PMG/Service/pmgproxy.pm

   1 package PMG::Service::pmgproxy;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::SafeSyslog;
   7 use PVE::Daemon;
   8 use HTTP::Response;
   9 use URI;
  10 use URI::QueryParam;
  11 use Data::Dumper;
  12
  13 use PVE::Tools;
  14 use PVE::APIServer::Formatter;
  15 use PVE::APIServer::Formatter::Standard;
  16 use PVE::APIServer::Formatter::HTML;
  17 use PVE::APIServer::AnyEvent;
  18
  19 use PMG::HTTPServer;
  20 use PMG::API2;
  21
  22 use Template;
  23
  24 use base qw(PVE::Daemon);
  25
  26 my $cmdline = [$0, @ARGV];
  27
  28 my %daemon_options = (
  29     max_workers => 3,
  30     restart_on_error => 5,
  31     stop_wait_time => 15,
  32     leave_children_open_on_reload => 1,
  33     setuid => 'www-data',
  34     setgid => 'www-data',
  35     pidfile => '/var/run/pmgproxy/pmgproxy.pid',
  36 );
  37
  38 my $daemon = __PACKAGE__->new('pmgproxy', $cmdline, %daemon_options);
  39
  40 sub add_dirs {
  41     my ($result_hash, $alias, $subdir) = @_;
  42
  43     PVE::APIServer::AnyEvent::add_dirs($result_hash, $alias, $subdir);
  44 }
  45
  46 my $gui_base_dir = "/usr/share/javascript/proxmox-mailgateway-gui";
  47 my $fontawesome_dir = "/usr/share/fonts-font-awesome";
  48 my $novnc_dir = '/usr/share/novnc-pve';
  49
  50 sub init {
  51     my ($self) = @_;
  52
  53     my $accept_lock_fn = "/var/lock/pmgproxy.lck";
  54
  55     my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
  56         die "unable to open lock file '${accept_lock_fn}' - $!\n";
  57
  58     my $family = PVE::Tools::get_host_address_family($self->{nodename});
  59     my $socket = $self->create_reusable_socket(8006, undef, $family);
  60
  61     my $dirs = {};
  62
  63     add_dirs($dirs, '/pve2/ext6/', '/usr/share/javascript/extjs/');
  64     add_dirs($dirs, '/pve2/images/' => "$gui_base_dir/images/");
  65     add_dirs($dirs, '/pve2/css/' => "$gui_base_dir/css/");
  66     add_dirs($dirs, '/pve2/js/' => "$gui_base_dir/js/");
  67     add_dirs($dirs, '/fontawesome/css/' => "$fontawesome_dir/css/");
  68     add_dirs($dirs, '/fontawesome/fonts/' => "$fontawesome_dir/fonts/");
  69     add_dirs($dirs, '/novnc/' => "$novnc_dir/");
  70     add_dirs($dirs, '/pmg-docs/' => '/usr/share/pmg-docs/');
  71
  72     $self->{server_config} = {
  73         title => 'Proxmox Mail Gateway API',
  74         cookie_name => 'PMGAuthCookie',
  75         keep_alive => 100,
  76         max_conn => 500,
  77         max_requests => 1000,
  78         lockfile => $accept_lock_fn,
  79         socket => $socket,
  80         lockfh => $lockfh,
  81         debug => $self->{debug},
  82         trusted_env => 0, # not trusted, anyone can connect
  83         logfile => '/var/log/pmgproxy/pmgproxy.log',
  84         ssl => {
  85             # Note: older versions are considered insecure, for example
  86             # search for "Poodle"-Attac
  87             method => 'any',
  88             sslv2 => 0,
  89             sslv3 => 0,
  90             cipher_list => 'HIGH:MEDIUM:!aNULL:!MD5',
  91             cert_file => '/etc/pmg/pmg-api.pem',
  92             dh => 'skip2048',
  93         },
  94         # Note: there is no authentication for those pages and dirs!
  95         pages => {
  96             '/' => sub { get_index($self->{nodename}, @_) },
  97             # avoid authentication when accessing favicon
  98             '/favicon.ico' => {
  99                 file => '/usr/share/doc/proxmox-mailgateway/favicon.ico',
 100             },
 101             '/proxmoxlib.js' => {
 102                 file => '/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js',
 103             },
 104         },
 105         dirs => $dirs,
 106     };
 107 }
 108
 109 sub run {
 110     my ($self) = @_;
 111
 112     my $server = PMG::HTTPServer->new(%{$self->{server_config}});
 113     $server->run();
 114 }
 115
 116 $daemon->register_start_command();
 117 $daemon->register_restart_command(1);
 118 $daemon->register_stop_command();
 119 $daemon->register_status_command();
 120
 121 our $cmddef = {
 122     start => [ __PACKAGE__, 'start', []],
 123     restart => [ __PACKAGE__, 'restart', []],
 124     stop => [ __PACKAGE__, 'stop', []],
 125     status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
 126 };
 127
 128 sub get_index {
 129     my ($nodename, $server, $r, $args) = @_;
 130
 131     my $lang = 'en';
 132     my $username;
 133     my $token = 'null';
 134
 135     if (my $cookie = $r->header('Cookie')) {
 136         if (my $newlang = ($cookie =~ /(?:^|\s)PMGLangCookie=([^;]*)/)[0]) {
 137             if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
 138                 $lang = $newlang;
 139             }
 140         }
 141         my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});
 142         if ($username = PMG::Ticket::verify_ticket($ticket, 1)) {
 143             $token = PMG::Ticket::assemble_csrf_prevention_token($username);
 144         }
 145     }
 146
 147     my $langfile = 0; # fixme:
 148
 149     $username = '' if !$username;
 150
 151     my $config = {};
 152
 153     if (defined($args->{console}) && $args->{novnc}) {
 154         $config->{INCLUDE_PATH} = $novnc_dir;
 155     } else {
 156         $config->{INCLUDE_PATH} = $gui_base_dir;
 157     };
 158
 159     my $page = '';
 160
 161     my $template = Template->new($config);
 162     my $vars = {
 163         lang => $lang,
 164         langfile => $langfile,
 165         username => $username,
 166         token => $token,
 167         console => $args->{console},
 168         nodename => $nodename,
 169         debug => $args->{debug} || $server->{debug},
 170     };
 171
 172     $template->process("index.html.tpl", $vars, \$page) ||
 173         die $template->error();
 174
 175     my $headers = HTTP::Headers->new(Content_Type => "text/html; charset=utf-8");
 176     my $resp = HTTP::Response->new(200, "OK", $headers, $page);
 177
 178     return $resp;
 179 }
 180
 181 1;