use io_err_other instead of io_format_err and change the Error type
of create_frame from io::Error to WebSocketError
it is not good to redefine the ErrorKinds of io::Error, since
the caller probably is not aware of that
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
this patch introduces a custom WebSocketError, so that we can
detect errors in the websocket protocol and react to it in the
right way
the channel now sends a Result<(OpCode, Box<[u8]>), WebSocketError>
so that we can either react to a control frame, or react to an
errornous data stream (which means sending a close frame
with the appropriate error code)
while at it, change FrameHeader::try_from_bytes to return
Result<Option<FrameHeader>, WebSocketError> instead of a nested
Result with the *guessed* remaining size. This was neither used by
us, nor was it really meaningful, since this can change during the
decode every time new data is read (extensions, mask, payload length, etc.)
so simply returning an Option is enough information for us
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
uses the existing WebSocketReader and Writer to establish a
two-way communication between an upstream and downstream connection.
The upstream connection sends and receives WebSocket frames, while
the downstream one only receives and sends raw data.
For now we do not support extensions, and only accept the protocol version 13
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
instead of having a callback that we call on a control frame,
use a channel to send the data to a receiver
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
so that we can easily send a control frame to the endpoint
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
by using a Box<[u8]> instead of a vector (we do not need it)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
and add a helper struct for the ReadResult
(so that the types are properly documented)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
only return Ok(0) when the upstream reader did return that, not when
we have no data in the buffer, else the downstream reader believes
we are EOF (even if we are not)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
by implementing Deref and DerefMut, renaming consume to 'remove_data'
adapt the usage inside of websocket (we did not use it anywhere else for now)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
API_RETURN_* and API_PARAMETER_* schemas are no references
anymore to allow using them as external schemas via the
`"schema"` key inside object schemas inside the `#[api]`
macro.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
The docs say `into_boxed_slice()` "drops" excess capacity,
but doesn't specify whether that just means it becomes
inaccessible or the vector potentially reallocates to the
exact size.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
for now there is a helper for Reading and Writing
still missing is a utility for the handshake/accepting a connection
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this is a Buffer struct that holds u8 and has convenience methods
for reading onto the back and consuming from the front
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
those can contain percent encoded values, so we have to decode them
before lookin up the path
this is especially important for the 'MatchAll' branch
when the parameter can contain some reserved characters
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This way we can use
println!("something: {}", AsHex(bytes));
without having to turn them into an allocated string first.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This way read_password() will not write the prompt into
stdout if stdout was redirected into a file, but instead
opens `/dev/tty`.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
when checking a path, we only pushed the components to the checked value
that would contain a parameter and not fixed ones
e.g. from the path components (with params datastore="foo")
["datastore", "{datastore}"]
only ["foo"] was given to the lookup_privs function
instead of ["datastore", "foo"]
this fixes an issue where e.g. a prune on /datastore/foo would fail
for a user that has the role DatastorePowerUser on /datastore (with
propagate) or /datastore/foo
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
add tests for check_api_permission and many Permission combinations
this test fails for now and will be fixed with the next commit
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
