]> git.proxmox.com Git - proxmox-backup.git/blob - src/client/http_client.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
avoid chrono dependency, depend on proxmox 0.3.8
[proxmox-backup.git] / src / client / http_client.rs
1 use std::io::Write;
2 use std::task::{Context, Poll};
3 use std::sync::{Arc, Mutex};
4
5 use anyhow::{bail, format_err, Error};
6 use futures::*;
7 use http::Uri;
8 use http::header::HeaderValue;
9 use http::{Request, Response};
10 use hyper::Body;
11 use hyper::client::{Client, HttpConnector};
12 use openssl::{ssl::{SslConnector, SslMethod}, x509::X509StoreContextRef};
13 use serde_json::{json, Value};
14 use percent_encoding::percent_encode;
15 use xdg::BaseDirectories;
16
17 use proxmox::{
18 api::error::HttpError,
19 sys::linux::tty,
20 tools::{
21 fs::{file_get_json, replace_file, CreateOptions},
22 }
23 };
24
25 use super::pipe_to_stream::PipeToSendStream;
26 use crate::api2::types::Userid;
27 use crate::tools::async_io::EitherStream;
28 use crate::tools::{self, BroadcastFuture, DEFAULT_ENCODE_SET};
29
30 #[derive(Clone)]
31 pub struct AuthInfo {
32 pub username: String,
33 pub ticket: String,
34 pub token: String,
35 }
36
37 pub struct HttpClientOptions {
38 prefix: Option<String>,
39 password: Option<String>,
40 fingerprint: Option<String>,
41 interactive: bool,
42 ticket_cache: bool,
43 fingerprint_cache: bool,
44 verify_cert: bool,
45 }
46
47 impl HttpClientOptions {
48
49 pub fn new() -> Self {
50 Self {
51 prefix: None,
52 password: None,
53 fingerprint: None,
54 interactive: false,
55 ticket_cache: false,
56 fingerprint_cache: false,
57 verify_cert: true,
58 }
59 }
60
61 pub fn prefix(mut self, prefix: Option<String>) -> Self {
62 self.prefix = prefix;
63 self
64 }
65
66 pub fn password(mut self, password: Option<String>) -> Self {
67 self.password = password;
68 self
69 }
70
71 pub fn fingerprint(mut self, fingerprint: Option<String>) -> Self {
72 self.fingerprint = fingerprint;
73 self
74 }
75
76 pub fn interactive(mut self, interactive: bool) -> Self {
77 self.interactive = interactive;
78 self
79 }
80
81 pub fn ticket_cache(mut self, ticket_cache: bool) -> Self {
82 self.ticket_cache = ticket_cache;
83 self
84 }
85
86 pub fn fingerprint_cache(mut self, fingerprint_cache: bool) -> Self {
87 self.fingerprint_cache = fingerprint_cache;
88 self
89 }
90
91 pub fn verify_cert(mut self, verify_cert: bool) -> Self {
92 self.verify_cert = verify_cert;
93 self
94 }
95 }
96
97 /// HTTP(S) API client
98 pub struct HttpClient {
99 client: Client<HttpsConnector>,
100 server: String,
101 fingerprint: Arc<Mutex<Option<String>>>,
102 auth: BroadcastFuture<AuthInfo>,
103 _options: HttpClientOptions,
104 }
105
106 /// Delete stored ticket data (logout)
107 pub fn delete_ticket_info(prefix: &str, server: &str, username: &Userid) -> Result<(), Error> {
108
109 let base = BaseDirectories::with_prefix(prefix)?;
110
111 // usually /run/user/<uid>/...
112 let path = base.place_runtime_file("tickets")?;
113
114 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
115
116 let mut data = file_get_json(&path, Some(json!({})))?;
117
118 if let Some(map) = data[server].as_object_mut() {
119 map.remove(username.as_str());
120 }
121
122 replace_file(path, data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
123
124 Ok(())
125 }
126
127 fn store_fingerprint(prefix: &str, server: &str, fingerprint: &str) -> Result<(), Error> {
128
129 let base = BaseDirectories::with_prefix(prefix)?;
130
131 // usually ~/.config/<prefix>/fingerprints
132 let path = base.place_config_file("fingerprints")?;
133
134 let raw = match std::fs::read_to_string(&path) {
135 Ok(v) => v,
136 Err(err) => {
137 if err.kind() == std::io::ErrorKind::NotFound {
138 String::new()
139 } else {
140 bail!("unable to read fingerprints from {:?} - {}", path, err);
141 }
142 }
143 };
144
145 let mut result = String::new();
146
147 raw.split('\n').for_each(|line| {
148 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
149 if items.len() == 2 {
150 if &items[0] == server {
151 // found, add later with new fingerprint
152 } else {
153 result.push_str(line);
154 result.push('\n');
155 }
156 }
157 });
158
159 result.push_str(server);
160 result.push(' ');
161 result.push_str(fingerprint);
162 result.push('\n');
163
164 replace_file(path, result.as_bytes(), CreateOptions::new())?;
165
166 Ok(())
167 }
168
169 fn load_fingerprint(prefix: &str, server: &str) -> Option<String> {
170
171 let base = BaseDirectories::with_prefix(prefix).ok()?;
172
173 // usually ~/.config/<prefix>/fingerprints
174 let path = base.place_config_file("fingerprints").ok()?;
175
176 let raw = std::fs::read_to_string(&path).ok()?;
177
178 for line in raw.split('\n') {
179 let items: Vec<String> = line.split_whitespace().map(String::from).collect();
180 if items.len() == 2 {
181 if &items[0] == server {
182 return Some(items[1].clone());
183 }
184 }
185 }
186
187 None
188 }
189
190 fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, token: &str) -> Result<(), Error> {
191
192 let base = BaseDirectories::with_prefix(prefix)?;
193
194 // usually /run/user/<uid>/...
195 let path = base.place_runtime_file("tickets")?;
196
197 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
198
199 let mut data = file_get_json(&path, Some(json!({})))?;
200
201 let now = proxmox::tools::time::epoch_i64();
202
203 data[server][username] = json!({ "timestamp": now, "ticket": ticket, "token": token});
204
205 let mut new_data = json!({});
206
207 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
208
209 let empty = serde_json::map::Map::new();
210 for (server, info) in data.as_object().unwrap_or(&empty) {
211 for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
212 if let Some(timestamp) = uinfo["timestamp"].as_i64() {
213 let age = now - timestamp;
214 if age < ticket_lifetime {
215 new_data[server][username] = uinfo.clone();
216 }
217 }
218 }
219 }
220
221 replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
222
223 Ok(())
224 }
225
226 fn load_ticket_info(prefix: &str, server: &str, userid: &Userid) -> Option<(String, String)> {
227 let base = BaseDirectories::with_prefix(prefix).ok()?;
228
229 // usually /run/user/<uid>/...
230 let path = base.place_runtime_file("tickets").ok()?;
231 let data = file_get_json(&path, None).ok()?;
232 let now = proxmox::tools::time::epoch_i64();
233 let ticket_lifetime = tools::ticket::TICKET_LIFETIME - 60;
234 let uinfo = data[server][userid.as_str()].as_object()?;
235 let timestamp = uinfo["timestamp"].as_i64()?;
236 let age = now - timestamp;
237
238 if age < ticket_lifetime {
239 let ticket = uinfo["ticket"].as_str()?;
240 let token = uinfo["token"].as_str()?;
241 Some((ticket.to_owned(), token.to_owned()))
242 } else {
243 None
244 }
245 }
246
247 impl HttpClient {
248 pub fn new(
249 server: &str,
250 userid: &Userid,
251 mut options: HttpClientOptions,
252 ) -> Result<Self, Error> {
253
254 let verified_fingerprint = Arc::new(Mutex::new(None));
255
256 let mut fingerprint = options.fingerprint.take();
257
258 if fingerprint.is_some() {
259 // do not store fingerprints passed via options in cache
260 options.fingerprint_cache = false;
261 } else if options.fingerprint_cache && options.prefix.is_some() {
262 fingerprint = load_fingerprint(options.prefix.as_ref().unwrap(), server);
263 }
264
265 let mut ssl_connector_builder = SslConnector::builder(SslMethod::tls()).unwrap();
266
267 if options.verify_cert {
268 let server = server.to_string();
269 let verified_fingerprint = verified_fingerprint.clone();
270 let interactive = options.interactive;
271 let fingerprint_cache = options.fingerprint_cache;
272 let prefix = options.prefix.clone();
273 ssl_connector_builder.set_verify_callback(openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| {
274 let (valid, fingerprint) = Self::verify_callback(valid, ctx, fingerprint.clone(), interactive);
275 if valid {
276 if let Some(fingerprint) = fingerprint {
277 if fingerprint_cache && prefix.is_some() {
278 if let Err(err) = store_fingerprint(
279 prefix.as_ref().unwrap(), &server, &fingerprint) {
280 eprintln!("{}", err);
281 }
282 }
283 *verified_fingerprint.lock().unwrap() = Some(fingerprint);
284 }
285 }
286 valid
287 });
288 } else {
289 ssl_connector_builder.set_verify(openssl::ssl::SslVerifyMode::NONE);
290 }
291
292 let mut httpc = hyper::client::HttpConnector::new();
293 httpc.set_nodelay(true); // important for h2 download performance!
294 httpc.enforce_http(false); // we want https...
295
296 let https = HttpsConnector::with_connector(httpc, ssl_connector_builder.build());
297
298 let client = Client::builder()
299 //.http2_initial_stream_window_size( (1 << 31) - 2)
300 //.http2_initial_connection_window_size( (1 << 31) - 2)
301 .build::<_, Body>(https);
302
303 let password = options.password.take();
304 let use_ticket_cache = options.ticket_cache && options.prefix.is_some();
305
306 let password = if let Some(password) = password {
307 password
308 } else {
309 let mut ticket_info = None;
310 if use_ticket_cache {
311 ticket_info = load_ticket_info(options.prefix.as_ref().unwrap(), server, userid);
312 }
313 if let Some((ticket, _token)) = ticket_info {
314 ticket
315 } else {
316 Self::get_password(userid, options.interactive)?
317 }
318 };
319
320 let login_future = Self::credentials(
321 client.clone(),
322 server.to_owned(),
323 userid.to_owned(),
324 password.to_owned(),
325 ).map_ok({
326 let server = server.to_string();
327 let prefix = options.prefix.clone();
328
329 move |auth| {
330 if use_ticket_cache & &prefix.is_some() {
331 let _ = store_ticket_info(prefix.as_ref().unwrap(), &server, &auth.username, &auth.ticket, &auth.token);
332 }
333
334 auth
335 }
336 });
337
338 Ok(Self {
339 client,
340 server: String::from(server),
341 fingerprint: verified_fingerprint,
342 auth: BroadcastFuture::new(Box::new(login_future)),
343 _options: options,
344 })
345 }
346
347 /// Login
348 ///
349 /// Login is done on demand, so this is only required if you need
350 /// access to authentication data in 'AuthInfo'.
351 pub async fn login(&self) -> Result<AuthInfo, Error> {
352 self.auth.listen().await
353 }
354
355 /// Returns the optional fingerprint passed to the new() constructor.
356 pub fn fingerprint(&self) -> Option<String> {
357 (*self.fingerprint.lock().unwrap()).clone()
358 }
359
360 fn get_password(username: &Userid, interactive: bool) -> Result<String, Error> {
361 // If we're on a TTY, query the user for a password
362 if interactive && tty::stdin_isatty() {
363 let msg = format!("Password for \"{}\": ", username);
364 return Ok(String::from_utf8(tty::read_password(&msg)?)?);
365 }
366
367 bail!("no password input mechanism available");
368 }
369
370 fn verify_callback(
371 valid: bool, ctx:
372 &mut X509StoreContextRef,
373 expected_fingerprint: Option<String>,
374 interactive: bool,
375 ) -> (bool, Option<String>) {
376 if valid { return (true, None); }
377
378 let cert = match ctx.current_cert() {
379 Some(cert) => cert,
380 None => return (false, None),
381 };
382
383 let depth = ctx.error_depth();
384 if depth != 0 { return (false, None); }
385
386 let fp = match cert.digest(openssl::hash::MessageDigest::sha256()) {
387 Ok(fp) => fp,
388 Err(_) => return (false, None), // should not happen
389 };
390 let fp_string = proxmox::tools::digest_to_hex(&fp);
391 let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
392 .collect::<Vec<&str>>().join(":");
393
394 if let Some(expected_fingerprint) = expected_fingerprint {
395 if expected_fingerprint.to_lowercase() == fp_string {
396 return (true, Some(fp_string));
397 } else {
398 return (false, None);
399 }
400 }
401
402 // If we're on a TTY, query the user
403 if interactive && tty::stdin_isatty() {
404 println!("fingerprint: {}", fp_string);
405 loop {
406 print!("Are you sure you want to continue connecting? (y/n): ");
407 let _ = std::io::stdout().flush();
408 use std::io::{BufRead, BufReader};
409 let mut line = String::new();
410 match BufReader::new(std::io::stdin()).read_line(&mut line) {
411 Ok(_) => {
412 let trimmed = line.trim();
413 if trimmed == "y" || trimmed == "Y" {
414 return (true, Some(fp_string));
415 } else if trimmed == "n" || trimmed == "N" {
416 return (false, None);
417 } else {
418 continue;
419 }
420 }
421 Err(_) => return (false, None),
422 }
423 }
424 }
425 (false, None)
426 }
427
428 pub async fn request(&self, mut req: Request<Body>) -> Result<Value, Error> {
429
430 let client = self.client.clone();
431
432 let auth = self.login().await?;
433
434 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
435 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
436 req.headers_mut().insert("CSRFPreventionToken", HeaderValue::from_str(&auth.token).unwrap());
437
438 Self::api_request(client, req).await
439 }
440
441 pub async fn get(
442 &self,
443 path: &str,
444 data: Option<Value>,
445 ) -> Result<Value, Error> {
446 let req = Self::request_builder(&self.server, "GET", path, data).unwrap();
447 self.request(req).await
448 }
449
450 pub async fn delete(
451 &mut self,
452 path: &str,
453 data: Option<Value>,
454 ) -> Result<Value, Error> {
455 let req = Self::request_builder(&self.server, "DELETE", path, data).unwrap();
456 self.request(req).await
457 }
458
459 pub async fn post(
460 &mut self,
461 path: &str,
462 data: Option<Value>,
463 ) -> Result<Value, Error> {
464 let req = Self::request_builder(&self.server, "POST", path, data).unwrap();
465 self.request(req).await
466 }
467
468 pub async fn download(
469 &mut self,
470 path: &str,
471 output: &mut (dyn Write + Send),
472 ) -> Result<(), Error> {
473 let mut req = Self::request_builder(&self.server, "GET", path, None).unwrap();
474
475 let client = self.client.clone();
476
477 let auth = self.login().await?;
478
479 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
480 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
481
482 let resp = client.request(req).await?;
483 let status = resp.status();
484 if !status.is_success() {
485 HttpClient::api_response(resp)
486 .map(|_| Err(format_err!("unknown error")))
487 .await?
488 } else {
489 resp.into_body()
490 .map_err(Error::from)
491 .try_fold(output, move |acc, chunk| async move {
492 acc.write_all(&chunk)?;
493 Ok::<_, Error>(acc)
494 })
495 .await?;
496 }
497 Ok(())
498 }
499
500 pub async fn upload(
501 &mut self,
502 content_type: &str,
503 body: Body,
504 path: &str,
505 data: Option<Value>,
506 ) -> Result<Value, Error> {
507
508 let path = path.trim_matches('/');
509 let mut url = format!("https://{}:8007/{}", &self.server, path);
510
511 if let Some(data) = data {
512 let query = tools::json_object_to_query(data).unwrap();
513 url.push('?');
514 url.push_str(&query);
515 }
516
517 let url: Uri = url.parse().unwrap();
518
519 let req = Request::builder()
520 .method("POST")
521 .uri(url)
522 .header("User-Agent", "proxmox-backup-client/1.0")
523 .header("Content-Type", content_type)
524 .body(body).unwrap();
525
526 self.request(req).await
527 }
528
529 pub async fn start_h2_connection(
530 &self,
531 mut req: Request<Body>,
532 protocol_name: String,
533 ) -> Result<(H2Client, futures::future::AbortHandle), Error> {
534
535 let auth = self.login().await?;
536 let client = self.client.clone();
537
538 let enc_ticket = format!("PBSAuthCookie={}", percent_encode(auth.ticket.as_bytes(), DEFAULT_ENCODE_SET));
539 req.headers_mut().insert("Cookie", HeaderValue::from_str(&enc_ticket).unwrap());
540 req.headers_mut().insert("UPGRADE", HeaderValue::from_str(&protocol_name).unwrap());
541
542 let resp = client.request(req).await?;
543 let status = resp.status();
544
545 if status != http::StatusCode::SWITCHING_PROTOCOLS {
546 Self::api_response(resp).await?;
547 bail!("unknown error");
548 }
549
550 let upgraded = resp
551 .into_body()
552 .on_upgrade()
553 .await?;
554
555 let max_window_size = (1 << 31) - 2;
556
557 let (h2, connection) = h2::client::Builder::new()
558 .initial_connection_window_size(max_window_size)
559 .initial_window_size(max_window_size)
560 .max_frame_size(4*1024*1024)
561 .handshake(upgraded)
562 .await?;
563
564 let connection = connection
565 .map_err(|_| panic!("HTTP/2.0 connection failed"));
566
567 let (connection, abort) = futures::future::abortable(connection);
568 // A cancellable future returns an Option which is None when cancelled and
569 // Some when it finished instead, since we don't care about the return type we
570 // need to map it away:
571 let connection = connection.map(|_| ());
572
573 // Spawn a new task to drive the connection state
574 tokio::spawn(connection);
575
576 // Wait until the `SendRequest` handle has available capacity.
577 let c = h2.ready().await?;
578 Ok((H2Client::new(c), abort))
579 }
580
581 async fn credentials(
582 client: Client<HttpsConnector>,
583 server: String,
584 username: Userid,
585 password: String,
586 ) -> Result<AuthInfo, Error> {
587 let data = json!({ "username": username, "password": password });
588 let req = Self::request_builder(&server, "POST", "/api2/json/access/ticket", Some(data)).unwrap();
589 let cred = Self::api_request(client, req).await?;
590 let auth = AuthInfo {
591 username: cred["data"]["username"].as_str().unwrap().to_owned(),
592 ticket: cred["data"]["ticket"].as_str().unwrap().to_owned(),
593 token: cred["data"]["CSRFPreventionToken"].as_str().unwrap().to_owned(),
594 };
595
596 Ok(auth)
597 }
598
599 async fn api_response(response: Response<Body>) -> Result<Value, Error> {
600 let status = response.status();
601 let data = hyper::body::to_bytes(response.into_body()).await?;
602
603 let text = String::from_utf8(data.to_vec()).unwrap();
604 if status.is_success() {
605 if text.is_empty() {
606 Ok(Value::Null)
607 } else {
608 let value: Value = serde_json::from_str(&text)?;
609 Ok(value)
610 }
611 } else {
612 Err(Error::from(HttpError::new(status, text)))
613 }
614 }
615
616 async fn api_request(
617 client: Client<HttpsConnector>,
618 req: Request<Body>
619 ) -> Result<Value, Error> {
620
621 client.request(req)
622 .map_err(Error::from)
623 .and_then(Self::api_response)
624 .await
625 }
626
627 // Read-only access to server property
628 pub fn server(&self) -> &str {
629 &self.server
630 }
631
632 pub fn request_builder(server: &str, method: &str, path: &str, data: Option<Value>) -> Result<Request<Body>, Error> {
633 let path = path.trim_matches('/');
634 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
635
636 if let Some(data) = data {
637 if method == "POST" {
638 let request = Request::builder()
639 .method(method)
640 .uri(url)
641 .header("User-Agent", "proxmox-backup-client/1.0")
642 .header(hyper::header::CONTENT_TYPE, "application/json")
643 .body(Body::from(data.to_string()))?;
644 return Ok(request);
645 } else {
646 let query = tools::json_object_to_query(data)?;
647 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
648 let request = Request::builder()
649 .method(method)
650 .uri(url)
651 .header("User-Agent", "proxmox-backup-client/1.0")
652 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
653 .body(Body::empty())?;
654 return Ok(request);
655 }
656 }
657
658 let request = Request::builder()
659 .method(method)
660 .uri(url)
661 .header("User-Agent", "proxmox-backup-client/1.0")
662 .header(hyper::header::CONTENT_TYPE, "application/x-www-form-urlencoded")
663 .body(Body::empty())?;
664
665 Ok(request)
666 }
667 }
668
669
670 #[derive(Clone)]
671 pub struct H2Client {
672 h2: h2::client::SendRequest<bytes::Bytes>,
673 }
674
675 impl H2Client {
676
677 pub fn new(h2: h2::client::SendRequest<bytes::Bytes>) -> Self {
678 Self { h2 }
679 }
680
681 pub async fn get(
682 &self,
683 path: &str,
684 param: Option<Value>
685 ) -> Result<Value, Error> {
686 let req = Self::request_builder("localhost", "GET", path, param, None).unwrap();
687 self.request(req).await
688 }
689
690 pub async fn put(
691 &self,
692 path: &str,
693 param: Option<Value>
694 ) -> Result<Value, Error> {
695 let req = Self::request_builder("localhost", "PUT", path, param, None).unwrap();
696 self.request(req).await
697 }
698
699 pub async fn post(
700 &self,
701 path: &str,
702 param: Option<Value>
703 ) -> Result<Value, Error> {
704 let req = Self::request_builder("localhost", "POST", path, param, None).unwrap();
705 self.request(req).await
706 }
707
708 pub async fn download<W: Write + Send>(
709 &self,
710 path: &str,
711 param: Option<Value>,
712 mut output: W,
713 ) -> Result<(), Error> {
714 let request = Self::request_builder("localhost", "GET", path, param, None).unwrap();
715
716 let response_future = self.send_request(request, None).await?;
717
718 let resp = response_future.await?;
719
720 let status = resp.status();
721 if !status.is_success() {
722 H2Client::h2api_response(resp).await?; // raise error
723 unreachable!();
724 }
725
726 let mut body = resp.into_body();
727 while let Some(chunk) = body.data().await {
728 let chunk = chunk?;
729 body.flow_control().release_capacity(chunk.len())?;
730 output.write_all(&chunk)?;
731 }
732
733 Ok(())
734 }
735
736 pub async fn upload(
737 &self,
738 method: &str, // POST or PUT
739 path: &str,
740 param: Option<Value>,
741 content_type: &str,
742 data: Vec<u8>,
743 ) -> Result<Value, Error> {
744 let request = Self::request_builder("localhost", method, path, param, Some(content_type)).unwrap();
745
746 let mut send_request = self.h2.clone().ready().await?;
747
748 let (response, stream) = send_request.send_request(request, false).unwrap();
749
750 PipeToSendStream::new(bytes::Bytes::from(data), stream).await?;
751
752 response
753 .map_err(Error::from)
754 .and_then(Self::h2api_response)
755 .await
756 }
757
758 async fn request(
759 &self,
760 request: Request<()>,
761 ) -> Result<Value, Error> {
762
763 self.send_request(request, None)
764 .and_then(move |response| {
765 response
766 .map_err(Error::from)
767 .and_then(Self::h2api_response)
768 })
769 .await
770 }
771
772 pub fn send_request(
773 &self,
774 request: Request<()>,
775 data: Option<bytes::Bytes>,
776 ) -> impl Future<Output = Result<h2::client::ResponseFuture, Error>> {
777
778 self.h2.clone()
779 .ready()
780 .map_err(Error::from)
781 .and_then(move |mut send_request| async move {
782 if let Some(data) = data {
783 let (response, stream) = send_request.send_request(request, false).unwrap();
784 PipeToSendStream::new(data, stream).await?;
785 Ok(response)
786 } else {
787 let (response, _stream) = send_request.send_request(request, true).unwrap();
788 Ok(response)
789 }
790 })
791 }
792
793 pub async fn h2api_response(
794 response: Response<h2::RecvStream>,
795 ) -> Result<Value, Error> {
796 let status = response.status();
797
798 let (_head, mut body) = response.into_parts();
799
800 let mut data = Vec::new();
801 while let Some(chunk) = body.data().await {
802 let chunk = chunk?;
803 // Whenever data is received, the caller is responsible for
804 // releasing capacity back to the server once it has freed
805 // the data from memory.
806 // Let the server send more data.
807 body.flow_control().release_capacity(chunk.len())?;
808 data.extend(chunk);
809 }
810
811 let text = String::from_utf8(data.to_vec()).unwrap();
812 if status.is_success() {
813 if text.is_empty() {
814 Ok(Value::Null)
815 } else {
816 let mut value: Value = serde_json::from_str(&text)?;
817 if let Some(map) = value.as_object_mut() {
818 if let Some(data) = map.remove("data") {
819 return Ok(data);
820 }
821 }
822 bail!("got result without data property");
823 }
824 } else {
825 Err(Error::from(HttpError::new(status, text)))
826 }
827 }
828
829 // Note: We always encode parameters with the url
830 pub fn request_builder(
831 server: &str,
832 method: &str,
833 path: &str,
834 param: Option<Value>,
835 content_type: Option<&str>,
836 ) -> Result<Request<()>, Error> {
837 let path = path.trim_matches('/');
838
839 let content_type = content_type.unwrap_or("application/x-www-form-urlencoded");
840
841 if let Some(param) = param {
842 let query = tools::json_object_to_query(param)?;
843 // We detected problem with hyper around 6000 characters - seo we try to keep on the safe side
844 if query.len() > 4096 { bail!("h2 query data too large ({} bytes) - please encode data inside body", query.len()); }
845 let url: Uri = format!("https://{}:8007/{}?{}", server, path, query).parse()?;
846 let request = Request::builder()
847 .method(method)
848 .uri(url)
849 .header("User-Agent", "proxmox-backup-client/1.0")
850 .header(hyper::header::CONTENT_TYPE, content_type)
851 .body(())?;
852 Ok(request)
853 } else {
854 let url: Uri = format!("https://{}:8007/{}", server, path).parse()?;
855 let request = Request::builder()
856 .method(method)
857 .uri(url)
858 .header("User-Agent", "proxmox-backup-client/1.0")
859 .header(hyper::header::CONTENT_TYPE, content_type)
860 .body(())?;
861
862 Ok(request)
863 }
864 }
865 }
866
867 #[derive(Clone)]
868 pub struct HttpsConnector {
869 http: HttpConnector,
870 ssl_connector: std::sync::Arc<SslConnector>,
871 }
872
873 impl HttpsConnector {
874 pub fn with_connector(mut http: HttpConnector, ssl_connector: SslConnector) -> Self {
875 http.enforce_http(false);
876
877 Self {
878 http,
879 ssl_connector: std::sync::Arc::new(ssl_connector),
880 }
881 }
882 }
883
884 type MaybeTlsStream = EitherStream<
885 tokio::net::TcpStream,
886 tokio_openssl::SslStream<tokio::net::TcpStream>,
887 >;
888
889 impl hyper::service::Service<Uri> for HttpsConnector {
890 type Response = MaybeTlsStream;
891 type Error = Error;
892 type Future = std::pin::Pin<Box<
893 dyn Future<Output = Result<Self::Response, Self::Error>> + Send + 'static
894 >>;
895
896 fn poll_ready(&mut self, _: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
897 // This connector is always ready, but others might not be.
898 Poll::Ready(Ok(()))
899 }
900
901 fn call(&mut self, dst: Uri) -> Self::Future {
902 let mut this = self.clone();
903 async move {
904 let is_https = dst
905 .scheme()
906 .ok_or_else(|| format_err!("missing URL scheme"))?
907 == "https";
908 let host = dst
909 .host()
910 .ok_or_else(|| format_err!("missing hostname in destination url?"))?
911 .to_string();
912
913 let config = this.ssl_connector.configure();
914 let conn = this.http.call(dst).await?;
915 if is_https {
916 let conn = tokio_openssl::connect(config?, &host, conn).await?;
917 Ok(MaybeTlsStream::Right(conn))
918 } else {
919 Ok(MaybeTlsStream::Left(conn))
920 }
921 }.boxed()
922 }
923 }
Proxmox Backup Server and Client