]> git.proxmox.com Git - proxmox-backup.git/blame - src/client/http_client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
src/client/http_client.rs: new prefix options
[proxmox-backup.git] / src / client / http_client.rs
CommitLineData
c2b94534 1use std::io::Write;
db0cb9ce 2use std::task::{Context, Poll};
d59dbeca 3use std::sync::{Arc, Mutex};
597641fd 4
cf9271e2 5use chrono::Utc;
7a57cb77 6use failure::*;
82ab7230 7use futures::*;
7a57cb77
WB		 8use http::Uri;
9use http::header::HeaderValue;
10use http::{Request, Response};
11use hyper::Body;
1434f4f8 12use hyper::client::{Client, HttpConnector};
d59dbeca 13use openssl::{ssl::{SslConnector, SslMethod}, x509::X509StoreContextRef};
ba3a60b2 14use serde_json::{json, Value};
8a1028e0 15use percent_encoding::percent_encode;
7a57cb77 16use xdg::BaseDirectories;
1fdb4c6f 17
e18a6c9e 18use proxmox::tools::{
feaa1ad3 19 fs::{file_get_json, replace_file, CreateOptions},
e18a6c9e
DM		 20};
21
7a57cb77 22use super::pipe_to_stream::PipeToSendStream;
1434f4f8 23use crate::tools::async_io::EitherStream;
8a1028e0 24use crate::tools::{self, tty, BroadcastFuture, DEFAULT_ENCODE_SET};
986bef16 25
5a2df000 26#[derive(Clone)]
e240d8be 27pub struct AuthInfo {
3743dee6
DM		 28 pub username: String,
29 pub ticket: String,
30 pub token: String,
5a2df000 31}
56458d97 32
d59dbeca 33pub struct HttpClientOptions {
5030b7ce 34 prefix: Option<String>,
d59dbeca
DM		 35 password: Option<String>,
36 fingerprint: Option<String>,
37 interactive: bool,
38 ticket_cache: bool,
5a74756c 39 fingerprint_cache: bool,
d59dbeca
DM		 40 verify_cert: bool,
41}
42
43impl HttpClientOptions {
44
45 pub fn new() -> Self {
46 Self {
5030b7ce 47 prefix: None,
d59dbeca
DM		 48 password: None,
49 fingerprint: None,
50 interactive: false,
51 ticket_cache: false,
5a74756c 52 fingerprint_cache: false,
d59dbeca
DM		 53 verify_cert: true,
54 }
55 }
56
5030b7ce
DM		 57 pub fn prefix(mut self, prefix: Option<String>) -> Self {
58 self.prefix = prefix;
59 self
60 }
61
d59dbeca
DM		 62 pub fn password(mut self, password: Option<String>) -> Self {
63 self.password = password;
64 self
65 }
66
67 pub fn fingerprint(mut self, fingerprint: Option<String>) -> Self {
68 self.fingerprint = fingerprint;
69 self
70 }
71
72 pub fn interactive(mut self, interactive: bool) -> Self {
73 self.interactive = interactive;
74 self
75 }
76
77 pub fn ticket_cache(mut self, ticket_cache: bool) -> Self {
78 self.ticket_cache = ticket_cache;
79 self
80 }
81
5a74756c
DM		 82 pub fn fingerprint_cache(mut self, fingerprint_cache: bool) -> Self {
83 self.fingerprint_cache = fingerprint_cache;
84 self
85 }
86
d59dbeca
DM		 87 pub fn verify_cert(mut self, verify_cert: bool) -> Self {
88 self.verify_cert = verify_cert;
89 self
90 }
91}
92
151c6ce2 93/// HTTP(S) API client
597641fd 94pub struct HttpClient {
1434f4f8 95 client: Client<HttpsConnector>,
597641fd 96 server: String,
d59dbeca 97 fingerprint: Arc<Mutex<Option<String>>>,
5a2df000 98 auth: BroadcastFuture<AuthInfo>,
d59dbeca 99 _options: HttpClientOptions,
597641fd
DM		 100}
101
e240d8be 102/// Delete stored ticket data (logout)
5030b7ce 103pub fn delete_ticket_info(prefix: &str, server: &str, username: &str) -> Result<(), Error> {
e240d8be 104
5030b7ce 105 let base = BaseDirectories::with_prefix(prefix)?;
e240d8be
DM		 106
107 // usually /run/user/<uid>/...
108 let path = base.place_runtime_file("tickets")?;
109
110 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
111
112 let mut data = file_get_json(&path, Some(json!({})))?;
113
114 if let Some(map) = data[server].as_object_mut() {
115 map.remove(username);
116 }
117
feaa1ad3 118 replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
e240d8be
DM		 119
120 Ok(())
121}
122
5030b7ce 123fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<(), Error> {
5a74756c 124
5030b7ce 125 let base = BaseDirectories::with_prefix(prefix)?;
5a74756c 126
5030b7ce 127 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 128 let path = base.place_config_file("fingerprints")?;
129
130 let raw = match std::fs::read_to_string(&path) {
131 Ok(v) => v,
132 Err(err) => {
133 if err.kind() == std::io::ErrorKind::NotFound {
134 String::new()
135 } else {
136 bail!("unable to read fingerprints from {:?} - {}", path, err);
137 }
138 }
139 };
140
141 let mut result = String::new();
142
143 raw.split('\n').for_each(|line| {
144 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
145 if items.len() == 2 {
146 if &items[0] == server {
147 // found, add later with new fingerprint
148 } else {
149 result.push_str(line);
150 result.push('\n');
151 }
152 }
153 });
154
155 result.push_str(server);
156 result.push(' ');
157 result.push_str(fingerprint);
158 result.push('\n');
159
160 replace_file(path, result.as_bytes(), CreateOptions::new())?;
161
162 Ok(())
163}
164
5030b7ce 165fn load_fingerprint(prefix: &str, server: &str) -> Option<String> {
5a74756c 166
5030b7ce 167 let base = BaseDirectories::with_prefix(prefix).ok()?;
5a74756c 168
5030b7ce 169 // usually ~/.config/<prefix>/fingerprints
5a74756c
DM		 170 let path = base.place_config_file("fingerprints").ok()?;
171
172 let raw = std::fs::read_to_string(&path).ok()?;
173
174 for line in raw.split('\n') {
175 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
176 if items.len() == 2 {
177 if &items[0] == server {
178 return Some(items[1].clone());
179 }
180 }
181 }
182
183 None
184}
185
5030b7ce 186fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, token: &str) -> Result<(), Error> {
ba3a60b2 187
5030b7ce 188 let base = BaseDirectories::with_prefix(prefix)?;
ba3a60b2
DM		 189
190 // usually /run/user/<uid>/...
191 let path = base.place_runtime_file("tickets")?;
192
193 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
194
e18a6c9e 195 let mut data = file_get_json(&path, Some(json!({})))?;
ba3a60b2
DM		 196
197 let now = Utc::now().timestamp();
198
199 data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
200
201 let mut new_data = json!({});
202
203 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
204
205 let empty = serde_json::map::Map::new();
206 for (server, info) in data.as_object().unwrap_or(&empty) {
207 for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
208 if let Some(timestamp) = uinfo["timestamp"].as_i64() {
209 let age = now - timestamp;
210 if age < ticket_lifetime {
211 new_data[server][username] = uinfo.clone();
212 }
213 }
214 }
215 }
216
feaa1ad3 217 replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
ba3a60b2
DM		 218
219 Ok(())
220}
221
5030b7ce
DM		 222fn load_ticket_info(prefix: &str, server: &str, username: &str) -> Option<(String, String)> {
223 let base = BaseDirectories::with_prefix(prefix).ok()?;
ba3a60b2
DM		 224
225 // usually /run/user/<uid>/...
66c8eb93
CE		 226 let path = base.place_runtime_file("tickets").ok()?;
227 let data = file_get_json(&path, None).ok()?;
ba3a60b2 228 let now = Utc::now().timestamp();
ba3a60b2 229 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
66c8eb93
CE		 230 let uinfo = data[server][username].as_object()?;
231 let timestamp = uinfo["timestamp"].as_i64()?;
232 let age = now - timestamp;
233
234 if age < ticket_lifetime {
235 let ticket = uinfo["ticket"].as_str()?;
236 let token = uinfo["token"].as_str()?;
237 Some((ticket.to_owned(), token.to_owned()))
238 } else {
239 None
ba3a60b2 240 }
ba3a60b2
DM		 241}
242
597641fd
DM		 243impl HttpClient {
244
d59dbeca
DM		 245 pub fn new(server: &str, username: &str, mut options: HttpClientOptions) -> Result<Self, Error> {
246
247 let verified_fingerprint = Arc::new(Mutex::new(None));
248
5a74756c 249 let mut fingerprint = options.fingerprint.take();
5030b7ce
DM		 250 if options.fingerprint_cache && fingerprint.is_none() && options.prefix.is_some() {
251 fingerprint = load_fingerprint(options.prefix.as_ref().unwrap(), server);
5a74756c
DM		 252 }
253
5030b7ce
DM		 254 let mut ssl_connector_builder = SslConnector::builder(SslMethod::tls()).unwrap();
255
256 if options.verify_cert {
257 let server = server.to_string();
258 let verified_fingerprint = verified_fingerprint.clone();
259 let interactive = options.interactive;
260 let fingerprint_cache = options.fingerprint_cache;
261 let prefix = options.prefix.clone();
262 ssl_connector_builder.set_verify_callback(openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| {
263 let (valid, fingerprint) = Self::verify_callback(valid, ctx, fingerprint.clone(), interactive);
264 if valid {
265 if let Some(fingerprint) = fingerprint {
266 if fingerprint_cache && prefix.is_some() {
267 if let Err(err) = store_fingerprint(
268 prefix.as_ref().unwrap(), &server, &fingerprint) {
269 eprintln!("{}", err);
270 }
271 }
272 *verified_fingerprint.lock().unwrap() = Some(fingerprint);
273 }
274 }
275 valid
276 });
277 } else {
278 ssl_connector_builder.set_verify(openssl::ssl::SslVerifyMode::NONE);
279 }
280
281 let mut httpc = hyper::client::HttpConnector::new();
282 httpc.set_nodelay(true); // important for h2 download performance!
283 httpc.set_recv_buffer_size(Some(1024*1024)); //important for h2 download performance!
284 httpc.enforce_http(false); // we want https...
285
286 let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
287
288 let client = Client::builder()
289 //.http2_initial_stream_window_size( (1 << 31) - 2)
290 //.http2_initial_connection_window_size( (1 << 31) - 2)
291 .build::<_, Body>(https);
d59dbeca
DM		 292
293 let password = options.password.take();
5030b7ce 294 let use_ticket_cache = options.ticket_cache && options.prefix.is_some();
5a2df000 295
cc2ce4a9
DM		 296 let password = if let Some(password) = password {
297 password
45cdce06 298 } else {
d59dbeca 299 let mut ticket_info = None;
5030b7ce
DM		 300 if use_ticket_cache {
301 ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, username);
d59dbeca
DM		 302 }
303 if let Some((ticket, _token)) = ticket_info {
304 ticket
305 } else {
306 Self::get_password(&username, options.interactive)?
307 }
45cdce06
DM		 308 };
309
d59dbeca
DM		 310 let login_future = Self::credentials(
311 client.clone(),
312 server.to_owned(),
313 username.to_owned(),
314 password,
5030b7ce
DM		 315 ).map_ok({
316 let server = server.to_string();
317 let prefix = options.prefix.clone();
318
319 move |auth| {
320 if use_ticket_cache & &prefix.is_some() {
321 let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.username, &auth.ticket, &auth.token);
322 }
323
324 auth
325 }
326 });
45cdce06
DM		 327
328 Ok(Self {
5a2df000 329 client,
597641fd 330 server: String::from(server),
d59dbeca 331 fingerprint: verified_fingerprint,
96f5e80a 332 auth: BroadcastFuture::new(Box::new(login_future)),
d59dbeca 333 _options: options,
45cdce06 334 })
597641fd
DM		 335 }
336
1a7a0e74 337 /// Login
e240d8be
DM		 338 ///
339 /// Login is done on demand, so this is onyl required if you need
340 /// access to authentication data in 'AuthInfo'.
96f5e80a
DM		 341 pub async fn login(&self) -> Result<AuthInfo, Error> {
342 self.auth.listen().await
e240d8be
DM		 343 }
344
d59dbeca
DM		 345 /// Returns the optional fingerprint passed to the new() constructor.
346 pub fn fingerprint(&self) -> Option<String> {
347 (*self.fingerprint.lock().unwrap()).clone()
348 }
349
350 fn get_password(_username: &str, interactive: bool) -> Result<String, Error> {
56458d97
WB		 351 use std::env::VarError::*;
352 match std::env::var("PBS_PASSWORD") {
353 Ok(p) => return Ok(p),
354 Err(NotUnicode(_)) => bail!("PBS_PASSWORD contains bad characters"),
355 Err(NotPresent) => {
356 // Try another method
357 }
358 }
359
360 // If we're on a TTY, query the user for a password
d59dbeca 361 if interactive && tty::stdin_isatty() {
56458d97
WB		 362 return Ok(String::from_utf8(tty::read_password("Password: ")?)?);
363 }
364
365 bail!("no password input mechanism available");
366 }
367
d59dbeca
DM		 368 fn verify_callback(
369 valid: bool, ctx:
370 &mut X509StoreContextRef,
371 expected_fingerprint: Option<String>,
372 interactive: bool,
5030b7ce
DM		 373 ) -> (bool, Option<String>) {
374 if valid { return (true, None); }
d59dbeca
DM		 375
376 let cert = match ctx.current_cert() {
377 Some(cert) => cert,
5030b7ce 378 None => return (false, None),
d59dbeca
DM		 379 };
380
381 let depth = ctx.error_depth();
5030b7ce 382 if depth != 0 { return (false, None); }
d59dbeca
DM		 383
384 let fp = match cert.digest(openssl::hash::MessageDigest::sha256()) {
385 Ok(fp) => fp,
5030b7ce 386 Err(_) => return (false, None), // should not happen
d59dbeca
DM		 387 };
388 let fp_string = proxmox::tools::digest_to_hex(&fp);
389 let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
390 .collect::<Vec<&str>>().join(":");
391
392 if let Some(expected_fingerprint) = expected_fingerprint {
393 if expected_fingerprint == fp_string {
5030b7ce 394 return (true, Some(fp_string));
d59dbeca 395 } else {
5030b7ce 396 return (false, None);
d59dbeca
DM		 397 }
398 }
399
400 // If we're on a TTY, query the user
401 if interactive && tty::stdin_isatty() {
402 println!("fingerprint: {}", fp_string);
403 loop {
404 print!("Want to trust? (y/n): ");
405 let _ = std::io::stdout().flush();
406 let mut buf = [0u8; 1];
407 use std::io::Read;
408 match std::io::stdin().read_exact(&mut buf) {
409 Ok(()) => {
410 if buf[0] == b'y' || buf[0] == b'Y' {
5030b7ce 411 return (true, Some(fp_string));
d59dbeca 412 } else if buf[0] == b'n' || buf[0] == b'N' {
5030b7ce 413 return (false, None);
d59dbeca
DM		 414 }
415 }
416 Err(_) => {
5030b7ce 417 return (false, None);
d59dbeca
DM		 418 }
419 }
420 }
421 }
5030b7ce 422 (false, None)
a6b75513
DM		 423 }
424
1a7a0e74 425 pub async fn request(&self, mut req: Request<Body>) -> Result<Value, Error> {
597641fd 426
5a2df000 427 let client = self.client.clone();
597641fd 428
1a7a0e74 429 let auth = self.login().await?;
597641fd 430
1a7a0e74
DM		 431 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
432 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
433 req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
597641fd 434
1a7a0e74 435 Self::api_request(client, req).await
1fdb4c6f
DM		 436 }
437
1a7a0e74 438 pub async fn get(
a6782ca1
WB		 439 &self,
440 path: &str,
441 data: Option<Value>,
1a7a0e74 442 ) -> Result<Value, Error> {
9e391bb7 443 let req = Self::request_builder(&self.server, "GET", path, data).unwrap();
1a7a0e74 444 self.request(req).await
a6b75513
DM		 445 }
446
1a7a0e74 447 pub async fn delete(
a6782ca1
WB		 448 &mut self,
449 path: &str,
450 data: Option<Value>,
1a7a0e74 451 ) -> Result<Value, Error> {
9e391bb7 452 let req = Self::request_builder(&self.server, "DELETE", path, data).unwrap();
1a7a0e74 453 self.request(req).await
a6b75513
DM		 454 }
455
1a7a0e74 456 pub async fn post(
a6782ca1
WB		 457 &mut self,
458 path: &str,
459 data: Option<Value>,
1a7a0e74 460 ) -> Result<Value, Error> {
5a2df000 461 let req = Self::request_builder(&self.server, "POST", path, data).unwrap();
1a7a0e74 462 self.request(req).await
024f11bb
DM		 463 }
464
1a7a0e74 465 pub async fn download(
a6782ca1
WB		 466 &mut self,
467 path: &str,
1a7a0e74
DM		 468 output: &mut (dyn Write + Send),
469 ) -> Result<(), Error> {
5a2df000 470 let mut req = Self::request_builder(&self.server, "GET", path, None).unwrap();
024f11bb 471
5a2df000 472 let client = self.client.clone();
1fdb4c6f 473
1a7a0e74 474 let auth = self.login().await?;
81da38c1 475
1a7a0e74
DM		 476 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
477 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
6f62c924 478
1a7a0e74
DM		 479 let resp = client.request(req).await?;
480 let status = resp.status();
481 if !status.is_success() {
482 HttpClient::api_response(resp)
483 .map(|_| Err(format_err!("unknown error")))
484 .await?
485 } else {
486 resp.into_body()
5a2df000 487 .map_err(Error::from)
1a7a0e74
DM		 488 .try_fold(output, move |acc, chunk| async move {
489 acc.write_all(&chunk)?;
490 Ok::<_, Error>(acc)
5a2df000 491 })
1a7a0e74
DM		 492 .await?;
493 }
494 Ok(())
6f62c924
DM		 495 }
496
1a7a0e74 497 pub async fn upload(
04512d30
DM		 498 &mut self,
499 content_type: &str,
500 body: Body,
501 path: &str,
502 data: Option<Value>,
1a7a0e74 503 ) -> Result<Value, Error> {
81da38c1
DM		 504
505 let path = path.trim_matches('/');
04512d30
DM		 506 let mut url = format!("https://{}:8007/{}", &self.server, path);
507
508 if let Some(data) = data {
509 let query = tools::json_object_to_query(data).unwrap();
510 url.push('?');
511 url.push_str(&query);
512 }
513
514 let url: Uri = url.parse().unwrap();
81da38c1 515
5a2df000 516 let req = Request::builder()
81da38c1
DM		 517 .method("POST")
518 .uri(url)
519 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 520 .header("Content-Type", content_type)
521 .body(body).unwrap();
81da38c1 522
1a7a0e74 523 self.request(req).await
1fdb4c6f
DM		 524 }
525
1a7a0e74 526 pub async fn start_h2_connection(
fb047083
DM		 527 &self,
528 mut req: Request<Body>,
529 protocol_name: String,
dc089345 530 ) -> Result<(H2Client, futures::future::AbortHandle), Error> {
cf639a47 531
1a7a0e74 532 let auth = self.login().await?;
cf639a47
DM		 533 let client = self.client.clone();
534
1a7a0e74
DM		 535 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
536 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
537 req.headers_mut().insert("UPGRADE", HeaderValue::from_str(&protocol_name).unwrap());
cf639a47 538
1a7a0e74
DM		 539 let resp = client.request(req).await?;
540 let status = resp.status();
cf639a47 541
1a7a0e74 542 if status != http::StatusCode::SWITCHING_PROTOCOLS {
ca611955
DM		 543 Self::api_response(resp).await?;
544 bail!("unknown error");
1a7a0e74
DM		 545 }
546
547 let upgraded = resp
548 .into_body()
549 .on_upgrade()
550 .await?;
551
552 let max_window_size = (1 << 31) - 2;
553
554 let (h2, connection) = h2::client::Builder::new()
555 .initial_connection_window_size(max_window_size)
556 .initial_window_size(max_window_size)
557 .max_frame_size(4*1024*1024)
558 .handshake(upgraded)
559 .await?;
560
561 let connection = connection
562 .map_err(|_| panic!("HTTP/2.0 connection failed"));
563
dc089345 564 let (connection, abort) = futures::future::abortable(connection);
1a7a0e74
DM		 565 // A cancellable future returns an Option which is None when cancelled and
566 // Some when it finished instead, since we don't care about the return type we
567 // need to map it away:
568 let connection = connection.map(|_| ());
569
570 // Spawn a new task to drive the connection state
db0cb9ce 571 tokio::spawn(connection);
1a7a0e74
DM		 572
573 // Wait until the `SendRequest` handle has available capacity.
574 let c = h2.ready().await?;
dc089345 575 Ok((H2Client::new(c), abort))
cf639a47
DM		 576 }
577
9d35dbbb 578 async fn credentials(
1434f4f8 579 client: Client<HttpsConnector>,
45cdce06
DM		 580 server: String,
581 username: String,
582 password: String,
9d35dbbb
DM		 583 ) -> Result<AuthInfo, Error> {
584 let data = json!({ "username": username, "password": password });
585 let req = Self::request_builder(&server, "POST", "/api2/json/access/ticket", Some(data)).unwrap();
586 let cred = Self::api_request(client, req).await?;
587 let auth = AuthInfo {
588 username: cred["data"]["username"].as_str().unwrap().to_owned(),
589 ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
590 token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
591 };
592
9d35dbbb 593 Ok(auth)
ba3a60b2
DM		 594 }
595
a6782ca1 596 async fn api_response(response: Response<Body>) -> Result<Value, Error> {
d2c48afc 597 let status = response.status();
db0cb9ce 598 let data = hyper::body::to_bytes(response.into_body()).await?;
a6782ca1
WB		 599
600 let text = String::from_utf8(data.to_vec()).unwrap();
601 if status.is_success() {
11377a47
DM		 602 if text.is_empty() {
603 Ok(Value::Null)
604 } else {
a6782ca1
WB		 605 let value: Value = serde_json::from_str(&text)?;
606 Ok(value)
a6782ca1
WB		 607 }
608 } else {
609 bail!("HTTP Error {}: {}", status, text);
610 }
d2c48afc
DM		 611 }
612
1a7a0e74 613 async fn api_request(
1434f4f8 614 client: Client<HttpsConnector>,
5a2df000 615 req: Request<Body>
1a7a0e74 616 ) -> Result<Value, Error> {
ba3a60b2 617
5a2df000
DM		 618 client.request(req)
619 .map_err(Error::from)
d2c48afc 620 .and_then(Self::api_response)
1a7a0e74 621 .await
0dffe3f9
DM		 622 }
623
9e490a74
DM		 624 // Read-only access to server property
625 pub fn server(&self) -> &str {
626 &self.server
627 }
628
5a2df000 629 pub fn request_builder(server: &str, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
591f570b 630 let path = path.trim_matches('/');
5a2df000
DM		 631 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
632
633 if let Some(data) = data {
634 if method == "POST" {
635 let request = Request::builder()
636 .method(method)
637 .uri(url)
638 .header("User-Agent", "proxmox-backup-client/1.0")
639 .header(hyper::header::CONTENT_TYPE, "application/json")
640 .body(Body::from(data.to_string()))?;
641 return Ok(request);
642 } else {
9e391bb7
DM		 643 let query = tools::json_object_to_query(data)?;
644 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
645 let request = Request::builder()
646 .method(method)
647 .uri(url)
648 .header("User-Agent", "proxmox-backup-client/1.0")
649 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
650 .body(Body::empty())?;
651 return Ok(request);
5a2df000 652 }
5a2df000 653 }
0dffe3f9 654
1fdb4c6f 655 let request = Request::builder()
5a2df000 656 .method(method)
1fdb4c6f
DM		 657 .uri(url)
658 .header("User-Agent", "proxmox-backup-client/1.0")
5a2df000
DM		 659 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
660 .body(Body::empty())?;
1fdb4c6f 661
5a2df000 662 Ok(request)
597641fd
DM		 663 }
664}
b57cb264 665
9af37c8f
DM		 666
667#[derive(Clone)]
668pub struct H2Client {
669 h2: h2::client::SendRequest<bytes::Bytes>,
670}
671
672impl H2Client {
673
674 pub fn new(h2: h2::client::SendRequest<bytes::Bytes>) -> Self {
675 Self { h2 }
676 }
677
2a1e6d7d
DM		 678 pub async fn get(
679 &self,
680 path: &str,
681 param: Option<Value>
682 ) -> Result<Value, Error> {
792a70b9 683 let req = Self::request_builder("localhost", "GET", path, param, None).unwrap();
2a1e6d7d 684 self.request(req).await
9af37c8f
DM		 685 }
686
2a1e6d7d
DM		 687 pub async fn put(
688 &self,
689 path: &str,
690 param: Option<Value>
691 ) -> Result<Value, Error> {
792a70b9 692 let req = Self::request_builder("localhost", "PUT", path, param, None).unwrap();
2a1e6d7d 693 self.request(req).await
9af37c8f
DM		 694 }
695
2a1e6d7d
DM		 696 pub async fn post(
697 &self,
698 path: &str,
699 param: Option<Value>
700 ) -> Result<Value, Error> {
792a70b9 701 let req = Self::request_builder("localhost", "POST", path, param, None).unwrap();
2a1e6d7d 702 self.request(req).await
9af37c8f
DM		 703 }
704
d4a085e5 705 pub async fn download<W: Write + Send>(
a6782ca1
WB		 706 &self,
707 path: &str,
708 param: Option<Value>,
2a1e6d7d 709 mut output: W,
d4a085e5 710 ) -> Result<W, Error> {
792a70b9 711 let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
dd066d28 712
2a1e6d7d 713 let response_future = self.send_request(request, None).await?;
984a7c35 714
2a1e6d7d
DM		 715 let resp = response_future.await?;
716
717 let status = resp.status();
718 if !status.is_success() {
44f59dc7
DM		 719 H2Client::h2api_response(resp).await?; // raise error
720 unreachable!();
2a1e6d7d
DM		 721 }
722
723 let mut body = resp.into_body();
db0cb9ce
WB		 724 while let Some(chunk) = body.data().await {
725 let chunk = chunk?;
726 body.flow_control().release_capacity(chunk.len())?;
2a1e6d7d
DM		 727 output.write_all(&chunk)?;
728 }
729
730 Ok(output)
dd066d28
DM		 731 }
732
2a1e6d7d 733 pub async fn upload(
a6782ca1 734 &self,
f011dba0 735 method: &str, // POST or PUT
a6782ca1
WB		 736 path: &str,
737 param: Option<Value>,
792a70b9 738 content_type: &str,
a6782ca1 739 data: Vec<u8>,
2a1e6d7d 740 ) -> Result<Value, Error> {
f011dba0 741 let request = Self::request_builder("localhost", method, path, param, Some(content_type)).unwrap();
9af37c8f 742
2a1e6d7d
DM		 743 let mut send_request = self.h2.clone().ready().await?;
744
745 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 746
747 PipeToSendStream::new(bytes::Bytes::from(data), stream).await?;
748
749 response
750 .map_err(Error::from)
751 .and_then(Self::h2api_response)
2a1e6d7d 752 .await
9af37c8f 753 }
adec8ea2 754
2a1e6d7d 755 async fn request(
9af37c8f 756 &self,
b57cb264 757 request: Request<()>,
2a1e6d7d 758 ) -> Result<Value, Error> {
b57cb264 759
9af37c8f 760 self.send_request(request, None)
82ab7230
DM		 761 .and_then(move |response| {
762 response
763 .map_err(Error::from)
764 .and_then(Self::h2api_response)
765 })
2a1e6d7d 766 .await
82ab7230
DM		 767 }
768
cf9271e2 769 pub fn send_request(
9af37c8f 770 &self,
82ab7230
DM		 771 request: Request<()>,
772 data: Option<bytes::Bytes>,
a6782ca1 773 ) -> impl Future<Output = Result<h2::client::ResponseFuture, Error>> {
82ab7230 774
9af37c8f 775 self.h2.clone()
10130cf4
DM		 776 .ready()
777 .map_err(Error::from)
2a05048b 778 .and_then(move |mut send_request| async move {
82ab7230
DM		 779 if let Some(data) = data {
780 let (response, stream) = send_request.send_request(request, false).unwrap();
2a05048b
DM		 781 PipeToSendStream::new(data, stream).await?;
782 Ok(response)
82ab7230
DM		 783 } else {
784 let (response, _stream) = send_request.send_request(request, true).unwrap();
2a05048b 785 Ok(response)
82ab7230 786 }
b57cb264
DM		 787 })
788 }
789
f16aea68 790 pub async fn h2api_response(
a6782ca1 791 response: Response<h2::RecvStream>,
9edd3bf1 792 ) -> Result<Value, Error> {
b57cb264
DM		 793 let status = response.status();
794
795 let (_head, mut body) = response.into_parts();
796
9edd3bf1 797 let mut data = Vec::new();
db0cb9ce
WB		 798 while let Some(chunk) = body.data().await {
799 let chunk = chunk?;
800 // Whenever data is received, the caller is responsible for
801 // releasing capacity back to the server once it has freed
802 // the data from memory.
9edd3bf1 803 // Let the server send more data.
db0cb9ce 804 body.flow_control().release_capacity(chunk.len())?;
9edd3bf1
DM		 805 data.extend(chunk);
806 }
807
808 let text = String::from_utf8(data.to_vec()).unwrap();
809 if status.is_success() {
11377a47
DM		 810 if text.is_empty() {
811 Ok(Value::Null)
812 } else {
9edd3bf1
DM		 813 let mut value: Value = serde_json::from_str(&text)?;
814 if let Some(map) = value.as_object_mut() {
815 if let Some(data) = map.remove("data") {
816 return Ok(data);
b57cb264 817 }
b57cb264 818 }
9edd3bf1 819 bail!("got result without data property");
9edd3bf1
DM		 820 }
821 } else {
822 bail!("HTTP Error {}: {}", status, text);
823 }
b57cb264
DM		 824 }
825
eb2bdd1b 826 // Note: We always encode parameters with the url
792a70b9
DM		 827 pub fn request_builder(
828 server: &str,
829 method: &str,
830 path: &str,
831 param: Option<Value>,
832 content_type: Option<&str>,
833 ) -> Result<Request<()>, Error> {
b57cb264 834 let path = path.trim_matches('/');
b57cb264 835
792a70b9
DM		 836 let content_type = content_type.unwrap_or("application/x-www-form-urlencoded");
837
a55b2975
DM		 838 if let Some(param) = param {
839 let query = tools::json_object_to_query(param)?;
eb2bdd1b
DM		 840 // We detected problem with hyper around 6000 characters - seo we try to keep on the safe side
841 if query.len() > 4096 { bail!("h2 query data too large ({} bytes) - please encode data inside body", query.len()); }
b57cb264 842 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
eb2bdd1b 843 let request = Request::builder()
b57cb264
DM		 844 .method(method)
845 .uri(url)
846 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 847 .header(hyper::header::CONTENT_TYPE, content_type)
b57cb264 848 .body(())?;
62ee2eb4 849 Ok(request)
eb2bdd1b
DM		 850 } else {
851 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
852 let request = Request::builder()
853 .method(method)
854 .uri(url)
855 .header("User-Agent", "proxmox-backup-client/1.0")
792a70b9 856 .header(hyper::header::CONTENT_TYPE, content_type)
eb2bdd1b 857 .body(())?;
b57cb264 858
eb2bdd1b
DM		 859 Ok(request)
860 }
b57cb264
DM		 861 }
862}
1434f4f8 863
db0cb9ce 864#[derive(Clone)]
1434f4f8
WB		 865pub struct HttpsConnector {
866 http: HttpConnector,
db0cb9ce 867 ssl_connector: std::sync::Arc<SslConnector>,
1434f4f8
WB		 868}
869
870impl HttpsConnector {
871 pub fn with_connector(mut http: HttpConnector, ssl_connector: SslConnector) -> Self {
872 http.enforce_http(false);
873
874 Self {
875 http,
db0cb9ce 876 ssl_connector: std::sync::Arc::new(ssl_connector),
1434f4f8
WB		 877 }
878 }
879}
880
881type MaybeTlsStream = EitherStream<
882 tokio::net::TcpStream,
883 tokio_openssl::SslStream<tokio::net::TcpStream>,
884>;
885
db0cb9ce
WB		 886impl hyper::service::Service<Uri> for HttpsConnector {
887 type Response = MaybeTlsStream;
1434f4f8 888 type Error = Error;
db0cb9ce
WB		 889 type Future = std::pin::Pin<Box<
890 dyn Future<Output = Result<Self::Response, Self::Error>> + Send + 'static
891 >>;
1434f4f8 892
db0cb9ce
WB		 893 fn poll_ready(&mut self, _: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
894 // This connector is always ready, but others might not be.
895 Poll::Ready(Ok(()))
896 }
1434f4f8 897
db0cb9ce
WB		 898 fn call(&mut self, dst: Uri) -> Self::Future {
899 let mut this = self.clone();
900 async move {
901 let is_https = dst
902 .scheme()
903 .ok_or_else(|| format_err!("missing URL scheme"))?
904 == "https";
905 let host = dst
906 .host()
907 .ok_or_else(|| format_err!("missing hostname in destination url?"))?
908 .to_string();
909
910 let config = this.ssl_connector.configure();
911 let conn = this.http.call(dst).await?;
1434f4f8
WB		 912 if is_https {
913 let conn = tokio_openssl::connect(config?, &host, conn).await?;
db0cb9ce 914 Ok(MaybeTlsStream::Right(conn))
1434f4f8 915 } else {
db0cb9ce 916 Ok(MaybeTlsStream::Left(conn))
1434f4f8 917 }
db0cb9ce 918 }.boxed()
1434f4f8
WB		 919 }
920}
Proxmox Backup Server and Client