$reqstate->{hdl}->timeout_reset();
$reqstate->{hdl}->timeout($self->{timeout});
+ $nocomp = 1 if !$self->{compression};
$nocomp = 1 if !$reqstate->{accept_gzip};
my $code = $resp->code;
css => { ct => 'text/css' },
html => { ct => 'text/html' },
js => { ct => 'application/javascript' },
+ json => { ct => 'application/json' },
+ map => { ct => 'application/json' },
png => { ct => 'image/png' , nocomp => 1 },
ico => { ct => 'image/x-icon', nocomp => 1},
gif => { ct => 'image/gif', nocomp => 1},
+ svg => { ct => 'image/svg+xml' },
jar => { ct => 'application/java-archive', nocomp => 1},
woff => { ct => 'application/font-woff', nocomp => 1},
woff2 => { ct => 'application/font-woff2', nocomp => 1},
ttf => { ct => 'application/font-snft', nocomp => 1},
pdf => { ct => 'application/pdf', nocomp => 1},
epub => { ct => 'application/epub+zip', nocomp => 1},
+ mp3 => { ct => 'audio/mpeg', nocomp => 1},
+ oga => { ct => 'audio/ogg', nocomp => 1},
+ tgz => { ct => 'application/x-compressed-tar', nocomp => 1},
};
sub send_file_start {
my $remhost;
my $remport;
- my $max_payload_size = 65536;
+ my $max_payload_size = 128*1024;
my $binary;
if ($wsproto eq 'binary') {
$reqstate->{proxyhdl} = AnyEvent::Handle->new(
fh => $fh,
- rbuf_max => 64*1024,
- wbuf_max => 64*10*1024,
+ rbuf_max => $max_payload_size,
+ wbuf_max => $max_payload_size*5,
timeout => 5,
on_eof => sub {
my ($hdl) = @_;
my ($hdl) = @_;
my $len = length($hdl->{rbuf});
- my $data = substr($hdl->{rbuf}, 0, $len, '');
+ my $data = substr($hdl->{rbuf}, 0, $len > $max_payload_size ? $max_payload_size : $len, '');
my $string;
my $payload;
my $hdlreader = sub {
my ($hdl) = @_;
- my $len = length($hdl->{rbuf});
- return if $len < 2;
+ while (my $len = length($hdl->{rbuf})) {
+ return if $len < 2;
- my $hdr = unpack('C', substr($hdl->{rbuf}, 0, 1));
- my $opcode = $hdr & 0b00001111;
- my $fin = $hdr & 0b10000000;
+ my $hdr = unpack('C', substr($hdl->{rbuf}, 0, 1));
+ my $opcode = $hdr & 0b00001111;
+ my $fin = $hdr & 0b10000000;
- die "received fragmented websocket frame\n" if !$fin;
+ die "received fragmented websocket frame\n" if !$fin;
- my $rsv = $hdr & 0b01110000;
- die "received websocket frame with RSV flags\n" if $rsv;
+ my $rsv = $hdr & 0b01110000;
+ die "received websocket frame with RSV flags\n" if $rsv;
- my $payload_len = unpack 'C', substr($hdl->{rbuf}, 1, 1);
+ my $payload_len = unpack 'C', substr($hdl->{rbuf}, 1, 1);
- my $masked = $payload_len & 0b10000000;
- die "received unmasked websocket frame from client\n" if !$masked;
+ my $masked = $payload_len & 0b10000000;
+ die "received unmasked websocket frame from client\n" if !$masked;
- my $offset = 2;
- $payload_len = $payload_len & 0b01111111;
- if ($payload_len == 126) {
- return if $len < 4;
- $payload_len = unpack('n', substr($hdl->{rbuf}, $offset, 2));
- $offset += 2;
- } elsif ($payload_len == 127) {
- return if $len < 10;
- $payload_len = unpack('Q>', substr($hdl->{rbuf}, $offset, 8));
- $offset += 8;
- }
+ my $offset = 2;
+ $payload_len = $payload_len & 0b01111111;
+ if ($payload_len == 126) {
+ return if $len < 4;
+ $payload_len = unpack('n', substr($hdl->{rbuf}, $offset, 2));
+ $offset += 2;
+ } elsif ($payload_len == 127) {
+ return if $len < 10;
+ $payload_len = unpack('Q>', substr($hdl->{rbuf}, $offset, 8));
+ $offset += 8;
+ }
- die "received too large websocket frame (len = $payload_len)\n"
- if ($payload_len > $max_payload_size) || ($payload_len < 0);
+ die "received too large websocket frame (len = $payload_len)\n"
+ if ($payload_len > $max_payload_size) || ($payload_len < 0);
- return if $len < ($offset + 4 + $payload_len);
+ return if $len < ($offset + 4 + $payload_len);
- my $data = substr($hdl->{rbuf}, 0, $len, ''); # now consume data
+ my $data = substr($hdl->{rbuf}, 0, $offset + 4 + $payload_len, ''); # now consume data
- my @mask = (unpack('C', substr($data, $offset+0, 1)),
- unpack('C', substr($data, $offset+1, 1)),
- unpack('C', substr($data, $offset+2, 1)),
- unpack('C', substr($data, $offset+3, 1)));
+ my @mask = (unpack('C', substr($data, $offset+0, 1)),
+ unpack('C', substr($data, $offset+1, 1)),
+ unpack('C', substr($data, $offset+2, 1)),
+ unpack('C', substr($data, $offset+3, 1)));
- $offset += 4;
+ $offset += 4;
- my $payload = substr($data, $offset, $payload_len);
+ my $payload = substr($data, $offset, $payload_len);
- for (my $i = 0; $i < $payload_len; $i++) {
- my $d = unpack('C', substr($payload, $i, 1));
- my $n = $d ^ $mask[$i % 4];
- substr($payload, $i, 1, pack('C', $n));
- }
+ for (my $i = 0; $i < $payload_len; $i++) {
+ my $d = unpack('C', substr($payload, $i, 1));
+ my $n = $d ^ $mask[$i % 4];
+ substr($payload, $i, 1, pack('C', $n));
+ }
- $payload = decode_base64($payload) if !$binary;
+ $payload = decode_base64($payload) if !$binary;
- if ($opcode == 1 || $opcode == 2) {
- $reqstate->{proxyhdl}->push_write($payload) if $reqstate->{proxyhdl};
- } elsif ($opcode == 8) {
- print "websocket received close\n" if $self->{debug};
+ if ($opcode == 1 || $opcode == 2) {
+ $reqstate->{proxyhdl}->push_write($payload) if $reqstate->{proxyhdl};
+ } elsif ($opcode == 8) {
+ my $statuscode = unpack ("n", $payload);
+ print "websocket received close. status code: '$statuscode'\n" if $self->{debug};
if ($reqstate->{proxyhdl}) {
- $reqstate->{proxyhdl}->push_write($payload);
- $reqstate->{proxyhdl}->push_shutdown();
+ $reqstate->{proxyhdl}->push_shutdown();
+ }
+ $hdl->push_shutdown();
+ } else {
+ die "received unhandled websocket opcode $opcode\n";
}
- $hdl->push_shutdown();
- } else {
- die "received unhandled websocket opcode $opcode\n";
}
};
$headers->{'cookie'} = PVE::APIServer::Formatter::create_auth_cookie($ticket, $self->{cookie_name}) if $ticket;
$headers->{'CSRFPreventionToken'} = $token if $token;
- $headers->{'Accept-Encoding'} = 'gzip' if $reqstate->{accept_gzip};
+ $headers->{'Accept-Encoding'} = 'gzip' if ($reqstate->{accept_gzip} && $self->{compression});
my $content;
my $clientip = $reqstate->{peer_host};
- my $res = $self->rest_handler($clientip, $method, $rel_uri, $auth, $params);
+ my $res = $self->rest_handler($clientip, $method, $rel_uri, $auth, $params, $format);
# HACK: see Note 1
Net::SSLeay::ERR_clear_error();
$delay = 0 if $delay < 0;
}
+ if (defined(my $filename = $res->{download})) {
+ my $fh = IO::File->new($filename) ||
+ die "unable to open file '$filename' - $!\n";
+ send_file_start($self, $reqstate, $filename);
+ return;
+ }
+
my ($raw, $ct, $nocomp) = $formatter->($res, $res->{data}, $params, $path,
$auth, $self->{formatter_config});
# todo: use stop_read/start_read if write buffer grows to much
- my $res = "$proto 200 OK\015\012"; # hope this is the right answer?
+ # a response must be followed by an empty line
+ my $res = "$proto 200 OK\015\012\015\012";
$reqstate->{hdl}->push_write($res);
# log early
my ($hdl, $line) = @_;
if ($line =~ m!^$proto 200 OK$!) {
- &$startproxy();
+ # read the empty line after the 200 OK
+ $reqstate->{proxyhdl}->unshift_read(line => sub{
+ &$startproxy();
+ });
} else {
$reqstate->{hdl}->push_write($line);
$self->client_do_disconnect($reqstate);
Net::SSLeay::ERR_clear_error();
# always delay unauthorized calls by 3 seconds
my $delay = 3;
- if (my $formatter = PVE::APIServer::Formatter::get_login_formatter($format)) {
+
+ if (ref($err) eq "PVE::Exception") {
+
+ $err->{code} ||= HTTP_INTERNAL_SERVER_ERROR,
+ my $resp = HTTP::Response->new($err->{code}, $err->{msg});
+ $self->response($reqstate, $resp, undef, 0, $delay);
+
+ } elsif (my $formatter = PVE::APIServer::Formatter::get_login_formatter($format)) {
my ($raw, $ct, $nocomp) =
$formatter->($path, $auth, $self->{formatter_config});
my $resp;
$self->{base_uri} //= "/api2";
$self->{dirs} //= {};
$self->{title} //= 'API Inspector';
+ $self->{compression} //= 1;
# formatter_config: we pass some configuration values to the Formatter
$self->{formatter_config} = {};
$self->{end_cond} = AnyEvent->condvar;
if ($self->{ssl}) {
+ my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE;
+ if ( delete $self->{ssl}->{honor_cipher_order} ) {
+ $tls_ctx_flags |= &Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE;
+ }
+
$self->{tls_ctx} = AnyEvent::TLS->new(%{$self->{ssl}});
- Net::SSLeay::CTX_set_options($self->{tls_ctx}->{ctx}, &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE);
+ Net::SSLeay::CTX_set_options($self->{tls_ctx}->{ctx}, $tls_ctx_flags);
}
if ($self->{spiceproxy}) {
}
sub rest_handler {
- my ($self, $clientip, $method, $rel_uri, $auth, $params) = @_;
+ my ($self, $clientip, $method, $rel_uri, $auth, $params, $format) = @_;
# please do not raise exceptions here (always return a result).
# to pass the request to the local priviledged daemon use:
# { proxy => 'localhost' , proxy_params => $params };
+
+ # to download aspecific file use:
+ # { download => "/path/to/file" };
}
sub check_cert_fingerprint {