checker: Add matrix client tests

This commit is contained in:
nemunaire 2021-10-31 17:30:29 +01:00
parent 6269ac83d4
commit 805b654170
3 changed files with 124 additions and 37 deletions

View File

@ -8,6 +8,7 @@ import (
"log" "log"
"net" "net"
"net/http" "net/http"
"net/url"
"strings" "strings"
"time" "time"
@ -428,7 +429,7 @@ type matrix_result struct {
FederationOK bool `json:"FederationOK"` FederationOK bool `json:"FederationOK"`
} }
func check_matrix(domain string) (version string, err error) { func check_matrix_federation(domain string) (version string, err error) {
var resp *http.Response var resp *http.Response
resp, err = http.Get(fmt.Sprintf("https://federation-tester.adlin.nemunai.re/api/report?server_name=%s", strings.TrimSuffix(domain, "."))) resp, err = http.Get(fmt.Sprintf("https://federation-tester.adlin.nemunai.re/api/report?server_name=%s", strings.TrimSuffix(domain, ".")))
if err != nil { if err != nil {
@ -442,7 +443,7 @@ func check_matrix(domain string) (version string, err error) {
var federationTest matrix_result var federationTest matrix_result
if err = json.NewDecoder(resp.Body).Decode(&federationTest); err != nil { if err = json.NewDecoder(resp.Body).Decode(&federationTest); err != nil {
log.Printf("Error in check_matrix, when decoding json: %w", err.Error()) log.Printf("Error in check_matrix_federation, when decoding json: %w", err.Error())
return "", fmt.Errorf("Sorry, the federation tester is broken. Check on https://federationtester.matrix.org/#%s", strings.TrimSuffix(domain, ".")) return "", fmt.Errorf("Sorry, the federation tester is broken. Check on https://federationtester.matrix.org/#%s", strings.TrimSuffix(domain, "."))
} else if federationTest.FederationOK { } else if federationTest.FederationOK {
version = federationTest.Version.Name + " " + federationTest.Version.Version version = federationTest.Version.Name + " " + federationTest.Version.Version
@ -467,6 +468,71 @@ func check_matrix(domain string) (version string, err error) {
} }
} }
type matrix_wk_client struct {
Homeserver struct {
BaseURL string `json:"base_url"`
} `json:"m.homeserver"`
IdentityServer struct {
BaseURL string `json:"base_url"`
} `json:"m.identity_server"`
}
type matrix_client_versions struct {
Versions []string `json:"versions"`
UnstableFeatures map[string]bool `json:"unstable_features"`
}
func check_matrix_client(domain string) (version string, err error) {
var resp *http.Response
resp, err = http.Get(fmt.Sprintf("https://%s/.well-known/matrix/client", strings.TrimSuffix(domain, ".")))
if err != nil {
return
}
defer resp.Body.Close()
var HomeserverBase = fmt.Sprintf("https://%s", strings.TrimSuffix(domain, "."))
if resp.StatusCode < 300 {
var wellknown matrix_wk_client
if err = json.NewDecoder(resp.Body).Decode(&wellknown); err != nil {
log.Printf("Error in check_matrix_client, when decoding json: %w", err.Error())
return "", fmt.Errorf("File at https://%s/.well-known/matrix/client is invalid: JSON parse error", strings.TrimSuffix(domain, "."))
} else if wellknown.Homeserver.BaseURL != "" {
if baseurl, err := url.Parse(wellknown.Homeserver.BaseURL); err != nil {
return "", fmt.Errorf("File at https://%s/.well-known/matrix/client is invalid: Bad homeserver URL: %s", strings.TrimSuffix(domain, "."), err.Error())
} else if !strings.HasSuffix(strings.TrimSuffix(baseurl.Host, "."), strings.TrimSuffix(domain, ".")) {
return "", fmt.Errorf("Your homeserver base_url is not under %s", strings.TrimSuffix(domain, "."))
} else if strings.TrimSuffix(baseurl.Host, ".") == strings.TrimSuffix(domain, ".") {
// This test can be optional
return "", fmt.Errorf("Your homeserver should be on its own subdomain")
} else {
HomeserverBase = wellknown.Homeserver.BaseURL
}
}
}
var resp2 *http.Response
resp2, err = http.Get(fmt.Sprintf("%s/_matrix/client/versions", HomeserverBase))
if err != nil {
return
}
defer resp2.Body.Close()
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("Unable to fetch your homeserver versions at %s/_matrix/client/versions: %s", HomeserverBase, resp.Status)
}
var clientTest matrix_client_versions
if err = json.NewDecoder(resp2.Body).Decode(&clientTest); err != nil {
log.Printf("Error in check_matrix_client, when decoding versions json: %w", err.Error())
return "", fmt.Errorf("File at %s/_matrix/client/versions is invalid: JSON parse error: %s", HomeserverBase, err.Error())
} else if len(clientTest.Versions) == 0 {
return "", fmt.Errorf("File at %s/_matrix/client/versions is invalid: no protocol version supported", HomeserverBase)
} else {
return clientTest.Versions[len(clientTest.Versions)-1], nil
}
}
// Main // Main
func minTunnelVersion(std *adlin.Student, suffixip int) (int, error) { func minTunnelVersion(std *adlin.Student, suffixip int) (int, error) {
@ -558,29 +624,29 @@ func studentsChecker() {
if glueErr != nil { if glueErr != nil {
dnsAt = " + there is a problem with the GLUE record: " + glueErr.Error() dnsAt = " + there is a problem with the GLUE record: " + glueErr.Error()
} }
if errreg := std.RegisterChallengeError(100*(tunnel_version-1)+3, fmt.Errorf("%s: empty response from the server%s", std.MyDelegatedDomain(), dnsAt)); errreg != nil { if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][DNSDelegation], fmt.Errorf("%s: empty response from the server%s", std.MyDelegatedDomain(), dnsAt)); errreg != nil {
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg) log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
} }
} else { } else {
if verbose { if verbose {
log.Printf("%s just unlocked DNS challenge\n", std.Login) log.Printf("%s just unlocked DNS challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+3, addr.String()); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][DNSDelegation], addr.String()); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
// Check HTTP with DNS // Check HTTP with DNS
if glueErr != nil { if glueErr != nil {
std.RegisterChallengeError(100*(tunnel_version-1)+4, fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr)) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
} else if err := check_http(addr.String(), std.MyDelegatedDomain()); err == nil { } else if err := check_http(addr.String(), std.MyDelegatedDomain()); err == nil {
if verbose { if verbose {
log.Printf("%s just unlocked HTTP challenge\n", std.Login) log.Printf("%s just unlocked HTTP challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+4, ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPonDelegatedDomain], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+4, err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonDelegatedDomain], err)
if verbose { if verbose {
log.Printf("%s and HTTP (with DNS ip=%s): %s\n", std.Login, addr.String(), err) log.Printf("%s and HTTP (with DNS ip=%s): %s\n", std.Login, addr.String(), err)
} }
@ -588,16 +654,16 @@ func studentsChecker() {
// Check HTTPs with DNS // Check HTTPs with DNS
if glueErr != nil { if glueErr != nil {
std.RegisterChallengeError(100*(tunnel_version-1)+5, fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr)) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
} else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil { } else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil {
if verbose { if verbose {
log.Printf("%s just unlocked HTTPS challenge\n", std.Login) log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+5, ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonDelegatedDomain], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+5, err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], err)
if verbose { if verbose {
log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err) log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err)
} }
@ -605,17 +671,33 @@ func studentsChecker() {
// Check Matrix (only if GLUE Ok and defer contraint) // Check Matrix (only if GLUE Ok and defer contraint)
if glueErr == nil && istd%10 == check_matrix_for { if glueErr == nil && istd%10 == check_matrix_for {
if v, err := check_matrix(std.MyDelegatedDomain()); err == nil { // Check Matrix Federation first
if v, err := check_matrix_federation(std.MyDelegatedDomain()); err == nil {
if verbose { if verbose {
log.Printf("%s just unlocked Matrix challenge\n", std.Login) log.Printf("%s just unlocked Matrix federation challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+6, v); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixSrv], v); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+6, err) std.RegisterChallengeError(CheckMap[tunnel_version][MatrixSrv], err)
if verbose { if verbose {
log.Printf("%s and Matrix: %s\n", std.Login, err) log.Printf("%s and Matrix federation: %s\n", std.Login, err)
}
}
// Check Matrix Client
if v, err := check_matrix_client(std.MyDelegatedDomain()); err == nil {
if verbose {
log.Printf("%s just unlocked Matrix client challenge\n", std.Login)
}
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixClt], v); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
}
} else {
std.RegisterChallengeError(CheckMap[tunnel_version][MatrixClt], err)
if verbose {
log.Printf("%s and Matrix client: %s\n", std.Login, err)
} }
} }
} }
@ -626,11 +708,11 @@ func studentsChecker() {
if verbose { if verbose {
log.Printf("%s just unlocked DNSSEC challenge\n", std.Login) log.Printf("%s just unlocked DNSSEC challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+7, ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][DNSSEC], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+7, err) std.RegisterChallengeError(CheckMap[tunnel_version][DNSSEC], err)
if verbose { if verbose {
log.Printf("%s and DNSSEC: %s\n", std.Login, err) log.Printf("%s and DNSSEC: %s\n", std.Login, err)
} }
@ -638,7 +720,7 @@ func studentsChecker() {
} }
} }
} else { } else {
if errreg := std.RegisterChallengeError(100*(tunnel_version-1)+3, err); errreg != nil { if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][DNSDelegation], err); errreg != nil {
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg) log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
} }
if verbose { if verbose {
@ -668,11 +750,11 @@ func studentsChecker() {
if verbose { if verbose {
log.Printf("%s just unlocked HTTP (without DNS) challenge\n", std.Login) log.Printf("%s just unlocked HTTP (without DNS) challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+1, ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPonAssociatedDomain], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+1, err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonAssociatedDomain], err)
if verbose { if verbose {
log.Printf("%s and HTTP (without DNS): %s\n", std.Login, err) log.Printf("%s and HTTP (without DNS): %s\n", std.Login, err)
} }
@ -683,11 +765,11 @@ func studentsChecker() {
if verbose { if verbose {
log.Printf("%s just unlocked HTTPS challenge\n", std.Login) log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
} }
if _, err := std.UnlockChallenge(100*(tunnel_version-1)+2, ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonAssociatedDomain], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
std.RegisterChallengeError(100*(tunnel_version-1)+2, err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonAssociatedDomain], err)
if verbose { if verbose {
log.Printf("%s and HTTPS (without DNS): %s\n", std.Login, err) log.Printf("%s and HTTPS (without DNS): %s\n", std.Login, err)
} }

View File

@ -9,7 +9,8 @@ const (
DNSDelegation DNSDelegation
HTTPonDelegatedDomain HTTPonDelegatedDomain
HTTPSonDelegatedDomain HTTPSonDelegatedDomain
Matrix MatrixSrv
MatrixClt
SNI SNI
DNSSEC DNSSEC
PingResolver PingResolver
@ -28,8 +29,9 @@ var CheckMap = map[int]map[AdlinTest]int{
DNSDelegation: 103, DNSDelegation: 103,
HTTPonDelegatedDomain: 104, HTTPonDelegatedDomain: 104,
HTTPSonDelegatedDomain: 105, HTTPSonDelegatedDomain: 105,
Matrix: 106, MatrixSrv: 106,
DNSSEC: 107, MatrixClt: 107,
DNSSEC: 108,
}, },
3: map[AdlinTest]int{ 3: map[AdlinTest]int{
PingResolver: 200, PingResolver: 200,
@ -37,11 +39,12 @@ var CheckMap = map[int]map[AdlinTest]int{
DNSDelegation: 203, DNSDelegation: 203,
HTTPonDelegatedDomain: 204, HTTPonDelegatedDomain: 204,
HTTPSonDelegatedDomain: 205, HTTPSonDelegatedDomain: 205,
Matrix: 206, MatrixSrv: 206,
DHCPonRH: 208, MatrixClt: 207,
DHCPonGuests: 211, DHCPonRH: 209,
RHaccessNews: 209, DHCPonGuests: 212,
RHaccessNet: 210, RHaccessNews: 210,
GuestNet: 212, RHaccessNet: 211,
GuestNet: 213,
}, },
} }

View File

@ -19,8 +19,9 @@ var tuto_progress = [
103: { title: "DNS Delegation", icon: "3", label: "DNS"}, 103: { title: "DNS Delegation", icon: "3", label: "DNS"},
104: { title: "HTTP on delegated domain", icon: "4", label: "HTTP on NS"}, 104: { title: "HTTP on delegated domain", icon: "4", label: "HTTP on NS"},
105: { title: "HTTPS on delegated domain", icon: "5", label: "HTTPS on NS"}, 105: { title: "HTTPS on delegated domain", icon: "5", label: "HTTPS on NS"},
106: { title: "Matrix", icon: "6", label: "Matrix"}, 106: { title: "Matrix Federation", icon: "6", label: "Matrix SRV"},
107: { title: "DNSSEC (bonus)", icon: "7", label: "DNSSEC"}, 107: { title: "Matrix Client", icon: "7", label: "Matrix CLT"},
108: { title: "DNSSEC (bonus)", icon: "8", label: "DNSSEC"},
}, },
{ {
200: { title: "PONG resolver", icon: "0", label: "PONG srv"}, 200: { title: "PONG resolver", icon: "0", label: "PONG srv"},
@ -28,9 +29,10 @@ var tuto_progress = [
203: { title: "DNS Delegation", icon: "2", label: "DNS"}, 203: { title: "DNS Delegation", icon: "2", label: "DNS"},
204: { title: "HTTP on delegated domain", icon: "3", label: "HTTP on NS"}, 204: { title: "HTTP on delegated domain", icon: "3", label: "HTTP on NS"},
205: { title: "HTTPS on delegated domain", icon: "4", label: "HTTPS on NS"}, 205: { title: "HTTPS on delegated domain", icon: "4", label: "HTTPS on NS"},
206: { title: "Matrix", icon: "5", label: "Matrix"}, 206: { title: "Matrix Federation", icon: "5", label: "Matrix SRV"},
208: { title: "RH access net", icon: "6", label: "RH net"}, 207: { title: "Matrix Client", icon: "6", label: "Matrix CLT"},
209: { title: "DG access net", icon: "7", label: "DG net"}, 209: { title: "RH access net", icon: "7", label: "RH net"},
210: { title: "CM access net", icon: "8", label: "CM net"}, 210: { title: "DG access net", icon: "8", label: "DG net"},
211: { title: "CM access net", icon: "9", label: "CM net"},
}, },
]; ];