1 use std
::collections
::{HashSet, HashMap}
;
3 use std
::os
::unix
::ffi
::OsStrExt
;
5 use anyhow
::{bail, format_err, Error}
;
7 use hyper
::http
::request
::Parts
;
8 use hyper
::{header, Body, Response, StatusCode}
;
9 use serde_json
::{json, Value}
;
12 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
13 RpcEnvironment
, RpcEnvironmentType
, Permission
, UserInformation
};
14 use proxmox
::api
::router
::SubdirMap
;
15 use proxmox
::api
::schema
::*;
16 use proxmox
::tools
::fs
::{replace_file, CreateOptions}
;
17 use proxmox
::try_block
;
18 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
20 use pxar
::accessor
::aio
::Accessor
;
23 use crate::api2
::types
::*;
24 use crate::api2
::node
::rrd
::create_value_from_rrd
;
26 use crate::config
::datastore
;
27 use crate::config
::cached_user_info
::CachedUserInfo
;
29 use crate::server
::WorkerTask
;
30 use crate::tools
::{self, AsyncReaderStream, WrappedReaderStream}
;
31 use crate::config
::acl
::{
33 PRIV_DATASTORE_MODIFY
,
36 PRIV_DATASTORE_BACKUP
,
39 fn check_backup_owner(store
: &DataStore
, group
: &BackupGroup
, userid
: &str) -> Result
<(), Error
> {
40 let owner
= store
.get_owner(group
)?
;
42 bail
!("backup owner check failed ({} != {})", userid
, owner
);
47 fn read_backup_index(store
: &DataStore
, backup_dir
: &BackupDir
) -> Result
<Vec
<BackupContent
>, Error
> {
49 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
51 let mut result
= Vec
::new();
52 for item
in manifest
.files() {
53 result
.push(BackupContent
{
54 filename
: item
.filename
.clone(),
55 crypt_mode
: Some(item
.crypt_mode
),
56 size
: Some(item
.size
),
60 result
.push(BackupContent
{
61 filename
: MANIFEST_BLOB_NAME
.to_string(),
62 crypt_mode
: Some(CryptMode
::None
),
63 size
: Some(index_size
),
69 fn get_all_snapshot_files(
72 ) -> Result
<Vec
<BackupContent
>, Error
> {
73 let mut files
= read_backup_index(&store
, &info
.backup_dir
)?
;
75 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
76 acc
.insert(item
.filename
.clone());
80 for file
in &info
.files
{
81 if file_set
.contains(file
) { continue; }
82 files
.push(BackupContent
{
83 filename
: file
.to_string(),
92 fn group_backups(backup_list
: Vec
<BackupInfo
>) -> HashMap
<String
, Vec
<BackupInfo
>> {
94 let mut group_hash
= HashMap
::new();
96 for info
in backup_list
{
97 let group_id
= info
.backup_dir
.group().group_path().to_str().unwrap().to_owned();
98 let time_list
= group_hash
.entry(group_id
).or_insert(vec
![]);
109 schema
: DATASTORE_SCHEMA
,
115 description
: "Returns the list of backup groups.",
121 permission
: &Permission
::Privilege(
122 &["datastore", "{store}"],
123 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
127 /// List backup groups.
130 rpcenv
: &mut dyn RpcEnvironment
,
131 ) -> Result
<Vec
<GroupListItem
>, Error
> {
133 let username
= rpcenv
.get_user().unwrap();
134 let user_info
= CachedUserInfo
::new()?
;
135 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
137 let datastore
= DataStore
::lookup_datastore(&store
)?
;
139 let backup_list
= BackupInfo
::list_backups(&datastore
.base_path())?
;
141 let group_hash
= group_backups(backup_list
);
143 let mut groups
= Vec
::new();
145 for (_group_id
, mut list
) in group_hash
{
147 BackupInfo
::sort_list(&mut list
, false);
151 let group
= info
.backup_dir
.group();
153 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
154 let owner
= datastore
.get_owner(group
)?
;
156 if owner
!= username { continue; }
159 let result_item
= GroupListItem
{
160 backup_type
: group
.backup_type().to_string(),
161 backup_id
: group
.backup_id().to_string(),
162 last_backup
: info
.backup_dir
.backup_time().timestamp(),
163 backup_count
: list
.len() as u64,
164 files
: info
.files
.clone(),
167 groups
.push(result_item
);
177 schema
: DATASTORE_SCHEMA
,
180 schema
: BACKUP_TYPE_SCHEMA
,
183 schema
: BACKUP_ID_SCHEMA
,
186 schema
: BACKUP_TIME_SCHEMA
,
192 description
: "Returns the list of archive files inside a backup snapshots.",
198 permission
: &Permission
::Privilege(
199 &["datastore", "{store}"],
200 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
204 /// List snapshot files.
205 pub fn list_snapshot_files(
211 rpcenv
: &mut dyn RpcEnvironment
,
212 ) -> Result
<Vec
<BackupContent
>, Error
> {
214 let username
= rpcenv
.get_user().unwrap();
215 let user_info
= CachedUserInfo
::new()?
;
216 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
218 let datastore
= DataStore
::lookup_datastore(&store
)?
;
220 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
222 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)) != 0;
223 if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
225 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
227 get_all_snapshot_files(&datastore
, &info
)
234 schema
: DATASTORE_SCHEMA
,
237 schema
: BACKUP_TYPE_SCHEMA
,
240 schema
: BACKUP_ID_SCHEMA
,
243 schema
: BACKUP_TIME_SCHEMA
,
248 permission
: &Permission
::Privilege(
249 &["datastore", "{store}"],
250 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
254 /// Delete backup snapshot.
261 rpcenv
: &mut dyn RpcEnvironment
,
262 ) -> Result
<Value
, Error
> {
264 let username
= rpcenv
.get_user().unwrap();
265 let user_info
= CachedUserInfo
::new()?
;
266 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
268 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
270 let datastore
= DataStore
::lookup_datastore(&store
)?
;
272 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
273 if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
275 datastore
.remove_backup_dir(&snapshot
, false)?
;
284 schema
: DATASTORE_SCHEMA
,
288 schema
: BACKUP_TYPE_SCHEMA
,
292 schema
: BACKUP_ID_SCHEMA
,
298 description
: "Returns the list of snapshots.",
300 type: SnapshotListItem
,
304 permission
: &Permission
::Privilege(
305 &["datastore", "{store}"],
306 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
310 /// List backup snapshots.
311 pub fn list_snapshots (
313 backup_type
: Option
<String
>,
314 backup_id
: Option
<String
>,
317 rpcenv
: &mut dyn RpcEnvironment
,
318 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
320 let username
= rpcenv
.get_user().unwrap();
321 let user_info
= CachedUserInfo
::new()?
;
322 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
324 let datastore
= DataStore
::lookup_datastore(&store
)?
;
326 let base_path
= datastore
.base_path();
328 let backup_list
= BackupInfo
::list_backups(&base_path
)?
;
330 let mut snapshots
= vec
![];
332 for info
in backup_list
{
333 let group
= info
.backup_dir
.group();
334 if let Some(ref backup_type
) = backup_type
{
335 if backup_type
!= group
.backup_type() { continue; }
337 if let Some(ref backup_id
) = backup_id
{
338 if backup_id
!= group
.backup_id() { continue; }
341 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
342 let owner
= datastore
.get_owner(group
)?
;
345 if owner
!= username { continue; }
350 let files
= match get_all_snapshot_files(&datastore
, &info
) {
352 size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
356 eprintln
!("error during snapshot file listing: '{}'", err
);
360 .map(|x
| BackupContent
{
361 filename
: x
.to_string(),
369 let result_item
= SnapshotListItem
{
370 backup_type
: group
.backup_type().to_string(),
371 backup_id
: group
.backup_id().to_string(),
372 backup_time
: info
.backup_dir
.backup_time().timestamp(),
378 snapshots
.push(result_item
);
388 schema
: DATASTORE_SCHEMA
,
396 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
399 /// Get datastore status.
403 _rpcenv
: &mut dyn RpcEnvironment
,
404 ) -> Result
<StorageStatus
, Error
> {
405 let datastore
= DataStore
::lookup_datastore(&store
)?
;
406 crate::tools
::disks
::disk_usage(&datastore
.base_path())
413 schema
: DATASTORE_SCHEMA
,
416 schema
: BACKUP_TYPE_SCHEMA
,
420 schema
: BACKUP_ID_SCHEMA
,
424 schema
: BACKUP_TIME_SCHEMA
,
433 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true), // fixme
438 /// This function can verify a single backup snapshot, all backup from a backup group,
439 /// or all backups in the datastore.
442 backup_type
: Option
<String
>,
443 backup_id
: Option
<String
>,
444 backup_time
: Option
<i64>,
445 rpcenv
: &mut dyn RpcEnvironment
,
446 ) -> Result
<Value
, Error
> {
447 let datastore
= DataStore
::lookup_datastore(&store
)?
;
451 let mut backup_dir
= None
;
452 let mut backup_group
= None
;
454 match (backup_type
, backup_id
, backup_time
) {
455 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
456 worker_id
= format
!("{}_{}_{}_{:08X}", store
, backup_type
, backup_id
, backup_time
);
457 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
458 backup_dir
= Some(dir
);
460 (Some(backup_type
), Some(backup_id
), None
) => {
461 worker_id
= format
!("{}_{}_{}", store
, backup_type
, backup_id
);
462 let group
= BackupGroup
::new(backup_type
, backup_id
);
463 backup_group
= Some(group
);
465 (None
, None
, None
) => {
466 worker_id
= store
.clone();
468 _
=> bail
!("parameters do not spefify a backup group or snapshot"),
471 let username
= rpcenv
.get_user().unwrap();
472 let to_stdout
= if rpcenv
.env_type() == RpcEnvironmentType
::CLI { true }
else { false }
;
474 let upid_str
= WorkerTask
::new_thread(
475 "verify", Some(worker_id
.clone()), &username
, to_stdout
, move |worker
|
477 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
478 let mut verified_chunks
= HashSet
::with_capacity(1024*16);
479 let mut corrupt_chunks
= HashSet
::with_capacity(64);
480 let mut res
= Vec
::new();
481 if !verify_backup_dir(&datastore
, &backup_dir
, &mut verified_chunks
, &mut corrupt_chunks
, &worker
)?
{
482 res
.push(backup_dir
.to_string());
485 } else if let Some(backup_group
) = backup_group
{
486 verify_backup_group(&datastore
, &backup_group
, &worker
)?
488 verify_all_backups(&datastore
, &worker
)?
490 if failed_dirs
.len() > 0 {
491 worker
.log("Failed to verify following snapshots:");
492 for dir
in failed_dirs
{
493 worker
.log(format
!("\t{}", dir
));
495 bail
!("verfication failed - please check the log for details");
504 macro_rules
! add_common_prune_prameters
{
505 ( [ $
( $list1
:tt
)* ] ) => {
506 add_common_prune_prameters
!([$
( $list1
)* ] , [])
508 ( [ $
( $list1
:tt
)* ] , [ $
( $list2
:tt
)* ] ) => {
514 &PRUNE_SCHEMA_KEEP_DAILY
,
519 &PRUNE_SCHEMA_KEEP_HOURLY
,
524 &PRUNE_SCHEMA_KEEP_LAST
,
529 &PRUNE_SCHEMA_KEEP_MONTHLY
,
534 &PRUNE_SCHEMA_KEEP_WEEKLY
,
539 &PRUNE_SCHEMA_KEEP_YEARLY
,
546 pub const API_RETURN_SCHEMA_PRUNE
: Schema
= ArraySchema
::new(
547 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
548 &PruneListItem
::API_SCHEMA
551 const API_METHOD_PRUNE
: ApiMethod
= ApiMethod
::new(
552 &ApiHandler
::Sync(&prune
),
554 "Prune the datastore.",
555 &add_common_prune_prameters
!([
556 ("backup-id", false, &BACKUP_ID_SCHEMA
),
557 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
558 ("dry-run", true, &BooleanSchema
::new(
559 "Just show what prune would do, but do not delete anything.")
563 ("store", false, &DATASTORE_SCHEMA
),
566 .returns(&API_RETURN_SCHEMA_PRUNE
)
567 .access(None
, &Permission
::Privilege(
568 &["datastore", "{store}"],
569 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
576 rpcenv
: &mut dyn RpcEnvironment
,
577 ) -> Result
<Value
, Error
> {
579 let store
= tools
::required_string_param(¶m
, "store")?
;
580 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
581 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
583 let username
= rpcenv
.get_user().unwrap();
584 let user_info
= CachedUserInfo
::new()?
;
585 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
587 let dry_run
= param
["dry-run"].as_bool().unwrap_or(false);
589 let group
= BackupGroup
::new(backup_type
, backup_id
);
591 let datastore
= DataStore
::lookup_datastore(&store
)?
;
593 let allowed
= (user_privs
& PRIV_DATASTORE_MODIFY
) != 0;
594 if !allowed { check_backup_owner(&datastore, &group, &username)?; }
596 let prune_options
= PruneOptions
{
597 keep_last
: param
["keep-last"].as_u64(),
598 keep_hourly
: param
["keep-hourly"].as_u64(),
599 keep_daily
: param
["keep-daily"].as_u64(),
600 keep_weekly
: param
["keep-weekly"].as_u64(),
601 keep_monthly
: param
["keep-monthly"].as_u64(),
602 keep_yearly
: param
["keep-yearly"].as_u64(),
605 let worker_id
= format
!("{}_{}_{}", store
, backup_type
, backup_id
);
607 let mut prune_result
= Vec
::new();
609 let list
= group
.list_backups(&datastore
.base_path())?
;
611 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
613 prune_info
.reverse(); // delete older snapshots first
615 let keep_all
= !prune_options
.keeps_something();
618 for (info
, mut keep
) in prune_info
{
619 if keep_all { keep = true; }
621 let backup_time
= info
.backup_dir
.backup_time();
622 let group
= info
.backup_dir
.group();
624 prune_result
.push(json
!({
625 "backup-type": group
.backup_type(),
626 "backup-id": group
.backup_id(),
627 "backup-time": backup_time
.timestamp(),
631 return Ok(json
!(prune_result
));
635 // We use a WorkerTask just to have a task log, but run synchrounously
636 let worker
= WorkerTask
::new("prune", Some(worker_id
), "root@pam", true)?
;
638 let result
= try_block
! {
640 worker
.log("No prune selection - keeping all files.");
642 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
643 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
644 store
, backup_type
, backup_id
));
647 for (info
, mut keep
) in prune_info
{
648 if keep_all { keep = true; }
650 let backup_time
= info
.backup_dir
.backup_time();
651 let timestamp
= BackupDir
::backup_time_to_string(backup_time
);
652 let group
= info
.backup_dir
.group();
660 if keep { "keep" }
else { "remove" }
,
665 prune_result
.push(json
!({
666 "backup-type": group
.backup_type(),
667 "backup-id": group
.backup_id(),
668 "backup-time": backup_time
.timestamp(),
672 if !(dry_run
|| keep
) {
673 datastore
.remove_backup_dir(&info
.backup_dir
, true)?
;
680 worker
.log_result(&result
);
682 if let Err(err
) = result
{
683 bail
!("prune failed - {}", err
);
686 Ok(json
!(prune_result
))
693 schema
: DATASTORE_SCHEMA
,
701 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
704 /// Start garbage collection.
705 fn start_garbage_collection(
708 rpcenv
: &mut dyn RpcEnvironment
,
709 ) -> Result
<Value
, Error
> {
711 let datastore
= DataStore
::lookup_datastore(&store
)?
;
713 println
!("Starting garbage collection on store {}", store
);
715 let to_stdout
= if rpcenv
.env_type() == RpcEnvironmentType
::CLI { true }
else { false }
;
717 let upid_str
= WorkerTask
::new_thread(
718 "garbage_collection", Some(store
.clone()), "root@pam", to_stdout
, move |worker
|
720 worker
.log(format
!("starting garbage collection on store {}", store
));
721 datastore
.garbage_collection(&worker
)
731 schema
: DATASTORE_SCHEMA
,
736 type: GarbageCollectionStatus
,
739 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
742 /// Garbage collection status.
743 pub fn garbage_collection_status(
746 _rpcenv
: &mut dyn RpcEnvironment
,
747 ) -> Result
<GarbageCollectionStatus
, Error
> {
749 let datastore
= DataStore
::lookup_datastore(&store
)?
;
751 let status
= datastore
.last_gc_status();
758 description
: "List the accessible datastores.",
761 description
: "Datastore name and description.",
764 schema
: DATASTORE_SCHEMA
,
768 schema
: SINGLE_LINE_COMMENT_SCHEMA
,
774 permission
: &Permission
::Anybody
,
778 fn get_datastore_list(
781 rpcenv
: &mut dyn RpcEnvironment
,
782 ) -> Result
<Value
, Error
> {
784 let (config
, _digest
) = datastore
::config()?
;
786 let username
= rpcenv
.get_user().unwrap();
787 let user_info
= CachedUserInfo
::new()?
;
789 let mut list
= Vec
::new();
791 for (store
, (_
, data
)) in &config
.sections
{
792 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
793 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
795 let mut entry
= json
!({ "store": store }
);
796 if let Some(comment
) = data
["comment"].as_str() {
797 entry
["comment"] = comment
.into();
807 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
808 &ApiHandler
::AsyncHttp(&download_file
),
810 "Download single raw file from backup snapshot.",
812 ("store", false, &DATASTORE_SCHEMA
),
813 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
814 ("backup-id", false, &BACKUP_ID_SCHEMA
),
815 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
816 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
819 ).access(None
, &Permission
::Privilege(
820 &["datastore", "{store}"],
821 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
830 rpcenv
: Box
<dyn RpcEnvironment
>,
831 ) -> ApiResponseFuture
{
834 let store
= tools
::required_string_param(¶m
, "store")?
;
835 let datastore
= DataStore
::lookup_datastore(store
)?
;
837 let username
= rpcenv
.get_user().unwrap();
838 let user_info
= CachedUserInfo
::new()?
;
839 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
841 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
843 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
844 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
845 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
847 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
849 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
850 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
852 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
854 let mut path
= datastore
.base_path();
855 path
.push(backup_dir
.relative_path());
856 path
.push(&file_name
);
858 let file
= tokio
::fs
::File
::open(&path
)
860 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
862 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
863 .map_ok(|bytes
| hyper
::body
::Bytes
::from(bytes
.freeze()))
864 .map_err(move |err
| {
865 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
868 let body
= Body
::wrap_stream(payload
);
870 // fixme: set other headers ?
871 Ok(Response
::builder()
872 .status(StatusCode
::OK
)
873 .header(header
::CONTENT_TYPE
, "application/octet-stream")
880 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
881 &ApiHandler
::AsyncHttp(&download_file_decoded
),
883 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
885 ("store", false, &DATASTORE_SCHEMA
),
886 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
887 ("backup-id", false, &BACKUP_ID_SCHEMA
),
888 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
889 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
892 ).access(None
, &Permission
::Privilege(
893 &["datastore", "{store}"],
894 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
898 fn download_file_decoded(
903 rpcenv
: Box
<dyn RpcEnvironment
>,
904 ) -> ApiResponseFuture
{
907 let store
= tools
::required_string_param(¶m
, "store")?
;
908 let datastore
= DataStore
::lookup_datastore(store
)?
;
910 let username
= rpcenv
.get_user().unwrap();
911 let user_info
= CachedUserInfo
::new()?
;
912 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
914 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
916 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
917 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
918 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
920 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
922 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
923 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
925 let files
= read_backup_index(&datastore
, &backup_dir
)?
;
927 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
928 bail
!("cannot decode '{}' - is encrypted", file_name
);
932 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
934 let mut path
= datastore
.base_path();
935 path
.push(backup_dir
.relative_path());
936 path
.push(&file_name
);
938 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
940 let body
= match extension
{
942 let index
= DynamicIndexReader
::open(&path
)
943 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
945 let chunk_reader
= LocalChunkReader
::new(datastore
, None
);
946 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
947 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
948 .map_err(move |err
| {
949 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
954 let index
= FixedIndexReader
::open(&path
)
955 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
957 let chunk_reader
= LocalChunkReader
::new(datastore
, None
);
958 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
959 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
960 .map_err(move |err
| {
961 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
966 let file
= std
::fs
::File
::open(&path
)
967 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
970 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
971 .map_err(move |err
| {
972 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
978 bail
!("cannot download '{}' files", extension
);
982 // fixme: set other headers ?
983 Ok(Response
::builder()
984 .status(StatusCode
::OK
)
985 .header(header
::CONTENT_TYPE
, "application/octet-stream")
992 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
993 &ApiHandler
::AsyncHttp(&upload_backup_log
),
995 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
997 ("store", false, &DATASTORE_SCHEMA
),
998 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
999 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1000 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1004 Some("Only the backup creator/owner is allowed to do this."),
1005 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1008 fn upload_backup_log(
1013 rpcenv
: Box
<dyn RpcEnvironment
>,
1014 ) -> ApiResponseFuture
{
1017 let store
= tools
::required_string_param(¶m
, "store")?
;
1018 let datastore
= DataStore
::lookup_datastore(store
)?
;
1020 let file_name
= CLIENT_LOG_BLOB_NAME
;
1022 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1023 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1024 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1026 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1028 let username
= rpcenv
.get_user().unwrap();
1029 check_backup_owner(&datastore
, backup_dir
.group(), &username
)?
;
1031 let mut path
= datastore
.base_path();
1032 path
.push(backup_dir
.relative_path());
1033 path
.push(&file_name
);
1036 bail
!("backup already contains a log.");
1039 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1040 backup_type
, backup_id
, BackupDir
::backup_time_to_string(backup_dir
.backup_time()), file_name
);
1043 .map_err(Error
::from
)
1044 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1045 acc
.extend_from_slice(&*chunk
);
1046 future
::ok
::<_
, Error
>(acc
)
1050 // always verify blob/CRC at server side
1051 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1053 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1055 // fixme: use correct formatter
1056 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
1064 schema
: DATASTORE_SCHEMA
,
1067 schema
: BACKUP_TYPE_SCHEMA
,
1070 schema
: BACKUP_ID_SCHEMA
,
1073 schema
: BACKUP_TIME_SCHEMA
,
1076 description
: "Base64 encoded path.",
1082 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1085 /// Get the entries of the given path of the catalog
1088 backup_type
: String
,
1094 rpcenv
: &mut dyn RpcEnvironment
,
1095 ) -> Result
<Value
, Error
> {
1096 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1098 let username
= rpcenv
.get_user().unwrap();
1099 let user_info
= CachedUserInfo
::new()?
;
1100 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
1102 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1104 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1105 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
1107 let mut path
= datastore
.base_path();
1108 path
.push(backup_dir
.relative_path());
1109 path
.push(CATALOG_NAME
);
1111 let index
= DynamicIndexReader
::open(&path
)
1112 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1114 let chunk_reader
= LocalChunkReader
::new(datastore
, None
);
1115 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1117 let mut catalog_reader
= CatalogReader
::new(reader
);
1118 let mut current
= catalog_reader
.root()?
;
1119 let mut components
= vec
![];
1122 if filepath
!= "root" {
1123 components
= base64
::decode(filepath
)?
;
1124 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1125 components
.remove(0);
1127 for component
in components
.split(|c
| *c
== '
/'
as u8) {
1128 if let Some(entry
) = catalog_reader
.lookup(¤t
, component
)?
{
1131 bail
!("path {:?} not found in catalog", &String
::from_utf8_lossy(&components
));
1136 let mut res
= Vec
::new();
1138 for direntry
in catalog_reader
.read_dir(¤t
)?
{
1139 let mut components
= components
.clone();
1140 components
.push('
/'
as u8);
1141 components
.extend(&direntry
.name
);
1142 let path
= base64
::encode(components
);
1143 let text
= String
::from_utf8_lossy(&direntry
.name
);
1144 let mut entry
= json
!({
1147 "type": CatalogEntryType
::from(&direntry
.attr
).to_string(),
1150 match direntry
.attr
{
1151 DirEntryAttribute
::Directory { start: _ }
=> {
1152 entry
["leaf"] = false.into();
1154 DirEntryAttribute
::File { size, mtime }
=> {
1155 entry
["size"] = size
.into();
1156 entry
["mtime"] = mtime
.into();
1167 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1168 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1170 "Download single file from pxar file of a bacup snapshot. Only works if it's not encrypted.",
1172 ("store", false, &DATASTORE_SCHEMA
),
1173 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1174 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1175 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1176 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1179 ).access(None
, &Permission
::Privilege(
1180 &["datastore", "{store}"],
1181 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1185 fn pxar_file_download(
1190 rpcenv
: Box
<dyn RpcEnvironment
>,
1191 ) -> ApiResponseFuture
{
1194 let store
= tools
::required_string_param(¶m
, "store")?
;
1195 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1197 let username
= rpcenv
.get_user().unwrap();
1198 let user_info
= CachedUserInfo
::new()?
;
1199 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
1201 let filepath
= tools
::required_string_param(¶m
, "filepath")?
.to_owned();
1203 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1204 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1205 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1207 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1209 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1210 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
1212 let mut path
= datastore
.base_path();
1213 path
.push(backup_dir
.relative_path());
1215 let mut components
= base64
::decode(&filepath
)?
;
1216 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1217 components
.remove(0);
1220 let mut split
= components
.splitn(2, |c
| *c
== '
/'
as u8);
1221 let pxar_name
= split
.next().unwrap();
1222 let file_path
= split
.next().ok_or(format_err
!("filepath looks strange '{}'", filepath
))?
;
1224 path
.push(OsStr
::from_bytes(&pxar_name
));
1226 let index
= DynamicIndexReader
::open(&path
)
1227 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1229 let chunk_reader
= LocalChunkReader
::new(datastore
, None
);
1230 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1231 let archive_size
= reader
.archive_size();
1232 let reader
= LocalDynamicReadAt
::new(reader
);
1234 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1235 let root
= decoder
.open_root().await?
;
1237 .lookup(OsStr
::from_bytes(file_path
)).await?
1238 .ok_or(format_err
!("error opening '{:?}'", file_path
))?
;
1240 let file
= match file
.kind() {
1241 EntryKind
::File { .. }
=> file
,
1242 EntryKind
::Hardlink(_
) => {
1243 decoder
.follow_hardlink(&file
).await?
1246 other
=> bail
!("cannot download file of type {:?}", other
),
1249 let body
= Body
::wrap_stream(
1250 AsyncReaderStream
::new(file
.contents().await?
)
1251 .map_err(move |err
| {
1252 eprintln
!("error during streaming of '{:?}' - {}", filepath
, err
);
1257 // fixme: set other headers ?
1258 Ok(Response
::builder()
1259 .status(StatusCode
::OK
)
1260 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1270 schema
: DATASTORE_SCHEMA
,
1273 type: RRDTimeFrameResolution
,
1281 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1284 /// Read datastore stats
1287 timeframe
: RRDTimeFrameResolution
,
1290 ) -> Result
<Value
, Error
> {
1292 create_value_from_rrd(
1293 &format
!("datastore/{}", store
),
1296 "read_ios", "read_bytes",
1297 "write_ios", "write_bytes",
1309 schema
: DATASTORE_SCHEMA
,
1312 schema
: BACKUP_TYPE_SCHEMA
,
1315 schema
: BACKUP_ID_SCHEMA
,
1318 schema
: BACKUP_TIME_SCHEMA
,
1323 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1326 /// Get "notes" for a specific backup
1329 backup_type
: String
,
1332 rpcenv
: &mut dyn RpcEnvironment
,
1333 ) -> Result
<String
, Error
> {
1334 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1336 let username
= rpcenv
.get_user().unwrap();
1337 let user_info
= CachedUserInfo
::new()?
;
1338 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
1340 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1342 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1343 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
1345 let manifest
= datastore
.load_manifest_json(&backup_dir
)?
;
1347 let notes
= manifest
["unprotected"]["notes"]
1351 Ok(String
::from(notes
))
1358 schema
: DATASTORE_SCHEMA
,
1361 schema
: BACKUP_TYPE_SCHEMA
,
1364 schema
: BACKUP_ID_SCHEMA
,
1367 schema
: BACKUP_TIME_SCHEMA
,
1370 description
: "A multiline text.",
1375 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, true),
1378 /// Set "notes" for a specific backup
1381 backup_type
: String
,
1385 rpcenv
: &mut dyn RpcEnvironment
,
1386 ) -> Result
<(), Error
> {
1387 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1389 let username
= rpcenv
.get_user().unwrap();
1390 let user_info
= CachedUserInfo
::new()?
;
1391 let user_privs
= user_info
.lookup_privs(&username
, &["datastore", &store
]);
1393 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
);
1395 let allowed
= (user_privs
& PRIV_DATASTORE_READ
) != 0;
1396 if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
1398 let mut manifest
= datastore
.load_manifest_json(&backup_dir
)?
;
1400 manifest
["unprotected"]["notes"] = notes
.into();
1402 datastore
.store_manifest(&backup_dir
, manifest
)?
;
1408 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1412 .get(&API_METHOD_CATALOG
)
1417 .download(&API_METHOD_DOWNLOAD_FILE
)
1422 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1427 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1432 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1433 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1438 .get(&API_METHOD_LIST_GROUPS
)
1443 .get(&API_METHOD_GET_NOTES
)
1444 .put(&API_METHOD_SET_NOTES
)
1449 .post(&API_METHOD_PRUNE
)
1452 "pxar-file-download",
1454 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1459 .get(&API_METHOD_GET_RRD_STATS
)
1464 .get(&API_METHOD_LIST_SNAPSHOTS
)
1465 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1470 .get(&API_METHOD_STATUS
)
1473 "upload-backup-log",
1475 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1480 .post(&API_METHOD_VERIFY
)
1484 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1485 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1486 .subdirs(DATASTORE_INFO_SUBDIRS
);
1489 pub const ROUTER
: Router
= Router
::new()
1490 .get(&API_METHOD_GET_DATASTORE_LIST
)
1491 .match_all("store", &DATASTORE_INFO_ROUTER
);