]> git.proxmox.com Git - proxmox-backup.git/blame - src/client/http_client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
src/client/http_client.rs: always convert fingerprint to lowercase
[proxmox-backup.git] / src / client / http_client.rs
CommitLineData
c2b94534 1use std::io::Write;
db0cb9ce 2use std::task::{Context, Poll};
d59dbeca 3use std::sync::{Arc, Mutex};
597641fd 4
cf9271e2 5use chrono::Utc;
7a57cb77 6use failure::*;
82ab7230 7use futures::*;
7a57cb77
WB		 8use http::Uri;
9use http::header::HeaderValue;
10use http::{Request, Response};
11use hyper::Body;
1434f4f8 12use hyper::client::{Client, HttpConnector};
d59dbeca 13use openssl::{ssl::{SslConnector, SslMethod}, x509::X509StoreContextRef};
ba3a60b2 14use serde_json::{json, Value};
8a1028e0 15use percent_encoding::percent_encode;
7a57cb77 16use xdg::BaseDirectories;
1fdb4c6f 17
501f4fa2
DM		 18use proxmox::{
19 sys::linux::tty,
20 tools::{
21 fs::{file_get_json, replace_file, CreateOptions},
22 }
e18a6c9e
DM		 23};
24
7a57cb77 25use super::pipe_to_stream::PipeToSendStream;
1434f4f8 26use crate::tools::async_io::EitherStream;
501f4fa2 27use crate::tools::{self, BroadcastFuture, DEFAULT_ENCODE_SET};
986bef16 28
5a2df000 29#[derive(Clone)]
e240d8be 30pub struct AuthInfo {
3743dee6
DM		 31 pub username: String,
32 pub ticket: String,
33 pub token: String,
5a2df000 34}
56458d97 35
d59dbeca 36pub struct HttpClientOptions {
5030b7ce 37 prefix: Option<String>,
d59dbeca
DM		 38 password: Option<String>,
39 fingerprint: Option<String>,
40 interactive: bool,
41 ticket_cache: bool,
5a74756c 42 fingerprint_cache: bool,
d59dbeca
DM		 43 verify_cert: bool,
44}
45
46impl HttpClientOptions {
47
48 pub fn new() -> Self {
49 Self {
5030b7ce 50 prefix: None,
d59dbeca
DM		 51 password: None,
52 fingerprint: None,
53 interactive: false,
54 ticket_cache: false,
5a74756c 55 fingerprint_cache: false,
d59dbeca
DM		 56 verify_cert: true,
57 }
58 }
59
5030b7ce
DM		 60 pub fn prefix(mut self, prefix: Option<String>) -> Self {
61 self.prefix = prefix;
62 self
63 }
64
d59dbeca
DM		 65 pub fn password(mut self, password: Option<String>) -> Self {
66 self.password = password;
67 self
68 }
69
70 pub fn fingerprint(mut self, fingerprint: Option<String>) -> Self {
71 self.fingerprint = fingerprint;
72 self
73 }
74
75 pub fn interactive(mut self, interactive: bool) -> Self {
76 self.interactive = interactive;
77 self
78 }
79
80 pub fn ticket_cache(mut self, ticket_cache: bool) -> Self {
81 self.ticket_cache = ticket_cache;
82 self
83 }
84
5a74756c
DM		 85 pub fn fingerprint_cache(mut self, fingerprint_cache: bool) -> Self {
86 self.fingerprint_cache = fingerprint_cache;
87 self
88 }
89
d59dbeca
DM		 90 pub fn verify_cert(mut self, verify_cert: bool) -> Self {
91 self.verify_cert = verify_cert;
92 self
93 }
94}
95
151c6ce2 96/// HTTP(S) API client
597641fd 97pub struct HttpClient {
1434f4f8 98 client: Client<HttpsConnector>,
597641fd 99 server: String,
d59dbeca 100 fingerprint: Arc<Mutex<Option<String>>>,
5a2df000 101 auth: BroadcastFuture<AuthInfo>,
d59dbeca 102 _options: HttpClientOptions,
597641fd
DM		 103}
104
e240d8be 105/// Delete stored ticket data (logout)
5030b7ce 106pub fn delete_ticket_info(prefix: &str, server: &str, username: &str) -> Result<(), Error> {
e240d8be 107
5030b7ce 108 let base = BaseDirectories::with_prefix(prefix)?;
e240d8be
DM		 109
110 // usually /run/user/<uid>/...
111 let path = base.place_runtime_file("tickets")?;
112
113 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
114
115 let mut data = file_get_json(&path, Some(json!({})))?;
116
117 if let Some(map) = data[server].as_object_mut() {
118 map.remove(username);
119 }
120
feaa1ad3 121 replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
e240d8be
DM		 122
123 Ok(())
124}
125
5030b7ce 126fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<(), Error> {
5a74756c 127
5030b7ce 128 let base = BaseDirectories::with_prefix(prefix)?;
5a74756c 129
5030b7ce 130 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 131 let path = base.place_config_file("fingerprints")?;
132
133 let raw = match std::fs::read_to_string(&path) {
134 Ok(v) => v,
135 Err(err) => {
136 if err.kind() == std::io::ErrorKind::NotFound {
137 String::new()
138 } else {
139 bail!("unable to read fingerprints from {:?} - {}", path, err);
140 }
141 }
142 };
143
144 let mut result = String::new();
145
146 raw.split('\n').for_each(|line| {
147 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
148 if items.len() == 2 {
149 if &items[0] == server {
150 // found, add later with new fingerprint
151 } else {
152 result.push_str(line);
153 result.push('\n');
154 }
155 }
156 });
157
158 result.push_str(server);
159 result.push(' ');
160 result.push_str(fingerprint);
161 result.push('\n');
162
163 replace_file(path, result.as_bytes(), CreateOptions::new())?;
164
165 Ok(())
166}
167
5030b7ce 168fn load_fingerprint(prefix: &str, server: &str) -> Option<String> {
5a74756c 169
5030b7ce 170 let base = BaseDirectories::with_prefix(prefix).ok()?;
5a74756c 171
5030b7ce 172 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 173 let path = base.place_config_file("fingerprints").ok()?;
174
175 let raw = std::fs::read_to_string(&path).ok()?;
176
177 for line in raw.split('\n') {
178 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
179 if items.len() == 2 {
180 if &items[0] == server {
181 return Some(items[1].clone());
182 }
183 }
184 }
185
186 None
187}
188
5030b7ce 189fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, token: &str) -> Result<(), Error> {
ba3a60b2 190
5030b7ce 191 let base = BaseDirectories::with_prefix(prefix)?;
ba3a60b2
DM		 192
193 // usually /run/user/<uid>/...
194 let path = base.place_runtime_file("tickets")?;
195
196 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
197
e18a6c9e 198 let mut data = file_get_json(&path, Some(json!({})))?;
ba3a60b2
DM		 199
200 let now = Utc::now().timestamp();
201
202 data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
203
204 let mut new_data = json!({});
205
206 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
207
208 let empty = serde_json::map::Map::new();
209 for (server, info) in data.as_object().unwrap_or(&empty) {
210 for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
211 if let Some(timestamp) = uinfo["timestamp"].as_i64() {
212 let age = now - timestamp;
213 if age < ticket_lifetime {
214 new_data[server][username] = uinfo.clone();
215 }
216 }
217 }
218 }
219
feaa1ad3 220 replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
ba3a60b2
DM		 221
222 Ok(())
223}
224
5030b7ce
DM		 225fn load_ticket_info(prefix: &str, server: &str, username: &str) -> Option<(String, String)> {
226 let base = BaseDirectories::with_prefix(prefix).ok()?;
ba3a60b2
DM		 227
228 // usually /run/user/<uid>/...
66c8eb93
CE		 229 let path = base.place_runtime_file("tickets").ok()?;
230 let data = file_get_json(&path, None).ok()?;
ba3a60b2 231 let now = Utc::now().timestamp();
ba3a60b2 232 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
66c8eb93
CE		 233 let uinfo = data[server][username].as_object()?;
234 let timestamp = uinfo["timestamp"].as_i64()?;
235 let age = now - timestamp;
236
237 if age < ticket_lifetime {
238 let ticket = uinfo["ticket"].as_str()?;
239 let token = uinfo["token"].as_str()?;
240 Some((ticket.to_owned(), token.to_owned()))
241 } else {
242 None
ba3a60b2 243 }
ba3a60b2
DM		 244}
245
597641fd
DM		 246impl HttpClient {
247
d59dbeca
DM		 248 pub fn new(server: &str, username: &str, mut options: HttpClientOptions) -> Result<Self, Error> {
249
250 let verified_fingerprint = Arc::new(Mutex::new(None));
251
5a74756c 252 let mut fingerprint = options.fingerprint.take();
5030b7ce
DM		 253 if options.fingerprint_cache && fingerprint.is_none() && options.prefix.is_some() {
254 fingerprint = load_fingerprint(options.prefix.as_ref().unwrap(), server);
5a74756c
DM		 255 }
256
5030b7ce
DM		 257 let mut ssl_connector_builder = SslConnector::builder(SslMethod::tls()).unwrap();
258
259 if options.verify_cert {
260 let server = server.to_string();
261 let verified_fingerprint = verified_fingerprint.clone();
262 let interactive = options.interactive;
263 let fingerprint_cache = options.fingerprint_cache;
264 let prefix = options.prefix.clone();
265 ssl_connector_builder.set_verify_callback(openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| {
266 let (valid, fingerprint) = Self::verify_callback(valid, ctx, fingerprint.clone(), interactive);
267 if valid {
268 if let Some(fingerprint) = fingerprint {
269 if fingerprint_cache && prefix.is_some() {
270 if let Err(err) = store_fingerprint(
271 prefix.as_ref().unwrap(), &server, &fingerprint) {
272 eprintln!("{}", err);
273 }
274 }
275 *verified_fingerprint.lock().unwrap() = Some(fingerprint);
276 }
277 }
278 valid
279 });
280 } else {
281 ssl_connector_builder.set_verify(openssl::ssl::SslVerifyMode::NONE);
282 }
283
284 let mut httpc = hyper::client::HttpConnector::new();
285 httpc.set_nodelay(true); // important for h2 download performance!
286 httpc.set_recv_buffer_size(Some(1024*1024)); //important for h2 download performance!
287 httpc.enforce_http(false); // we want https...
288
289 let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
290
291 let client = Client::builder()
292 //.http2_initial_stream_window_size( (1 << 31) - 2)
293 //.http2_initial_connection_window_size( (1 << 31) - 2)
294 .build::<_, Body>(https);
d59dbeca
DM		 295
296 let password = options.password.take();
5030b7ce 297 let use_ticket_cache = options.ticket_cache && options.prefix.is_some();
5a2df000 298
cc2ce4a9
DM		 299 let password = if let Some(password) = password {
300 password
45cdce06 301 } else {
d59dbeca 302 let mut ticket_info = None;
5030b7ce
DM		 303 if use_ticket_cache {
304 ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, username);
d59dbeca
DM		 305 }
306 if let Some((ticket, _token)) = ticket_info {
307 ticket
308 } else {
d1c65727 309 Self::get_password(&username, options.interactive)?
d59dbeca 310 }
45cdce06
DM		 311 };
312
d59dbeca
DM		 313 let login_future = Self::credentials(
314 client.clone(),
315 server.to_owned(),
316 username.to_owned(),
317 password,
5030b7ce
DM		 318 ).map_ok({
319 let server = server.to_string();
320 let prefix = options.prefix.clone();
321
322 move |auth| {
323 if use_ticket_cache & &prefix.is_some() {
324 let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.username, &auth.ticket, &auth.token);
325 }
326
327 auth
328 }
329 });
45cdce06
DM		 330
331 Ok(Self {
5a2df000 332 client,
597641fd 333 server: String::from(server),
d59dbeca 334 fingerprint: verified_fingerprint,
96f5e80a 335 auth: BroadcastFuture::new(Box::new(login_future)),
d59dbeca 336 _options: options,
45cdce06 337 })
597641fd
DM		 338 }
339
1a7a0e74 340 /// Login
e240d8be
DM		 341 ///
342 /// Login is done on demand, so this is onyl required if you need
343 /// access to authentication data in 'AuthInfo'.
96f5e80a
DM		 344 pub async fn login(&self) -> Result<AuthInfo, Error> {
345 self.auth.listen().await
e240d8be
DM		 346 }
347
d59dbeca
DM		 348 /// Returns the optional fingerprint passed to the new() constructor.
349 pub fn fingerprint(&self) -> Option<String> {
350 (*self.fingerprint.lock().unwrap()).clone()
351 }
352
d1c65727 353 fn get_password(username: &str, interactive: bool) -> Result<String, Error> {
56458d97 354 // If we're on a TTY, query the user for a password
d59dbeca 355 if interactive && tty::stdin_isatty() {
99d863d7
DM		 356 let msg = format!("Password for \"{}\": ", username);
357 return Ok(String::from_utf8(tty::read_password(&msg)?)?);
56458d97
WB		 358 }
359
360 bail!("no password input mechanism available");
361 }
362
d59dbeca
DM		 363 fn verify_callback(
364 valid: bool, ctx:
365 &mut X509StoreContextRef,
366 expected_fingerprint: Option<String>,
367 interactive: bool,
5030b7ce
DM		 368 ) -> (bool, Option<String>) {
369 if valid { return (true, None); }
d59dbeca
DM		 370
371 let cert = match ctx.current_cert() {
372 Some(cert) => cert,
5030b7ce 373 None => return (false, None),
d59dbeca
DM		 374 };
375
376 let depth = ctx.error_depth();
5030b7ce 377 if depth != 0 { return (false, None); }
d59dbeca
DM		 378
379 let fp = match cert.digest(openssl::hash::MessageDigest::sha256()) {
380 Ok(fp) => fp,
5030b7ce 381 Err(_) => return (false, None), // should not happen
d59dbeca
DM		 382 };
383 let fp_string = proxmox::tools::digest_to_hex(&fp);
384 let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
385 .collect::<Vec<&str>>().join(":");
386
387 if let Some(expected_fingerprint) = expected_fingerprint {
1bd6f32b 388 if expected_fingerprint.to_lowercase() == fp_string {
5030b7ce 389 return (true, Some(fp_string));
d59dbeca 390 } else {
5030b7ce 391 return (false, None);
d59dbeca
DM		 392 }
393 }
394
395 // If we're on a TTY, query the user
396 if interactive && tty::stdin_isatty() {
397 println!("fingerprint: {}", fp_string);
398 loop {
399 print!("Want to trust? (y/n): ");
400 let _ = std::io::stdout().flush();
401 let mut buf = [0u8; 1];
402 use std::io::Read;
403 match std::io::stdin().read_exact(&mut buf) {
404 Ok(()) => {
405 if buf[0] == b'y' || buf[0] == b'Y' {
5030b7ce 406 return (true, Some(fp_string));
d59dbeca 407 } else if buf[0] == b'n' || buf[0] == b'N' {
5030b7ce 408 return (false, None);
d59dbeca
DM		 409 }
410 }
411 Err(_) => {
5030b7ce 412 return (false, None);
d59dbeca
DM		 413 }
414 }
415 }
416 }
5030b7ce 417 (false, None)
a6b75513
DM		 418 }
419
1a7a0e74 420 pub async fn request(&self, mut req: Request<Body>) -> Result<Value, Error> {
597641fd 421
5a2df000 422 let client = self.client.clone();
597641fd 423
1a7a0e74 424 let auth = self.login().await?;
597641fd 425
1a7a0e74
DM		 426 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
427 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
428 req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
597641fd 429
1a7a0e74 430 Self::api_request(client, req).await
1fdb4c6f
DM		 431 }
432
1a7a0e74 433 pub async fn get(
a6782ca1
WB		 434 &self,
435 path: &str,
436 data: Option<Value>,
1a7a0e74 437 ) -> Result<Value, Error> {
9e391bb7 438 let req = Self::request_builder(&self.server, "GET", path, data).unwrap();
1a7a0e74 439 self.request(req).await
a6b75513
DM		 440 }
441
1a7a0e74 442 pub async fn delete(
a6782ca1
WB		 443 &mut self,
444 path: &str,
445 data: Option<Value>,
1a7a0e74 446 ) -> Result<Value, Error> {
9e391bb7 447 let req = Self::request_builder(&self.server, "DELETE", path, data).unwrap();
1a7a0e74 448 self.request(req).await
a6b75513
DM		 449 }
450
1a7a0e74 451 pub async fn post(
a6782ca1
WB		 452 &mut self,
453 path: &str,
454 data: Option<Value>,
1a7a0e74 455 ) -> Result<Value, Error> {
5a2df000 456 let req = Self::request_builder(&self.server, "POST", path, data).unwrap();
1a7a0e74 457 self.request(req).await
024f11bb
DM		 458 }
459
1a7a0e74 460 pub async fn download(
a6782ca1
WB		 461 &mut self,
462 path: &str,
1a7a0e74
DM		 463 output: &mut (dyn Write + Send),
464 ) -> Result<(), Error> {
5a2df000 465 let mut req = Self::request_builder(&self.server, "GET", path, None).unwrap();
024f11bb 466
5a2df000 467 let client = self.client.clone();
1fdb4c6f 468
1a7a0e74 469 let auth = self.login().await?;
81da38c1 470
1a7a0e74
DM		 471 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
472 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
6f62c924 473
1a7a0e74
DM		 474 let resp = client.request(req).await?;
475 let status = resp.status();
476 if !status.is_success() {
477 HttpClient::api_response(resp)
478 .map(|_| Err(format_err!("unknown error")))
479 .await?
480 } else {
481 resp.into_body()
5a2df000 482 .map_err(Error::from)
1a7a0e74
DM		 483 .try_fold(output, move |acc, chunk| async move {
484 acc.write_all(&chunk)?;
485 Ok::<_, Error>(acc)
5a2df000 486 })
1a7a0e74
DM		 487 .await?;
488 }
489 Ok(())
6f62c924
DM		 490 }
491
1a7a0e74 492 pub async fn upload(
04512d30
DM		 493 &mut self,
494 content_type: &str,
495 body: Body,
496 path: &str,
497 data: Option<Value>,
1a7a0e74 498 ) -> Result<Value, Error> {
81da38c1
DM		 499
500 let path = path.trim_matches('/');
04512d30
DM		 501 let mut url = format!("https://{}:8007/{}", &self.server, path);
502
503 if let Some(data) = data {
504 let query = tools::json_object_to_query(data).unwrap();
505 url.push('?');
506 url.push_str(&query);
507 }
508
509 let url: Uri = url.parse().unwrap();
81da38c1 510
5a2df000 511 let req = Request::builder()
81da38c1
DM		 512 .method("POST")
513 .uri(url)
514 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 515 .header("Content-Type", content_type)
516 .body(body).unwrap();
81da38c1 517
1a7a0e74 518 self.request(req).await
1fdb4c6f
DM		 519 }
520
1a7a0e74 521 pub async fn start_h2_connection(
fb047083
DM		 522 &self,
523 mut req: Request<Body>,
524 protocol_name: String,
dc089345 525 ) -> Result<(H2Client, futures::future::AbortHandle), Error> {
cf639a47 526
1a7a0e74 527 let auth = self.login().await?;
cf639a47
DM		 528 let client = self.client.clone();
529
1a7a0e74
DM		 530 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
531 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
532 req.headers_mut().insert("UPGRADE", HeaderValue::from_str(&protocol_name).unwrap());
cf639a47 533
1a7a0e74
DM		 534 let resp = client.request(req).await?;
535 let status = resp.status();
cf639a47 536
1a7a0e74 537 if status != http::StatusCode::SWITCHING_PROTOCOLS {
ca611955
DM		 538 Self::api_response(resp).await?;
539 bail!("unknown error");
1a7a0e74
DM		 540 }
541
542 let upgraded = resp
543 .into_body()
544 .on_upgrade()
545 .await?;
546
547 let max_window_size = (1 << 31) - 2;
548
549 let (h2, connection) = h2::client::Builder::new()
550 .initial_connection_window_size(max_window_size)
551 .initial_window_size(max_window_size)
552 .max_frame_size(4*1024*1024)
553 .handshake(upgraded)
554 .await?;
555
556 let connection = connection
557 .map_err(|_| panic!("HTTP/2.0 connection failed"));
558
dc089345 559 let (connection, abort) = futures::future::abortable(connection);
1a7a0e74
DM		 560 // A cancellable future returns an Option which is None when cancelled and
561 // Some when it finished instead, since we don't care about the return type we
562 // need to map it away:
563 let connection = connection.map(|_| ());
564
565 // Spawn a new task to drive the connection state
db0cb9ce 566 tokio::spawn(connection);
1a7a0e74
DM		 567
568 // Wait until the `SendRequest` handle has available capacity.
569 let c = h2.ready().await?;
dc089345 570 Ok((H2Client::new(c), abort))
cf639a47
DM		 571 }
572
9d35dbbb 573 async fn credentials(
1434f4f8 574 client: Client<HttpsConnector>,
45cdce06
DM		 575 server: String,
576 username: String,
577 password: String,
9d35dbbb
DM		 578 ) -> Result<AuthInfo, Error> {
579 let data = json!({ "username": username, "password": password });
580 let req = Self::request_builder(&server, "POST", "/api2/json/access/ticket", Some(data)).unwrap();
581 let cred = Self::api_request(client, req).await?;
582 let auth = AuthInfo {
583 username: cred["data"]["username"].as_str().unwrap().to_owned(),
584 ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
585 token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
586 };
587
9d35dbbb 588 Ok(auth)
ba3a60b2
DM		 589 }
590
a6782ca1 591 async fn api_response(response: Response<Body>) -> Result<Value, Error> {
d2c48afc 592 let status = response.status();
db0cb9ce 593 let data = hyper::body::to_bytes(response.into_body()).await?;
a6782ca1
WB		 594
595 let text = String::from_utf8(data.to_vec()).unwrap();
596 if status.is_success() {
11377a47
DM		 597 if text.is_empty() {
598 Ok(Value::Null)
599 } else {
a6782ca1
WB		 600 let value: Value = serde_json::from_str(&text)?;
601 Ok(value)
a6782ca1
WB		 602 }
603 } else {
604 bail!("HTTP Error {}: {}", status, text);
605 }
d2c48afc
DM		 606 }
607
1a7a0e74 608 async fn api_request(
1434f4f8 609 client: Client<HttpsConnector>,
5a2df000 610 req: Request<Body>
1a7a0e74 611 ) -> Result<Value, Error> {
ba3a60b2 612
5a2df000
DM		 613 client.request(req)
614 .map_err(Error::from)
d2c48afc 615 .and_then(Self::api_response)
1a7a0e74 616 .await
0dffe3f9
DM		 617 }
618
9e490a74
DM		 619 // Read-only access to server property
620 pub fn server(&self) -> &str {
621 &self.server
622 }
623
5a2df000 624 pub fn request_builder(server: &str, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
591f570b 625 let path = path.trim_matches('/');
5a2df000
DM		 626 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
627
628 if let Some(data) = data {
629 if method == "POST" {
630 let request = Request::builder()
631 .method(method)
632 .uri(url)
633 .header("User-Agent", "proxmox-backup-client/1.0")
634 .header(hyper::header::CONTENT_TYPE, "application/json")
635 .body(Body::from(data.to_string()))?;
636 return Ok(request);
637 } else {
9e391bb7
DM		 638 let query = tools::json_object_to_query(data)?;
639 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
640 let request = Request::builder()
641 .method(method)
642 .uri(url)
643 .header("User-Agent", "proxmox-backup-client/1.0")
644 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
645 .body(Body::empty())?;
646 return Ok(request);
5a2df000 647 }
5a2df000 648 }
0dffe3f9 649
1fdb4c6f 650 let request = Request::builder()
5a2df000 651 .method(method)
1fdb4c6f
DM		 652 .uri(url)
653 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 654 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
655 .body(Body::empty())?;
1fdb4c6f 656
5a2df000 657 Ok(request)
597641fd
DM		 658 }
659}
b57cb264 660
9af37c8f
DM		 661
662#[derive(Clone)]
663pub struct H2Client {
664 h2: h2::client::SendRequest<bytes::Bytes>,
665}
666
667impl H2Client {
668
669 pub fn new(h2: h2::client::SendRequest<bytes::Bytes>) -> Self {
670 Self { h2 }
671 }
672
2a1e6d7d
DM		 673 pub async fn get(
674 &self,
675 path: &str,
676 param: Option<Value>
677 ) -> Result<Value, Error> {
792a70b9 678 let req = Self::request_builder("localhost", "GET", path, param, None).unwrap();
2a1e6d7d 679 self.request(req).await
9af37c8f
DM		 680 }
681
2a1e6d7d
DM		 682 pub async fn put(
683 &self,
684 path: &str,
685 param: Option<Value>
686 ) -> Result<Value, Error> {
792a70b9 687 let req = Self::request_builder("localhost", "PUT", path, param, None).unwrap();
2a1e6d7d 688 self.request(req).await
9af37c8f
DM		 689 }
690
2a1e6d7d
DM		 691 pub async fn post(
692 &self,
693 path: &str,
694 param: Option<Value>
695 ) -> Result<Value, Error> {
792a70b9 696 let req = Self::request_builder("localhost", "POST", path, param, None).unwrap();
2a1e6d7d 697 self.request(req).await
9af37c8f
DM		 698 }
699
d4a085e5 700 pub async fn download<W: Write + Send>(
a6782ca1
WB		 701 &self,
702 path: &str,
703 param: Option<Value>,
2a1e6d7d 704 mut output: W,
d4a085e5 705 ) -> Result<W, Error> {
792a70b9 706 let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
dd066d28 707
2a1e6d7d 708 let response_future = self.send_request(request, None).await?;
984a7c35 709
2a1e6d7d
DM		 710 let resp = response_future.await?;
711
712 let status = resp.status();
713 if !status.is_success() {
44f59dc7
DM		 714 H2Client::h2api_response(resp).await?; // raise error
715 unreachable!();
2a1e6d7d
DM		 716 }
717
718 let mut body = resp.into_body();
db0cb9ce
WB		 719 while let Some(chunk) = body.data().await {
720 let chunk = chunk?;
721 body.flow_control().release_capacity(chunk.len())?;
2a1e6d7d
DM		 722 output.write_all(&chunk)?;
723 }
724
725 Ok(output)
dd066d28
DM		 726 }
727
2a1e6d7d 728 pub async fn upload(
a6782ca1 729 &self,
f011dba0 730 method: &str, // POST or PUT
a6782ca1
WB		 731 path: &str,
732 param: Option<Value>,
792a70b9 733 content_type: &str,
a6782ca1 734 data: Vec<u8>,
2a1e6d7d 735 ) -> Result<Value, Error> {
f011dba0 736 let request = Self::request_builder("localhost", method, path, param, Some(content_type)).unwrap();
9af37c8f 737
2a1e6d7d
DM		 738 let mut send_request = self.h2.clone().ready().await?;
739
740 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 741
742 PipeToSendStream::new(bytes::Bytes::from(data), stream).await?;
743
744 response
745 .map_err(Error::from)
746 .and_then(Self::h2api_response)
2a1e6d7d 747 .await
9af37c8f 748 }
adec8ea2 749
2a1e6d7d 750 async fn request(
9af37c8f 751 &self,
b57cb264 752 request: Request<()>,
2a1e6d7d 753 ) -> Result<Value, Error> {
b57cb264 754
9af37c8f 755 self.send_request(request, None)
82ab7230
DM		 756 .and_then(move |response| {
757 response
758 .map_err(Error::from)
759 .and_then(Self::h2api_response)
760 })
2a1e6d7d 761 .await
82ab7230
DM		 762 }
763
cf9271e2 764 pub fn send_request(
9af37c8f 765 &self,
82ab7230
DM		 766 request: Request<()>,
767 data: Option<bytes::Bytes>,
a6782ca1 768 ) -> impl Future<Output = Result<h2::client::ResponseFuture, Error>> {
82ab7230 769
9af37c8f 770 self.h2.clone()
10130cf4
DM		 771 .ready()
772 .map_err(Error::from)
2a05048b 773 .and_then(move |mut send_request| async move {
82ab7230
DM		 774 if let Some(data) = data {
775 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 776 PipeToSendStream::new(data, stream).await?;
777 Ok(response)
82ab7230
DM		 778 } else {
779 let (response, _stream) = send_request.send_request(request, true).unwrap();
2a05048b 780 Ok(response)
82ab7230 781 }
b57cb264
DM		 782 })
783 }
784
f16aea68 785 pub async fn h2api_response(
a6782ca1 786 response: Response<h2::RecvStream>,
9edd3bf1 787 ) -> Result<Value, Error> {
b57cb264
DM		 788 let status = response.status();
789
790 let (_head, mut body) = response.into_parts();
791
9edd3bf1 792 let mut data = Vec::new();
db0cb9ce
WB		 793 while let Some(chunk) = body.data().await {
794 let chunk = chunk?;
795 // Whenever data is received, the caller is responsible for
796 // releasing capacity back to the server once it has freed
797 // the data from memory.
9edd3bf1 798 // Let the server send more data.
db0cb9ce 799 body.flow_control().release_capacity(chunk.len())?;
9edd3bf1
DM		 800 data.extend(chunk);
801 }
802
803 let text = String::from_utf8(data.to_vec()).unwrap();
804 if status.is_success() {
11377a47
DM		 805 if text.is_empty() {
806 Ok(Value::Null)
807 } else {
9edd3bf1
DM		 808 let mut value: Value = serde_json::from_str(&text)?;
809 if let Some(map) = value.as_object_mut() {
810 if let Some(data) = map.remove("data") {
811 return Ok(data);
b57cb264 812 }
b57cb264 813 }
9edd3bf1 814 bail!("got result without data property");
9edd3bf1
DM		 815 }
816 } else {
817 bail!("HTTP Error {}: {}", status, text);
818 }
b57cb264
DM		 819 }
820
eb2bdd1b 821 // Note: We always encode parameters with the url
792a70b9
DM		 822 pub fn request_builder(
823 server: &str,
824 method: &str,
825 path: &str,
826 param: Option<Value>,
827 content_type: Option<&str>,
828 ) -> Result<Request<()>, Error> {
b57cb264 829 let path = path.trim_matches('/');
b57cb264 830
792a70b9
DM		 831 let content_type = content_type.unwrap_or("application/x-www-form-urlencoded");
832
a55b2975
DM		 833 if let Some(param) = param {
834 let query = tools::json_object_to_query(param)?;
eb2bdd1b
DM		 835 // We detected problem with hyper around 6000 characters - seo we try to keep on the safe side
836 if query.len() > 4096 { bail!("h2 query data too large ({} bytes) - please encode data inside body", query.len()); }
b57cb264 837 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
eb2bdd1b 838 let request = Request::builder()
b57cb264
DM		 839 .method(method)
840 .uri(url)
841 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 842 .header(hyper::header::CONTENT_TYPE, content_type)
b57cb264 843 .body(())?;
62ee2eb4 844 Ok(request)
eb2bdd1b
DM		 845 } else {
846 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
847 let request = Request::builder()
848 .method(method)
849 .uri(url)
850 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 851 .header(hyper::header::CONTENT_TYPE, content_type)
eb2bdd1b 852 .body(())?;
b57cb264 853
eb2bdd1b
DM		 854 Ok(request)
855 }
b57cb264
DM		 856 }
857}
1434f4f8 858
db0cb9ce 859#[derive(Clone)]
1434f4f8
WB		 860pub struct HttpsConnector {
861 http: HttpConnector,
db0cb9ce 862 ssl_connector: std::sync::Arc<SslConnector>,
1434f4f8
WB		 863}
864
865impl HttpsConnector {
866 pub fn with_connector(mut http: HttpConnector, ssl_connector: SslConnector) -> Self {
867 http.enforce_http(false);
868
869 Self {
870 http,
db0cb9ce 871 ssl_connector: std::sync::Arc::new(ssl_connector),
1434f4f8
WB		 872 }
873 }
874}
875
876type MaybeTlsStream = EitherStream<
877 tokio::net::TcpStream,
878 tokio_openssl::SslStream<tokio::net::TcpStream>,
879>;
880
db0cb9ce
WB		 881impl hyper::service::Service<Uri> for HttpsConnector {
882 type Response = MaybeTlsStream;
1434f4f8 883 type Error = Error;
db0cb9ce
WB		 884 type Future = std::pin::Pin<Box<
885 dyn Future<Output = Result<Self::Response, Self::Error>> + Send + 'static
886 >>;
1434f4f8 887
db0cb9ce
WB		 888 fn poll_ready(&mut self, _: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
889 // This connector is always ready, but others might not be.
890 Poll::Ready(Ok(()))
891 }
1434f4f8 892
db0cb9ce
WB		 893 fn call(&mut self, dst: Uri) -> Self::Future {
894 let mut this = self.clone();
895 async move {
896 let is_https = dst
897 .scheme()
898 .ok_or_else(|| format_err!("missing URL scheme"))?
899 == "https";
900 let host = dst
901 .host()
902 .ok_or_else(|| format_err!("missing hostname in destination url?"))?
903 .to_string();
904
905 let config = this.ssl_connector.configure();
906 let conn = this.http.call(dst).await?;
1434f4f8
WB		 907 if is_https {
908 let conn = tokio_openssl::connect(config?, &host, conn).await?;
db0cb9ce 909 Ok(MaybeTlsStream::Right(conn))
1434f4f8 910 } else {
db0cb9ce 911 Ok(MaybeTlsStream::Left(conn))
1434f4f8 912 }
db0cb9ce 913 }.boxed()
1434f4f8
WB		 914 }
915}
Proxmox Backup Server and Client