Move check.php settings to config.ini

This commit is contained in:
Miraty 2023-08-14 21:07:42 +02:00
parent bb937526a7
commit aa91004ab5
3 changed files with 40 additions and 15 deletions

View file

@ -215,3 +215,23 @@ Domain name that users need to direct their SFTP clients to. May be the same key
### `public_sftp_port` ### `public_sftp_port`
Network port that users need to direct their SFTP clients to. The common default port is `22`. Network port that users need to direct their SFTP clients to. The common default port is `22`.
## `[check]`
This configuration section is used only when running `check.php`.
### `https_port`
Port where the public nginx reverse proxy can be reached. Usually `443` for production.
### `sftp_path`
Filesystem path to the sftp binary.
### `sshpass_path`
Filesystem path to the sshpass binary.
### `tor_proxy`
Curl's [CURLOPT_PROXY](https://curl.se/libcurl/c/CURLOPT_PROXY.html) argument, used to test onion services.

View file

@ -66,3 +66,9 @@ sftp_fp = "/etc/sftpgo/ed25519.fp"
sftp_asciiart = "/etc/sftpgo/ed25519.asciiart" sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
sftp_domain = "sftp.servnest.test" sftp_domain = "sftp.servnest.test"
public_sftp_port = 2022 public_sftp_port = 2022
[check]
https_port = 42443
sftp_path = "/usr/bin/sftp"
sshpass_path = "/usr/bin/sshpass"
tor_proxy = "socks5h://127.0.0.1:9050"

View file

@ -3,15 +3,14 @@
require __DIR__ . '/../init.php'; require __DIR__ . '/../init.php';
const SFTP = '/usr/bin/sftp';
const SSHPASS = '/usr/bin/sshpass';
const HTTPS_PORT = '42443'; const HTTPS_PORT = '42443';
const CORE_DOMAIN = 'servnest.test'; const CORE_URL = 'https://' . CONF['common']['public_domains'][0] . ':' . CONF['check']['https_port'];
const CORE_URL = 'https://' . CORE_DOMAIN . ':' . HTTPS_PORT;
const SUFFIX = 'test.servnest.test.';
const TOR_PROXY = 'socks5h://127.0.0.1:9050'; foreach (CONF['reg']['suffixes'] as $suffix => $openness)
if ($openness === 'all')
define('SUFFIX', $suffix);
if (!defined('SUFFIX'))
exit('Unable to start tests: no suffix open to registration');
if (kdig(name: 'nlnet.nl', type: 'AAAA')['AD'] !== 1) if (kdig(name: 'nlnet.nl', type: 'AAAA')['AD'] !== 1)
exit('DNS queries don\'t seem to be DNSSEC-validated.' . LF); exit('DNS queries don\'t seem to be DNSSEC-validated.' . LF);
@ -38,7 +37,7 @@ function curlTest(string $address, array $post = [], bool $tor = false): string
curl_setopt($req, CURLOPT_URL, $address); curl_setopt($req, CURLOPT_URL, $address);
if ($tor) if ($tor)
curl_setopt($req, CURLOPT_PROXY, TOR_PROXY); curl_setopt($req, CURLOPT_PROXY, CONF['check']['tor_proxy']);
else else
curl_setopt($req, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($req, CURLOPT_SSL_VERIFYPEER, false);
@ -71,7 +70,7 @@ curlTest('/auth/register', [
'username' => $username . '2', 'username' => $username . '2',
'password' => $password, 'password' => $password,
]); ]);
curlTest('/auth/logout', []); curlTest('/auth/logout');
curlTest('/auth/login', [ curlTest('/auth/login', [
'username' => $username, 'username' => $username,
@ -118,14 +117,14 @@ function testReg(): string {
]); ]);
{ // Domain transfer { // Domain transfer
curlTest('/auth/logout', []); curlTest('/auth/logout');
curlTest('/auth/login', [ curlTest('/auth/login', [
'username' => $username . '2', 'username' => $username . '2',
'password' => $password, 'password' => $password,
]); ]);
preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._transfer-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/reg/transfer', []), $matches); preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._transfer-verification\.' . preg_quote(CONF['common']['public_domains'][0], '#') . '\.)\</code\>#', curlTest('/reg/transfer'), $matches);
curlTest('/auth/logout', []); curlTest('/auth/logout');
curlTest('/auth/login', [ curlTest('/auth/login', [
'username' => $username, 'username' => $username,
'password' => $password, 'password' => $password,
@ -136,7 +135,7 @@ function testReg(): string {
'ns' => $matches['token'], 'ns' => $matches['token'],
]); ]);
curlTest('/auth/logout', []); curlTest('/auth/logout');
curlTest('/auth/login', [ curlTest('/auth/login', [
'username' => $username . '2', 'username' => $username . '2',
'password' => $password, 'password' => $password,
@ -161,7 +160,7 @@ function testNs(string $domain): void {
'ns' => $ns, 'ns' => $ns,
]); ]);
preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/ns/zone-add', []), $matches); preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CONF['common']['public_domains'][0], '#') . '\.)\</code\>#', curlTest('/ns/zone-add'), $matches);
curlTest('/reg/ns', [ curlTest('/reg/ns', [
'action' => 'add', 'action' => 'add',
'domain' => $domain, 'domain' => $domain,
@ -214,7 +213,7 @@ put ' . sys_get_temp_dir() . '/index.html /_site0-/index.html
exit exit
'); ');
$process = proc_open(SSHPASS . ' ' . SFTP . ' -o BatchMode=no -b ' . sys_get_temp_dir() . '/exec.txt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P ' . CONF['ht']['public_sftp_port'] . ' ' . $username . '@' . CONF['ht']['sftp_domain'], [0 => ['pipe', 'r']], $pipes); $process = proc_open(CONF['check']['sshpass_path'] . ' ' . CONF['check']['sftp_path'] . ' -o BatchMode=no -b ' . sys_get_temp_dir() . '/exec.txt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P ' . CONF['ht']['public_sftp_port'] . ' ' . $username . '@' . CONF['ht']['sftp_domain'], [0 => ['pipe', 'r']], $pipes);
if (is_resource($process) !== true) if (is_resource($process) !== true)
exit('Can\'t spawn sftp with sshpass.' . LF); exit('Can\'t spawn sftp with sshpass.' . LF);
fwrite($pipes[0], $password); fwrite($pipes[0], $password);