1 use std
::collections
::{HashSet, HashMap}
;
3 use std
::os
::unix
::ffi
::OsStrExt
;
5 use anyhow
::{bail, format_err, Error}
;
7 use hyper
::http
::request
::Parts
;
8 use hyper
::{header, Body, Response, StatusCode}
;
9 use serde_json
::{json, Value}
;
12 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
13 RpcEnvironment
, RpcEnvironmentType
, Permission
15 use proxmox
::api
::router
::SubdirMap
;
16 use proxmox
::api
::schema
::*;
17 use proxmox
::tools
::fs
::{replace_file, CreateOptions}
;
18 use proxmox
::try_block
;
19 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
21 use pxar
::accessor
::aio
::Accessor
;
24 use crate::api2
::types
::*;
25 use crate::api2
::node
::rrd
::create_value_from_rrd
;
27 use crate::config
::datastore
;
28 use crate::config
::cached_user_info
::CachedUserInfo
;
30 use crate::server
::WorkerTask
;
31 use crate::tools
::{self, AsyncReaderStream, WrappedReaderStream}
;
32 use crate::config
::acl
::{
34 PRIV_DATASTORE_MODIFY
,
37 PRIV_DATASTORE_BACKUP
,
40 fn check_backup_owner(
44 ) -> Result
<(), Error
> {
45 let owner
= store
.get_owner(group
)?
;
47 bail
!("backup owner check failed ({} != {})", userid
, owner
);
54 backup_dir
: &BackupDir
,
55 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
57 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
59 let mut result
= Vec
::new();
60 for item
in manifest
.files() {
61 result
.push(BackupContent
{
62 filename
: item
.filename
.clone(),
63 crypt_mode
: Some(item
.crypt_mode
),
64 size
: Some(item
.size
),
68 result
.push(BackupContent
{
69 filename
: MANIFEST_BLOB_NAME
.to_string(),
70 crypt_mode
: match manifest
.signature
{
71 Some(_
) => Some(CryptMode
::SignOnly
),
72 None
=> Some(CryptMode
::None
),
74 size
: Some(index_size
),
77 Ok((manifest
, result
))
80 fn get_all_snapshot_files(
83 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
85 let (manifest
, mut files
) = read_backup_index(&store
, &info
.backup_dir
)?
;
87 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
88 acc
.insert(item
.filename
.clone());
92 for file
in &info
.files
{
93 if file_set
.contains(file
) { continue; }
94 files
.push(BackupContent
{
95 filename
: file
.to_string(),
101 Ok((manifest
, files
))
104 fn group_backups(backup_list
: Vec
<BackupInfo
>) -> HashMap
<String
, Vec
<BackupInfo
>> {
106 let mut group_hash
= HashMap
::new();
108 for info
in backup_list
{
109 let group_id
= info
.backup_dir
.group().group_path().to_str().unwrap().to_owned();
110 let time_list
= group_hash
.entry(group_id
).or_insert(vec
![]);
111 time_list
.push(info
);
121 schema
: DATASTORE_SCHEMA
,
127 description
: "Returns the list of backup groups.",
133 permission
: &Permission
::Privilege(
134 &["datastore", "{store}"],
135 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
139 /// List backup groups.
142 rpcenv
: &mut dyn RpcEnvironment
,
143 ) -> Result
<Vec
<GroupListItem
>, Error
> {
145 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
146 let user_info
= CachedUserInfo
::new()?
;
147 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
149 let datastore
= DataStore
::lookup_datastore(&store
)?
;
151 let backup_list
= BackupInfo
::list_backups(&datastore
.base_path())?
;
153 let group_hash
= group_backups(backup_list
);
155 let mut groups
= Vec
::new();
157 for (_group_id
, mut list
) in group_hash
{
159 BackupInfo
::sort_list(&mut list
, false);
163 let group
= info
.backup_dir
.group();
165 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
166 let owner
= datastore
.get_owner(group
)?
;
168 if owner
!= userid { continue; }
171 let result_item
= GroupListItem
{
172 backup_type
: group
.backup_type().to_string(),
173 backup_id
: group
.backup_id().to_string(),
174 last_backup
: info
.backup_dir
.backup_time().timestamp(),
175 backup_count
: list
.len() as u64,
176 files
: info
.files
.clone(),
179 groups
.push(result_item
);
189 schema
: DATASTORE_SCHEMA
,
192 schema
: BACKUP_TYPE_SCHEMA
,
195 schema
: BACKUP_ID_SCHEMA
,
198 schema
: BACKUP_TIME_SCHEMA
,
204 description
: "Returns the list of archive files inside a backup snapshots.",
210 permission
: &Permission
::Privilege(
211 &["datastore", "{store}"],
212 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
216 /// List snapshot files.
217 pub fn list_snapshot_files(
223 rpcenv
: &mut dyn RpcEnvironment
,
224 ) -> Result
<Vec
<BackupContent
>, Error
> {
226 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
227 let user_info
= CachedUserInfo
::new()?
;
228 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
230 let datastore
= DataStore
::lookup_datastore(&store
)?
;
232 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
234 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)) != 0;
235 if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }
237 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
239 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
248 schema
: DATASTORE_SCHEMA
,
251 schema
: BACKUP_TYPE_SCHEMA
,
254 schema
: BACKUP_ID_SCHEMA
,
257 schema
: BACKUP_TIME_SCHEMA
,
262 permission
: &Permission
::Privilege(
263 &["datastore", "{store}"],
264 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
268 /// Delete backup snapshot.
275 rpcenv
: &mut dyn RpcEnvironment
,
276 ) -> Result
<Value
, Error
> {
278 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
279 let user_info
= CachedUserInfo
::new()?
;
280 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
282 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
284 let datastore
= DataStore
::lookup_datastore(&store
)?
;
286 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
287 if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }
289 datastore
.remove_backup_dir(&snapshot
, false)?
;
298 schema
: DATASTORE_SCHEMA
,
302 schema
: BACKUP_TYPE_SCHEMA
,
306 schema
: BACKUP_ID_SCHEMA
,
312 description
: "Returns the list of snapshots.",
314 type: SnapshotListItem
,
318 permission
: &Permission
::Privilege(
319 &["datastore", "{store}"],
320 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
324 /// List backup snapshots.
325 pub fn list_snapshots (
327 backup_type
: Option
<String
>,
328 backup_id
: Option
<String
>,
331 rpcenv
: &mut dyn RpcEnvironment
,
332 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
334 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
335 let user_info
= CachedUserInfo
::new()?
;
336 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
338 let datastore
= DataStore
::lookup_datastore(&store
)?
;
340 let base_path
= datastore
.base_path();
342 let backup_list
= BackupInfo
::list_backups(&base_path
)?
;
344 let mut snapshots
= vec
![];
346 for info
in backup_list
{
347 let group
= info
.backup_dir
.group();
348 if let Some(ref backup_type
) = backup_type
{
349 if backup_type
!= group
.backup_type() { continue; }
351 if let Some(ref backup_id
) = backup_id
{
352 if backup_id
!= group
.backup_id() { continue; }
355 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
356 let owner
= datastore
.get_owner(group
)?
;
359 if owner
!= userid { continue; }
364 let (comment
, files
) = match get_all_snapshot_files(&datastore
, &info
) {
365 Ok((manifest
, files
)) => {
366 size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
367 // extract the first line from notes
368 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
370 .and_then(|notes
| notes
.lines().next())
376 eprintln
!("error during snapshot file listing: '{}'", err
);
382 .map(|x
| BackupContent
{
383 filename
: x
.to_string(),
392 let result_item
= SnapshotListItem
{
393 backup_type
: group
.backup_type().to_string(),
394 backup_id
: group
.backup_id().to_string(),
395 backup_time
: info
.backup_dir
.backup_time().timestamp(),
402 snapshots
.push(result_item
);
412 schema
: DATASTORE_SCHEMA
,
420 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
423 /// Get datastore status.
427 _rpcenv
: &mut dyn RpcEnvironment
,
428 ) -> Result
<StorageStatus
, Error
> {
429 let datastore
= DataStore
::lookup_datastore(&store
)?
;
430 crate::tools
::disks
::disk_usage(&datastore
.base_path())
437 schema
: DATASTORE_SCHEMA
,
440 schema
: BACKUP_TYPE_SCHEMA
,
444 schema
: BACKUP_ID_SCHEMA
,
448 schema
: BACKUP_TIME_SCHEMA
,
457 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true), // fixme
462 /// This function can verify a single backup snapshot, all backup from a backup group,
463 /// or all backups in the datastore.
466 backup_type
: Option
<String
>,
467 backup_id
: Option
<String
>,
468 backup_time
: Option
<i64>,
469 rpcenv
: &mut dyn RpcEnvironment
,
470 ) -> Result
<Value
, Error
> {
471 let datastore
= DataStore
::lookup_datastore(&store
)?
;
475 let mut backup_dir
= None
;
476 let mut backup_group
= None
;
478 match (backup_type
, backup_id
, backup_time
) {
479 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
480 worker_id
= format
!("{}_{}_{}_{:08X}", store
, backup_type
, backup_id
, backup_time
);
481 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
482 backup_dir
= Some(dir
);
484 (Some(backup_type
), Some(backup_id
), None
) => {
485 worker_id
= format
!("{}_{}_{}", store
, backup_type
, backup_id
);
486 let group
= BackupGroup
::new(backup_type
, backup_id
);
487 backup_group
= Some(group
);
489 (None
, None
, None
) => {
490 worker_id
= store
.clone();
492 _
=> bail
!("parameters do not spefify a backup group or snapshot"),
495 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
496 let to_stdout
= if rpcenv
.env_type() == RpcEnvironmentType
::CLI { true }
else { false }
;
498 let upid_str
= WorkerTask
::new_thread(
500 Some(worker_id
.clone()),
504 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
505 let mut verified_chunks
= HashSet
::with_capacity(1024*16);
506 let mut corrupt_chunks
= HashSet
::with_capacity(64);
507 let mut res
= Vec
::new();
508 if !verify_backup_dir(&datastore
, &backup_dir
, &mut verified_chunks
, &mut corrupt_chunks
, &worker
)?
{
509 res
.push(backup_dir
.to_string());
512 } else if let Some(backup_group
) = backup_group
{
513 verify_backup_group(&datastore
, &backup_group
, &worker
)?
515 verify_all_backups(&datastore
, &worker
)?
517 if failed_dirs
.len() > 0 {
518 worker
.log("Failed to verify following snapshots:");
519 for dir
in failed_dirs
{
520 worker
.log(format
!("\t{}", dir
));
522 bail
!("verfication failed - please check the log for details");
532 macro_rules
! add_common_prune_prameters
{
533 ( [ $
( $list1
:tt
)* ] ) => {
534 add_common_prune_prameters
!([$
( $list1
)* ] , [])
536 ( [ $
( $list1
:tt
)* ] , [ $
( $list2
:tt
)* ] ) => {
542 &PRUNE_SCHEMA_KEEP_DAILY
,
547 &PRUNE_SCHEMA_KEEP_HOURLY
,
552 &PRUNE_SCHEMA_KEEP_LAST
,
557 &PRUNE_SCHEMA_KEEP_MONTHLY
,
562 &PRUNE_SCHEMA_KEEP_WEEKLY
,
567 &PRUNE_SCHEMA_KEEP_YEARLY
,
574 pub const API_RETURN_SCHEMA_PRUNE
: Schema
= ArraySchema
::new(
575 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
576 &PruneListItem
::API_SCHEMA
579 const API_METHOD_PRUNE
: ApiMethod
= ApiMethod
::new(
580 &ApiHandler
::Sync(&prune
),
582 "Prune the datastore.",
583 &add_common_prune_prameters
!([
584 ("backup-id", false, &BACKUP_ID_SCHEMA
),
585 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
586 ("dry-run", true, &BooleanSchema
::new(
587 "Just show what prune would do, but do not delete anything.")
591 ("store", false, &DATASTORE_SCHEMA
),
594 .returns(&API_RETURN_SCHEMA_PRUNE
)
595 .access(None
, &Permission
::Privilege(
596 &["datastore", "{store}"],
597 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
604 rpcenv
: &mut dyn RpcEnvironment
,
605 ) -> Result
<Value
, Error
> {
607 let store
= tools
::required_string_param(¶m
, "store")?
;
608 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
609 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
611 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
612 let user_info
= CachedUserInfo
::new()?
;
613 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
615 let dry_run
= param
["dry-run"].as_bool().unwrap_or(false);
617 let group
= BackupGroup
::new(backup_type
, backup_id
);
619 let datastore
= DataStore
::lookup_datastore(&store
)?
;
621 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
622 if !allowed { check_backup_owner(&datastore, &group, &userid)?; }
624 let prune_options
= PruneOptions
{
625 keep_last
: param
["keep-last"].as_u64(),
626 keep_hourly
: param
["keep-hourly"].as_u64(),
627 keep_daily
: param
["keep-daily"].as_u64(),
628 keep_weekly
: param
["keep-weekly"].as_u64(),
629 keep_monthly
: param
["keep-monthly"].as_u64(),
630 keep_yearly
: param
["keep-yearly"].as_u64(),
633 let worker_id
= format
!("{}_{}_{}", store
, backup_type
, backup_id
);
635 let mut prune_result
= Vec
::new();
637 let list
= group
.list_backups(&datastore
.base_path())?
;
639 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
641 prune_info
.reverse(); // delete older snapshots first
643 let keep_all
= !prune_options
.keeps_something();
646 for (info
, mut keep
) in prune_info
{
647 if keep_all { keep = true; }
649 let backup_time
= info
.backup_dir
.backup_time();
650 let group
= info
.backup_dir
.group();
652 prune_result
.push(json
!({
653 "backup-type": group
.backup_type(),
654 "backup-id": group
.backup_id(),
655 "backup-time": backup_time
.timestamp(),
659 return Ok(json
!(prune_result
));
663 // We use a WorkerTask just to have a task log, but run synchrounously
664 let worker
= WorkerTask
::new("prune", Some(worker_id
), Userid
::root_userid().clone(), true)?
;
666 let result
= try_block
! {
668 worker
.log("No prune selection - keeping all files.");
670 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
671 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
672 store
, backup_type
, backup_id
));
675 for (info
, mut keep
) in prune_info
{
676 if keep_all { keep = true; }
678 let backup_time
= info
.backup_dir
.backup_time();
679 let timestamp
= BackupDir
::backup_time_to_string(backup_time
);
680 let group
= info
.backup_dir
.group();
688 if keep { "keep" }
else { "remove" }
,
693 prune_result
.push(json
!({
694 "backup-type": group
.backup_type(),
695 "backup-id": group
.backup_id(),
696 "backup-time": backup_time
.timestamp(),
700 if !(dry_run
|| keep
) {
701 datastore
.remove_backup_dir(&info
.backup_dir
, true)?
;
708 worker
.log_result(&result
);
710 if let Err(err
) = result
{
711 bail
!("prune failed - {}", err
);
714 Ok(json
!(prune_result
))
721 schema
: DATASTORE_SCHEMA
,
729 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
732 /// Start garbage collection.
733 fn start_garbage_collection(
736 rpcenv
: &mut dyn RpcEnvironment
,
737 ) -> Result
<Value
, Error
> {
739 let datastore
= DataStore
::lookup_datastore(&store
)?
;
741 println
!("Starting garbage collection on store {}", store
);
743 let to_stdout
= if rpcenv
.env_type() == RpcEnvironmentType
::CLI { true }
else { false }
;
745 let upid_str
= WorkerTask
::new_thread(
746 "garbage_collection",
748 Userid
::root_userid().clone(),
751 worker
.log(format
!("starting garbage collection on store {}", store
));
752 datastore
.garbage_collection(&worker
)
763 schema
: DATASTORE_SCHEMA
,
768 type: GarbageCollectionStatus
,
771 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
774 /// Garbage collection status.
775 pub fn garbage_collection_status(
778 _rpcenv
: &mut dyn RpcEnvironment
,
779 ) -> Result
<GarbageCollectionStatus
, Error
> {
781 let datastore
= DataStore
::lookup_datastore(&store
)?
;
783 let status
= datastore
.last_gc_status();
790 description
: "List the accessible datastores.",
793 description
: "Datastore name and description.",
796 schema
: DATASTORE_SCHEMA
,
800 schema
: SINGLE_LINE_COMMENT_SCHEMA
,
806 permission
: &Permission
::Anybody
,
810 fn get_datastore_list(
813 rpcenv
: &mut dyn RpcEnvironment
,
814 ) -> Result
<Value
, Error
> {
816 let (config
, _digest
) = datastore
::config()?
;
818 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
819 let user_info
= CachedUserInfo
::new()?
;
821 let mut list
= Vec
::new();
823 for (store
, (_
, data
)) in &config
.sections
{
824 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
825 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
827 let mut entry
= json
!({ "store": store }
);
828 if let Some(comment
) = data
["comment"].as_str() {
829 entry
["comment"] = comment
.into();
839 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
840 &ApiHandler
::AsyncHttp(&download_file
),
842 "Download single raw file from backup snapshot.",
844 ("store", false, &DATASTORE_SCHEMA
),
845 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
846 ("backup-id", false, &BACKUP_ID_SCHEMA
),
847 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
848 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
851 ).access(None
, &Permission
::Privilege(
852 &["datastore", "{store}"],
853 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
862 rpcenv
: Box
<dyn RpcEnvironment
>,
863 ) -> ApiResponseFuture
{
866 let store
= tools
::required_string_param(¶m
, "store")?
;
867 let datastore
= DataStore
::lookup_datastore(store
)?
;
869 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
870 let user_info
= CachedUserInfo
::new()?
;
871 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
873 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
875 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
876 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
877 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
879 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
881 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
882 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
884 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
886 let mut path
= datastore
.base_path();
887 path
.push(backup_dir
.relative_path());
888 path
.push(&file_name
);
890 let file
= tokio
::fs
::File
::open(&path
)
892 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
894 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
895 .map_ok(|bytes
| hyper
::body
::Bytes
::from(bytes
.freeze()))
896 .map_err(move |err
| {
897 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
900 let body
= Body
::wrap_stream(payload
);
902 // fixme: set other headers ?
903 Ok(Response
::builder()
904 .status(StatusCode
::OK
)
905 .header(header
::CONTENT_TYPE
, "application/octet-stream")
912 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
913 &ApiHandler
::AsyncHttp(&download_file_decoded
),
915 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
917 ("store", false, &DATASTORE_SCHEMA
),
918 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
919 ("backup-id", false, &BACKUP_ID_SCHEMA
),
920 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
921 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
924 ).access(None
, &Permission
::Privilege(
925 &["datastore", "{store}"],
926 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
930 fn download_file_decoded(
935 rpcenv
: Box
<dyn RpcEnvironment
>,
936 ) -> ApiResponseFuture
{
939 let store
= tools
::required_string_param(¶m
, "store")?
;
940 let datastore
= DataStore
::lookup_datastore(store
)?
;
942 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
943 let user_info
= CachedUserInfo
::new()?
;
944 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
946 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
948 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
949 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
950 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
952 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
954 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
955 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
957 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
959 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
960 bail
!("cannot decode '{}' - is encrypted", file_name
);
964 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
966 let mut path
= datastore
.base_path();
967 path
.push(backup_dir
.relative_path());
968 path
.push(&file_name
);
970 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
972 let body
= match extension
{
974 let index
= DynamicIndexReader
::open(&path
)
975 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
976 let (csum
, size
) = index
.compute_csum();
977 manifest
.verify_file(&file_name
, &csum
, size
)?
;
979 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
980 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
981 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
982 .map_err(move |err
| {
983 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
988 let index
= FixedIndexReader
::open(&path
)
989 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
991 let (csum
, size
) = index
.compute_csum();
992 manifest
.verify_file(&file_name
, &csum
, size
)?
;
994 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
995 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
996 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
997 .map_err(move |err
| {
998 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1003 let file
= std
::fs
::File
::open(&path
)
1004 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1006 // FIXME: load full blob to verify index checksum?
1009 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1010 .map_err(move |err
| {
1011 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1017 bail
!("cannot download '{}' files", extension
);
1021 // fixme: set other headers ?
1022 Ok(Response
::builder()
1023 .status(StatusCode
::OK
)
1024 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1031 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1032 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1034 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1036 ("store", false, &DATASTORE_SCHEMA
),
1037 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1038 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1039 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1043 Some("Only the backup creator/owner is allowed to do this."),
1044 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1047 fn upload_backup_log(
1052 rpcenv
: Box
<dyn RpcEnvironment
>,
1053 ) -> ApiResponseFuture
{
1056 let store
= tools
::required_string_param(¶m
, "store")?
;
1057 let datastore
= DataStore
::lookup_datastore(store
)?
;
1059 let file_name
= CLIENT_LOG_BLOB_NAME
;
1061 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1062 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1063 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1065 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1067 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
1068 check_backup_owner(&datastore
, backup_dir
.group(), &userid
)?
;
1070 let mut path
= datastore
.base_path();
1071 path
.push(backup_dir
.relative_path());
1072 path
.push(&file_name
);
1075 bail
!("backup already contains a log.");
1078 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1079 backup_type
, backup_id
, BackupDir
::backup_time_to_string(backup_dir
.backup_time()), file_name
);
1082 .map_err(Error
::from
)
1083 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1084 acc
.extend_from_slice(&*chunk
);
1085 future
::ok
::<_
, Error
>(acc
)
1089 // always verify blob/CRC at server side
1090 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1092 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1094 // fixme: use correct formatter
1095 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
1103 schema
: DATASTORE_SCHEMA
,
1106 schema
: BACKUP_TYPE_SCHEMA
,
1109 schema
: BACKUP_ID_SCHEMA
,
1112 schema
: BACKUP_TIME_SCHEMA
,
1115 description
: "Base64 encoded path.",
1121 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1124 /// Get the entries of the given path of the catalog
1127 backup_type
: String
,
1133 rpcenv
: &mut dyn RpcEnvironment
,
1134 ) -> Result
<Value
, Error
> {
1135 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1137 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
1138 let user_info
= CachedUserInfo
::new()?
;
1139 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
1141 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1143 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1144 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
1146 let file_name
= CATALOG_NAME
;
1148 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1150 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1151 bail
!("cannot decode '{}' - is encrypted", file_name
);
1155 let mut path
= datastore
.base_path();
1156 path
.push(backup_dir
.relative_path());
1157 path
.push(file_name
);
1159 let index
= DynamicIndexReader
::open(&path
)
1160 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1162 let (csum
, size
) = index
.compute_csum();
1163 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1165 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1166 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1168 let mut catalog_reader
= CatalogReader
::new(reader
);
1169 let mut current
= catalog_reader
.root()?
;
1170 let mut components
= vec
![];
1173 if filepath
!= "root" {
1174 components
= base64
::decode(filepath
)?
;
1175 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1176 components
.remove(0);
1178 for component
in components
.split(|c
| *c
== '
/'
as u8) {
1179 if let Some(entry
) = catalog_reader
.lookup(¤t
, component
)?
{
1182 bail
!("path {:?} not found in catalog", &String
::from_utf8_lossy(&components
));
1187 let mut res
= Vec
::new();
1189 for direntry
in catalog_reader
.read_dir(¤t
)?
{
1190 let mut components
= components
.clone();
1191 components
.push('
/'
as u8);
1192 components
.extend(&direntry
.name
);
1193 let path
= base64
::encode(components
);
1194 let text
= String
::from_utf8_lossy(&direntry
.name
);
1195 let mut entry
= json
!({
1198 "type": CatalogEntryType
::from(&direntry
.attr
).to_string(),
1201 match direntry
.attr
{
1202 DirEntryAttribute
::Directory { start: _ }
=> {
1203 entry
["leaf"] = false.into();
1205 DirEntryAttribute
::File { size, mtime }
=> {
1206 entry
["size"] = size
.into();
1207 entry
["mtime"] = mtime
.into();
1218 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1219 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1221 "Download single file from pxar file of a bacup snapshot. Only works if it's not encrypted.",
1223 ("store", false, &DATASTORE_SCHEMA
),
1224 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1225 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1226 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1227 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1230 ).access(None
, &Permission
::Privilege(
1231 &["datastore", "{store}"],
1232 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1236 fn pxar_file_download(
1241 rpcenv
: Box
<dyn RpcEnvironment
>,
1242 ) -> ApiResponseFuture
{
1245 let store
= tools
::required_string_param(¶m
, "store")?
;
1246 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1248 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
1249 let user_info
= CachedUserInfo
::new()?
;
1250 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
1252 let filepath
= tools
::required_string_param(¶m
, "filepath")?
.to_owned();
1254 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1255 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1256 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1258 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1260 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1261 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
1263 let mut components
= base64
::decode(&filepath
)?
;
1264 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1265 components
.remove(0);
1268 let mut split
= components
.splitn(2, |c
| *c
== '
/'
as u8);
1269 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1270 let file_path
= split
.next().ok_or(format_err
!("filepath looks strange '{}'", filepath
))?
;
1271 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1273 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1274 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1278 let mut path
= datastore
.base_path();
1279 path
.push(backup_dir
.relative_path());
1280 path
.push(pxar_name
);
1282 let index
= DynamicIndexReader
::open(&path
)
1283 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1285 let (csum
, size
) = index
.compute_csum();
1286 manifest
.verify_file(&pxar_name
, &csum
, size
)?
;
1288 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1289 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1290 let archive_size
= reader
.archive_size();
1291 let reader
= LocalDynamicReadAt
::new(reader
);
1293 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1294 let root
= decoder
.open_root().await?
;
1296 .lookup(OsStr
::from_bytes(file_path
)).await?
1297 .ok_or(format_err
!("error opening '{:?}'", file_path
))?
;
1299 let file
= match file
.kind() {
1300 EntryKind
::File { .. }
=> file
,
1301 EntryKind
::Hardlink(_
) => {
1302 decoder
.follow_hardlink(&file
).await?
1305 other
=> bail
!("cannot download file of type {:?}", other
),
1308 let body
= Body
::wrap_stream(
1309 AsyncReaderStream
::new(file
.contents().await?
)
1310 .map_err(move |err
| {
1311 eprintln
!("error during streaming of '{:?}' - {}", filepath
, err
);
1316 // fixme: set other headers ?
1317 Ok(Response
::builder()
1318 .status(StatusCode
::OK
)
1319 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1329 schema
: DATASTORE_SCHEMA
,
1332 type: RRDTimeFrameResolution
,
1340 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1343 /// Read datastore stats
1346 timeframe
: RRDTimeFrameResolution
,
1349 ) -> Result
<Value
, Error
> {
1351 create_value_from_rrd(
1352 &format
!("datastore/{}", store
),
1355 "read_ios", "read_bytes",
1356 "write_ios", "write_bytes",
1368 schema
: DATASTORE_SCHEMA
,
1371 schema
: BACKUP_TYPE_SCHEMA
,
1374 schema
: BACKUP_ID_SCHEMA
,
1377 schema
: BACKUP_TIME_SCHEMA
,
1382 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1385 /// Get "notes" for a specific backup
1388 backup_type
: String
,
1391 rpcenv
: &mut dyn RpcEnvironment
,
1392 ) -> Result
<String
, Error
> {
1393 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1395 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
1396 let user_info
= CachedUserInfo
::new()?
;
1397 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
1399 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1401 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1402 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
1404 let manifest
= datastore
.load_manifest_json(&backup_dir
)?
;
1406 let notes
= manifest
["unprotected"]["notes"]
1410 Ok(String
::from(notes
))
1417 schema
: DATASTORE_SCHEMA
,
1420 schema
: BACKUP_TYPE_SCHEMA
,
1423 schema
: BACKUP_ID_SCHEMA
,
1426 schema
: BACKUP_TIME_SCHEMA
,
1429 description
: "A multiline text.",
1434 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, true),
1437 /// Set "notes" for a specific backup
1440 backup_type
: String
,
1444 rpcenv
: &mut dyn RpcEnvironment
,
1445 ) -> Result
<(), Error
> {
1446 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1448 let userid
: Userid
= rpcenv
.get_user().unwrap().parse()?
;
1449 let user_info
= CachedUserInfo
::new()?
;
1450 let user_privs
= user_info
.lookup_privs(&userid
, &["datastore", &store
]);
1452 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1454 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1455 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }
1457 let mut manifest
= datastore
.load_manifest_json(&backup_dir
)?
;
1459 manifest
["unprotected"]["notes"] = notes
.into();
1461 datastore
.store_manifest(&backup_dir
, manifest
)?
;
1467 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1471 .get(&API_METHOD_CATALOG
)
1476 .download(&API_METHOD_DOWNLOAD_FILE
)
1481 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1486 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1491 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1492 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1497 .get(&API_METHOD_LIST_GROUPS
)
1502 .get(&API_METHOD_GET_NOTES
)
1503 .put(&API_METHOD_SET_NOTES
)
1508 .post(&API_METHOD_PRUNE
)
1511 "pxar-file-download",
1513 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1518 .get(&API_METHOD_GET_RRD_STATS
)
1523 .get(&API_METHOD_LIST_SNAPSHOTS
)
1524 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1529 .get(&API_METHOD_STATUS
)
1532 "upload-backup-log",
1534 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1539 .post(&API_METHOD_VERIFY
)
1543 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1544 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1545 .subdirs(DATASTORE_INFO_SUBDIRS
);
1548 pub const ROUTER
: Router
= Router
::new()
1549 .get(&API_METHOD_GET_DATASTORE_LIST
)
1550 .match_all("store", &DATASTORE_INFO_ROUTER
);