mirror of
https://github.com/YunoHost/check-http.git
synced 2024-09-03 19:56:42 +02:00
Imho we shouldn't enforce this check on the DNS ... we may want to check the http reachability independently of the DNS setup so that we're more able to pinpoint what's the actual issue (also it may lead to many false-negatives due to DNS caching)
This commit is contained in:
parent
dea0590318
commit
b593e6ba77
1 changed files with 4 additions and 50 deletions
54
server.py
54
server.py
|
@ -75,8 +75,7 @@ async def check_http(request):
|
||||||
- get json from body and domain from it
|
- get json from body and domain from it
|
||||||
- check for domain based rate limit (see RATE_LIMIT_SECONDS value)
|
- check for domain based rate limit (see RATE_LIMIT_SECONDS value)
|
||||||
- check domain is in valid format
|
- check domain is in valid format
|
||||||
- check dns entry for domain match the ip of the request (advanced rule for ipv6)
|
- now try to do an http request on the ip using the domain as target host
|
||||||
- everything is checked, now try to do an http request on the domain
|
|
||||||
- answer saying if the domain can be reached
|
- answer saying if the domain can be reached
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -122,56 +121,11 @@ async def check_http(request):
|
||||||
"content": "domain is not in the right format (do not include http:// or https://)",
|
"content": "domain is not in the right format (do not include http:// or https://)",
|
||||||
}, status=400)
|
}, status=400)
|
||||||
|
|
||||||
# TODO handle ipv6
|
|
||||||
# ipv6 situation
|
|
||||||
if ":" in ip:
|
|
||||||
dns_entry = await query_dns(domain, "AAAA")
|
|
||||||
|
|
||||||
if not dns_entry:
|
|
||||||
# check if entry in ip4 for custom error
|
|
||||||
dns_entry = await query_dns(domain, "A")
|
|
||||||
|
|
||||||
# there is an ipv4 entry but the request is made in ipv6, ask to uses ipv4 instead
|
|
||||||
if dns_entry:
|
|
||||||
logger.info(f"[ipv6] Invalid request, no AAAA DNS entry for domain {domain} BUT ipv4 entry, ask user to request in ipv4")
|
|
||||||
return json_response({
|
|
||||||
"status": "error",
|
|
||||||
"code": "error_no_ipv6_dns_entry_but_ipv4_dns_entry",
|
|
||||||
"content": f"there is not AAAA (ipv6) DNS entry for domain {domain} BUT there is an entry in ipv4, please redo the request in ipv4",
|
|
||||||
}, status=400)
|
|
||||||
|
|
||||||
else:
|
|
||||||
logger.info(f"[ipv6] Invalid request, no DNS entry for domain {domain} (both in ipv6 and ip4)")
|
|
||||||
return json_response({
|
|
||||||
"status": "error",
|
|
||||||
"code": "error_no_ipv4_ipv6_dns_entry_for_domain",
|
|
||||||
"content": f"there is not A (ipv4) and AAAA (ipv6) DNS entry for domain {domain}",
|
|
||||||
}, status=400)
|
|
||||||
# ipv4 situation
|
|
||||||
else:
|
|
||||||
dns_entry = await query_dns(domain, "A")
|
|
||||||
|
|
||||||
if not dns_entry:
|
|
||||||
logger.info(f"[ipv4] Invalid request, no DNS entry for domain {domain}")
|
|
||||||
return json_response({
|
|
||||||
"status": "error",
|
|
||||||
"code": "error_no_ipv4_dns_entry_for_domain",
|
|
||||||
"content": f"there is not A (ipv4) and AAAA (ipv6) DNS entry for domain {domain}",
|
|
||||||
}, status=400)
|
|
||||||
|
|
||||||
dns_entry = dns_entry[0]
|
|
||||||
|
|
||||||
if dns_entry.host != ip:
|
|
||||||
logger.info(f"Invalid request, A DNS entry {dns_entry.host} for domain {domain} doesn't match request ip {ip}")
|
|
||||||
return json_response({
|
|
||||||
"status": "error",
|
|
||||||
"code": "error_dns_entry_doesnt_match_request_ip",
|
|
||||||
"content": f"error, the request is made from the ip {ip} but the dns entry said {domain} has the ip {dns_entry.host}, you can only check a domain configured for your ip",
|
|
||||||
}, status=400)
|
|
||||||
|
|
||||||
async with aiohttp.ClientSession() as session:
|
async with aiohttp.ClientSession() as session:
|
||||||
try:
|
try:
|
||||||
async with session.get("http://" + domain, timeout=aiohttp.ClientTimeout(total=30)) as response:
|
async with session.get("http://" + ip,
|
||||||
|
headers={"Host": domain},
|
||||||
|
timeout=aiohttp.ClientTimeout(total=30)) as response:
|
||||||
# XXX in the futur try to do a double check with the server to
|
# XXX in the futur try to do a double check with the server to
|
||||||
# see if the correct content is get
|
# see if the correct content is get
|
||||||
await response.text()
|
await response.text()
|
||||||
|
|
Loading…
Reference in a new issue