git-annex/Command/P2PHttp.hs

{- git-annex command
 -
 - Copyright 2024 Joey Hess <id@joeyh.name>
 -
 - Licensed under the GNU AGPL version 3 or higher.
 -}

{-# LANGUAGE DataKinds #-}
{-# LANGUAGE TypeOperators #-}
{-# LANGUAGE OverloadedStrings #-}

module Command.P2PHttp where

import Command
import P2P.Http.Server
import P2P.Http.Url
import qualified P2P.Protocol as P2P
import Utility.Env

import Servant
import qualified Network.Wai.Handler.Warp as Warp
import qualified Network.Wai.Handler.WarpTLS as Warp
import Network.Socket (PortNumber)
import qualified Data.Map as M
import Data.String

cmd :: Command
cmd = withAnnexOptions [jobsOption] $ command "p2phttp" SectionPlumbing
	"communicate in P2P protocol over http"
	paramNothing (seek <$$> optParser)

data Options = Options
	{ portOption :: Maybe PortNumber
	, bindOption :: Maybe String
	, certFileOption :: Maybe FilePath
	, privateKeyFileOption :: Maybe FilePath
	, chainFileOption :: [FilePath]
	, authEnvOption :: Bool
	, authEnvHttpOption :: Bool
	, unauthReadOnlyOption :: Bool
	, unauthAppendOnlyOption :: Bool
	, wideOpenOption :: Bool
	}

optParser :: CmdParamsDesc -> Parser Options
optParser _ = Options
	<$> optional (option auto
		( long "port" <> metavar paramNumber
		<> help "specify port to listen on"
		))
	<*> optional (strOption
		( long "bind" <> metavar paramAddress
		<> help "specify address to bind to"
		))
	<*> optional (strOption
		( long "certfile" <> metavar paramFile
		<> help "TLS certificate file for HTTPS"
		))
	<*> optional (strOption
		( long "privatekeyfile" <> metavar paramFile
		<> help "TLS private key file for HTTPS"
		))
	<*> many (strOption
		( long "chainfile" <> metavar paramFile
		<> help "TLS chain file"
		))
	<*> switch
		( long "authenv"
		<> help "authenticate users from environment (https only)"
		)
	<*> switch
		( long "authenv-http"
		<> help "authenticate users from environment (including http)"
		)
	<*> switch
		( long "unauth-readonly"
		<> help "allow unauthenticated users to read the repository"
		)
	<*> switch
		( long "unauth-appendonly"
		<> help "allow unauthenticated users to read and append to the repository"
		)
	<*> switch
		( long "wideopen"
		<> help "give unauthenticated users full read+write access"
		)

seek :: Options -> CommandSeek
seek o = getAnnexWorkerPool $ \workerpool ->
	withP2PConnections workerpool $ \acquireconn -> liftIO $ do
		authenv <- getAuthEnv
		st <- mkP2PHttpServerState acquireconn workerpool $
			mkGetServerMode authenv o
		let settings = Warp.setPort port $ Warp.setHost host $
			Warp.defaultSettings
		case (certFileOption o, privateKeyFileOption o) of
			(Nothing, Nothing) -> Warp.runSettings settings (p2pHttpApp st)
			(Just certfile, Just privatekeyfile) -> do
				let tlssettings = Warp.tlsSettingsChain
					certfile (chainFileOption o) privatekeyfile
				Warp.runTLS tlssettings settings (p2pHttpApp st)
			_ -> giveup "You must use both --certfile and --privatekeyfile options to enable HTTPS."
  where
	port = maybe
		(fromIntegral defaultP2PHttpProtocolPort)
		fromIntegral
		(portOption o)
	host = maybe
		(fromString "*") -- both ipv4 and ipv6
		fromString
		(bindOption o)

mkGetServerMode :: M.Map Auth P2P.ServerMode -> Options -> GetServerMode
mkGetServerMode _ o _ Nothing
	| wideOpenOption o = Just P2P.ServeReadWrite
	| unauthAppendOnlyOption o = Just P2P.ServeAppendOnly
	| unauthReadOnlyOption o = Just P2P.ServeReadOnly
	| otherwise = Nothing
mkGetServerMode authenv o issecure (Just auth) =
	case (issecure, authEnvOption o, authEnvHttpOption o) of
		(Secure, True, _) -> checkauth
		(NotSecure, _, True) -> checkauth
		_ -> noauth
  where
	checkauth = case M.lookup auth authenv of
		Just servermode -> Just servermode
		Nothing -> noauth
	noauth = mkGetServerMode authenv o issecure Nothing

getAuthEnv :: IO (M.Map Auth P2P.ServerMode)
getAuthEnv = do
	environ <- getEnvironment
	let permmap = M.fromList (mapMaybe parseperms environ)
	return $ M.fromList $
		map (addperms permmap) $
			mapMaybe parseusername environ
  where
	parseperms (k, v) = case deprefix "GIT_ANNEX_P2PHTTP_PERMISSIONS_" k of
		Nothing -> Nothing
		Just username -> case v of
			"readonly" -> Just
				(encodeBS username, P2P.ServeReadOnly)
			"appendonly" -> Just
				(encodeBS username, P2P.ServeAppendOnly)
			_ -> Nothing

	parseusername (k, v) = case deprefix "GIT_ANNEX_P2PHTTP_PASSWORD_" k of
		Nothing -> Nothing
		Just username -> Just $ Auth (encodeBS username) (encodeBS v)

	deprefix prefix s
		| prefix `isPrefixOf` s = Just (drop (length prefix) s)
		| otherwise = Nothing

	addperms permmap auth@(Auth user _) = 
		case M.lookup user permmap of
			Nothing -> (auth, P2P.ServeReadWrite)
			Just perms -> (auth, perms)
started servant implementation of HTTP P2P protocol 2024-07-07 16:08:10 +00:00			`{- git-annex command`
			`-`
			`- Copyright 2024 Joey Hess <id@joeyh.name>`
			`-`
			`- Licensed under the GNU AGPL version 3 or higher.`
			`-}`

			`{-# LANGUAGE DataKinds #-}`
			`{-# LANGUAGE TypeOperators #-}`
			`{-# LANGUAGE OverloadedStrings #-}`

			`module Command.P2PHttp where`

			`import Command`
factor out http server and client into own modules To avoid a cycle when Remote.Git uses the client. 2024-07-23 18:12:03 +00:00			`import P2P.Http.Server`
starting support for remote.name.annexUrl set to annex+http In this case, Remote.Git should not use that url for all access to the repository. It will only be used for annex operations, which isn't done yet. 2024-07-23 13:12:21 +00:00			`import P2P.Http.Url`
p2phttp is almost working for checkpresent The server is fully running annex actions, only the P2PConnection is wrong, currently using stdio. 2024-07-09 17:37:55 +00:00			`import qualified P2P.Protocol as P2P`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`import Utility.Env`
started servant implementation of HTTP P2P protocol 2024-07-07 16:08:10 +00:00
Remote.Git retrieveKeyFile works with annex+http urls This includes a bugfix to serveGet, it hung at the end. 2024-07-24 13:45:14 +00:00			`import Servant`
convert lockcontent api to http long polling Websockets would work, but the problem with using them for this is that each lockcontent call is a separate websocket connection. And that's an actual TCP connection. One TCP connection per file dropped would be too expensive. With http long polling, regular http pipelining can be used, so it will reuse a TCP connection. Unfortunately, at least with servant, bi-directional streams with long polling don't result in true bidirectional full duplex communication. Servant processes the whole client body stream before generating the server body stream. I think it's entirely possible to do full bi-directional communication over http, but it would need changes to servant. And, there's no way for the client to tell if the server successfully locked the content, since the server will keep processing the client stream no matter what.: So, added a new api endpoint, keeplocked. lockcontent will lock the key for 10 minutes with retention lock, and then a call to keeplocked will keep it locked for as long as needed. This does mean that there will need to be a Map of locks by key, and I will probably want to add some kind of lock identifier that lockcontent returns. 2024-07-08 14:40:38 +00:00			`import qualified Network.Wai.Handler.Warp as Warp`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`import qualified Network.Wai.Handler.WarpTLS as Warp`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`import Network.Socket (PortNumber)`
			`import qualified Data.Map as M`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`import Data.String`
convert lockcontent api to http long polling Websockets would work, but the problem with using them for this is that each lockcontent call is a separate websocket connection. And that's an actual TCP connection. One TCP connection per file dropped would be too expensive. With http long polling, regular http pipelining can be used, so it will reuse a TCP connection. Unfortunately, at least with servant, bi-directional streams with long polling don't result in true bidirectional full duplex communication. Servant processes the whole client body stream before generating the server body stream. I think it's entirely possible to do full bi-directional communication over http, but it would need changes to servant. And, there's no way for the client to tell if the server successfully locked the content, since the server will keep processing the client stream no matter what.: So, added a new api endpoint, keeplocked. lockcontent will lock the key for 10 minutes with retention lock, and then a call to keeplocked will keep it locked for as long as needed. This does mean that there will need to be a Map of locks by key, and I will probably want to add some kind of lock identifier that lockcontent returns. 2024-07-08 14:40:38 +00:00
started servant implementation of HTTP P2P protocol 2024-07-07 16:08:10 +00:00			`cmd :: Command`
add Annex worker pool to P2PHttp This will be needed for get and store, since those need to run Annex actions. withLocalP2PConnections will also probably use it. 2024-07-10 16:19:47 +00:00			`cmd = withAnnexOptions [jobsOption] $ command "p2phttp" SectionPlumbing`
started servant implementation of HTTP P2P protocol 2024-07-07 16:08:10 +00:00			`"communicate in P2P protocol over http"`
started on auth 2024-07-09 21:30:55 +00:00			`paramNothing (seek <$$> optParser)`

			`data Options = Options`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`{ portOption :: Maybe PortNumber`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`, bindOption :: Maybe String`
p2phttp support https 2024-07-23 19:37:36 +00:00			`, certFileOption :: Maybe FilePath`
			`, privateKeyFileOption :: Maybe FilePath`
			`, chainFileOption :: [FilePath]`
started on auth 2024-07-09 21:30:55 +00:00			`, authEnvOption :: Bool`
			`, authEnvHttpOption :: Bool`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`, unauthReadOnlyOption :: Bool`
			`, unauthAppendOnlyOption :: Bool`
started on auth 2024-07-09 21:30:55 +00:00			`, wideOpenOption :: Bool`
			`}`
started servant implementation of HTTP P2P protocol 2024-07-07 16:08:10 +00:00
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`optParser :: CmdParamsDesc -> Parser Options`
			`optParser _ = Options`
			`<$> optional (option auto`
			`( long "port" <> metavar paramNumber`
			`<> help "specify port to listen on"`
			`))`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`<*> optional (strOption`
			`( long "bind" <> metavar paramAddress`
			`<> help "specify address to bind to"`
			`))`
p2phttp support https 2024-07-23 19:37:36 +00:00			`<*> optional (strOption`
			`( long "certfile" <> metavar paramFile`
			`<> help "TLS certificate file for HTTPS"`
			`))`
			`<*> optional (strOption`
			`( long "privatekeyfile" <> metavar paramFile`
			`<> help "TLS private key file for HTTPS"`
			`))`
			`<*> many (strOption`
			`( long "chainfile" <> metavar paramFile`
			`<> help "TLS chain file"`
			`))`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`<*> switch`
			`( long "authenv"`
			`<> help "authenticate users from environment (https only)"`
			`)`
			`<*> switch`
			`( long "authenv-http"`
			`<> help "authenticate users from environment (including http)"`
			`)`
			`<*> switch`
			`( long "unauth-readonly"`
			`<> help "allow unauthenticated users to read the repository"`
			`)`
			`<*> switch`
			`( long "unauth-appendonly"`
			`<> help "allow unauthenticated users to read and append to the repository"`
			`)`
			`<*> switch`
			`( long "wideopen"`
			`<> help "give unauthenticated users full read+write access"`
			`)`

			`seek :: Options -> CommandSeek`
Remote.Git checkpresent works with annex+http urls. 2024-07-23 18:31:32 +00:00			`seek o = getAnnexWorkerPool $ \workerpool ->`
http server support for proxies, incomplete Refactored git-annex-shell code so this can use checkCanProxy'. At this point all that remains is opening a proxy connection, and using a proxy connection. 2024-07-25 17:15:05 +00:00			`withP2PConnections workerpool $ \acquireconn -> liftIO $ do`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`authenv <- getAuthEnv`
add Annex worker pool to P2PHttp This will be needed for get and store, since those need to run Annex actions. withLocalP2PConnections will also probably use it. 2024-07-10 16:19:47 +00:00			`st <- mkP2PHttpServerState acquireconn workerpool $`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`mkGetServerMode authenv o`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`let settings = Warp.setPort port $ Warp.setHost host $`
			`Warp.defaultSettings`
p2phttp support https 2024-07-23 19:37:36 +00:00			`case (certFileOption o, privateKeyFileOption o) of`
			`(Nothing, Nothing) -> Warp.runSettings settings (p2pHttpApp st)`
			`(Just certfile, Just privatekeyfile) -> do`
			`let tlssettings = Warp.tlsSettingsChain`
			`certfile (chainFileOption o) privatekeyfile`
			`Warp.runTLS tlssettings settings (p2pHttpApp st)`
			`_ -> giveup "You must use both --certfile and --privatekeyfile options to enable HTTPS."`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00			`where`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`port = maybe`
starting support for remote.name.annexUrl set to annex+http In this case, Remote.Git should not use that url for all access to the repository. It will only be used for annex operations, which isn't done yet. 2024-07-23 13:12:21 +00:00			`(fromIntegral defaultP2PHttpProtocolPort)`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`fromIntegral`
starting support for remote.name.annexUrl set to annex+http In this case, Remote.Git should not use that url for all access to the repository. It will only be used for annex operations, which isn't done yet. 2024-07-23 13:12:21 +00:00			`(portOption o)`
add --bind option and listen to both ipv4 and ipv6 by default 2024-07-23 19:19:56 +00:00			`host = maybe`
			`(fromString "*") -- both ipv4 and ipv6`
			`fromString`
			`(bindOption o)`
git-annex p2phttp options 2024-07-10 03:44:40 +00:00
			`mkGetServerMode :: M.Map Auth P2P.ServerMode -> Options -> GetServerMode`
			`mkGetServerMode _ o _ Nothing`
			`\| wideOpenOption o = Just P2P.ServeReadWrite`
			`\| unauthAppendOnlyOption o = Just P2P.ServeAppendOnly`
			`\| unauthReadOnlyOption o = Just P2P.ServeReadOnly`
			`\| otherwise = Nothing`
			`mkGetServerMode authenv o issecure (Just auth) =`
			`case (issecure, authEnvOption o, authEnvHttpOption o) of`
			`(Secure, True, _) -> checkauth`
			`(NotSecure, _, True) -> checkauth`
			`_ -> noauth`
			`where`
			`checkauth = case M.lookup auth authenv of`
			`Just servermode -> Just servermode`
			`Nothing -> noauth`
			`noauth = mkGetServerMode authenv o issecure Nothing`

			`getAuthEnv :: IO (M.Map Auth P2P.ServerMode)`
			`getAuthEnv = do`
			`environ <- getEnvironment`
			`let permmap = M.fromList (mapMaybe parseperms environ)`
			`return $ M.fromList $`
			`map (addperms permmap) $`
			`mapMaybe parseusername environ`
			`where`
			`parseperms (k, v) = case deprefix "GIT_ANNEX_P2PHTTP_PERMISSIONS_" k of`
			`Nothing -> Nothing`
			`Just username -> case v of`
			`"readonly" -> Just`
			`(encodeBS username, P2P.ServeReadOnly)`
			`"appendonly" -> Just`
			`(encodeBS username, P2P.ServeAppendOnly)`
			`_ -> Nothing`

			`parseusername (k, v) = case deprefix "GIT_ANNEX_P2PHTTP_PASSWORD_" k of`
			`Nothing -> Nothing`
			`Just username -> Just $ Auth (encodeBS username) (encodeBS v)`

			`deprefix prefix s`
			\| prefix `isPrefixOf` s = Just (drop (length prefix) s)
			`\| otherwise = Nothing`

			`addperms permmap auth@(Auth user _) =`
			`case M.lookup user permmap of`
			`Nothing -> (auth, P2P.ServeReadWrite)`
			`Just perms -> (auth, perms)`