[pbs-devel] [PATCH proxmox-backup 1/1] api/proxy: set auth cookie name in rest server api config
Shannon Sterz
s.sterz at proxmox.com
Fri Jul 25 13:20:19 CEST 2025
set the name of the auth cookie when configuring apis to allow the
rest server to remove invalid tickets on 401 requests.
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
src/auth.rs | 10 +++++++++-
src/auth_helpers.rs | 1 +
src/bin/proxmox-backup-api.rs | 1 +
src/bin/proxmox-backup-proxy.rs | 1 +
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/auth.rs b/src/auth.rs
index 86b12a76..ac24c8ca 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -13,7 +13,7 @@ use pbs_config::open_backup_lockfile;
use proxmox_router::http_bail;
use serde_json::json;
-use proxmox_auth_api::api::{Authenticator, LockedTfaConfig};
+use proxmox_auth_api::api::{AuthContext, Authenticator, LockedTfaConfig};
use proxmox_auth_api::ticket::{Empty, Ticket};
use proxmox_auth_api::types::Authid;
use proxmox_auth_api::{HMACKey, Keyring};
@@ -377,6 +377,14 @@ pub fn setup_auth_context(use_private_key: bool) {
proxmox_auth_api::set_auth_context(AUTH_CONTEXT.get().unwrap());
}
+pub fn get_auth_cookie_name() -> String {
+ AUTH_CONTEXT
+ .get()
+ .expect("auth context needs to be set before accessing the auth cookie name")
+ .prefixed_auth_cookie_name()
+ .to_string()
+}
+
pub(crate) fn private_auth_keyring() -> &'static Keyring {
&PRIVATE_KEYRING
}
diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs
index 65e36308..fdd8d663 100644
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -10,6 +10,7 @@ use proxmox_sys::fs::{file_get_contents, replace_file, CreateOptions};
use pbs_buildcfg::configdir;
use serde_json::json;
+pub use crate::auth::get_auth_cookie_name;
pub use crate::auth::setup_auth_context;
pub use proxmox_auth_api::api::assemble_csrf_prevention_token;
diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs
index 3d80b023..74528236 100644
--- a/src/bin/proxmox-backup-api.rs
+++ b/src/bin/proxmox-backup-api.rs
@@ -88,6 +88,7 @@ async fn run() -> Result<(), Error> {
let config = ApiConfig::new(pbs_buildcfg::JS_DIR, RpcEnvironmentType::PRIVILEGED)
.index_handler_func(|_, _| get_index())
.auth_handler_func(|h, m| Box::pin(check_pbs_auth(h, m)))
+ .auth_cookie_name(proxmox_backup::auth_helpers::get_auth_cookie_name())
.default_api2_handler(&proxmox_backup::api2::ROUTER)
.enable_access_log(
pbs_buildcfg::API_ACCESS_LOG_FN,
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 694c2463..4641fed1 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -195,6 +195,7 @@ async fn run() -> Result<(), Error> {
let mut config = ApiConfig::new(pbs_buildcfg::JS_DIR, RpcEnvironmentType::PUBLIC)
.index_handler_func(|e, p| Box::pin(get_index_future(e, p)))
.auth_handler_func(|h, m| Box::pin(check_pbs_auth(h, m)))
+ .auth_cookie_name(proxmox_backup::auth_helpers::get_auth_cookie_name())
.register_template("index", &indexpath)?
.register_template("console", "/usr/share/pve-xtermjs/index.html.hbs")?
.default_api2_handler(&proxmox_backup::api2::ROUTER)
--
2.47.2
More information about the pbs-devel
mailing list