public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* Re: [pve-devel] [PATCH storage 1/1] fix #1710: add retrieve method for storage
@ 2021-04-29 13:46 Lorenz Stechauner
  2021-04-29 14:07 ` Thomas Lamprecht
  0 siblings, 1 reply; 7+ messages in thread
From: Lorenz Stechauner @ 2021-04-29 13:46 UTC (permalink / raw)
  To: Thomas Lamprecht, Proxmox VE development discussion, Dominik Csapak

Another idea would be to introduce two new permissions:
Sys.RetrieveLocal - only local/private ip addresses allowed
Sys.RetrieveGlobal - all other ip addresses allowed (means only non-private)

> On 29.04.21 15:22 Thomas Lamprecht <t.lamprecht@proxmox.com> wrote:
> 
>  
> On 29.04.21 13:54, Dominik Csapak wrote:
> > On 4/28/21 16:13, Lorenz Stechauner wrote:
> >>   +__PACKAGE__->register_method({
> >> +    name => 'retrieve',
> >> +    path => '{storage}/retrieve',
> >> +    method => 'POST',
> >> +    description => "Download templates and ISO images by using an URL.",
> >> +    permissions => {
> >> +    check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
> >> +    },
> >> +    protected => 1,
> >> +    parameters => {
> >> +    additionalProperties => 0,
> >> +    properties => {
> >> +        node => get_standard_option('pve-node'),
> >> +        storage => get_standard_option('pve-storage-id'),
> >> +        url => {
> >> +        description => "The URL to retrieve the file from.",
> >> +        type => 'string',
> >> +        },
> > 
> > i am not quite sure if it is a good idea to have this feature
> > unrestricted for everybody who can download a template
> > 
> > it possibly gives access to an internal network to which
> > the users does not have access otherwise...
> > 
> > maybe we want to give the admin control over allow- and/or blocklists ?
> 
> I do not want such lists, PITA to manage for everybody.
> 
> Maybe we can just allow it only for users with Sys.Modify + Sys.Audit on / ?
> 
> We could also enforce that it needs to be a hostname (no IP) and/or resolve
> to something out of the priv. network ranges, at least if the aforementioned
> privs are not set.
> 
> Another idea would be enforcing the URL to match something like /\.(iso|img)$/ 
> and being not to informative on errors to avoid allowing to see which hsot are
> on/off line in a network. With that one could make this pretty safe I think.
> 
> 
> > 
> >> +        insecure => {
> >> +        description => "Allow TLS certificates to be invalid.",
> >> +        type => 'boolean',
> >> +        optional => 1,
> >> +        } > +    },
> >> +    },
> >> +    returns => {
> >> +    type => "object",
> >> +    properties => {
> >> +        filename => { type => 'string' },
> >> +        upid => { type => 'string' },
> >> +        size => {
> >> +        type => 'integer',
> >> +        renderer => 'bytes',
> >> +        },
> >> +    },
> >> +    },
> >> +    code => sub {
> >> +    my ($param) = @_;
> >> +
> >> +    my @hash_algs = ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'];
> > 
> > as written above, can be handled by api
> 
> and could be actually auto-detected too, at least optionally? All those are pretty
> much unique already in length, IIRC.




^ permalink raw reply	[flat|nested] 7+ messages in thread
* [pve-devel] [PATCH manager 1/1] fix #1710: add retrieve from url button for storage
@ 2021-04-28 14:13 Lorenz Stechauner
  2021-04-28 14:13 ` [pve-devel] [PATCH storage 1/1] fix #1710: add retrieve method " Lorenz Stechauner
  0 siblings, 1 reply; 7+ messages in thread
From: Lorenz Stechauner @ 2021-04-28 14:13 UTC (permalink / raw)
  To: pve-devel

Add PVE.storage.Retrieve window and PVE.form.hashAlgorithmSelector.
Users are now able to download/retrieve any .iso/... file onto their
storages and verify file integrity with checksums.

Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
---
 www/manager6/Makefile                      |   1 +
 www/manager6/form/HashAlgorithmSelector.js |  21 +++
 www/manager6/storage/ContentView.js        | 161 +++++++++++++++++++++
 3 files changed, 183 insertions(+)
 create mode 100644 www/manager6/form/HashAlgorithmSelector.js

diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index afed3283..8e6557d8 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -38,6 +38,7 @@ JSSRC= 							\
 	form/GlobalSearchField.js			\
 	form/GroupSelector.js				\
 	form/GuestIDSelector.js				\
+	form/HashAlgorithmSelector.js			\
 	form/HotplugFeatureSelector.js			\
 	form/IPProtocolSelector.js			\
 	form/IPRefSelector.js				\
diff --git a/www/manager6/form/HashAlgorithmSelector.js b/www/manager6/form/HashAlgorithmSelector.js
new file mode 100644
index 00000000..4a72cc08
--- /dev/null
+++ b/www/manager6/form/HashAlgorithmSelector.js
@@ -0,0 +1,21 @@
+Ext.define('PVE.form.hashAlgorithmSelector', {
+    extend: 'Proxmox.form.KVComboBox',
+    alias: ['widget.pveHashAlgorithmSelector'],
+    comboItems: [],
+    hasNoneOption: false,
+    initComponent: function() {
+	var me = this;
+	me.comboItems = [
+	    ['md5', 'MD5'],
+	    ['sha1', 'SHA-1'],
+	    ['sha224', 'SHA-224'],
+	    ['sha256', 'SHA-256'],
+	    ['sha384', 'SHA-384'],
+	    ['sha512', 'SHA-512'],
+	];
+	if (me.hasNoneOption) {
+	    me.comboItems.unshift(['none', 'None']);
+	}
+	this.callParent();
+    },
+});
diff --git a/www/manager6/storage/ContentView.js b/www/manager6/storage/ContentView.js
index dd6df4b1..7187ebbe 100644
--- a/www/manager6/storage/ContentView.js
+++ b/www/manager6/storage/ContentView.js
@@ -191,6 +191,153 @@ Ext.define('PVE.storage.Upload', {
     },
 });
 
+Ext.define('PVE.storage.Retrieve', {
+    extend: 'Proxmox.window.Edit',
+    alias: 'widget.pveStorageRetrieve',
+
+    resizable: false,
+
+    modal: true,
+
+    isCreate: true,
+
+    showTaskViewer: true,
+    upidFieldName: 'upid',
+
+    initComponent: function() {
+        var me = this;
+
+	if (!me.nodename) {
+	    throw "no node name specified";
+	}
+	if (!me.storage) {
+	    throw "no storage ID specified";
+	}
+
+	me.url = `/nodes/${me.nodename}/storage/${me.storage}/retrieve`;
+	me.method = 'POST';
+
+	let defaultContent = me.contents[0] || '';
+
+	let urlField = Ext.create('Ext.form.field.Text', {
+	    name: 'url',
+	    allowBlank: false,
+	    fieldLabel: gettext('URL'),
+	});
+
+	let fileNameField = Ext.create('Ext.form.field.Text', {
+	    name: 'filename',
+	    allowBlank: false,
+	    fieldLabel: gettext('File name'),
+	});
+
+	let fileSizeField = Ext.create('Ext.form.field.Text', {
+	    name: 'size',
+	    disabled: true,
+	    fieldLabel: gettext('File size'),
+	    emptyText: gettext('unknown'),
+	});
+
+	let checksumField = Ext.create('Ext.form.field.Text', {
+	    name: 'checksum',
+	    fieldLabel: gettext('Checksum'),
+	    allowBlank: true,
+	    disabled: true,
+	    emptyText: gettext('none'),
+	});
+
+	let checksumAlgField = Ext.create('PVE.form.hashAlgorithmSelector', {
+	    name: 'checksumalg',
+	    fieldLabel: gettext('Hash algorithm'),
+	    allowBlank: true,
+	    hasNoneOption: true,
+	    value: 'none',
+	});
+
+	let inputPanel = Ext.create('Proxmox.panel.InputPanel', {
+	    method: 'POST',
+	    waitMsgTarget: true,
+	    border: false,
+	    columnT: [
+		urlField,
+		fileNameField,
+	    ],
+	    column1: [
+		{
+		    xtype: 'pveContentTypeSelector',
+		    cts: me.contents,
+		    fieldLabel: gettext('Content'),
+		    name: 'content',
+		    value: defaultContent,
+		    allowBlank: false,
+		},
+	    ],
+	    column2: [
+		fileSizeField,
+	    ],
+	    advancedColumn1: [
+		checksumField,
+		checksumAlgField,
+	    ],
+	    advancedColumn2: [
+		{
+		    xtype: 'checkbox',
+		    name: 'insecure',
+		    fieldLabel: gettext('Trust invalid certificates'),
+		    labelWidth: 150,
+		},
+	    ],
+	});
+
+	urlField.on('change', function() {
+	    urlField.setValidation("Waiting for response...");
+	    urlField.validate();
+	    fileSizeField.setValue("");
+	    Proxmox.Utils.API2Request({
+		url: me.url,
+		method: 'POST',
+		params: {
+		    metaonly: 1,
+		    url: me.getValues()['url'],
+		    content: me.getValues()['content'],
+		},
+		failure: function(res, opt) {
+		    urlField.setValidation(res.result.message);
+		    urlField.validate();
+		    fileSizeField.setValue("");
+		},
+		success: function(res, opt) {
+		    urlField.setValidation();
+		    urlField.validate();
+
+		    let data = res.result.data;
+		    fileNameField.setValue(data.filename);
+		    fileSizeField.setValue(Proxmox.Utils.format_size(data.size));
+		},
+	    });
+	});
+
+	checksumAlgField.on('change', function() {
+	    if (this.getValue() === 'none') {
+		checksumField.setDisabled(true);
+		checksumField.setValue("");
+		checksumField.allowBlank = true;
+	    } else {
+		checksumField.setDisabled(false);
+		checksumField.allowBlank = false;
+	    }
+	});
+
+	Ext.apply(me, {
+	    title: gettext('Retrieve from URL'),
+	    items: inputPanel,
+	    submitText: gettext('Download'),
+	});
+
+        me.callParent();
+    },
+});
+
 Ext.define('PVE.storage.ContentView', {
     extend: 'Ext.grid.GridPanel',
 
@@ -262,6 +409,19 @@ Ext.define('PVE.storage.ContentView', {
 	    },
 	});
 
+	let retrieveButton = Ext.create('Proxmox.button.Button', {
+	    text: gettext('Retrieve from URL'),
+	    handler: function() {
+		let win = Ext.create('PVE.storage.Retrieve', {
+		    nodename: nodename,
+		    storage: storage,
+		    contents: [content],
+		});
+		win.show();
+		win.on('destroy', reload);
+	    },
+	});
+
 	let removeButton = Ext.create('Proxmox.button.StdRemoveButton', {
 	    selModel: sm,
 	    delay: 5,
@@ -276,6 +436,7 @@ Ext.define('PVE.storage.ContentView', {
 	}
 	if (me.useUploadButton) {
 	    me.tbar.push(uploadButton);
+	    me.tbar.push(retrieveButton);
 	}
 	if (!me.useCustomRemoveButton) {
 	    me.tbar.push(removeButton);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-04-29 14:11 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 13:46 [pve-devel] [PATCH storage 1/1] fix #1710: add retrieve method for storage Lorenz Stechauner
2021-04-29 14:07 ` Thomas Lamprecht
  -- strict thread matches above, loose matches on Subject: below --
2021-04-28 14:13 [pve-devel] [PATCH manager 1/1] fix #1710: add retrieve from url button " Lorenz Stechauner
2021-04-28 14:13 ` [pve-devel] [PATCH storage 1/1] fix #1710: add retrieve method " Lorenz Stechauner
2021-04-29 11:54   ` Dominik Csapak
2021-04-29 13:22     ` Thomas Lamprecht
2021-04-29 14:01       ` Dominik Csapak
2021-04-29 14:11         ` Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal