencoder = ZipEncoder::new(channelwriter);
1423 let mut decoder = decoder;
1424 recurse_files(&mut zipencoder, &mut decoder, &prefix, file)
804f6143
DC		 1425 .await
1426 .map_err(|err| eprintln!("error during creating of zip: {}", err))?;
1427
1428 zipencoder
1429 .finish()
1430 .await
1431 .map_err(|err| eprintln!("error during finishing of zip: {}", err))
1432 });
1433
1434 Body::wrap_stream(receiver.map_err(move |err| {
1435 eprintln!("error during streaming of zip '{:?}' - {}", filepath, err);
d33d8f4e 1436 err
804f6143
DC		 1437 }))
1438 }
1439 other => bail!("cannot download file of type {:?}", other),
1440 };
d33d8f4e
DC		 1441
1442 // fixme: set other headers ?
1443 Ok(Response::builder()
1444 .status(StatusCode::OK)
1445 .header(header::CONTENT_TYPE, "application/octet-stream")
1446 .body(body)
1447 .unwrap())
1448 }.boxed()
1449}
1450
1a0d3d11
DM		 1451#[api(
1452 input: {
1453 properties: {
1454 store: {
1455 schema: DATASTORE_SCHEMA,
1456 },
1457 timeframe: {
1458 type: RRDTimeFrameResolution,
1459 },
1460 cf: {
1461 type: RRDMode,
1462 },
1463 },
1464 },
1465 access: {
1466 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP, true),
1467 },
1468)]
1469/// Read datastore stats
1470fn get_rrd_stats(
1471 store: String,
1472 timeframe: RRDTimeFrameResolution,
1473 cf: RRDMode,
1474 _param: Value,
1475) -> Result<Value, Error> {
1476
431cc7b1
DC		 1477 create_value_from_rrd(
1478 &format!("datastore/{}", store),
1a0d3d11
DM		 1479 &[
1480 "total", "used",
c94e1f65
DM		 1481 "read_ios", "read_bytes",
1482 "write_ios", "write_bytes",
1483 "io_ticks",
1a0d3d11
DM		 1484 ],
1485 timeframe,
1486 cf,
1487 )
1488}
1489
912b3f5b
DM		 1490#[api(
1491 input: {
1492 properties: {
1493 store: {
1494 schema: DATASTORE_SCHEMA,
1495 },
1496 "backup-type": {
1497 schema: BACKUP_TYPE_SCHEMA,
1498 },
1499 "backup-id": {
1500 schema: BACKUP_ID_SCHEMA,
1501 },
1502 "backup-time": {
1503 schema: BACKUP_TIME_SCHEMA,
1504 },
1505 },
1506 },
1507 access: {
1508 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP, true),
1509 },
1510)]
1511/// Get "notes" for a specific backup
1512fn get_notes(
1513 store: String,
1514 backup_type: String,
1515 backup_id: String,
1516 backup_time: i64,
1517 rpcenv: &mut dyn RpcEnvironment,
1518) -> Result<String, Error> {
1519 let datastore = DataStore::lookup_datastore(&store)?;
1520
e7cb4dc5 1521 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
912b3f5b 1522 let user_info = CachedUserInfo::new()?;
e7cb4dc5 1523 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
912b3f5b 1524
e0e5b442 1525 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
912b3f5b
DM		 1526
1527 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 1528 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
912b3f5b 1529
883aa6d5 1530 let (manifest, _) = datastore.load_manifest(&backup_dir)?;
912b3f5b 1531
883aa6d5 1532 let notes = manifest.unprotected["notes"]
912b3f5b
DM		 1533 .as_str()
1534 .unwrap_or("");
1535
1536 Ok(String::from(notes))
1537}
1538
1539#[api(
1540 input: {
1541 properties: {
1542 store: {
1543 schema: DATASTORE_SCHEMA,
1544 },
1545 "backup-type": {
1546 schema: BACKUP_TYPE_SCHEMA,
1547 },
1548 "backup-id": {
1549 schema: BACKUP_ID_SCHEMA,
1550 },
1551 "backup-time": {
1552 schema: BACKUP_TIME_SCHEMA,
1553 },
1554 notes: {
1555 description: "A multiline text.",
1556 },
1557 },
1558 },
1559 access: {
1560 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
1561 },
1562)]
1563/// Set "notes" for a specific backup
1564fn set_notes(
1565 store: String,
1566 backup_type: String,
1567 backup_id: String,
1568 backup_time: i64,
1569 notes: String,
1570 rpcenv: &mut dyn RpcEnvironment,
1571) -> Result<(), Error> {
1572 let datastore = DataStore::lookup_datastore(&store)?;
1573
e7cb4dc5 1574 let userid: Userid = rpcenv.get_user().unwrap().parse()?;
912b3f5b 1575 let user_info = CachedUserInfo::new()?;
e7cb4dc5 1576 let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
912b3f5b 1577
e0e5b442 1578 let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?;
912b3f5b
DM		 1579
1580 let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
e7cb4dc5 1581 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
912b3f5b 1582
1a374fcf
SR		 1583 datastore.update_manifest(&backup_dir,|manifest| {
1584 manifest.unprotected["notes"] = notes.into();
1585 }).map_err(|err| format_err!("unable to update manifest blob - {}", err))?;
912b3f5b
DM		 1586
1587 Ok(())
1588}
1589
72be0eb1 1590#[api(
4940012d 1591 input: {
72be0eb1
DW		 1592 properties: {
1593 store: {
1594 schema: DATASTORE_SCHEMA,
1595 },
1596 "backup-type": {
1597 schema: BACKUP_TYPE_SCHEMA,
1598 },
1599 "backup-id": {
1600 schema: BACKUP_ID_SCHEMA,
1601 },
1602 "new-owner": {
1603 type: Userid,
1604 },
1605 },
4940012d
FG		 1606 },
1607 access: {
1608 permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
1609 },
72be0eb1
DW		 1610)]
1611/// Change owner of a backup group
1612fn set_backup_owner(
1613 store: String,
1614 backup_type: String,
1615 backup_id: String,
1616 new_owner: Userid,
752dfc4b 1617 _rpcenv: &mut dyn RpcEnvironment,
72be0eb1
DW		 1618) -> Result<(), Error> {
1619
1620 let datastore = DataStore::lookup_datastore(&store)?;
1621
1622 let backup_group = BackupGroup::new(backup_type, backup_id);
1623
1624 let user_info = CachedUserInfo::new()?;
1625
1626 if !user_info.is_active_user(&new_owner) {
1627 bail!("user '{}' is inactive or non-existent", new_owner);
1628 }
1629
1630 datastore.set_owner(&backup_group, &new_owner, true)?;
1631
1632 Ok(())
1633}
1634
552c2259 1635#[sortable]
255f378a 1636const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
5b1cfa01
DC		 1637 (
1638 "catalog",
1639 &Router::new()
1640 .get(&API_METHOD_CATALOG)
1641 ),
72be0eb1
DW		 1642 (
1643 "change-owner",
1644 &Router::new()
1645 .post(&API_METHOD_SET_BACKUP_OWNER)
1646 ),
255f378a
DM		 1647 (
1648 "download",
1649 &Router::new()
1650 .download(&API_METHOD_DOWNLOAD_FILE)
1651 ),
6ef9bb59
DC		 1652 (
1653 "download-decoded",
1654 &Router::new()
1655 .download(&API_METHOD_DOWNLOAD_FILE_DECODED)
1656 ),
255f378a
DM		 1657 (
1658 "files",
1659 &Router::new()
09b1f7b2 1660 .get(&API_METHOD_LIST_SNAPSHOT_FILES)
255f378a
DM		 1661 ),
1662 (
1663 "gc",
1664 &Router::new()
1665 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS)
1666 .post(&API_METHOD_START_GARBAGE_COLLECTION)
1667 ),
1668 (
1669 "groups",
1670 &Router::new()
b31c8019 1671 .get(&API_METHOD_LIST_GROUPS)
255f378a 1672 ),
912b3f5b
DM		 1673 (
1674 "notes",
1675 &Router::new()
1676 .get(&API_METHOD_GET_NOTES)
1677 .put(&API_METHOD_SET_NOTES)
1678 ),
255f378a
DM		 1679 (
1680 "prune",
1681 &Router::new()
1682 .post(&API_METHOD_PRUNE)
1683 ),
d33d8f4e
DC		 1684 (
1685 "pxar-file-download",
1686 &Router::new()
1687 .download(&API_METHOD_PXAR_FILE_DOWNLOAD)
1688 ),
1a0d3d11
DM		 1689 (
1690 "rrd",
1691 &Router::new()
1692 .get(&API_METHOD_GET_RRD_STATS)
1693 ),
255f378a
DM		 1694 (
1695 "snapshots",
1696 &Router::new()
fc189b19 1697 .get(&API_METHOD_LIST_SNAPSHOTS)
68a6a0ee 1698 .delete(&API_METHOD_DELETE_SNAPSHOT)
255f378a
DM		 1699 ),
1700 (
1701 "status",
1702 &Router::new()
1703 .get(&API_METHOD_STATUS)
1704 ),
1705 (
1706 "upload-backup-log",
1707 &Router::new()
1708 .upload(&API_METHOD_UPLOAD_BACKUP_LOG)
1709 ),
c2009e53
DM		 1710 (
1711 "verify",
1712 &Router::new()
1713 .post(&API_METHOD_VERIFY)
1714 ),
255f378a
DM		 1715];
1716
ad51d02a 1717const DATASTORE_INFO_ROUTER: Router = Router::new()
255f378a
DM		 1718 .get(&list_subdirs_api_method!(DATASTORE_INFO_SUBDIRS))
1719 .subdirs(DATASTORE_INFO_SUBDIRS);
1720
1721
1722pub const ROUTER: Router = Router::new()
bb34b589 1723 .get(&API_METHOD_GET_DATASTORE_LIST)
255f378a 1724 .match_all("store", &DATASTORE_INFO_ROUTER);
Proxmox Backup Server and Client