checker: harden HTTP collection and stabilize report ordering
Validate the federation tester URI placeholder, escape the domain, set a client timeout, cap the response body, and ship CA certificates in the scratch image so HTTPS calls succeed. Sort hosts, connection reports, and errors when rendering so output is deterministic, and deduplicate TLS problems. Drop the deprecated aggregate Rule() and add tests for collection and rules.
This commit is contained in:
parent
0fee494294
commit
2af16d3ab9
13 changed files with 363 additions and 41 deletions
|
|
@ -4,12 +4,23 @@ import (
|
|||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultTesterURI = "https://federationtester.matrix.org/api/report?server_name=%s"
|
||||
collectHTTPTimeout = 30 * time.Second
|
||||
maxResponseBodySize = 5 << 20 // 5 MiB
|
||||
)
|
||||
|
||||
var collectHTTPClient = &http.Client{Timeout: collectHTTPTimeout}
|
||||
|
||||
func (p *matrixProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any, error) {
|
||||
domain, _ := opts["serviceDomain"].(string)
|
||||
if domain == "" {
|
||||
|
|
@ -19,15 +30,20 @@ func (p *matrixProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (
|
|||
|
||||
testerURI, _ := opts["federationTesterServer"].(string)
|
||||
if testerURI == "" {
|
||||
testerURI = "https://federationtester.matrix.org/api/report?server_name=%s"
|
||||
testerURI = defaultTesterURI
|
||||
}
|
||||
if !strings.Contains(testerURI, "%s") {
|
||||
return nil, fmt.Errorf("federationTesterServer must contain a %%s placeholder for the domain")
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf(testerURI, domain), nil)
|
||||
reqURL := fmt.Sprintf(testerURI, url.QueryEscape(domain))
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, reqURL, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to build the request: %w", err)
|
||||
}
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
resp, err := collectHTTPClient.Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to perform the test: %w", err)
|
||||
}
|
||||
|
|
@ -38,7 +54,7 @@ func (p *matrixProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (
|
|||
}
|
||||
|
||||
var data MatrixFederationData
|
||||
if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
|
||||
if err := json.NewDecoder(io.LimitReader(resp.Body, maxResponseBodySize)).Decode(&data); err != nil {
|
||||
return nil, fmt.Errorf("failed to decode federation tester response: %w", err)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue