* [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port
@ 2025-12-16 15:37 Shannon Sterz
2025-12-19 9:05 ` Dominik Csapak
2025-12-19 12:50 ` Shannon Sterz
0 siblings, 2 replies; 4+ messages in thread
From: Shannon Sterz @ 2025-12-16 15:37 UTC (permalink / raw)
To: pdm-devel
we did not validate these fields before, leading to situations where
users could enter a value with a schema here (such as "https://") that
lead to errors down the line.
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
we might not want to call it a "Web UI URL" when editing a remote. a url
indicates that i should be able, for example, to copy the url from my
browser's address bar and paste it here. this isn't the case. we may
want to call it "<IP/Hostname>:Port" just like we do in the add dialog.
lib/pdm-api-types/src/lib.rs | 3 +++
ui/src/remotes/edit_remote.rs | 2 ++
ui/src/remotes/wizard_page_connect.rs | 3 ++-
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
index 5daaa3f..d4cc7ef 100644
--- a/lib/pdm-api-types/src/lib.rs
+++ b/lib/pdm-api-types/src/lib.rs
@@ -137,6 +137,9 @@ pub const HOST_PORT_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HOST_POR
pub const HOST_OPTIONAL_PORT_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&HOST_OPTIONAL_PORT_REGEX);
pub const HTTP_URL_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HTTP_URL_REGEX);
+pub const HOST_OPTIONAL_PORT_SCHEMA: Schema = StringSchema::new("A host with an optional port.")
+ .format(&HOST_OPTIONAL_PORT_FORMAT)
+ .schema();
pub const DAILY_DURATION_FORMAT: ApiStringFormat =
ApiStringFormat::VerifyFn(|s| parse_daily_duration(s).map(drop));
diff --git a/ui/src/remotes/edit_remote.rs b/ui/src/remotes/edit_remote.rs
index 925d11a..1b6b580 100644
--- a/ui/src/remotes/edit_remote.rs
+++ b/ui/src/remotes/edit_remote.rs
@@ -1,6 +1,7 @@
use std::rc::Rc;
use anyhow::Error;
+use pdm_api_types::HOST_OPTIONAL_PORT_SCHEMA;
use serde_json::Value;
use yew::html::IntoEventCallback;
use yew::virtual_dom::{VComp, VNode};
@@ -118,6 +119,7 @@ fn edit_remote_input_panel(_form_ctx: &FormContext, remote_id: &str) -> Html {
tr!("Web UI URL"),
Field::new()
.name("web-url")
+ .schema(&HOST_OPTIONAL_PORT_SCHEMA)
.placeholder(tr!("Use first endpoint.")),
)
.with_custom_child(
diff --git a/ui/src/remotes/wizard_page_connect.rs b/ui/src/remotes/wizard_page_connect.rs
index fb04f60..b850b5c 100644
--- a/ui/src/remotes/wizard_page_connect.rs
+++ b/ui/src/remotes/wizard_page_connect.rs
@@ -15,7 +15,7 @@ use pwt_macros::builder;
use proxmox_yew_comp::{KVGrid, KVGridRow, SchemaValidation, WizardPageRenderInfo};
use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome};
-use pdm_api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
+use pdm_api_types::{CERT_FINGERPRINT_SHA256_SCHEMA, HOST_OPTIONAL_PORT_SCHEMA};
use proxmox_acme_api::CertificateInfo;
#[derive(Clone, PartialEq, Properties)]
@@ -242,6 +242,7 @@ impl Component for PdmWizardPageConnect {
Field::new()
.name("hostname")
.placeholder(tr!("<IP/Hostname>:Port"))
+ .schema(&HOST_OPTIONAL_PORT_SCHEMA)
.required(true),
)
.with_large_field(
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port
2025-12-16 15:37 [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port Shannon Sterz
@ 2025-12-19 9:05 ` Dominik Csapak
2025-12-19 11:40 ` Shannon Sterz
2025-12-19 12:50 ` Shannon Sterz
1 sibling, 1 reply; 4+ messages in thread
From: Dominik Csapak @ 2025-12-19 9:05 UTC (permalink / raw)
To: Proxmox Datacenter Manager development discussion, Shannon Sterz
s/wizzard/wizard/ in the commit subject
On 12/16/25 4:37 PM, Shannon Sterz wrote:
> we did not validate these fields before, leading to situations where
> users could enter a value with a schema here (such as "https://") that
> lead to errors down the line.
could you elaborate what can lead to errors down the line?
i tried in an unpatched pdm
http://somehost:someport
and
https://somehost:someport
and it always behaved like expected?
e.g. in the wizard we simply strip the http/https part (not intuitive,
but ok imho)
and the web-url behaves like it should, namely a 'web-url'
and copy/pasting a url from an address bar should work
(the only thing we might want to do is to strip/disallow the fragment there)
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
> we might not want to call it a "Web UI URL" when editing a remote. a url
> indicates that i should be able, for example, to copy the url from my
> browser's address bar and paste it here. this isn't the case. we may
> want to call it "<IP/Hostname>:Port" just like we do in the add dialog.
>
> lib/pdm-api-types/src/lib.rs | 3 +++
> ui/src/remotes/edit_remote.rs | 2 ++
> ui/src/remotes/wizard_page_connect.rs | 3 ++-
> 3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
> index 5daaa3f..d4cc7ef 100644
> --- a/lib/pdm-api-types/src/lib.rs
> +++ b/lib/pdm-api-types/src/lib.rs
> @@ -137,6 +137,9 @@ pub const HOST_PORT_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HOST_POR
> pub const HOST_OPTIONAL_PORT_FORMAT: ApiStringFormat =
> ApiStringFormat::Pattern(&HOST_OPTIONAL_PORT_REGEX);
> pub const HTTP_URL_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HTTP_URL_REGEX);
> +pub const HOST_OPTIONAL_PORT_SCHEMA: Schema = StringSchema::new("A host with an optional port.")
> + .format(&HOST_OPTIONAL_PORT_FORMAT)
> + .schema();
>
> pub const DAILY_DURATION_FORMAT: ApiStringFormat =
> ApiStringFormat::VerifyFn(|s| parse_daily_duration(s).map(drop));
> diff --git a/ui/src/remotes/edit_remote.rs b/ui/src/remotes/edit_remote.rs
> index 925d11a..1b6b580 100644
> --- a/ui/src/remotes/edit_remote.rs
> +++ b/ui/src/remotes/edit_remote.rs
> @@ -1,6 +1,7 @@
> use std::rc::Rc;
>
> use anyhow::Error;
> +use pdm_api_types::HOST_OPTIONAL_PORT_SCHEMA;
> use serde_json::Value;
> use yew::html::IntoEventCallback;
> use yew::virtual_dom::{VComp, VNode};
> @@ -118,6 +119,7 @@ fn edit_remote_input_panel(_form_ctx: &FormContext, remote_id: &str) -> Html {
> tr!("Web UI URL"),
> Field::new()
> .name("web-url")
> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
> .placeholder(tr!("Use first endpoint.")),
> )
> .with_custom_child(
> diff --git a/ui/src/remotes/wizard_page_connect.rs b/ui/src/remotes/wizard_page_connect.rs
> index fb04f60..b850b5c 100644
> --- a/ui/src/remotes/wizard_page_connect.rs
> +++ b/ui/src/remotes/wizard_page_connect.rs
> @@ -15,7 +15,7 @@ use pwt_macros::builder;
> use proxmox_yew_comp::{KVGrid, KVGridRow, SchemaValidation, WizardPageRenderInfo};
>
> use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome};
> -use pdm_api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
> +use pdm_api_types::{CERT_FINGERPRINT_SHA256_SCHEMA, HOST_OPTIONAL_PORT_SCHEMA};
> use proxmox_acme_api::CertificateInfo;
>
> #[derive(Clone, PartialEq, Properties)]
> @@ -242,6 +242,7 @@ impl Component for PdmWizardPageConnect {
> Field::new()
> .name("hostname")
> .placeholder(tr!("<IP/Hostname>:Port"))
> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
> .required(true),
> )
> .with_large_field(
> --
> 2.47.3
>
>
>
> _______________________________________________
> pdm-devel mailing list
> pdm-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
>
>
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port
2025-12-19 9:05 ` Dominik Csapak
@ 2025-12-19 11:40 ` Shannon Sterz
0 siblings, 0 replies; 4+ messages in thread
From: Shannon Sterz @ 2025-12-19 11:40 UTC (permalink / raw)
To: Dominik Csapak; +Cc: Proxmox Datacenter Manager development discussion
On Fri Dec 19, 2025 at 10:05 AM CET, Dominik Csapak wrote:
> s/wizzard/wizard/ in the commit subject
>
> On 12/16/25 4:37 PM, Shannon Sterz wrote:
>> we did not validate these fields before, leading to situations where
>> users could enter a value with a schema here (such as "https://") that
>> lead to errors down the line.
>
> could you elaborate what can lead to errors down the line?
>
> i tried in an unpatched pdm
>
> http://somehost:someport
> and
> https://somehost:someport
>
> and it always behaved like expected?
> e.g. in the wizard we simply strip the http/https part (not intuitive,
> but ok imho)
>
> and the web-url behaves like it should, namely a 'web-url'
>
> and copy/pasting a url from an address bar should work
> (the only thing we might want to do is to strip/disallow the fragment there)
yeah sorry i kind of hurried this, i'll send a proper fix in a minute.
the problem isn't the address/host:port field nor the web url, it's the
table of endpoints. we don't validate the input there and the update
endpoint doesn't even do server side validation. hence, adding a
protocol leads to errors when trying to contact the remote afterward.
>
>
>>
>> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
>> ---
>> we might not want to call it a "Web UI URL" when editing a remote. a url
>> indicates that i should be able, for example, to copy the url from my
>> browser's address bar and paste it here. this isn't the case. we may
>> want to call it "<IP/Hostname>:Port" just like we do in the add dialog.
>>
>> lib/pdm-api-types/src/lib.rs | 3 +++
>> ui/src/remotes/edit_remote.rs | 2 ++
>> ui/src/remotes/wizard_page_connect.rs | 3 ++-
>> 3 files changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
>> index 5daaa3f..d4cc7ef 100644
>> --- a/lib/pdm-api-types/src/lib.rs
>> +++ b/lib/pdm-api-types/src/lib.rs
>> @@ -137,6 +137,9 @@ pub const HOST_PORT_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HOST_POR
>> pub const HOST_OPTIONAL_PORT_FORMAT: ApiStringFormat =
>> ApiStringFormat::Pattern(&HOST_OPTIONAL_PORT_REGEX);
>> pub const HTTP_URL_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HTTP_URL_REGEX);
>> +pub const HOST_OPTIONAL_PORT_SCHEMA: Schema = StringSchema::new("A host with an optional port.")
>> + .format(&HOST_OPTIONAL_PORT_FORMAT)
>> + .schema();
>>
>> pub const DAILY_DURATION_FORMAT: ApiStringFormat =
>> ApiStringFormat::VerifyFn(|s| parse_daily_duration(s).map(drop));
>> diff --git a/ui/src/remotes/edit_remote.rs b/ui/src/remotes/edit_remote.rs
>> index 925d11a..1b6b580 100644
>> --- a/ui/src/remotes/edit_remote.rs
>> +++ b/ui/src/remotes/edit_remote.rs
>> @@ -1,6 +1,7 @@
>> use std::rc::Rc;
>>
>> use anyhow::Error;
>> +use pdm_api_types::HOST_OPTIONAL_PORT_SCHEMA;
>> use serde_json::Value;
>> use yew::html::IntoEventCallback;
>> use yew::virtual_dom::{VComp, VNode};
>> @@ -118,6 +119,7 @@ fn edit_remote_input_panel(_form_ctx: &FormContext, remote_id: &str) -> Html {
>> tr!("Web UI URL"),
>> Field::new()
>> .name("web-url")
>> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
>> .placeholder(tr!("Use first endpoint.")),
>> )
>> .with_custom_child(
>> diff --git a/ui/src/remotes/wizard_page_connect.rs b/ui/src/remotes/wizard_page_connect.rs
>> index fb04f60..b850b5c 100644
>> --- a/ui/src/remotes/wizard_page_connect.rs
>> +++ b/ui/src/remotes/wizard_page_connect.rs
>> @@ -15,7 +15,7 @@ use pwt_macros::builder;
>> use proxmox_yew_comp::{KVGrid, KVGridRow, SchemaValidation, WizardPageRenderInfo};
>>
>> use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome};
>> -use pdm_api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
>> +use pdm_api_types::{CERT_FINGERPRINT_SHA256_SCHEMA, HOST_OPTIONAL_PORT_SCHEMA};
>> use proxmox_acme_api::CertificateInfo;
>>
>> #[derive(Clone, PartialEq, Properties)]
>> @@ -242,6 +242,7 @@ impl Component for PdmWizardPageConnect {
>> Field::new()
>> .name("hostname")
>> .placeholder(tr!("<IP/Hostname>:Port"))
>> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
>> .required(true),
>> )
>> .with_large_field(
>> --
>> 2.47.3
>>
>>
>>
>> _______________________________________________
>> pdm-devel mailing list
>> pdm-devel@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
>>
>>
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port
2025-12-16 15:37 [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port Shannon Sterz
2025-12-19 9:05 ` Dominik Csapak
@ 2025-12-19 12:50 ` Shannon Sterz
1 sibling, 0 replies; 4+ messages in thread
From: Shannon Sterz @ 2025-12-19 12:50 UTC (permalink / raw)
To: Shannon Sterz; +Cc: pdm-devel
Superseded-by: https://lore.proxmox.com/all/20251219123758.151318-2-s.sterz@proxmox.com/T/#t
On Tue Dec 16, 2025 at 4:37 PM CET, Shannon Sterz wrote:
> we did not validate these fields before, leading to situations where
> users could enter a value with a schema here (such as "https://") that
> lead to errors down the line.
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
> we might not want to call it a "Web UI URL" when editing a remote. a url
> indicates that i should be able, for example, to copy the url from my
> browser's address bar and paste it here. this isn't the case. we may
> want to call it "<IP/Hostname>:Port" just like we do in the add dialog.
>
> lib/pdm-api-types/src/lib.rs | 3 +++
> ui/src/remotes/edit_remote.rs | 2 ++
> ui/src/remotes/wizard_page_connect.rs | 3 ++-
> 3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/lib/pdm-api-types/src/lib.rs b/lib/pdm-api-types/src/lib.rs
> index 5daaa3f..d4cc7ef 100644
> --- a/lib/pdm-api-types/src/lib.rs
> +++ b/lib/pdm-api-types/src/lib.rs
> @@ -137,6 +137,9 @@ pub const HOST_PORT_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HOST_POR
> pub const HOST_OPTIONAL_PORT_FORMAT: ApiStringFormat =
> ApiStringFormat::Pattern(&HOST_OPTIONAL_PORT_REGEX);
> pub const HTTP_URL_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&HTTP_URL_REGEX);
> +pub const HOST_OPTIONAL_PORT_SCHEMA: Schema = StringSchema::new("A host with an optional port.")
> + .format(&HOST_OPTIONAL_PORT_FORMAT)
> + .schema();
>
> pub const DAILY_DURATION_FORMAT: ApiStringFormat =
> ApiStringFormat::VerifyFn(|s| parse_daily_duration(s).map(drop));
> diff --git a/ui/src/remotes/edit_remote.rs b/ui/src/remotes/edit_remote.rs
> index 925d11a..1b6b580 100644
> --- a/ui/src/remotes/edit_remote.rs
> +++ b/ui/src/remotes/edit_remote.rs
> @@ -1,6 +1,7 @@
> use std::rc::Rc;
>
> use anyhow::Error;
> +use pdm_api_types::HOST_OPTIONAL_PORT_SCHEMA;
> use serde_json::Value;
> use yew::html::IntoEventCallback;
> use yew::virtual_dom::{VComp, VNode};
> @@ -118,6 +119,7 @@ fn edit_remote_input_panel(_form_ctx: &FormContext, remote_id: &str) -> Html {
> tr!("Web UI URL"),
> Field::new()
> .name("web-url")
> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
> .placeholder(tr!("Use first endpoint.")),
> )
> .with_custom_child(
> diff --git a/ui/src/remotes/wizard_page_connect.rs b/ui/src/remotes/wizard_page_connect.rs
> index fb04f60..b850b5c 100644
> --- a/ui/src/remotes/wizard_page_connect.rs
> +++ b/ui/src/remotes/wizard_page_connect.rs
> @@ -15,7 +15,7 @@ use pwt_macros::builder;
> use proxmox_yew_comp::{KVGrid, KVGridRow, SchemaValidation, WizardPageRenderInfo};
>
> use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome};
> -use pdm_api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
> +use pdm_api_types::{CERT_FINGERPRINT_SHA256_SCHEMA, HOST_OPTIONAL_PORT_SCHEMA};
> use proxmox_acme_api::CertificateInfo;
>
> #[derive(Clone, PartialEq, Properties)]
> @@ -242,6 +242,7 @@ impl Component for PdmWizardPageConnect {
> Field::new()
> .name("hostname")
> .placeholder(tr!("<IP/Hostname>:Port"))
> + .schema(&HOST_OPTIONAL_PORT_SCHEMA)
> .required(true),
> )
> .with_large_field(
> --
> 2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-12-19 12:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-16 15:37 [pdm-devel] [PATCH datacenter-manager] ui: wizzard/edit remote: validate remote host and port Shannon Sterz
2025-12-19 9:05 ` Dominik Csapak
2025-12-19 11:40 ` Shannon Sterz
2025-12-19 12:50 ` Shannon Sterz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox