VirtWeb/virtweb_backend/src/app_config.rs

223 lines
6.3 KiB
Rust
Raw Normal View History

2023-10-31 08:26:42 +00:00
use crate::libvirt_lib_structures::XMLUuid;
2023-09-02 06:07:06 +00:00
use clap::Parser;
2023-12-12 00:52:46 +00:00
use std::net::IpAddr;
2023-09-05 11:19:25 +00:00
use std::path::{Path, PathBuf};
2023-12-12 00:52:46 +00:00
use std::str::FromStr;
2023-09-02 06:07:06 +00:00
/// VirtWeb backend API
#[derive(Parser, Debug, Clone)]
#[clap(author, version, about, long_about = None)]
pub struct AppConfig {
/// Listen address
#[clap(short, long, env, default_value = "0.0.0.0:8000")]
pub listen_address: String,
/// Website origin
#[clap(short, long, env, default_value = "http://localhost:3000")]
pub website_origin: String,
/// Proxy IP, might end with a star "*"
#[clap(short, long, env)]
pub proxy_ip: Option<String>,
/// Secret key, used to sign some resources. Must be randomly generated
#[clap(long, env, default_value = "")]
secret: String,
2023-09-02 07:12:36 +00:00
/// Specify whether the cookie should be transmitted only over secure connections
#[clap(long, env)]
pub cookie_secure: bool,
2023-09-02 06:07:06 +00:00
/// Auth username
#[arg(long, env, default_value = "admin")]
pub auth_username: String,
/// Auth password
#[arg(long, env, default_value = "admin")]
pub auth_password: String,
2023-09-08 07:04:48 +00:00
/// Disable authentication WARNING! THIS IS UNSECURE, it was designed only for development
/// purpose, it should NEVER be used in production
#[arg(long, env)]
pub unsecure_disable_auth: bool,
2023-09-02 06:07:06 +00:00
/// Disable local auth
#[arg(long, env)]
pub disable_local_auth: bool,
/// Request header that can be added by a reverse proxy to disable local authentication
#[arg(long, env, default_value = "X-Disable-Local-Auth")]
pub disable_auth_header_token: String,
/// URL where the OpenID configuration can be found
#[arg(
2023-09-02 07:12:36 +00:00
long,
env,
default_value = "http://localhost:9001/.well-known/openid-configuration"
2023-09-02 06:07:06 +00:00
)]
pub oidc_configuration_url: String,
/// Disable OpenID authentication
#[arg(long, env)]
pub disable_oidc: bool,
/// OpenID client ID
#[arg(long, env, default_value = "foo")]
pub oidc_client_id: String,
/// OpenID client secret
#[arg(long, env, default_value = "bar")]
pub oidc_client_secret: String,
/// OpenID login redirect URL
#[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]
oidc_redirect_url: String,
2023-09-05 11:19:25 +00:00
/// Storage directory
#[arg(long, env, default_value = "storage")]
pub storage: String,
2023-09-02 06:07:06 +00:00
/// Directory where temporary files are stored
2023-12-06 19:27:59 +00:00
///
/// Warning! This directory MUST be changed if `/tmp` is not in the same disk as the storage
/// directory!
2023-09-02 06:07:06 +00:00
#[arg(long, env, default_value = "/tmp")]
pub temp_dir: String,
2023-09-06 16:54:38 +00:00
/// Hypervisor URI. If not specified, "" will be used instead
#[arg(long, env)]
pub hypervisor_uri: Option<String>,
2023-12-12 00:52:46 +00:00
/// Trusted network. If set, a client from a different will not be able to perform request other
/// than those with GET verb (aside for login)
#[arg(long, env)]
pub trusted_network: Vec<String>,
2023-09-02 06:07:06 +00:00
}
lazy_static::lazy_static! {
static ref ARGS: AppConfig = {
AppConfig::parse()
};
}
impl AppConfig {
/// Get parsed command line arguments
pub fn get() -> &'static AppConfig {
&ARGS
}
2023-09-04 13:12:00 +00:00
/// Get auth cookie domain
pub fn cookie_domain(&self) -> Option<String> {
let domain = self.website_origin.split_once("://")?.1;
Some(
domain
.split_once(':')
.map(|s| s.0)
.unwrap_or(domain)
.to_string(),
)
}
2023-09-02 06:07:06 +00:00
/// Get app secret
pub fn secret(&self) -> &str {
let mut secret = self.secret.as_str();
if cfg!(debug_assertions) && secret.is_empty() {
2023-09-02 07:12:36 +00:00
secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
2023-09-02 06:07:06 +00:00
}
if secret.is_empty() {
2023-09-02 07:12:36 +00:00
panic!("SECRET is undefined or too short (min 64 chars)!")
2023-09-02 06:07:06 +00:00
}
secret
}
2023-09-02 16:44:16 +00:00
/// Check out whether provided credentials are valid or not for local authentication
pub fn check_local_login(&self, user: &str, pass: &str) -> bool {
self.auth_username == user && self.auth_password == pass
}
2023-12-12 00:52:46 +00:00
/// Check if an IP belongs to a trusted network or not
pub fn is_trusted_ip(&self, ip: IpAddr) -> bool {
if self.trusted_network.is_empty() {
return true;
}
for i in &self.trusted_network {
let net = ipnetwork::IpNetwork::from_str(i).expect("Trusted network is invalid!");
if net.contains(ip) {
return true;
}
}
false
}
2023-09-02 06:07:06 +00:00
/// Get OpenID providers configuration
pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
if self.disable_oidc {
return None;
}
Some(OIDCProvider {
client_id: self.oidc_client_id.as_str(),
client_secret: self.oidc_client_secret.as_str(),
configuration_url: self.oidc_configuration_url.as_str(),
})
}
/// Get OIDC callback URL
pub fn oidc_redirect_url(&self) -> String {
self.oidc_redirect_url
.replace("APP_ORIGIN", &self.website_origin)
}
2023-09-05 11:19:25 +00:00
/// Get root storage directory
pub fn storage_path(&self) -> PathBuf {
let storage_path = Path::new(&self.storage);
if !storage_path.is_dir() {
panic!(
"Specified storage path ({}) is not a directory!",
self.storage
);
}
storage_path.canonicalize().unwrap()
2023-09-05 11:19:25 +00:00
}
/// Get iso storage directory
pub fn iso_storage_path(&self) -> PathBuf {
self.storage_path().join("iso")
}
2023-10-11 17:11:00 +00:00
2023-10-26 09:43:05 +00:00
/// Get VM vnc sockets directory
2023-10-11 17:11:00 +00:00
pub fn vnc_sockets_path(&self) -> PathBuf {
2023-10-26 09:43:05 +00:00
self.storage_path().join("vnc")
}
/// Get VM vnc sockets path for domain
pub fn vnc_socket_for_domain(&self, name: &str) -> PathBuf {
self.vnc_sockets_path().join(format!("vnc-{}", name))
}
2023-10-26 09:43:05 +00:00
/// Get VM vnc sockets directory
pub fn disks_storage_path(&self) -> PathBuf {
self.storage_path().join("disks")
}
2023-10-31 08:26:42 +00:00
pub fn vm_storage_path(&self, id: XMLUuid) -> PathBuf {
2023-10-26 09:43:05 +00:00
self.disks_storage_path().join(id.as_string())
2023-10-11 17:11:00 +00:00
}
2023-09-02 06:07:06 +00:00
}
#[derive(Debug, Clone, serde::Serialize)]
pub struct OIDCProvider<'a> {
#[serde(skip_serializing)]
pub client_id: &'a str,
#[serde(skip_serializing)]
pub client_secret: &'a str,
#[serde(skip_serializing)]
pub configuration_url: &'a str,
}