2026-06-11 02:50:30 +00:00
|
|
|
use anyhow::{anyhow, Result};
|
|
|
|
|
use reqwest::Client;
|
|
|
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
|
use std::collections::HashMap;
|
|
|
|
|
use std::time::Duration;
|
|
|
|
|
|
|
|
|
|
/// Proxmox VE/PBS API client
|
|
|
|
|
/// Implements authentication and request handling for Proxmox APIs
|
|
|
|
|
pub struct ProxmoxClient {
|
|
|
|
|
base_url: String,
|
|
|
|
|
port: u16,
|
|
|
|
|
username: String,
|
|
|
|
|
api_token: Option<String>,
|
2026-06-11 14:38:36 +00:00
|
|
|
pub ticket: Option<String>,
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
pub csrf_token: Option<String>,
|
2026-06-11 02:50:30 +00:00
|
|
|
client: Client,
|
|
|
|
|
}
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Outer envelope wrapping every Proxmox API response.
|
2026-06-11 02:50:30 +00:00
|
|
|
#[derive(Debug, Deserialize)]
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
struct ProxmoxEnvelope<T> {
|
|
|
|
|
data: T,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Authentication response from Proxmox (inner `data` object).
|
|
|
|
|
#[derive(Debug, Deserialize)]
|
2026-06-11 02:50:30 +00:00
|
|
|
pub struct AuthResponse {
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Cookie value — `PVEAuthCookie=<ticket>`.
|
2026-06-11 02:50:30 +00:00
|
|
|
pub ticket: String,
|
|
|
|
|
pub username: String,
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Seconds since epoch when the ticket expires.
|
|
|
|
|
#[serde(default)]
|
2026-06-11 02:50:30 +00:00
|
|
|
pub expire: u64,
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Required on mutating requests as `CSRFPreventionToken` header.
|
|
|
|
|
#[serde(rename = "CSRFPreventionToken")]
|
|
|
|
|
pub csrf_prevention_token: Option<String>,
|
|
|
|
|
/// Capability map — structure varies, only needed for display/debug.
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
pub cap: Option<serde_json::Value>,
|
2026-06-21 02:37:39 +00:00
|
|
|
/// Cluster name
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
pub clustername: Option<String>,
|
2026-06-11 02:50:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// API token for authentication
|
|
|
|
|
#[derive(Debug, Serialize, Deserialize)]
|
|
|
|
|
pub struct ApiToken {
|
|
|
|
|
pub token_id: String,
|
|
|
|
|
pub name: String,
|
|
|
|
|
pub expire: u64,
|
|
|
|
|
pub permissions: Vec<String>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ProxmoxClient {
|
|
|
|
|
/// Create a new Proxmox client
|
|
|
|
|
pub fn new(base_url: &str, port: u16, username: &str) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
base_url: base_url.trim_end_matches('/').to_string(),
|
|
|
|
|
port,
|
|
|
|
|
username: username.to_string(),
|
|
|
|
|
api_token: None,
|
2026-06-11 14:38:36 +00:00
|
|
|
ticket: None,
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
csrf_token: None,
|
2026-06-11 02:50:30 +00:00
|
|
|
client: Client::builder()
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
.danger_accept_invalid_certs(true)
|
2026-06-11 02:50:30 +00:00
|
|
|
.timeout(Duration::from_secs(30))
|
|
|
|
|
.build()
|
|
|
|
|
.expect("Failed to create HTTP client"),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Set the ticket for cookie-based authentication.
|
2026-06-11 14:38:36 +00:00
|
|
|
pub fn set_ticket(&mut self, ticket: &str) {
|
|
|
|
|
self.ticket = Some(ticket.to_string());
|
|
|
|
|
}
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Set the CSRF prevention token (required for mutating requests).
|
|
|
|
|
pub fn set_csrf_token(&mut self, token: &str) {
|
|
|
|
|
self.csrf_token = Some(token.to_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Authenticate with username + password.
|
|
|
|
|
/// Stores the ticket and CSRF token on success; returns the ticket string.
|
|
|
|
|
pub async fn authenticate(&mut self, password: &str) -> Result<String> {
|
2026-06-19 21:44:50 +00:00
|
|
|
let url = format!(
|
|
|
|
|
"https://{}:{}/api2/json/access/ticket",
|
|
|
|
|
self.base_url, self.port
|
|
|
|
|
);
|
2026-06-11 02:50:30 +00:00
|
|
|
|
2026-06-11 14:38:36 +00:00
|
|
|
let params = vec![("username", self.username.as_str()), ("password", password)];
|
2026-06-11 02:50:30 +00:00
|
|
|
|
|
|
|
|
let response = self
|
|
|
|
|
.client
|
|
|
|
|
.post(&url)
|
|
|
|
|
.form(¶ms)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("Authentication request failed: {}", e))?;
|
|
|
|
|
|
|
|
|
|
if !response.status().is_success() {
|
|
|
|
|
let status = response.status();
|
|
|
|
|
let text = response.text().await.unwrap_or_default();
|
|
|
|
|
return Err(anyhow!(
|
|
|
|
|
"Authentication failed with status {}: {}",
|
|
|
|
|
status,
|
|
|
|
|
text
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let envelope: ProxmoxEnvelope<AuthResponse> = response
|
2026-06-11 02:50:30 +00:00
|
|
|
.json()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("Failed to parse authentication response: {}", e))?;
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let auth = envelope.data;
|
|
|
|
|
self.ticket = Some(auth.ticket.clone());
|
|
|
|
|
if let Some(csrf) = auth.csrf_prevention_token {
|
|
|
|
|
self.csrf_token = Some(csrf);
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-11 02:50:30 +00:00
|
|
|
Ok(auth.ticket)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Authenticate with API token
|
|
|
|
|
pub fn authenticate_with_token(&mut self, token: &str) {
|
|
|
|
|
self.api_token = Some(token.to_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the full API URL for a given path
|
|
|
|
|
fn get_api_url(&self, path: &str) -> String {
|
|
|
|
|
format!(
|
2026-06-19 21:44:50 +00:00
|
|
|
"https://{}:{}/api2/json/{}",
|
2026-06-11 02:50:30 +00:00
|
|
|
self.base_url,
|
2026-06-19 21:44:50 +00:00
|
|
|
self.port,
|
2026-06-11 02:50:30 +00:00
|
|
|
path.trim_start_matches('/')
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
/// Build request headers with authentication.
|
|
|
|
|
/// `include_csrf` should be true for POST / PUT / DELETE requests.
|
2026-06-21 01:13:58 +00:00
|
|
|
fn build_headers(
|
|
|
|
|
&self,
|
|
|
|
|
ticket: Option<&str>,
|
|
|
|
|
include_csrf: bool,
|
|
|
|
|
) -> reqwest::header::HeaderMap {
|
2026-06-11 02:50:30 +00:00
|
|
|
let mut headers = reqwest::header::HeaderMap::new();
|
|
|
|
|
|
|
|
|
|
if let Some(token) = &self.api_token {
|
|
|
|
|
headers.insert(
|
|
|
|
|
reqwest::header::AUTHORIZATION,
|
|
|
|
|
format!("PVEAPIAuth {}", token)
|
|
|
|
|
.parse()
|
|
|
|
|
.expect("Invalid auth header"),
|
|
|
|
|
);
|
|
|
|
|
} else if let Some(ticket) = ticket {
|
|
|
|
|
headers.insert(
|
|
|
|
|
"Cookie",
|
|
|
|
|
format!("PVEAuthCookie={}", ticket)
|
|
|
|
|
.parse()
|
|
|
|
|
.expect("Invalid cookie header"),
|
|
|
|
|
);
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
if include_csrf {
|
|
|
|
|
if let Some(csrf) = &self.csrf_token {
|
|
|
|
|
headers.insert(
|
|
|
|
|
"CSRFPreventionToken",
|
|
|
|
|
csrf.parse().expect("Invalid CSRF token header"),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-06-11 02:50:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
headers.insert(
|
|
|
|
|
reqwest::header::CONTENT_TYPE,
|
|
|
|
|
"application/x-www-form-urlencoded"
|
|
|
|
|
.parse()
|
|
|
|
|
.expect("Invalid content type"),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
headers
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// GET request to Proxmox API
|
|
|
|
|
pub async fn get<T: for<'de> Deserialize<'de>>(
|
|
|
|
|
&self,
|
|
|
|
|
path: &str,
|
|
|
|
|
ticket: Option<&str>,
|
|
|
|
|
) -> Result<T> {
|
|
|
|
|
let url = self.get_api_url(path);
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let headers = self.build_headers(ticket, false);
|
2026-06-11 02:50:30 +00:00
|
|
|
|
|
|
|
|
let response = self
|
|
|
|
|
.client
|
|
|
|
|
.get(&url)
|
|
|
|
|
.headers(headers)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("GET request failed: {}", e))?;
|
|
|
|
|
|
|
|
|
|
self.handle_response(response).await
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// POST request to Proxmox API
|
|
|
|
|
pub async fn post<T: for<'de> Deserialize<'de>, B: Serialize>(
|
|
|
|
|
&self,
|
|
|
|
|
path: &str,
|
|
|
|
|
body: &B,
|
|
|
|
|
ticket: Option<&str>,
|
|
|
|
|
) -> Result<T> {
|
|
|
|
|
let url = self.get_api_url(path);
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let headers = self.build_headers(ticket, true);
|
2026-06-11 02:50:30 +00:00
|
|
|
|
|
|
|
|
let response = self
|
|
|
|
|
.client
|
|
|
|
|
.post(&url)
|
|
|
|
|
.headers(headers)
|
|
|
|
|
.json(body)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("POST request failed: {}", e))?;
|
|
|
|
|
|
|
|
|
|
self.handle_response(response).await
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// PUT request to Proxmox API
|
|
|
|
|
pub async fn put<T: for<'de> Deserialize<'de>, B: Serialize>(
|
|
|
|
|
&self,
|
|
|
|
|
path: &str,
|
|
|
|
|
body: &B,
|
|
|
|
|
ticket: Option<&str>,
|
|
|
|
|
) -> Result<T> {
|
|
|
|
|
let url = self.get_api_url(path);
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let headers = self.build_headers(ticket, true);
|
2026-06-11 02:50:30 +00:00
|
|
|
|
|
|
|
|
let response = self
|
|
|
|
|
.client
|
|
|
|
|
.put(&url)
|
|
|
|
|
.headers(headers)
|
|
|
|
|
.json(body)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("PUT request failed: {}", e))?;
|
|
|
|
|
|
|
|
|
|
self.handle_response(response).await
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// DELETE request to Proxmox API
|
|
|
|
|
pub async fn delete<T: for<'de> Deserialize<'de>>(
|
|
|
|
|
&self,
|
|
|
|
|
path: &str,
|
|
|
|
|
ticket: Option<&str>,
|
|
|
|
|
) -> Result<T> {
|
|
|
|
|
let url = self.get_api_url(path);
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let headers = self.build_headers(ticket, true);
|
2026-06-11 02:50:30 +00:00
|
|
|
|
|
|
|
|
let response = self
|
|
|
|
|
.client
|
|
|
|
|
.delete(&url)
|
|
|
|
|
.headers(headers)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("DELETE request failed: {}", e))?;
|
|
|
|
|
|
|
|
|
|
self.handle_response(response).await
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Handle API response
|
|
|
|
|
async fn handle_response<T: for<'de> Deserialize<'de>>(
|
|
|
|
|
&self,
|
|
|
|
|
response: reqwest::Response,
|
|
|
|
|
) -> Result<T> {
|
|
|
|
|
if !response.status().is_success() {
|
|
|
|
|
let status = response.status();
|
|
|
|
|
let text = response.text().await.unwrap_or_default();
|
|
|
|
|
return Err(anyhow!(
|
|
|
|
|
"API request failed with status {}: {}",
|
|
|
|
|
status,
|
|
|
|
|
text
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let data: HashMap<String, serde_json::Value> = response
|
|
|
|
|
.json()
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| anyhow!("Failed to parse API response: {}", e))?;
|
|
|
|
|
|
|
|
|
|
// Proxmox API wraps data in "data" field
|
|
|
|
|
data.get("data")
|
|
|
|
|
.ok_or_else(|| anyhow!("Response missing 'data' field"))
|
|
|
|
|
.and_then(|d| {
|
|
|
|
|
serde_json::from_value(d.clone())
|
|
|
|
|
.map_err(|e| anyhow!("Failed to deserialize data: {}", e))
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the base URL
|
|
|
|
|
pub fn base_url(&self) -> &str {
|
|
|
|
|
&self.base_url
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the port
|
|
|
|
|
pub fn port(&self) -> u16 {
|
|
|
|
|
self.port
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get the username
|
|
|
|
|
pub fn username(&self) -> &str {
|
|
|
|
|
&self.username
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests {
|
|
|
|
|
use super::*;
|
|
|
|
|
|
2026-06-19 21:44:50 +00:00
|
|
|
// The frontend strips the protocol via parseRemoteUrl before sending to the backend,
|
|
|
|
|
// so ProxmoxClient always receives a bare hostname (no scheme, no port).
|
|
|
|
|
// get_api_url() is responsible for constructing the full https URL with port.
|
|
|
|
|
|
2026-06-11 02:50:30 +00:00
|
|
|
#[test]
|
|
|
|
|
fn test_proxmox_client_new() {
|
2026-06-19 21:44:50 +00:00
|
|
|
let client = ProxmoxClient::new("pve.example.com", 8006, "root@pam");
|
|
|
|
|
assert_eq!(client.base_url(), "pve.example.com");
|
2026-06-11 02:50:30 +00:00
|
|
|
assert_eq!(client.port(), 8006);
|
|
|
|
|
assert_eq!(client.username(), "root@pam");
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
assert!(client.ticket.is_none());
|
|
|
|
|
assert!(client.csrf_token.is_none());
|
2026-06-11 02:50:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_proxmox_client_with_trailing_slash() {
|
2026-06-19 21:44:50 +00:00
|
|
|
let client = ProxmoxClient::new("pve.example.com/", 8006, "root@pam");
|
|
|
|
|
assert_eq!(client.base_url(), "pve.example.com");
|
2026-06-11 02:50:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_get_api_url() {
|
2026-06-19 21:44:50 +00:00
|
|
|
let client = ProxmoxClient::new("pve.example.com", 8006, "root@pam");
|
2026-06-11 02:50:30 +00:00
|
|
|
assert_eq!(
|
|
|
|
|
client.get_api_url("cluster/resources"),
|
2026-06-19 21:44:50 +00:00
|
|
|
"https://pve.example.com:8006/api2/json/cluster/resources"
|
2026-06-11 02:50:30 +00:00
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
client.get_api_url("/cluster/resources"),
|
2026-06-19 21:44:50 +00:00
|
|
|
"https://pve.example.com:8006/api2/json/cluster/resources"
|
2026-06-11 02:50:30 +00:00
|
|
|
);
|
|
|
|
|
}
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_auth_response_envelope_deserialization() {
|
|
|
|
|
// Validates that the `{"data": {...}}` envelope Proxmox uses is parsed
|
|
|
|
|
// correctly into ProxmoxEnvelope<AuthResponse>.
|
2026-06-21 02:37:39 +00:00
|
|
|
// Note: Proxmox returns lowercase fields (ticket, username, clustername)
|
|
|
|
|
// except for CSRFPreventionToken which is PascalCase.
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
let json = r#"{
|
|
|
|
|
"data": {
|
2026-06-21 02:37:39 +00:00
|
|
|
"ticket": "PVE:root@pam:12345",
|
|
|
|
|
"username": "root@pam",
|
|
|
|
|
"expire": 1800,
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
"CSRFPreventionToken": "abc123",
|
2026-06-21 02:37:39 +00:00
|
|
|
"cap": null,
|
|
|
|
|
"clustername": "TFTSR"
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
}
|
|
|
|
|
}"#;
|
|
|
|
|
let envelope: ProxmoxEnvelope<AuthResponse> =
|
|
|
|
|
serde_json::from_str(json).expect("envelope should parse");
|
|
|
|
|
assert_eq!(envelope.data.ticket, "PVE:root@pam:12345");
|
|
|
|
|
assert_eq!(
|
|
|
|
|
envelope.data.csrf_prevention_token.as_deref(),
|
|
|
|
|
Some("abc123")
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_auth_response_envelope_no_csrf() {
|
|
|
|
|
// Some Proxmox versions or API tokens may omit CSRFPreventionToken.
|
|
|
|
|
let json = r#"{
|
|
|
|
|
"data": {
|
2026-06-21 02:37:39 +00:00
|
|
|
"ticket": "PVE:root@pam:99999",
|
|
|
|
|
"username": "root@pam",
|
|
|
|
|
"clustername": "TFTSR"
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
}
|
|
|
|
|
}"#;
|
|
|
|
|
let envelope: ProxmoxEnvelope<AuthResponse> =
|
|
|
|
|
serde_json::from_str(json).expect("envelope should parse without CSRF");
|
|
|
|
|
assert_eq!(envelope.data.ticket, "PVE:root@pam:99999");
|
|
|
|
|
assert!(envelope.data.csrf_prevention_token.is_none());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_build_headers_get_omits_csrf() {
|
|
|
|
|
let mut client = ProxmoxClient::new("pve.example.com", 8006, "root@pam");
|
|
|
|
|
client.set_ticket("my-ticket");
|
|
|
|
|
client.set_csrf_token("my-csrf");
|
|
|
|
|
|
|
|
|
|
let headers = client.build_headers(Some("my-ticket"), false);
|
|
|
|
|
assert!(!headers.contains_key("CSRFPreventionToken"));
|
|
|
|
|
assert!(headers.contains_key("Cookie"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_build_headers_post_includes_csrf() {
|
|
|
|
|
let mut client = ProxmoxClient::new("pve.example.com", 8006, "root@pam");
|
|
|
|
|
client.set_ticket("my-ticket");
|
|
|
|
|
client.set_csrf_token("my-csrf");
|
|
|
|
|
|
|
|
|
|
let headers = client.build_headers(Some("my-ticket"), true);
|
|
|
|
|
assert!(headers.contains_key("CSRFPreventionToken"));
|
2026-06-21 01:13:58 +00:00
|
|
|
let csrf_val = headers
|
|
|
|
|
.get("CSRFPreventionToken")
|
|
|
|
|
.unwrap()
|
|
|
|
|
.to_str()
|
|
|
|
|
.unwrap();
|
fix(proxmox): restore reliable connect/reconnect after app restart
Root cause: authenticate() tried to deserialize the Proxmox API response
directly into AuthResponse, but Proxmox wraps every response in
{"data": {...}}. This caused every reconnect attempt after app restart
to fail silently.
Additional fixes bundled in this commit:
- add_proxmox_cluster now authenticates immediately so the in-memory pool
always contains a live, ticketed client (not a bare unauthenticated stub)
- ProxmoxClient stores the CSRFPreventionToken and includes it in the
CSRFPreventionToken header on POST/PUT/DELETE requests (Proxmox requires
this for all mutating calls)
- accept-invalid-certs enabled on the reqwest Client so self-signed PVE
certificates do not block connections
- Removed double-unwrap of the data field in 10 commands (list_acls,
list_users, get_cluster_notes, search_proxmox_resources, get_node_status,
get_syslog, list_network_interfaces, get_subscription_status,
list_cluster_tasks, list_proxmox_containers) — handle_response already
strips the envelope before returning to callers
- Added connect_proxmox_cluster and disconnect_proxmox_cluster Tauri
commands so the UI can explicitly connect/disconnect sessions
- Wired RemotesPage Connect/Disconnect buttons to the real backend commands
- Updated and added tests covering envelope parsing, CSRF header logic,
already-unwrapped response handling, and the new connect/disconnect paths
2026-06-21 00:05:00 +00:00
|
|
|
assert_eq!(csrf_val, "my-csrf");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn test_set_ticket_and_csrf_token() {
|
|
|
|
|
let mut client = ProxmoxClient::new("pve.example.com", 8006, "root@pam");
|
|
|
|
|
client.set_ticket("ticket-value");
|
|
|
|
|
client.set_csrf_token("csrf-value");
|
|
|
|
|
assert_eq!(client.ticket.as_deref(), Some("ticket-value"));
|
|
|
|
|
assert_eq!(client.csrf_token.as_deref(), Some("csrf-value"));
|
|
|
|
|
}
|
2026-06-21 02:37:39 +00:00
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_real_proxmox_auth() {
|
|
|
|
|
let password = match std::env::var("PROXMOX_PASSWORD") {
|
|
|
|
|
Ok(p) => p,
|
|
|
|
|
Err(_) => {
|
|
|
|
|
println!("Skipping test: PROXMOX_PASSWORD env var not set");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let mut client = ProxmoxClient::new("172.0.0.18", 8006, "root@pam");
|
|
|
|
|
let result = client.authenticate(&password).await;
|
|
|
|
|
match result {
|
|
|
|
|
Ok(ticket) => {
|
|
|
|
|
println!("✓ Authentication successful");
|
|
|
|
|
println!(" Ticket: {}", &ticket[..50]);
|
|
|
|
|
assert!(client.ticket.is_some());
|
|
|
|
|
assert!(client.csrf_token.is_some());
|
|
|
|
|
}
|
|
|
|
|
Err(e) => {
|
|
|
|
|
panic!("Authentication failed: {}", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_real_proxmox_cluster_resources() {
|
|
|
|
|
let password = match std::env::var("PROXMOX_PASSWORD") {
|
|
|
|
|
Ok(p) => p,
|
|
|
|
|
Err(_) => {
|
|
|
|
|
println!("Skipping test: PROXMOX_PASSWORD env var not set");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let mut client = ProxmoxClient::new("172.0.0.18", 8006, "root@pam");
|
|
|
|
|
client.authenticate(&password).await.expect("Authentication failed");
|
|
|
|
|
|
|
|
|
|
#[derive(serde::Deserialize, Debug)]
|
|
|
|
|
struct Resource {
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
vmid: Option<u32>,
|
|
|
|
|
name: Option<String>,
|
|
|
|
|
r#type: Option<String>,
|
|
|
|
|
node: Option<String>,
|
|
|
|
|
status: Option<String>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let result: Result<Vec<Resource>, _> = client.get("cluster/resources", client.ticket.as_deref()).await;
|
|
|
|
|
match result {
|
|
|
|
|
Ok(resources) => {
|
|
|
|
|
println!("✓ Cluster resources fetched successfully");
|
|
|
|
|
println!(" Found {} resources", resources.len());
|
|
|
|
|
}
|
|
|
|
|
Err(e) => {
|
|
|
|
|
panic!("Failed to get cluster resources: {}", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-21 02:49:18 +00:00
|
|
|
fn get_test_client() -> ProxmoxClient {
|
|
|
|
|
let host = std::env::var("PROXMOX_HOST").unwrap_or_else(|_| "172.0.0.18".to_string());
|
|
|
|
|
ProxmoxClient::new(&host, 8006, "root@pam")
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-21 02:37:39 +00:00
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_real_proxmox_nodes() {
|
|
|
|
|
let password = match std::env::var("PROXMOX_PASSWORD") {
|
|
|
|
|
Ok(p) => p,
|
|
|
|
|
Err(_) => {
|
|
|
|
|
println!("Skipping test: PROXMOX_PASSWORD env var not set");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2026-06-21 02:49:18 +00:00
|
|
|
let mut client = get_test_client();
|
2026-06-21 02:37:39 +00:00
|
|
|
client.authenticate(&password).await.expect("Authentication failed");
|
|
|
|
|
|
|
|
|
|
#[derive(serde::Deserialize, Debug)]
|
|
|
|
|
struct Node {
|
|
|
|
|
node: String,
|
|
|
|
|
status: String,
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
level: String,
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
cpu: f64,
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
uptime: u64,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let result: Result<Vec<Node>, _> = client.get("nodes", client.ticket.as_deref()).await;
|
|
|
|
|
match result {
|
|
|
|
|
Ok(nodes) => {
|
|
|
|
|
println!("✓ Nodes fetched successfully");
|
|
|
|
|
for node in &nodes {
|
|
|
|
|
println!(" Node: {} - Status: {}", node.node, node.status);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
Err(e) => {
|
|
|
|
|
panic!("Failed to get nodes: {}", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn test_real_proxmox_vms() {
|
|
|
|
|
let password = match std::env::var("PROXMOX_PASSWORD") {
|
|
|
|
|
Ok(p) => p,
|
|
|
|
|
Err(_) => {
|
|
|
|
|
println!("Skipping test: PROXMOX_PASSWORD env var not set");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2026-06-21 02:49:18 +00:00
|
|
|
let mut client = get_test_client();
|
2026-06-21 02:37:39 +00:00
|
|
|
client.authenticate(&password).await.expect("Authentication failed");
|
|
|
|
|
|
|
|
|
|
#[derive(serde::Deserialize, Debug)]
|
|
|
|
|
struct Resource {
|
|
|
|
|
#[serde(default)]
|
|
|
|
|
vmid: Option<u32>,
|
|
|
|
|
name: Option<String>,
|
|
|
|
|
r#type: Option<String>,
|
|
|
|
|
status: Option<String>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let result: Result<Vec<Resource>, _> = client.get("cluster/resources", client.ticket.as_deref()).await;
|
|
|
|
|
match result {
|
|
|
|
|
Ok(resources) => {
|
|
|
|
|
let vms: Vec<_> = resources.into_iter().filter(|r| r.r#type.as_deref() == Some("qemu")).collect();
|
|
|
|
|
println!("✓ VMs fetched successfully");
|
|
|
|
|
println!(" Found {} VMs", vms.len());
|
|
|
|
|
}
|
|
|
|
|
Err(e) => {
|
|
|
|
|
panic!("Failed to get VMs: {}", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2026-06-11 02:50:30 +00:00
|
|
|
}
|