VirtWeb/virtweb_backend/src/app_config.rs

use crate::libvirt_lib_structures::XMLUuid;
use clap::Parser;
use std::net::IpAddr;
use std::path::{Path, PathBuf};
use std::str::FromStr;

/// VirtWeb backend API
#[derive(Parser, Debug, Clone)]
#[clap(author, version, about, long_about = None)]
pub struct AppConfig {
    /// Listen address
    #[clap(short, long, env, default_value = "0.0.0.0:8000")]
    pub listen_address: String,

    /// Website origin
    #[clap(short, long, env, default_value = "http://localhost:3000")]
    pub website_origin: String,

    /// Proxy IP, might end with a star "*"
    #[clap(short, long, env)]
    pub proxy_ip: Option<String>,

    /// Secret key, used to sign some resources. Must be randomly generated
    #[clap(long, env, default_value = "")]
    secret: String,

    /// Specify whether the cookie should be transmitted only over secure connections
    #[clap(long, env)]
    pub cookie_secure: bool,

    /// Auth username
    #[arg(long, env, default_value = "admin")]
    pub auth_username: String,

    /// Auth password
    #[arg(long, env, default_value = "admin")]
    pub auth_password: String,

    /// Disable authentication WARNING! THIS IS UNSECURE, it was designed only for development
    /// purpose, it should NEVER be used in production
    #[arg(long, env)]
    pub unsecure_disable_auth: bool,

    /// Disable local auth
    #[arg(long, env)]
    pub disable_local_auth: bool,

    /// Request header that can be added by a reverse proxy to disable local authentication
    #[arg(long, env, default_value = "X-Disable-Local-Auth")]
    pub disable_auth_header_token: String,

    /// URL where the OpenID configuration can be found
    #[arg(
        long,
        env,
        default_value = "http://localhost:9001/.well-known/openid-configuration"
    )]
    pub oidc_configuration_url: String,

    /// Disable OpenID authentication
    #[arg(long, env)]
    pub disable_oidc: bool,

    /// OpenID client ID
    #[arg(long, env, default_value = "foo")]
    pub oidc_client_id: String,

    /// OpenID client secret
    #[arg(long, env, default_value = "bar")]
    pub oidc_client_secret: String,

    /// OpenID login redirect URL
    #[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]
    oidc_redirect_url: String,

    /// Storage directory
    #[arg(long, env, default_value = "storage")]
    pub storage: String,

    /// Directory where temporary files are stored
    ///
    /// Warning! This directory MUST be changed if `/tmp` is not in the same disk as the storage
    /// directory!
    #[arg(long, env, default_value = "/tmp")]
    pub temp_dir: String,

    /// Hypervisor URI. If not specified, "" will be used instead
    #[arg(long, env)]
    pub hypervisor_uri: Option<String>,

    /// Trusted network. If set, a client from a different will not be able to perform request other
    /// than those with GET verb (aside for login)
    #[arg(long, env)]
    pub trusted_network: Vec<String>,
}

lazy_static::lazy_static! {
    static ref ARGS: AppConfig = {
        AppConfig::parse()
    };
}

impl AppConfig {
    /// Get parsed command line arguments
    pub fn get() -> &'static AppConfig {
        &ARGS
    }

    /// Get auth cookie domain
    pub fn cookie_domain(&self) -> Option<String> {
        let domain = self.website_origin.split_once("://")?.1;
        Some(
            domain
                .split_once(':')
                .map(|s| s.0)
                .unwrap_or(domain)
                .to_string(),
        )
    }

    /// Get app secret
    pub fn secret(&self) -> &str {
        let mut secret = self.secret.as_str();

        if cfg!(debug_assertions) && secret.is_empty() {
            secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
        }

        if secret.is_empty() {
            panic!("SECRET is undefined or too short (min 64 chars)!")
        }

        secret
    }

    /// Check out whether provided credentials are valid or not for local authentication
    pub fn check_local_login(&self, user: &str, pass: &str) -> bool {
        self.auth_username == user && self.auth_password == pass
    }

    /// Check if an IP belongs to a trusted network or not
    pub fn is_trusted_ip(&self, ip: IpAddr) -> bool {
        if self.trusted_network.is_empty() {
            return true;
        }

        for i in &self.trusted_network {
            let net = ipnetwork::IpNetwork::from_str(i).expect("Trusted network is invalid!");

            if net.contains(ip) {
                return true;
            }
        }

        false
    }

    /// Get OpenID providers configuration
    pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
        if self.disable_oidc {
            return None;
        }

        Some(OIDCProvider {
            client_id: self.oidc_client_id.as_str(),
            client_secret: self.oidc_client_secret.as_str(),
            configuration_url: self.oidc_configuration_url.as_str(),
        })
    }

    /// Get OIDC callback URL
    pub fn oidc_redirect_url(&self) -> String {
        self.oidc_redirect_url
            .replace("APP_ORIGIN", &self.website_origin)
    }

    /// Get root storage directory
    pub fn storage_path(&self) -> PathBuf {
        let storage_path = Path::new(&self.storage);
        if !storage_path.is_dir() {
            panic!(
                "Specified storage path ({}) is not a directory!",
                self.storage
            );
        }
        storage_path.canonicalize().unwrap()
    }

    /// Get iso storage directory
    pub fn iso_storage_path(&self) -> PathBuf {
        self.storage_path().join("iso")
    }

    /// Get VM vnc sockets directory
    pub fn vnc_sockets_path(&self) -> PathBuf {
        self.storage_path().join("vnc")
    }

    /// Get VM vnc sockets path for domain
    pub fn vnc_socket_for_domain(&self, name: &str) -> PathBuf {
        self.vnc_sockets_path().join(format!("vnc-{}", name))
    }

    /// Get VM vnc sockets directory
    pub fn disks_storage_path(&self) -> PathBuf {
        self.storage_path().join("disks")
    }

    pub fn vm_storage_path(&self, id: XMLUuid) -> PathBuf {
        self.disks_storage_path().join(id.as_string())
    }
}

#[derive(Debug, Clone, serde::Serialize)]
pub struct OIDCProvider<'a> {
    #[serde(skip_serializing)]
    pub client_id: &'a str,
    #[serde(skip_serializing)]
    pub client_secret: &'a str,
    #[serde(skip_serializing)]
    pub configuration_url: &'a str,
}
Can create networks 2023-10-31 08:26:42 +00:00			`use crate::libvirt_lib_structures::XMLUuid;`
Add base server 2023-09-02 06:07:06 +00:00			`use clap::Parser;`
Add a system to restrict untrusted IPs 2023-12-12 00:52:46 +00:00			`use std::net::IpAddr;`
Can upload ISO files 2023-09-05 11:19:25 +00:00			`use std::path::{Path, PathBuf};`
Add a system to restrict untrusted IPs 2023-12-12 00:52:46 +00:00			`use std::str::FromStr;`
Add base server 2023-09-02 06:07:06 +00:00
			`/// VirtWeb backend API`
			`#[derive(Parser, Debug, Clone)]`
			`#[clap(author, version, about, long_about = None)]`
			`pub struct AppConfig {`
			`/// Listen address`
			`#[clap(short, long, env, default_value = "0.0.0.0:8000")]`
			`pub listen_address: String,`

			`/// Website origin`
			`#[clap(short, long, env, default_value = "http://localhost:3000")]`
			`pub website_origin: String,`

			`/// Proxy IP, might end with a star "*"`
			`#[clap(short, long, env)]`
			`pub proxy_ip: Option<String>,`

			`/// Secret key, used to sign some resources. Must be randomly generated`
			`#[clap(long, env, default_value = "")]`
			`secret: String,`

Add session system 2023-09-02 07:12:36 +00:00			`/// Specify whether the cookie should be transmitted only over secure connections`
			`#[clap(long, env)]`
			`pub cookie_secure: bool,`

Add base server 2023-09-02 06:07:06 +00:00			`/// Auth username`
			`#[arg(long, env, default_value = "admin")]`
			`pub auth_username: String,`

			`/// Auth password`
			`#[arg(long, env, default_value = "admin")]`
			`pub auth_password: String,`

Can disable auth 2023-09-08 07:04:48 +00:00			`/// Disable authentication WARNING! THIS IS UNSECURE, it was designed only for development`
			`/// purpose, it should NEVER be used in production`
			`#[arg(long, env)]`
			`pub unsecure_disable_auth: bool,`

Add base server 2023-09-02 06:07:06 +00:00			`/// Disable local auth`
			`#[arg(long, env)]`
			`pub disable_local_auth: bool,`

			`/// Request header that can be added by a reverse proxy to disable local authentication`
			`#[arg(long, env, default_value = "X-Disable-Local-Auth")]`
			`pub disable_auth_header_token: String,`

			`/// URL where the OpenID configuration can be found`
			`#[arg(`
Add session system 2023-09-02 07:12:36 +00:00			`long,`
			`env,`
			`default_value = "http://localhost:9001/.well-known/openid-configuration"`
Add base server 2023-09-02 06:07:06 +00:00			`)]`
			`pub oidc_configuration_url: String,`

			`/// Disable OpenID authentication`
			`#[arg(long, env)]`
			`pub disable_oidc: bool,`

			`/// OpenID client ID`
			`#[arg(long, env, default_value = "foo")]`
			`pub oidc_client_id: String,`

			`/// OpenID client secret`
			`#[arg(long, env, default_value = "bar")]`
			`pub oidc_client_secret: String,`

			`/// OpenID login redirect URL`
			`#[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]`
			`oidc_redirect_url: String,`

Can upload ISO files 2023-09-05 11:19:25 +00:00			`/// Storage directory`
			`#[arg(long, env, default_value = "storage")]`
			`pub storage: String,`

Add base server 2023-09-02 06:07:06 +00:00			`/// Directory where temporary files are stored`
Managed to start a VM again 2023-12-06 19:27:59 +00:00			`///`
			/// Warning! This directory MUST be changed if `/tmp` is not in the same disk as the storage
			`/// directory!`
Add base server 2023-09-02 06:07:06 +00:00			`#[arg(long, env, default_value = "/tmp")]`
			`pub temp_dir: String,`
Can query hypervisor information 2023-09-06 16:54:38 +00:00
			`/// Hypervisor URI. If not specified, "" will be used instead`
			`#[arg(long, env)]`
			`pub hypervisor_uri: Option<String>,`
Add a system to restrict untrusted IPs 2023-12-12 00:52:46 +00:00
			`/// Trusted network. If set, a client from a different will not be able to perform request other`
			`/// than those with GET verb (aside for login)`
			`#[arg(long, env)]`
			`pub trusted_network: Vec<String>,`
Add base server 2023-09-02 06:07:06 +00:00			`}`

			`lazy_static::lazy_static! {`
			`static ref ARGS: AppConfig = {`
			`AppConfig::parse()`
			`};`
			`}`

			`impl AppConfig {`
			`/// Get parsed command line arguments`
			`pub fn get() -> &'static AppConfig {`
			`&ARGS`
			`}`

Can sign out 2023-09-04 13:12:00 +00:00			`/// Get auth cookie domain`
			`pub fn cookie_domain(&self) -> Option<String> {`
			`let domain = self.website_origin.split_once("://")?.1;`
			`Some(`
			`domain`
			`.split_once(':')`
			`.map(\|s\| s.0)`
			`.unwrap_or(domain)`
			`.to_string(),`
			`)`
			`}`

Add base server 2023-09-02 06:07:06 +00:00			`/// Get app secret`
			`pub fn secret(&self) -> &str {`
			`let mut secret = self.secret.as_str();`

			`if cfg!(debug_assertions) && secret.is_empty() {`
Add session system 2023-09-02 07:12:36 +00:00			`secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";`
Add base server 2023-09-02 06:07:06 +00:00			`}`

			`if secret.is_empty() {`
Add session system 2023-09-02 07:12:36 +00:00			`panic!("SECRET is undefined or too short (min 64 chars)!")`
Add base server 2023-09-02 06:07:06 +00:00			`}`

			`secret`
			`}`

Can perform local authentication 2023-09-02 16:44:16 +00:00			`/// Check out whether provided credentials are valid or not for local authentication`
			`pub fn check_local_login(&self, user: &str, pass: &str) -> bool {`
			`self.auth_username == user && self.auth_password == pass`
			`}`

Add a system to restrict untrusted IPs 2023-12-12 00:52:46 +00:00			`/// Check if an IP belongs to a trusted network or not`
			`pub fn is_trusted_ip(&self, ip: IpAddr) -> bool {`
			`if self.trusted_network.is_empty() {`
			`return true;`
			`}`

			`for i in &self.trusted_network {`
			`let net = ipnetwork::IpNetwork::from_str(i).expect("Trusted network is invalid!");`

			`if net.contains(ip) {`
			`return true;`
			`}`
			`}`

			`false`
			`}`

Add base server 2023-09-02 06:07:06 +00:00			`/// Get OpenID providers configuration`
			`pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {`
			`if self.disable_oidc {`
			`return None;`
			`}`

			`Some(OIDCProvider {`
			`client_id: self.oidc_client_id.as_str(),`
			`client_secret: self.oidc_client_secret.as_str(),`
			`configuration_url: self.oidc_configuration_url.as_str(),`
			`})`
			`}`

			`/// Get OIDC callback URL`
			`pub fn oidc_redirect_url(&self) -> String {`
			`self.oidc_redirect_url`
			`.replace("APP_ORIGIN", &self.website_origin)`
			`}`
Can upload ISO files 2023-09-05 11:19:25 +00:00
			`/// Get root storage directory`
			`pub fn storage_path(&self) -> PathBuf {`
Ready to implement network routes contents 2023-12-04 19:16:32 +00:00			`let storage_path = Path::new(&self.storage);`
			`if !storage_path.is_dir() {`
			`panic!(`
			`"Specified storage path ({}) is not a directory!",`
			`self.storage`
			`);`
			`}`
			`storage_path.canonicalize().unwrap()`
Can upload ISO files 2023-09-05 11:19:25 +00:00			`}`

			`/// Get iso storage directory`
			`pub fn iso_storage_path(&self) -> PathBuf {`
			`self.storage_path().join("iso")`
			`}`
Can enable VNC access 2023-10-11 17:11:00 +00:00
Created first disk 2023-10-26 09:43:05 +00:00			`/// Get VM vnc sockets directory`
Can enable VNC access 2023-10-11 17:11:00 +00:00			`pub fn vnc_sockets_path(&self) -> PathBuf {`
Created first disk 2023-10-26 09:43:05 +00:00			`self.storage_path().join("vnc")`
			`}`

Delete VNC socket file when deleting domain 2023-12-11 14:09:18 +00:00			`/// Get VM vnc sockets path for domain`
			`pub fn vnc_socket_for_domain(&self, name: &str) -> PathBuf {`
			`self.vnc_sockets_path().join(format!("vnc-{}", name))`
			`}`

Created first disk 2023-10-26 09:43:05 +00:00			`/// Get VM vnc sockets directory`
			`pub fn disks_storage_path(&self) -> PathBuf {`
			`self.storage_path().join("disks")`
			`}`

Can create networks 2023-10-31 08:26:42 +00:00			`pub fn vm_storage_path(&self, id: XMLUuid) -> PathBuf {`
Created first disk 2023-10-26 09:43:05 +00:00			`self.disks_storage_path().join(id.as_string())`
Can enable VNC access 2023-10-11 17:11:00 +00:00			`}`
Add base server 2023-09-02 06:07:06 +00:00			`}`

			`#[derive(Debug, Clone, serde::Serialize)]`
			`pub struct OIDCProvider<'a> {`
			`#[serde(skip_serializing)]`
			`pub client_id: &'a str,`
			`#[serde(skip_serializing)]`
			`pub client_secret: &'a str,`
			`#[serde(skip_serializing)]`
			`pub configuration_url: &'a str,`
			`}`