Move check.php settings to config.ini

2023-08-14 21:07:42 +02:00 · 2023-08-14 21:07:42 +02:00 · aa91004ab5
parent bb937526a7
commit aa91004ab5
3 changed files with 40 additions and 15 deletions
--- a/DOCS/configuration.md
+++ b/DOCS/configuration.md
@ -215,3 +215,23 @@ Domain name that users need to direct their SFTP clients to. May be the same key
 ### `public_sftp_port`

 Network port that users need to direct their SFTP clients to. The common default port is `22`.
+
+## `[check]`
+
+This configuration section is used only when running `check.php`.
+
+### `https_port`
+
+Port where the public nginx reverse proxy can be reached. Usually `443` for production.
+
+### `sftp_path`
+
+Filesystem path to the sftp binary.
+
+### `sshpass_path`
+
+Filesystem path to the sshpass binary.
+
+### `tor_proxy`
+
+Curl's [CURLOPT_PROXY](https://curl.se/libcurl/c/CURLOPT_PROXY.html) argument, used to test onion services.
--- a/config.template.ini
+++ b/config.template.ini
@ -66,3 +66,9 @@ sftp_fp = "/etc/sftpgo/ed25519.fp"
 sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
 sftp_domain = "sftp.servnest.test"
 public_sftp_port = 2022
+
+[check]
+https_port = 42443
+sftp_path = "/usr/bin/sftp"
+sshpass_path = "/usr/bin/sshpass"
+tor_proxy = "socks5h://127.0.0.1:9050"
--- a/jobs/check.php
+++ b/jobs/check.php
@ -3,15 +3,14 @@

 require __DIR__ . '/../init.php';

-const SFTP = '/usr/bin/sftp';
-const SSHPASS = '/usr/bin/sshpass';
-
 const HTTPS_PORT = '42443';
-const CORE_DOMAIN = 'servnest.test';
-const CORE_URL = 'https://' . CORE_DOMAIN . ':' . HTTPS_PORT;
-const SUFFIX = 'test.servnest.test.';
+const CORE_URL = 'https://' . CONF['common']['public_domains'][0] . ':' . CONF['check']['https_port'];

-const TOR_PROXY = 'socks5h://127.0.0.1:9050';
+foreach (CONF['reg']['suffixes'] as $suffix => $openness)
+	if ($openness === 'all')
+		define('SUFFIX', $suffix);
+if (!defined('SUFFIX'))
+	exit('Unable to start tests: no suffix open to registration');

 if (kdig(name: 'nlnet.nl', type: 'AAAA')['AD'] !== 1)
 	exit('DNS queries don\'t seem to be DNSSEC-validated.' . LF);
@ -38,7 +37,7 @@ function curlTest(string $address, array $post = [], bool $tor = false): string
 		curl_setopt($req, CURLOPT_URL, $address);

 	if ($tor)
-		curl_setopt($req, CURLOPT_PROXY, TOR_PROXY);
+		curl_setopt($req, CURLOPT_PROXY, CONF['check']['tor_proxy']);
 	else
 		curl_setopt($req, CURLOPT_SSL_VERIFYPEER, false);

@ -71,7 +70,7 @@ curlTest('/auth/register', [
 	'username' => $username . '2',
 	'password' => $password,
 ]);
-curlTest('/auth/logout', []);
+curlTest('/auth/logout');

 curlTest('/auth/login', [
 	'username' => $username,
@ -118,14 +117,14 @@ function testReg(): string {
 	]);

 	{ // Domain transfer
-		curlTest('/auth/logout', []);
+		curlTest('/auth/logout');
 		curlTest('/auth/login', [
 			'username' => $username . '2',
 			'password' => $password,
 		]);
-		preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._transfer-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/reg/transfer', []), $matches);
+		preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._transfer-verification\.' . preg_quote(CONF['common']['public_domains'][0], '#') . '\.)\</code\>#', curlTest('/reg/transfer'), $matches);

-		curlTest('/auth/logout', []);
+		curlTest('/auth/logout');
 		curlTest('/auth/login', [
 			'username' => $username,
 			'password' => $password,
@ -136,7 +135,7 @@ function testReg(): string {
 			'ns' => $matches['token'],
 		]);

-		curlTest('/auth/logout', []);
+		curlTest('/auth/logout');
 		curlTest('/auth/login', [
 			'username' => $username . '2',
 			'password' => $password,
@ -161,7 +160,7 @@ function testNs(string $domain): void {
 			'ns' => $ns,
 		]);

-	preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/ns/zone-add', []), $matches);
+	preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CONF['common']['public_domains'][0], '#') . '\.)\</code\>#', curlTest('/ns/zone-add'), $matches);
 	curlTest('/reg/ns', [
 		'action' => 'add',
 		'domain' => $domain,
@ -214,7 +213,7 @@ put ' . sys_get_temp_dir() . '/index.html /_site0-/index.html
 exit
 ');

-	$process = proc_open(SSHPASS . ' ' . SFTP . ' -o BatchMode=no -b ' . sys_get_temp_dir() . '/exec.txt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P ' . CONF['ht']['public_sftp_port'] . ' ' . $username . '@' . CONF['ht']['sftp_domain'], [0 => ['pipe', 'r']], $pipes);
+	$process = proc_open(CONF['check']['sshpass_path'] . ' ' . CONF['check']['sftp_path'] . ' -o BatchMode=no -b ' . sys_get_temp_dir() . '/exec.txt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P ' . CONF['ht']['public_sftp_port'] . ' ' . $username . '@' . CONF['ht']['sftp_domain'], [0 => ['pipe', 'r']], $pipes);
 	if (is_resource($process) !== true)
 		exit('Can\'t spawn sftp with sshpass.' . LF);
 	fwrite($pipes[0], $password);