]> git.proxmox.com Git - proxmox-backup.git/blame - src/client/http_client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
d/control: proxmox 0.3.3
[proxmox-backup.git] / src / client / http_client.rs
CommitLineData
c2b94534 1use std::io::Write;
db0cb9ce 2use std::task::{Context, Poll};
d59dbeca 3use std::sync::{Arc, Mutex};
597641fd 4
cf9271e2 5use chrono::Utc;
f7d4e4b5 6use anyhow::{bail, format_err, Error};
82ab7230 7use futures::*;
7a57cb77
WB		 8use http::Uri;
9use http::header::HeaderValue;
10use http::{Request, Response};
11use hyper::Body;
1434f4f8 12use hyper::client::{Client, HttpConnector};
d59dbeca 13use openssl::{ssl::{SslConnector, SslMethod}, x509::X509StoreContextRef};
ba3a60b2 14use serde_json::{json, Value};
8a1028e0 15use percent_encoding::percent_encode;
7a57cb77 16use xdg::BaseDirectories;
1fdb4c6f 17
501f4fa2 18use proxmox::{
91f5594c 19 api::error::HttpError,
501f4fa2
DM		 20 sys::linux::tty,
21 tools::{
22 fs::{file_get_json, replace_file, CreateOptions},
23 }
e18a6c9e
DM		 24};
25
7a57cb77 26use super::pipe_to_stream::PipeToSendStream;
1434f4f8 27use crate::tools::async_io::EitherStream;
501f4fa2 28use crate::tools::{self, BroadcastFuture, DEFAULT_ENCODE_SET};
986bef16 29
5a2df000 30#[derive(Clone)]
e240d8be 31pub struct AuthInfo {
3743dee6
DM		 32 pub username: String,
33 pub ticket: String,
34 pub token: String,
5a2df000 35}
56458d97 36
d59dbeca 37pub struct HttpClientOptions {
5030b7ce 38 prefix: Option<String>,
d59dbeca
DM		 39 password: Option<String>,
40 fingerprint: Option<String>,
41 interactive: bool,
42 ticket_cache: bool,
5a74756c 43 fingerprint_cache: bool,
d59dbeca
DM		 44 verify_cert: bool,
45}
46
47impl HttpClientOptions {
48
49 pub fn new() -> Self {
50 Self {
5030b7ce 51 prefix: None,
d59dbeca
DM		 52 password: None,
53 fingerprint: None,
54 interactive: false,
55 ticket_cache: false,
5a74756c 56 fingerprint_cache: false,
d59dbeca
DM		 57 verify_cert: true,
58 }
59 }
60
5030b7ce
DM		 61 pub fn prefix(mut self, prefix: Option<String>) -> Self {
62 self.prefix = prefix;
63 self
64 }
65
d59dbeca
DM		 66 pub fn password(mut self, password: Option<String>) -> Self {
67 self.password = password;
68 self
69 }
70
71 pub fn fingerprint(mut self, fingerprint: Option<String>) -> Self {
72 self.fingerprint = fingerprint;
73 self
74 }
75
76 pub fn interactive(mut self, interactive: bool) -> Self {
77 self.interactive = interactive;
78 self
79 }
80
81 pub fn ticket_cache(mut self, ticket_cache: bool) -> Self {
82 self.ticket_cache = ticket_cache;
83 self
84 }
85
5a74756c
DM		 86 pub fn fingerprint_cache(mut self, fingerprint_cache: bool) -> Self {
87 self.fingerprint_cache = fingerprint_cache;
88 self
89 }
90
d59dbeca
DM		 91 pub fn verify_cert(mut self, verify_cert: bool) -> Self {
92 self.verify_cert = verify_cert;
93 self
94 }
95}
96
151c6ce2 97/// HTTP(S) API client
597641fd 98pub struct HttpClient {
1434f4f8 99 client: Client<HttpsConnector>,
597641fd 100 server: String,
d59dbeca 101 fingerprint: Arc<Mutex<Option<String>>>,
5a2df000 102 auth: BroadcastFuture<AuthInfo>,
d59dbeca 103 _options: HttpClientOptions,
597641fd
DM		 104}
105
e240d8be 106/// Delete stored ticket data (logout)
5030b7ce 107pub fn delete_ticket_info(prefix: &str, server: &str, username: &str) -> Result<(), Error> {
e240d8be 108
5030b7ce 109 let base = BaseDirectories::with_prefix(prefix)?;
e240d8be
DM		 110
111 // usually /run/user/<uid>/...
112 let path = base.place_runtime_file("tickets")?;
113
114 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
115
116 let mut data = file_get_json(&path, Some(json!({})))?;
117
118 if let Some(map) = data[server].as_object_mut() {
119 map.remove(username);
120 }
121
feaa1ad3 122 replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
e240d8be
DM		 123
124 Ok(())
125}
126
5030b7ce 127fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<(), Error> {
5a74756c 128
5030b7ce 129 let base = BaseDirectories::with_prefix(prefix)?;
5a74756c 130
5030b7ce 131 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 132 let path = base.place_config_file("fingerprints")?;
133
134 let raw = match std::fs::read_to_string(&path) {
135 Ok(v) => v,
136 Err(err) => {
137 if err.kind() == std::io::ErrorKind::NotFound {
138 String::new()
139 } else {
140 bail!("unable to read fingerprints from {:?} - {}", path, err);
141 }
142 }
143 };
144
145 let mut result = String::new();
146
147 raw.split('\n').for_each(|line| {
148 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
149 if items.len() == 2 {
150 if &items[0] == server {
151 // found, add later with new fingerprint
152 } else {
153 result.push_str(line);
154 result.push('\n');
155 }
156 }
157 });
158
159 result.push_str(server);
160 result.push(' ');
161 result.push_str(fingerprint);
162 result.push('\n');
163
164 replace_file(path, result.as_bytes(), CreateOptions::new())?;
165
166 Ok(())
167}
168
5030b7ce 169fn load_fingerprint(prefix: &str, server: &str) -> Option<String> {
5a74756c 170
5030b7ce 171 let base = BaseDirectories::with_prefix(prefix).ok()?;
5a74756c 172
5030b7ce 173 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 174 let path = base.place_config_file("fingerprints").ok()?;
175
176 let raw = std::fs::read_to_string(&path).ok()?;
177
178 for line in raw.split('\n') {
179 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
180 if items.len() == 2 {
181 if &items[0] == server {
182 return Some(items[1].clone());
183 }
184 }
185 }
186
187 None
188}
189
5030b7ce 190fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, token: &str) -> Result<(), Error> {
ba3a60b2 191
5030b7ce 192 let base = BaseDirectories::with_prefix(prefix)?;
ba3a60b2
DM		 193
194 // usually /run/user/<uid>/...
195 let path = base.place_runtime_file("tickets")?;
196
197 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
198
e18a6c9e 199 let mut data = file_get_json(&path, Some(json!({})))?;
ba3a60b2
DM		 200
201 let now = Utc::now().timestamp();
202
203 data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
204
205 let mut new_data = json!({});
206
207 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
208
209 let empty = serde_json::map::Map::new();
210 for (server, info) in data.as_object().unwrap_or(&empty) {
211 for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
212 if let Some(timestamp) = uinfo["timestamp"].as_i64() {
213 let age = now - timestamp;
214 if age < ticket_lifetime {
215 new_data[server][username] = uinfo.clone();
216 }
217 }
218 }
219 }
220
feaa1ad3 221 replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
ba3a60b2
DM		 222
223 Ok(())
224}
225
5030b7ce
DM		 226fn load_ticket_info(prefix: &str, server: &str, username: &str) -> Option<(String, String)> {
227 let base = BaseDirectories::with_prefix(prefix).ok()?;
ba3a60b2
DM		 228
229 // usually /run/user/<uid>/...
66c8eb93
CE		 230 let path = base.place_runtime_file("tickets").ok()?;
231 let data = file_get_json(&path, None).ok()?;
ba3a60b2 232 let now = Utc::now().timestamp();
ba3a60b2 233 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
66c8eb93
CE		 234 let uinfo = data[server][username].as_object()?;
235 let timestamp = uinfo["timestamp"].as_i64()?;
236 let age = now - timestamp;
237
238 if age < ticket_lifetime {
239 let ticket = uinfo["ticket"].as_str()?;
240 let token = uinfo["token"].as_str()?;
241 Some((ticket.to_owned(), token.to_owned()))
242 } else {
243 None
ba3a60b2 244 }
ba3a60b2
DM		 245}
246
597641fd
DM		 247impl HttpClient {
248
d59dbeca
DM		 249 pub fn new(server: &str, username: &str, mut options: HttpClientOptions) -> Result<Self, Error> {
250
251 let verified_fingerprint = Arc::new(Mutex::new(None));
252
5a74756c 253 let mut fingerprint = options.fingerprint.take();
a6e3da98
DM		 254
255 if fingerprint.is_some() {
256 // do not store fingerprints passed via options in cache
257 options.fingerprint_cache = false;
258 } else if options.fingerprint_cache && options.prefix.is_some() {
5030b7ce 259 fingerprint = load_fingerprint(options.prefix.as_ref().unwrap(), server);
5a74756c
DM		 260 }
261
5030b7ce
DM		 262 let mut ssl_connector_builder = SslConnector::builder(SslMethod::tls()).unwrap();
263
264 if options.verify_cert {
265 let server = server.to_string();
266 let verified_fingerprint = verified_fingerprint.clone();
267 let interactive = options.interactive;
268 let fingerprint_cache = options.fingerprint_cache;
269 let prefix = options.prefix.clone();
270 ssl_connector_builder.set_verify_callback(openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| {
271 let (valid, fingerprint) = Self::verify_callback(valid, ctx, fingerprint.clone(), interactive);
272 if valid {
273 if let Some(fingerprint) = fingerprint {
274 if fingerprint_cache && prefix.is_some() {
275 if let Err(err) = store_fingerprint(
276 prefix.as_ref().unwrap(), &server, &fingerprint) {
277 eprintln!("{}", err);
278 }
279 }
280 *verified_fingerprint.lock().unwrap() = Some(fingerprint);
281 }
282 }
283 valid
284 });
285 } else {
286 ssl_connector_builder.set_verify(openssl::ssl::SslVerifyMode::NONE);
287 }
288
289 let mut httpc = hyper::client::HttpConnector::new();
290 httpc.set_nodelay(true); // important for h2 download performance!
291 httpc.set_recv_buffer_size(Some(1024*1024)); //important for h2 download performance!
292 httpc.enforce_http(false); // we want https...
293
294 let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
295
296 let client = Client::builder()
297 //.http2_initial_stream_window_size( (1 << 31) - 2)
298 //.http2_initial_connection_window_size( (1 << 31) - 2)
299 .build::<_, Body>(https);
d59dbeca
DM		 300
301 let password = options.password.take();
5030b7ce 302 let use_ticket_cache = options.ticket_cache && options.prefix.is_some();
5a2df000 303
cc2ce4a9
DM		 304 let password = if let Some(password) = password {
305 password
45cdce06 306 } else {
d59dbeca 307 let mut ticket_info = None;
5030b7ce
DM		 308 if use_ticket_cache {
309 ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, username);
d59dbeca
DM		 310 }
311 if let Some((ticket, _token)) = ticket_info {
312 ticket
313 } else {
d1c65727 314 Self::get_password(&username, options.interactive)?
d59dbeca 315 }
45cdce06
DM		 316 };
317
d59dbeca
DM		 318 let login_future = Self::credentials(
319 client.clone(),
320 server.to_owned(),
321 username.to_owned(),
322 password,
5030b7ce
DM		 323 ).map_ok({
324 let server = server.to_string();
325 let prefix = options.prefix.clone();
326
327 move |auth| {
328 if use_ticket_cache & &prefix.is_some() {
329 let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.username, &auth.ticket, &auth.token);
330 }
331
332 auth
333 }
334 });
45cdce06
DM		 335
336 Ok(Self {
5a2df000 337 client,
597641fd 338 server: String::from(server),
d59dbeca 339 fingerprint: verified_fingerprint,
96f5e80a 340 auth: BroadcastFuture::new(Box::new(login_future)),
d59dbeca 341 _options: options,
45cdce06 342 })
597641fd
DM		 343 }
344
1a7a0e74 345 /// Login
e240d8be 346 ///
add5861e 347 /// Login is done on demand, so this is only required if you need
e240d8be 348 /// access to authentication data in 'AuthInfo'.
96f5e80a
DM		 349 pub async fn login(&self) -> Result<AuthInfo, Error> {
350 self.auth.listen().await
e240d8be
DM		 351 }
352
d59dbeca
DM		 353 /// Returns the optional fingerprint passed to the new() constructor.
354 pub fn fingerprint(&self) -> Option<String> {
355 (*self.fingerprint.lock().unwrap()).clone()
356 }
357
d1c65727 358 fn get_password(username: &str, interactive: bool) -> Result<String, Error> {
56458d97 359 // If we're on a TTY, query the user for a password
d59dbeca 360 if interactive && tty::stdin_isatty() {
99d863d7
DM		 361 let msg = format!("Password for \"{}\": ", username);
362 return Ok(String::from_utf8(tty::read_password(&msg)?)?);
56458d97
WB		 363 }
364
365 bail!("no password input mechanism available");
366 }
367
d59dbeca
DM		 368 fn verify_callback(
369 valid: bool, ctx:
370 &mut X509StoreContextRef,
371 expected_fingerprint: Option<String>,
372 interactive: bool,
5030b7ce
DM		 373 ) -> (bool, Option<String>) {
374 if valid { return (true, None); }
d59dbeca
DM		 375
376 let cert = match ctx.current_cert() {
377 Some(cert) => cert,
5030b7ce 378 None => return (false, None),
d59dbeca
DM		 379 };
380
381 let depth = ctx.error_depth();
5030b7ce 382 if depth != 0 { return (false, None); }
d59dbeca
DM		 383
384 let fp = match cert.digest(openssl::hash::MessageDigest::sha256()) {
385 Ok(fp) => fp,
5030b7ce 386 Err(_) => return (false, None), // should not happen
d59dbeca
DM		 387 };
388 let fp_string = proxmox::tools::digest_to_hex(&fp);
389 let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
390 .collect::<Vec<&str>>().join(":");
391
392 if let Some(expected_fingerprint) = expected_fingerprint {
1bd6f32b 393 if expected_fingerprint.to_lowercase() == fp_string {
5030b7ce 394 return (true, Some(fp_string));
d59dbeca 395 } else {
5030b7ce 396 return (false, None);
d59dbeca
DM		 397 }
398 }
399
400 // If we're on a TTY, query the user
401 if interactive && tty::stdin_isatty() {
402 println!("fingerprint: {}", fp_string);
403 loop {
a595f0fe 404 print!("Are you sure you want to continue connecting? (y/n): ");
d59dbeca 405 let _ = std::io::stdout().flush();
a595f0fe
WB		 406 use std::io::{BufRead, BufReader};
407 let mut line = String::new();
408 match BufReader::new(std::io::stdin()).read_line(&mut line) {
409 Ok(_) => {
410 let trimmed = line.trim();
411 if trimmed == "y" || trimmed == "Y" {
5030b7ce 412 return (true, Some(fp_string));
a595f0fe 413 } else if trimmed == "n" || trimmed == "N" {
5030b7ce 414 return (false, None);
a595f0fe
WB		 415 } else {
416 continue;
d59dbeca
DM		 417 }
418 }
a595f0fe 419 Err(_) => return (false, None),
d59dbeca
DM		 420 }
421 }
422 }
5030b7ce 423 (false, None)
a6b75513
DM		 424 }
425
1a7a0e74 426 pub async fn request(&self, mut req: Request<Body>) -> Result<Value, Error> {
597641fd 427
5a2df000 428 let client = self.client.clone();
597641fd 429
1a7a0e74 430 let auth = self.login().await?;
597641fd 431
1a7a0e74
DM		 432 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
433 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
434 req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
597641fd 435
1a7a0e74 436 Self::api_request(client, req).await
1fdb4c6f
DM		 437 }
438
1a7a0e74 439 pub async fn get(
a6782ca1
WB		 440 &self,
441 path: &str,
442 data: Option<Value>,
1a7a0e74 443 ) -> Result<Value, Error> {
9e391bb7 444 let req = Self::request_builder(&self.server, "GET", path, data).unwrap();
1a7a0e74 445 self.request(req).await
a6b75513
DM		 446 }
447
1a7a0e74 448 pub async fn delete(
a6782ca1
WB		 449 &mut self,
450 path: &str,
451 data: Option<Value>,
1a7a0e74 452 ) -> Result<Value, Error> {
9e391bb7 453 let req = Self::request_builder(&self.server, "DELETE", path, data).unwrap();
1a7a0e74 454 self.request(req).await
a6b75513
DM		 455 }
456
1a7a0e74 457 pub async fn post(
a6782ca1
WB		 458 &mut self,
459 path: &str,
460 data: Option<Value>,
1a7a0e74 461 ) -> Result<Value, Error> {
5a2df000 462 let req = Self::request_builder(&self.server, "POST", path, data).unwrap();
1a7a0e74 463 self.request(req).await
024f11bb
DM		 464 }
465
1a7a0e74 466 pub async fn download(
a6782ca1
WB		 467 &mut self,
468 path: &str,
1a7a0e74 469 output: &mut (dyn Write + Send),
3d571d55 470 ) -> Result<(), Error> {
5a2df000 471 let mut req = Self::request_builder(&self.server, "GET", path, None).unwrap();
024f11bb 472
5a2df000 473 let client = self.client.clone();
1fdb4c6f 474
1a7a0e74 475 let auth = self.login().await?;
81da38c1 476
1a7a0e74
DM		 477 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
478 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
6f62c924 479
1a7a0e74
DM		 480 let resp = client.request(req).await?;
481 let status = resp.status();
482 if !status.is_success() {
483 HttpClient::api_response(resp)
484 .map(|_| Err(format_err!("unknown error")))
485 .await?
486 } else {
487 resp.into_body()
5a2df000 488 .map_err(Error::from)
1a7a0e74
DM		 489 .try_fold(output, move |acc, chunk| async move {
490 acc.write_all(&chunk)?;
491 Ok::<_, Error>(acc)
5a2df000 492 })
1a7a0e74
DM		 493 .await?;
494 }
495 Ok(())
6f62c924
DM		 496 }
497
1a7a0e74 498 pub async fn upload(
04512d30
DM		 499 &mut self,
500 content_type: &str,
501 body: Body,
502 path: &str,
503 data: Option<Value>,
1a7a0e74 504 ) -> Result<Value, Error> {
81da38c1
DM		 505
506 let path = path.trim_matches('/');
04512d30
DM		 507 let mut url = format!("https://{}:8007/{}", &self.server, path);
508
509 if let Some(data) = data {
510 let query = tools::json_object_to_query(data).unwrap();
511 url.push('?');
512 url.push_str(&query);
513 }
514
515 let url: Uri = url.parse().unwrap();
81da38c1 516
5a2df000 517 let req = Request::builder()
81da38c1
DM		 518 .method("POST")
519 .uri(url)
520 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 521 .header("Content-Type", content_type)
522 .body(body).unwrap();
81da38c1 523
1a7a0e74 524 self.request(req).await
1fdb4c6f
DM		 525 }
526
1a7a0e74 527 pub async fn start_h2_connection(
fb047083
DM		 528 &self,
529 mut req: Request<Body>,
530 protocol_name: String,
dc089345 531 ) -> Result<(H2Client, futures::future::AbortHandle), Error> {
cf639a47 532
1a7a0e74 533 let auth = self.login().await?;
cf639a47
DM		 534 let client = self.client.clone();
535
1a7a0e74
DM		 536 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
537 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
538 req.headers_mut().insert("UPGRADE", HeaderValue::from_str(&protocol_name).unwrap());
cf639a47 539
1a7a0e74
DM		 540 let resp = client.request(req).await?;
541 let status = resp.status();
cf639a47 542
1a7a0e74 543 if status != http::StatusCode::SWITCHING_PROTOCOLS {
ca611955
DM		 544 Self::api_response(resp).await?;
545 bail!("unknown error");
1a7a0e74
DM		 546 }
547
548 let upgraded = resp
549 .into_body()
550 .on_upgrade()
551 .await?;
552
553 let max_window_size = (1 << 31) - 2;
554
555 let (h2, connection) = h2::client::Builder::new()
556 .initial_connection_window_size(max_window_size)
557 .initial_window_size(max_window_size)
558 .max_frame_size(4*1024*1024)
559 .handshake(upgraded)
560 .await?;
561
562 let connection = connection
563 .map_err(|_| panic!("HTTP/2.0 connection failed"));
564
dc089345 565 let (connection, abort) = futures::future::abortable(connection);
1a7a0e74
DM		 566 // A cancellable future returns an Option which is None when cancelled and
567 // Some when it finished instead, since we don't care about the return type we
568 // need to map it away:
569 let connection = connection.map(|_| ());
570
571 // Spawn a new task to drive the connection state
db0cb9ce 572 tokio::spawn(connection);
1a7a0e74
DM		 573
574 // Wait until the `SendRequest` handle has available capacity.
575 let c = h2.ready().await?;
dc089345 576 Ok((H2Client::new(c), abort))
cf639a47
DM		 577 }
578
9d35dbbb 579 async fn credentials(
1434f4f8 580 client: Client<HttpsConnector>,
45cdce06
DM		 581 server: String,
582 username: String,
583 password: String,
9d35dbbb
DM		 584 ) -> Result<AuthInfo, Error> {
585 let data = json!({ "username": username, "password": password });
586 let req = Self::request_builder(&server, "POST", "/api2/json/access/ticket", Some(data)).unwrap();
587 let cred = Self::api_request(client, req).await?;
588 let auth = AuthInfo {
589 username: cred["data"]["username"].as_str().unwrap().to_owned(),
590 ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
591 token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
592 };
593
9d35dbbb 594 Ok(auth)
ba3a60b2
DM		 595 }
596
a6782ca1 597 async fn api_response(response: Response<Body>) -> Result<Value, Error> {
d2c48afc 598 let status = response.status();
db0cb9ce 599 let data = hyper::body::to_bytes(response.into_body()).await?;
a6782ca1
WB		 600
601 let text = String::from_utf8(data.to_vec()).unwrap();
602 if status.is_success() {
11377a47
DM		 603 if text.is_empty() {
604 Ok(Value::Null)
605 } else {
a6782ca1
WB		 606 let value: Value = serde_json::from_str(&text)?;
607 Ok(value)
a6782ca1
WB		 608 }
609 } else {
91f5594c 610 Err(Error::from(HttpError::new(status, text)))
a6782ca1 611 }
d2c48afc
DM		 612 }
613
1a7a0e74 614 async fn api_request(
1434f4f8 615 client: Client<HttpsConnector>,
5a2df000 616 req: Request<Body>
1a7a0e74 617 ) -> Result<Value, Error> {
ba3a60b2 618
5a2df000
DM		 619 client.request(req)
620 .map_err(Error::from)
d2c48afc 621 .and_then(Self::api_response)
1a7a0e74 622 .await
0dffe3f9
DM		 623 }
624
9e490a74
DM		 625 // Read-only access to server property
626 pub fn server(&self) -> &str {
627 &self.server
628 }
629
5a2df000 630 pub fn request_builder(server: &str, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
591f570b 631 let path = path.trim_matches('/');
5a2df000
DM		 632 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
633
634 if let Some(data) = data {
635 if method == "POST" {
636 let request = Request::builder()
637 .method(method)
638 .uri(url)
639 .header("User-Agent", "proxmox-backup-client/1.0")
640 .header(hyper::header::CONTENT_TYPE, "application/json")
641 .body(Body::from(data.to_string()))?;
642 return Ok(request);
643 } else {
9e391bb7
DM		 644 let query = tools::json_object_to_query(data)?;
645 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
646 let request = Request::builder()
647 .method(method)
648 .uri(url)
649 .header("User-Agent", "proxmox-backup-client/1.0")
650 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
651 .body(Body::empty())?;
652 return Ok(request);
5a2df000 653 }
5a2df000 654 }
0dffe3f9 655
1fdb4c6f 656 let request = Request::builder()
5a2df000 657 .method(method)
1fdb4c6f
DM		 658 .uri(url)
659 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 660 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
661 .body(Body::empty())?;
1fdb4c6f 662
5a2df000 663 Ok(request)
597641fd
DM		 664 }
665}
b57cb264 666
9af37c8f
DM		 667
668#[derive(Clone)]
669pub struct H2Client {
670 h2: h2::client::SendRequest<bytes::Bytes>,
671}
672
673impl H2Client {
674
675 pub fn new(h2: h2::client::SendRequest<bytes::Bytes>) -> Self {
676 Self { h2 }
677 }
678
2a1e6d7d
DM		 679 pub async fn get(
680 &self,
681 path: &str,
682 param: Option<Value>
683 ) -> Result<Value, Error> {
792a70b9 684 let req = Self::request_builder("localhost", "GET", path, param, None).unwrap();
2a1e6d7d 685 self.request(req).await
9af37c8f
DM		 686 }
687
2a1e6d7d
DM		 688 pub async fn put(
689 &self,
690 path: &str,
691 param: Option<Value>
692 ) -> Result<Value, Error> {
792a70b9 693 let req = Self::request_builder("localhost", "PUT", path, param, None).unwrap();
2a1e6d7d 694 self.request(req).await
9af37c8f
DM		 695 }
696
2a1e6d7d
DM		 697 pub async fn post(
698 &self,
699 path: &str,
700 param: Option<Value>
701 ) -> Result<Value, Error> {
792a70b9 702 let req = Self::request_builder("localhost", "POST", path, param, None).unwrap();
2a1e6d7d 703 self.request(req).await
9af37c8f
DM		 704 }
705
d4a085e5 706 pub async fn download<W: Write + Send>(
a6782ca1
WB		 707 &self,
708 path: &str,
709 param: Option<Value>,
2a1e6d7d 710 mut output: W,
3d571d55 711 ) -> Result<(), Error> {
792a70b9 712 let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
dd066d28 713
2a1e6d7d 714 let response_future = self.send_request(request, None).await?;
984a7c35 715
2a1e6d7d
DM		 716 let resp = response_future.await?;
717
718 let status = resp.status();
719 if !status.is_success() {
44f59dc7
DM		 720 H2Client::h2api_response(resp).await?; // raise error
721 unreachable!();
2a1e6d7d
DM		 722 }
723
724 let mut body = resp.into_body();
db0cb9ce
WB		 725 while let Some(chunk) = body.data().await {
726 let chunk = chunk?;
727 body.flow_control().release_capacity(chunk.len())?;
2a1e6d7d
DM		 728 output.write_all(&chunk)?;
729 }
730
3d571d55 731 Ok(())
dd066d28
DM		 732 }
733
2a1e6d7d 734 pub async fn upload(
a6782ca1 735 &self,
f011dba0 736 method: &str, // POST or PUT
a6782ca1
WB		 737 path: &str,
738 param: Option<Value>,
792a70b9 739 content_type: &str,
a6782ca1 740 data: Vec<u8>,
2a1e6d7d 741 ) -> Result<Value, Error> {
f011dba0 742 let request = Self::request_builder("localhost", method, path, param, Some(content_type)).unwrap();
9af37c8f 743
2a1e6d7d
DM		 744 let mut send_request = self.h2.clone().ready().await?;
745
746 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 747
748 PipeToSendStream::new(bytes::Bytes::from(data), stream).await?;
749
750 response
751 .map_err(Error::from)
752 .and_then(Self::h2api_response)
2a1e6d7d 753 .await
9af37c8f 754 }
adec8ea2 755
2a1e6d7d 756 async fn request(
9af37c8f 757 &self,
b57cb264 758 request: Request<()>,
2a1e6d7d 759 ) -> Result<Value, Error> {
b57cb264 760
9af37c8f 761 self.send_request(request, None)
82ab7230
DM		 762 .and_then(move |response| {
763 response
764 .map_err(Error::from)
765 .and_then(Self::h2api_response)
766 })
2a1e6d7d 767 .await
82ab7230
DM		 768 }
769
cf9271e2 770 pub fn send_request(
9af37c8f 771 &self,
82ab7230
DM		 772 request: Request<()>,
773 data: Option<bytes::Bytes>,
a6782ca1 774 ) -> impl Future<Output = Result<h2::client::ResponseFuture, Error>> {
82ab7230 775
9af37c8f 776 self.h2.clone()
10130cf4
DM		 777 .ready()
778 .map_err(Error::from)
2a05048b 779 .and_then(move |mut send_request| async move {
82ab7230
DM		 780 if let Some(data) = data {
781 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 782 PipeToSendStream::new(data, stream).await?;
783 Ok(response)
82ab7230
DM		 784 } else {
785 let (response, _stream) = send_request.send_request(request, true).unwrap();
2a05048b 786 Ok(response)
82ab7230 787 }
b57cb264
DM		 788 })
789 }
790
f16aea68 791 pub async fn h2api_response(
a6782ca1 792 response: Response<h2::RecvStream>,
9edd3bf1 793 ) -> Result<Value, Error> {
b57cb264
DM		 794 let status = response.status();
795
796 let (_head, mut body) = response.into_parts();
797
9edd3bf1 798 let mut data = Vec::new();
db0cb9ce
WB		 799 while let Some(chunk) = body.data().await {
800 let chunk = chunk?;
801 // Whenever data is received, the caller is responsible for
802 // releasing capacity back to the server once it has freed
803 // the data from memory.
9edd3bf1 804 // Let the server send more data.
db0cb9ce 805 body.flow_control().release_capacity(chunk.len())?;
9edd3bf1
DM		 806 data.extend(chunk);
807 }
808
809 let text = String::from_utf8(data.to_vec()).unwrap();
810 if status.is_success() {
11377a47
DM		 811 if text.is_empty() {
812 Ok(Value::Null)
813 } else {
9edd3bf1
DM		 814 let mut value: Value = serde_json::from_str(&text)?;
815 if let Some(map) = value.as_object_mut() {
816 if let Some(data) = map.remove("data") {
817 return Ok(data);
b57cb264 818 }
b57cb264 819 }
9edd3bf1 820 bail!("got result without data property");
9edd3bf1
DM		 821 }
822 } else {
91f5594c 823 Err(Error::from(HttpError::new(status, text)))
9edd3bf1 824 }
b57cb264
DM		 825 }
826
eb2bdd1b 827 // Note: We always encode parameters with the url
792a70b9
DM		 828 pub fn request_builder(
829 server: &str,
830 method: &str,
831 path: &str,
832 param: Option<Value>,
833 content_type: Option<&str>,
834 ) -> Result<Request<()>, Error> {
b57cb264 835 let path = path.trim_matches('/');
b57cb264 836
792a70b9
DM		 837 let content_type = content_type.unwrap_or("application/x-www-form-urlencoded");
838
a55b2975
DM		 839 if let Some(param) = param {
840 let query = tools::json_object_to_query(param)?;
eb2bdd1b
DM		 841 // We detected problem with hyper around 6000 characters - seo we try to keep on the safe side
842 if query.len() > 4096 { bail!("h2 query data too large ({} bytes) - please encode data inside body", query.len()); }
b57cb264 843 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
eb2bdd1b 844 let request = Request::builder()
b57cb264
DM		 845 .method(method)
846 .uri(url)
847 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 848 .header(hyper::header::CONTENT_TYPE, content_type)
b57cb264 849 .body(())?;
62ee2eb4 850 Ok(request)
eb2bdd1b
DM		 851 } else {
852 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
853 let request = Request::builder()
854 .method(method)
855 .uri(url)
856 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 857 .header(hyper::header::CONTENT_TYPE, content_type)
eb2bdd1b 858 .body(())?;
b57cb264 859
eb2bdd1b
DM		 860 Ok(request)
861 }
b57cb264
DM		 862 }
863}
1434f4f8 864
db0cb9ce 865#[derive(Clone)]
1434f4f8
WB		 866pub struct HttpsConnector {
867 http: HttpConnector,
db0cb9ce 868 ssl_connector: std::sync::Arc<SslConnector>,
1434f4f8
WB		 869}
870
871impl HttpsConnector {
872 pub fn with_connector(mut http: HttpConnector, ssl_connector: SslConnector) -> Self {
873 http.enforce_http(false);
874
875 Self {
876 http,
db0cb9ce 877 ssl_connector: std::sync::Arc::new(ssl_connector),
1434f4f8
WB		 878 }
879 }
880}
881
882type MaybeTlsStream = EitherStream<
883 tokio::net::TcpStream,
884 tokio_openssl::SslStream<tokio::net::TcpStream>,
885>;
886
db0cb9ce
WB		 887impl hyper::service::Service<Uri> for HttpsConnector {
888 type Response = MaybeTlsStream;
1434f4f8 889 type Error = Error;
db0cb9ce
WB		 890 type Future = std::pin::Pin<Box<
891 dyn Future<Output = Result<Self::Response, Self::Error>> + Send + 'static
892 >>;
1434f4f8 893
db0cb9ce
WB		 894 fn poll_ready(&mut self, _: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
895 // This connector is always ready, but others might not be.
896 Poll::Ready(Ok(()))
897 }
1434f4f8 898
db0cb9ce
WB		 899 fn call(&mut self, dst: Uri) -> Self::Future {
900 let mut this = self.clone();
901 async move {
902 let is_https = dst
903 .scheme()
904 .ok_or_else(|| format_err!("missing URL scheme"))?
905 == "https";
906 let host = dst
907 .host()
908 .ok_or_else(|| format_err!("missing hostname in destination url?"))?
909 .to_string();
910
911 let config = this.ssl_connector.configure();
912 let conn = this.http.call(dst).await?;
1434f4f8
WB		 913 if is_https {
914 let conn = tokio_openssl::connect(config?, &host, conn).await?;
db0cb9ce 915 Ok(MaybeTlsStream::Right(conn))
1434f4f8 916 } else {
db0cb9ce 917 Ok(MaybeTlsStream::Left(conn))
1434f4f8 918 }
db0cb9ce 919 }.boxed()
1434f4f8
WB		 920 }
921}
Proxmox Backup Server and Client