1 package PMG
::Service
::pmgproxy
;
14 use PVE
::APIServer
::Formatter
;
15 use PVE
::APIServer
::Formatter
::Standard
;
16 use PVE
::APIServer
::Formatter
::HTML
;
17 use PVE
::APIServer
::AnyEvent
;
24 use base
qw(PVE::Daemon);
26 my $cmdline = [$0, @ARGV];
28 my %daemon_options = (
30 restart_on_error
=> 5,
32 leave_children_open_on_reload
=> 1,
35 pidfile
=> '/var/run/pmgproxy/pmgproxy.pid',
38 my $daemon = __PACKAGE__-
>new('pmgproxy', $cmdline, %daemon_options);
41 my ($result_hash, $alias, $subdir) = @_;
43 PVE
::APIServer
::AnyEvent
::add_dirs
($result_hash, $alias, $subdir);
46 my $gui_base_dir = "/usr/share/javascript/proxmox-mailgateway-gui";
47 my $fontawesome_dir = "/usr/share/fonts-font-awesome";
48 my $novnc_dir = '/usr/share/novnc-pve';
53 my $accept_lock_fn = "/var/lock/pmgproxy.lck";
55 my $lockfh = IO
::File-
>new(">>${accept_lock_fn}") ||
56 die "unable to open lock file '${accept_lock_fn}' - $!\n";
58 my $family = PVE
::Tools
::get_host_address_family
($self->{nodename
});
59 my $socket = $self->create_reusable_socket(8006, undef, $family);
63 add_dirs
($dirs, '/pve2/ext6/', '/usr/share/javascript/extjs/');
64 add_dirs
($dirs, '/pve2/images/' => "$gui_base_dir/images/");
65 add_dirs
($dirs, '/pve2/css/' => "$gui_base_dir/css/");
66 add_dirs
($dirs, '/pve2/js/' => "$gui_base_dir/js/");
67 add_dirs
($dirs, '/fontawesome/css/' => "$fontawesome_dir/css/");
68 add_dirs
($dirs, '/fontawesome/fonts/' => "$fontawesome_dir/fonts/");
69 add_dirs
($dirs, '/novnc/' => "$novnc_dir/");
70 add_dirs
($dirs, '/pmg-docs/' => '/usr/share/pmg-docs/');
72 $self->{server_config
} = {
73 title
=> 'Proxmox Mail Gateway API',
74 cookie_name
=> 'PMGAuthCookie',
78 lockfile
=> $accept_lock_fn,
81 debug
=> $self->{debug
},
82 trusted_env
=> 0, # not trusted, anyone can connect
83 logfile
=> '/var/log/pmgproxy/pmgproxy.log',
85 # Note: older versions are considered insecure, for example
86 # search for "Poodle"-Attac
90 cipher_list
=> 'HIGH:MEDIUM:!aNULL:!MD5',
91 cert_file
=> '/etc/pmg/pmg-api.pem',
94 # Note: there is no authentication for those pages and dirs!
96 '/' => sub { get_index
($self->{nodename
}, @_) },
97 # avoid authentication when accessing favicon
99 file
=> '/usr/share/doc/proxmox-mailgateway/favicon.ico',
101 '/proxmoxlib.js' => {
102 file
=> '/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js',
112 my $server = PMG
::HTTPServer-
>new(%{$self->{server_config
}});
116 $daemon->register_start_command();
117 $daemon->register_restart_command(1);
118 $daemon->register_stop_command();
119 $daemon->register_status_command();
122 start
=> [ __PACKAGE__
, 'start', []],
123 restart
=> [ __PACKAGE__
, 'restart', []],
124 stop
=> [ __PACKAGE__
, 'stop', []],
125 status
=> [ __PACKAGE__
, 'status', [], undef, sub { print shift . "\n";} ],
129 my ($nodename, $server, $r, $args) = @_;
135 if (my $cookie = $r->header('Cookie')) {
136 if (my $newlang = ($cookie =~ /(?:^|\s)PMGLangCookie=([^;]*)/)[0]) {
137 if ($newlang =~ m/^[a-z]{2,3}(_[A-Z]{2,3})?$/) {
141 my $ticket = PVE
::APIServer
::Formatter
::extract_auth_cookie
($cookie, $server->{cookie_name
});
142 if ($username = PMG
::Ticket
::verify_ticket
($ticket, 1)) {
143 $token = PMG
::Ticket
::assemble_csrf_prevention_token
($username);
147 my $langfile = 0; # fixme:
149 $username = '' if !$username;
153 if (defined($args->{console
}) && $args->{novnc
}) {
154 $config->{INCLUDE_PATH
} = $novnc_dir;
156 $config->{INCLUDE_PATH
} = $gui_base_dir;
161 my $template = Template-
>new($config);
164 langfile
=> $langfile,
165 username
=> $username,
167 console
=> $args->{console
},
168 nodename
=> $nodename,
169 debug
=> $args->{debug
} || $server->{debug
},
172 $template->process("index.html.tpl", $vars, \
$page) ||
173 die $template->error();
175 my $headers = HTTP
::Headers-
>new(Content_Type
=> "text/html; charset=utf-8");
176 my $resp = HTTP
::Response-
>new(200, "OK", $headers, $page);