rest-server: drop ServerAdapter, move AuthError

Instead of a ServerAdapter for the index page and authentication checking (which don't relate to each other), provide a `.with_auth_handler` and `.with_index_handler` builder for ApiConfig separately. Both are optional. Without an index handler, it'll produce a 404. Without an auth handler, an `AuthError::NoData` is returned. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2025-08-07 15:36:08 +00:00 · 2023-01-25 10:06:11 +01:00 · 2023-01-25 10:06:11 +01:00 · 515cc729d0
commit 515cc729d0
parent 6904dcf4e6
2 changed files with 90 additions and 73 deletions
--- a/proxmox-rest-server/src/api_config.rs
+++ b/proxmox-rest-server/src/api_config.rs
@ -5,6 +5,7 @@ use std::pin::Pin;
 use std::sync::{Arc, Mutex};
 use anyhow::{format_err, Error};
 use http::{HeaderMap, Method};
 use hyper::http::request::Parts;
 use hyper::{Body, Response};
@ -12,7 +13,7 @@ use proxmox_router::{Router, RpcEnvironmentType, UserInformation};
 use proxmox_sys::fs::{create_path, CreateOptions};
 use crate::rest::Handler;
-use crate::{AuthError, CommandSocket, FileLogOptions, FileLogger, RestEnvironment, ServerAdapter};
+use crate::{CommandSocket, FileLogOptions, FileLogger, RestEnvironment};
 /// REST server configuration
 pub struct ApiConfig {
@ -21,8 +22,9 @@ pub struct ApiConfig {
    env_type: RpcEnvironmentType,
    request_log: Option<Arc<Mutex<FileLogger>>>,
    auth_log: Option<Arc<Mutex<FileLogger>>>,
    adapter: Pin<Box<dyn ServerAdapter + Send + Sync>>,
    handlers: Vec<Handler>,
    auth_handler: Option<AuthHandler>,
    index_handler: Option<IndexHandler>,
    #[cfg(feature = "templates")]
    templates: templates::Templates,
@ -48,28 +50,47 @@ impl ApiConfig {
            env_type,
            request_log: None,
            auth_log: None,
            adapter: Box::pin(DummyAdapter),
            handlers: Vec::new(),
            auth_handler: None,
            index_handler: None,
            #[cfg(feature = "templates")]
            templates: Default::default(),
        }
    }
    /// Set the authentication handler.
    pub fn with_auth_handler(mut self, auth_handler: AuthHandler) -> Self {
        self.auth_handler = Some(auth_handler);
        self
    }
    /// Set the index handler.
    pub fn with_index_handler(mut self, index_handler: IndexHandler) -> Self {
        self.index_handler = Some(index_handler);
        self
    }
    pub(crate) async fn get_index(
        &self,
        rest_env: RestEnvironment,
        parts: Parts,
    ) -> Response<Body> {
-        self.adapter.get_index(rest_env, parts).await
+        match self.index_handler.as_ref() {
            Some(handler) => (handler.func)(rest_env, parts).await,
            None => Response::builder().status(404).body("".into()).unwrap(),
        }
    }
    pub(crate) async fn check_auth(
        &self,
-        headers: &http::HeaderMap,
+        headers: &HeaderMap,
-        method: &hyper::Method,
+        method: &Method,
    ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
-        self.adapter.check_auth(headers, method).await
+        match self.auth_handler.as_ref() {
            Some(handler) => (handler.func)(headers, method).await,
            None => Err(AuthError::NoData),
        }
    }
    pub(crate) fn find_alias(&self, mut components: &[&str]) -> PathBuf {
@ -334,27 +355,70 @@ mod templates {
    }
 }
-pub struct DummyAdapter;
+pub type IndexFuture = Pin<Box<dyn Future<Output = Response<Body>> + Send>>;
 pub type IndexFunc = Box<dyn Fn(RestEnvironment, Parts) -> IndexFuture + Send + Sync>;
-impl ServerAdapter for DummyAdapter {
+pub struct IndexHandler {
-    fn get_index(
+    func: IndexFunc,
-        &self,
+}
-        _rest_env: RestEnvironment,
+
-        _parts: Parts,
+impl From<IndexFunc> for IndexHandler {
-    ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
+    fn from(func: IndexFunc) -> Self {
-        Box::pin(async move {
+        Self { func }
-            Response::builder()
+    }
-                .status(400)
+}
-                .body("no index defined".into())
+
-                .unwrap()
+impl IndexHandler {
    pub fn new_static_body<B>(body: B) -> Self
    where
        B: Clone + Send + Sync + Into<Body> + 'static,
    {
        Self::from_response_fn(move |_, _| {
            let body = body.clone().into();
            Box::pin(async move { Response::builder().status(200).body(body).unwrap() })
        })
    }
-    fn check_auth<'a>(
+    pub fn from_response_fn<Func>(func: Func) -> Self
-        &'a self,
+    where
-        _headers: &'a http::HeaderMap,
+        Func: Fn(RestEnvironment, Parts) -> IndexFuture + Send + Sync + 'static,
-        _method: &'a http::Method,
+    {
-    ) -> crate::ServerAdapterCheckAuth<'a> {
+        Self::from(Box::new(func) as IndexFunc)
-        Box::pin(async move { Err(crate::AuthError::NoData) })
+    }
 }
 pub type CheckAuthOutput = Result<(String, Box<dyn UserInformation + Send + Sync>), AuthError>;
 pub type CheckAuthFuture<'a> = Pin<Box<dyn Future<Output = CheckAuthOutput> + Send + 'a>>;
 pub type CheckAuthFunc =
    Box<dyn for<'a> Fn(&'a HeaderMap, &'a Method) -> CheckAuthFuture<'a> + Send + Sync>;
 pub struct AuthHandler {
    func: CheckAuthFunc,
 }
 impl From<CheckAuthFunc> for AuthHandler {
    fn from(func: CheckAuthFunc) -> Self {
        Self { func }
    }
 }
 impl AuthHandler {
    pub fn from_fn<Func>(func: Func) -> Self
    where
        Func: for<'a> Fn(&'a HeaderMap, &'a Method) -> CheckAuthFuture<'a> + Send + Sync + 'static,
    {
        Self::from(Box::new(func) as CheckAuthFunc)
    }
 }
 /// Authentication Error
 pub enum AuthError {
    Generic(Error),
    NoData,
 }
 impl From<Error> for AuthError {
    fn from(err: Error) -> Self {
        AuthError::Generic(err)
    }
 }
--- a/proxmox-rest-server/src/lib.rs
+++ b/proxmox-rest-server/src/lib.rs
@ -16,18 +16,12 @@
 //! * generic interface to authenticate user
 use std::fmt;
 use std::future::Future;
 use std::os::unix::io::{FromRawFd, OwnedFd};
 use std::pin::Pin;
 use std::sync::atomic::{AtomicBool, Ordering};
 use anyhow::{bail, format_err, Error};
 use http::request::Parts;
 use http::HeaderMap;
 use hyper::{Body, Method, Response};
 use nix::unistd::Pid;
 use proxmox_router::UserInformation;
 use proxmox_sys::fs::CreateOptions;
 use proxmox_sys::linux::procfs::PidStat;
@ -51,7 +45,7 @@ mod file_logger;
 pub use file_logger::{FileLogOptions, FileLogger};
 mod api_config;
-pub use api_config::ApiConfig;
+pub use api_config::{ApiConfig, AuthError, AuthHandler, IndexHandler};
 mod rest;
 pub use rest::RestServer;
@ -62,47 +56,6 @@ pub use worker_task::*;
 mod h2service;
 pub use h2service::*;
 /// Authentication Error
 pub enum AuthError {
    Generic(Error),
    NoData,
 }
 impl From<Error> for AuthError {
    fn from(err: Error) -> Self {
        AuthError::Generic(err)
    }
 }
 /// Result of [`ServerAdapter::check_auth`].
 pub type ServerAdapterCheckAuth<'a> = Pin<
    Box<
        dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>>
            + Send
            + 'a,
    >,
 >;
 /// User Authentication and index/root page generation methods
 pub trait ServerAdapter: Send + Sync {
    /// Returns the index/root page
    fn get_index(
        &self,
        rest_env: RestEnvironment,
        parts: Parts,
    ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>>;
    /// Extract user credentials from headers and check them.
    ///
    /// If credenthials are valid, returns the username and a
    /// [UserInformation] object to query additional user data.
    fn check_auth<'a>(
        &'a self,
        headers: &'a HeaderMap,
        method: &'a Method,
    ) -> ServerAdapterCheckAuth<'a>;
 }
 lazy_static::lazy_static! {
    static ref PID: i32 = unsafe { libc::getpid() };
    static ref PSTART: u64 = PidStat::read_from_pid(Pid::from_raw(*PID)).unwrap().starttime;