Merge pull request #1538 from jc21/adds-http-challenge-test
Adds buttons to test availability of server from public internet
This commit is contained in:
jc21
GitHub
@ -1,5 +1,6 @@
|
||||
const _ = require('lodash');
|
||||
const fs = require('fs');
|
||||
const https = require('https');
|
||||
const tempWrite = require('temp-write');
|
||||
const moment = require('moment');
|
||||
const logger = require('../logger').ssl;
|
||||
@ -15,6 +16,7 @@ const letsencryptConfig = '/etc/letsencrypt.ini';
|
||||
const certbotCommand = 'certbot';
|
||||
const archiver = require('archiver');
|
||||
const path = require('path');
|
||||
const { isArray } = require('lodash');
|
||||
|
||||
function omissions() {
|
||||
return ['is_deleted'];
|
||||
@ -1124,6 +1126,94 @@ const internalCertificate = {
|
||||
} else {
|
||||
return Promise.resolve();
|
||||
}
|
||||
},
|
||||
|
||||
testHttpsChallenge: async (access, domains) => {
|
||||
await access.can('certificates:list');
|
||||
|
||||
if (!isArray(domains)) {
|
||||
throw new error.InternalValidationError('Domains must be an array of strings');
|
||||
}
|
||||
if (domains.length === 0) {
|
||||
throw new error.InternalValidationError('No domains provided');
|
||||
}
|
||||
|
||||
// Create a test challenge file
|
||||
const testChallengeDir = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
|
||||
const testChallengeFile = testChallengeDir + '/test-challenge';
|
||||
fs.mkdirSync(testChallengeDir, {recursive: true});
|
||||
fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});
|
||||
|
||||
async function performTestForDomain (domain) {
|
||||
logger.info('Testing http challenge for ' + domain);
|
||||
const url = `http://${domain}/.well-known/acme-challenge/test-challenge`;
|
||||
const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`;
|
||||
const options = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'Content-Length': Buffer.byteLength(formBody)
|
||||
}
|
||||
};
|
||||
|
||||
const result = await new Promise((resolve) => {
|
||||
|
||||
const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, function (res) {
|
||||
let responseBody = '';
|
||||
|
||||
res.on('data', (chunk) => responseBody = responseBody + chunk);
|
||||
res.on('end', function () {
|
||||
const parsedBody = JSON.parse(responseBody + '');
|
||||
if (res.statusCode !== 200) {
|
||||
logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
|
||||
resolve(undefined);
|
||||
}
|
||||
resolve(parsedBody);
|
||||
});
|
||||
});
|
||||
|
||||
// Make sure to write the request body.
|
||||
req.write(formBody);
|
||||
req.end();
|
||||
req.on('error', function (e) { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
|
||||
resolve(undefined); });
|
||||
});
|
||||
|
||||
if (!result) {
|
||||
// Some error occurred while trying to get the data
|
||||
return 'failed';
|
||||
} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
|
||||
// Server exists and has responded with the correct data
|
||||
return 'ok';
|
||||
} else if (`${result.responsecode}` === '200') {
|
||||
// Server exists but has responded with wrong data
|
||||
logger.info(`HTTP challenge test failed for domain ${domain} because of invalid returned data:`, result.htmlresponse);
|
||||
return 'wrong-data';
|
||||
} else if (`${result.responsecode}` === '404') {
|
||||
// Server exists but responded with a 404
|
||||
logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`);
|
||||
return '404';
|
||||
} else if (`${result.responsecode}` === '0' || (typeof result.reason === 'string' && result.reason.toLowerCase() === 'host unavailable')) {
|
||||
// Server does not exist at domain
|
||||
logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`);
|
||||
return 'no-host';
|
||||
} else {
|
||||
// Other errors
|
||||
logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
|
||||
return `other:${result.responsecode}`;
|
||||
}
|
||||
}
|
||||
|
||||
const results = {};
|
||||
|
||||
for (const domain of domains){
|
||||
results[domain] = await performTestForDomain(domain);
|
||||
}
|
||||
|
||||
// Remove the test challenge file
|
||||
fs.unlinkSync(testChallengeFile);
|
||||
|
||||
return results;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
50
backend/migrations/20211108145214_regenerate_default_host.js
Normal file
50
backend/migrations/20211108145214_regenerate_default_host.js
Normal file
@ -0,0 +1,50 @@
|
||||
const migrate_name = 'stream_domain';
|
||||
const logger = require('../logger').migrate;
|
||||
const internalNginx = require('../internal/nginx');
|
||||
|
||||
async function regenerateDefaultHost(knex) {
|
||||
const row = await knex('setting').select('*').where('id', 'default-site').first();
|
||||
|
||||
if (!row) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
return internalNginx.deleteConfig('default')
|
||||
.then(() => {
|
||||
return internalNginx.generateConfig('default', row);
|
||||
})
|
||||
.then(() => {
|
||||
return internalNginx.test();
|
||||
})
|
||||
.then(() => {
|
||||
return internalNginx.reload();
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Migrate
|
||||
*
|
||||
* @see http://knexjs.org/#Schema
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.up = function (knex) {
|
||||
logger.info('[' + migrate_name + '] Migrating Up...');
|
||||
|
||||
return regenerateDefaultHost(knex);
|
||||
};
|
||||
|
||||
/**
|
||||
* Undo Migrate
|
||||
*
|
||||
* @param {Object} knex
|
||||
* @param {Promise} Promise
|
||||
* @returns {Promise}
|
||||
*/
|
||||
exports.down = function (knex) {
|
||||
logger.info('[' + migrate_name + '] Migrating Down...');
|
||||
|
||||
return regenerateDefaultHost(knex);
|
||||
};
|
||||
@ -68,6 +68,32 @@ router
|
||||
.catch(next);
|
||||
});
|
||||
|
||||
/**
|
||||
* Test HTTP challenge for domains
|
||||
*
|
||||
* /api/nginx/certificates/test-http
|
||||
*/
|
||||
router
|
||||
.route('/test-http')
|
||||
.options((req, res) => {
|
||||
res.sendStatus(204);
|
||||
})
|
||||
.all(jwtdecode())
|
||||
|
||||
/**
|
||||
* GET /api/nginx/certificates/test-http
|
||||
*
|
||||
* Test HTTP challenge for domains
|
||||
*/
|
||||
.get((req, res, next) => {
|
||||
internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
|
||||
.then((result) => {
|
||||
res.status(200)
|
||||
.send(result);
|
||||
})
|
||||
.catch(next);
|
||||
});
|
||||
|
||||
/**
|
||||
* Specific certificate
|
||||
*
|
||||
@ -209,7 +235,6 @@ router
|
||||
.catch(next);
|
||||
});
|
||||
|
||||
|
||||
/**
|
||||
* Download LE Certs
|
||||
*
|
||||
|
||||
@ -157,6 +157,17 @@
|
||||
"targetSchema": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
{
|
||||
"title": "Test HTTP Challenge",
|
||||
"description": "Tests whether the HTTP challenge should work",
|
||||
"href": "/nginx/certificates/{definitions.identity.example}/test-http",
|
||||
"access": "private",
|
||||
"method": "GET",
|
||||
"rel": "info",
|
||||
"http_header": {
|
||||
"$ref": "../examples.json#/definitions/auth_header"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user