use std::io::Write;
use std::task::{Context, Poll};
-use std::sync::{Arc, Mutex};
+use std::sync::{Arc, Mutex, RwLock};
+use std::time::Duration;
-use chrono::Utc;
use anyhow::{bail, format_err, Error};
use futures::*;
use http::Uri;
use xdg::BaseDirectories;
use proxmox::{
+ api::error::HttpError,
sys::linux::tty,
tools::{
fs::{file_get_json, replace_file, CreateOptions},
};
use super::pipe_to_stream::PipeToSendStream;
+use crate::api2::types::Userid;
use crate::tools::async_io::EitherStream;
use crate::tools::{self, BroadcastFuture, DEFAULT_ENCODE_SET};
#[derive(Clone)]
pub struct AuthInfo {
- pub username: String,
+ pub userid: Userid,
pub ticket: String,
pub token: String,
}
pub struct HttpClient {
client: Client<HttpsConnector>,
server: String,
+ port: u16,
fingerprint: Arc<Mutex<Option<String>>>,
- auth: BroadcastFuture<AuthInfo>,
+ first_auth: BroadcastFuture<()>,
+ auth: Arc<RwLock<AuthInfo>>,
+ ticket_abort: futures::future::AbortHandle,
_options: HttpClientOptions,
}
/// Delete stored ticket data (logout)
-pub fn delete_ticket_info(prefix: &str, server: &str, username: &str) -> Result<(), Error> {
+pub fn delete_ticket_info(prefix: &str, server: &str, username: &Userid) -> Result<(), Error> {
let base = BaseDirectories::with_prefix(prefix)?;
let mut data = file_get_json(&path, Some(json!({})))?;
if let Some(map) = data[server].as_object_mut() {
- map.remove(username);
+ map.remove(username.as_str());
}
replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
for line in raw.split('\n') {
let items: Vec<String> = line.split_whitespace().map(String::from).collect();
- if items.len() == 2 {
- if &items[0] == server {
- return Some(items[1].clone());
- }
+ if items.len() == 2 && &items[0] == server {
+ return Some(items[1].clone());
}
}
let mut data = file_get_json(&path, Some(json!({})))?;
- let now = Utc::now().timestamp();
+ let now = proxmox::tools::time::epoch_i64();
data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
Ok(())
}
-fn load_ticket_info(prefix: &str, server: &str, username: &str) -> Option<(String, String)> {
+fn load_ticket_info(prefix: &str, server: &str, userid: &Userid) -> Option<(String, String)> {
let base = BaseDirectories::with_prefix(prefix).ok()?;
// usually /run/user/<uid>/...
let path = base.place_runtime_file("tickets").ok()?;
let data = file_get_json(&path, None).ok()?;
- let now = Utc::now().timestamp();
+ let now = proxmox::tools::time::epoch_i64();
let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
- let uinfo = data[server][username].as_object()?;
+ let uinfo = data[server][userid.as_str()].as_object()?;
let timestamp = uinfo["timestamp"].as_i64()?;
let age = now - timestamp;
}
impl HttpClient {
-
- pub fn new(server: &str, username: &str, mut options: HttpClientOptions) -> Result<Self, Error> {
+ pub fn new(
+ server: &str,
+ port: u16,
+ userid: &Userid,
+ mut options: HttpClientOptions,
+ ) -> Result<Self, Error> {
let verified_fingerprint = Arc::new(Mutex::new(None));
let mut httpc = hyper::client::HttpConnector::new();
httpc.set_nodelay(true); // important for h2 download performance!
- httpc.set_recv_buffer_size(Some(1024*1024)); //important for h2 download performance!
httpc.enforce_http(false); // we want https...
+ httpc.set_connect_timeout(Some(std::time::Duration::new(10, 0)));
let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
let client = Client::builder()
} else {
let mut ticket_info = None;
if use_ticket_cache {
- ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, username);
+ ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, userid);
}
if let Some((ticket, _token)) = ticket_info {
ticket
} else {
- Self::get_password(&username, options.interactive)?
+ Self::get_password(userid, options.interactive)?
+ }
+ };
+
+ let auth = Arc::new(RwLock::new(AuthInfo {
+ userid: userid.clone(),
+ ticket: password.clone(),
+ token: "".to_string(),
+ }));
+
+ let server2 = server.to_string();
+ let client2 = client.clone();
+ let auth2 = auth.clone();
+ let prefix2 = options.prefix.clone();
+
+ let renewal_future = async move {
+ loop {
+ tokio::time::delay_for(Duration::new(60*15, 0)).await; // 15 minutes
+ let (userid, ticket) = {
+ let authinfo = auth2.read().unwrap().clone();
+ (authinfo.userid, authinfo.ticket)
+ };
+ match Self::credentials(client2.clone(), server2.clone(), port, userid, ticket).await {
+ Ok(auth) => {
+ if use_ticket_cache & &prefix2.is_some() {
+ let _ = store_ticket_info(prefix2.as_ref().unwrap(), &server2, &auth.userid.to_string(), &auth.ticket, &auth.token);
+ }
+ *auth2.write().unwrap() = auth;
+ },
+ Err(err) => {
+ eprintln!("re-authentication failed: {}", err);
+ return;
+ }
+ }
}
};
+ let (renewal_future, ticket_abort) = futures::future::abortable(renewal_future);
+
let login_future = Self::credentials(
client.clone(),
server.to_owned(),
- username.to_owned(),
- password,
+ port,
+ userid.to_owned(),
+ password.to_owned(),
).map_ok({
let server = server.to_string();
let prefix = options.prefix.clone();
+ let authinfo = auth.clone();
move |auth| {
if use_ticket_cache & &prefix.is_some() {
- let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.username, &auth.ticket, &auth.token);
+ let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.userid.to_string(), &auth.ticket, &auth.token);
}
-
- auth
+ *authinfo.write().unwrap() = auth;
+ tokio::spawn(renewal_future);
}
});
Ok(Self {
client,
server: String::from(server),
+ port,
fingerprint: verified_fingerprint,
- auth: BroadcastFuture::new(Box::new(login_future)),
+ auth,
+ ticket_abort,
+ first_auth: BroadcastFuture::new(Box::new(login_future)),
_options: options,
})
}
/// Login is done on demand, so this is only required if you need
/// access to authentication data in 'AuthInfo'.
pub async fn login(&self) -> Result<AuthInfo, Error> {
- self.auth.listen().await
+ self.first_auth.listen().await?;
+ let authinfo = self.auth.read().unwrap();
+ Ok(authinfo.clone())
}
/// Returns the optional fingerprint passed to the new() constructor.
(*self.fingerprint.lock().unwrap()).clone()
}
- fn get_password(username: &str, interactive: bool) -> Result<String, Error> {
+ fn get_password(username: &Userid, interactive: bool) -> Result<String, Error> {
// If we're on a TTY, query the user for a password
if interactive && tty::stdin_isatty() {
let msg = format!("Password for \"{}\": ", username);
path: &str,
data: Option<Value>,
) -> Result<Value, Error> {
- let req = Self::request_builder(&self.server, "GET", path, data).unwrap();
+ let req = Self::request_builder(&self.server, self.port, "GET", path, data)?;
self.request(req).await
}
path: &str,
data: Option<Value>,
) -> Result<Value, Error> {
- let req = Self::request_builder(&self.server, "DELETE", path, data).unwrap();
+ let req = Self::request_builder(&self.server, self.port, "DELETE", path, data)?;
self.request(req).await
}
path: &str,
data: Option<Value>,
) -> Result<Value, Error> {
- let req = Self::request_builder(&self.server, "POST", path, data).unwrap();
+ let req = Self::request_builder(&self.server, self.port, "POST", path, data)?;
self.request(req).await
}
&mut self,
path: &str,
output: &mut (dyn Write + Send),
- ) -> Result<(), Error> {
- let mut req = Self::request_builder(&self.server, "GET", path, None).unwrap();
+ ) -> Result<(), Error> {
+ let mut req = Self::request_builder(&self.server, self.port, "GET", path, None)?;
let client = self.client.clone();
) -> Result<Value, Error> {
let path = path.trim_matches('/');
- let mut url = format!("https://{}:8007/{}", &self.server, path);
+ let mut url = format!("https://{}:{}/{}", &self.server, self.port, path);
if let Some(data) = data {
let query = tools::json_object_to_query(data).unwrap();
async fn credentials(
client: Client<HttpsConnector>,
server: String,
- username: String,
+ port: u16,
+ username: Userid,
password: String,
) -> Result<AuthInfo, Error> {
let data = json!({ "username": username, "password": password });
- let req = Self::request_builder(&server, "POST", "/api2/json/access/ticket", Some(data)).unwrap();
+ let req = Self::request_builder(&server, port, "POST", "/api2/json/access/ticket", Some(data))?;
let cred = Self::api_request(client, req).await?;
let auth = AuthInfo {
- username: cred["data"]["username"].as_str().unwrap().to_owned(),
+ userid: cred["data"]["username"].as_str().unwrap().parse()?,
ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
};
Ok(value)
}
} else {
- bail!("HTTP Error {}: {}", status, text);
+ Err(Error::from(HttpError::new(status, text)))
}
}
&self.server
}
- pub fn request_builder(server: &str, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
+ pub fn port(&self) -> u16 {
+ self.port
+ }
+
+ pub fn request_builder(server: &str, port: u16, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
let path = path.trim_matches('/');
- let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
+ let url: Uri = format!("https://{}:{}/{}", server, port, path).parse()?;
if let Some(data) = data {
if method == "POST" {
return Ok(request);
} else {
let query = tools::json_object_to_query(data)?;
- let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
+ let url: Uri = format!("https://{}:{}/{}?{}", server, port, path, query).parse()?;
let request = Request::builder()
.method(method)
.uri(url)
}
}
+impl Drop for HttpClient {
+ fn drop(&mut self) {
+ self.ticket_abort.abort();
+ }
+}
+
#[derive(Clone)]
pub struct H2Client {
path: &str,
param: Option<Value>,
mut output: W,
- ) -> Result<W, Error> {
+ ) -> Result<(), Error> {
let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
let response_future = self.send_request(request, None).await?;
output.write_all(&chunk)?;
}
- Ok(output)
+ Ok(())
}
pub async fn upload(
bail!("got result without data property");
}
} else {
- bail!("HTTP Error {}: {}", status, text);
+ Err(Error::from(HttpError::new(status, text)))
}
}