From 709220836e10f559a11c2b70177f6d58d9b7a0a1 Mon Sep 17 00:00:00 2001 From: "kali kaneko (leap communications)" Date: Wed, 19 Aug 2020 17:40:36 +0200 Subject: [debug] improve error handling for geolocation --- branding/config/vendor.conf | 4 +-- pkg/config/config.go | 59 ++++++++++++++++++++++++++++------------- pkg/vpn/bonafide/auth_sip.go | 1 - pkg/vpn/bonafide/bonafide.go | 19 ++++++++++--- pkg/vpn/bonafide/eip_service.go | 13 ++++++++- pkg/vpn/openvpn.go | 2 +- 6 files changed, 72 insertions(+), 26 deletions(-) diff --git a/branding/config/vendor.conf b/branding/config/vendor.conf index 90ef36c..4b3d4a9 100644 --- a/branding/config/vendor.conf +++ b/branding/config/vendor.conf @@ -1,6 +1,6 @@ [default] -provider = demolib +provider = riseup [riseup] @@ -79,7 +79,7 @@ infoURL = https://libraryvpn.org/ tosURL = https://libraryvpn.org/ helpURL = https://libraryvpn.org/ -geolocationAPI = https://getmyip.vpnlib.bitmask.net/ +geolocationAPI = https://getmyip.vpnlib.bitmask.net/json askForDonations = false donateURL = diff --git a/pkg/config/config.go b/pkg/config/config.go index f3f9e6e..e799176 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1,22 +1,22 @@ // Code generated by go generate; DO NOT EDIT. // This file was generated by vendorize.py -// At 2020-08-15 20:39:01 +// At 2020-08-19 17:38:43 package config /* All these constants are defined in the vendor.conf file */ const ( - Provider = "vpnlib.bitmask.net" - ApplicationName = "DemoLib" - BinaryName = "demo-lib" - Auth = "sip" - DonateURL = "" - AskForDonations = "false" - HelpURL = "https://libraryvpn.org/" - TosURL = "https://libraryvpn.org/" - APIURL = "https://api.vpnlib.bitmask.net:4430/" - GeolocationAPI = "https://getmyip.vpnlib.bitmask.net/" + Provider = "riseup.net" + ApplicationName = "RiseupVPN" + BinaryName = "riseup-vpn" + Auth = "anon" + DonateURL = "https://riseup.net/vpn/donate" + AskForDonations = "true" + HelpURL = "https://riseup.net/support" + TosURL = "https://riseup.net/tos" + APIURL = "https://api.black.riseup.net/" + GeolocationAPI = "https://api.black.riseup.net:9001/json" ) var Version string @@ -29,11 +29,34 @@ CaCert : a string containing a representation of the provider CA, used to */ var CaCert = []byte(`-----BEGIN CERTIFICATE----- -MIIBQzCB6aADAgECAgEBMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDExFQVAgUm9v -dCBDQTAeFw0yMDA4MDYxOTA3NDRaFw0yNTA4MDYxOTEyNDRaMBcxFTATBgNVBAMT -DExFQVAgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIG5POr4cAdK -kTavKpSJr8nW1V7HLpr27qKaShpk1TUy5ipaAlusmavGLxKsPE+i3AMlvf/f6ch3 -1MjAtIf5rYujJjAkMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEB -MAoGCCqGSM49BAMCA0kAMEYCIQDXj280LNZbSbi0Y2WvtQrJBUw4wdm8qAeOeuH7 -6XiLEwIhAPBRsmst/ujcChsG2t6LpG+p8s4rfIfh8YLo/4qrcc5p +MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl +dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE +AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw +NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM +Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv +b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m +TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a +7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE +LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY +iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK +5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx +HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58 +m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF +PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q +hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj +shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k +ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu +f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD +VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB +AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v +qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/ +3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ +4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7 +3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch +Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf +Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg +tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF +tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ +UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp +0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO -----END CERTIFICATE-----`) diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go index e00252f..0c8ee4f 100644 --- a/pkg/vpn/bonafide/auth_sip.go +++ b/pkg/vpn/bonafide/auth_sip.go @@ -40,7 +40,6 @@ func (a *sipAuthentication) needsCredentials() bool { func (a *sipAuthentication) getToken(user, password string) ([]byte, error) { /* TODO refresh session token periodically */ if hasRecentToken() { - log.Println("Got cached token") return readToken() } credJSON, err := formatCredentials(user, password) diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go index b81fd84..9963448 100644 --- a/pkg/vpn/bonafide/bonafide.go +++ b/pkg/vpn/bonafide/bonafide.go @@ -232,23 +232,36 @@ func (b *Bonafide) GetOpenvpnArgs() ([]string, error) { } func (b *Bonafide) fetchGeolocation() ([]string, error) { + /* FIXME in float deployments, geolocation is served on gemyip.domain/json, with a LE certificate. + So this is a workaround until we streamline that behavior */ resp, err := b.client.Post(config.GeolocationAPI, "", nil) if err != nil { - return nil, err + client := &http.Client{} + _resp, err := client.Post(config.GeolocationAPI, "", nil) + if err != nil { + log.Println("ERROR: could not fetch geolocation:", fmt.Errorf("%s", err)) + return nil, err + } + resp = _resp } + defer resp.Body.Close() if resp.StatusCode != 200 { - return nil, fmt.Errorf("get geolocation failed with status: %s", resp.Status) + log.Println("ERROR: bad status code while fetching geolocation:", fmt.Errorf("%s", resp.Status)) + return nil, fmt.Errorf("Get geolocation failed with status: %s", resp.Status) } geo := &geoLocation{} dataJSON, err := ioutil.ReadAll(resp.Body) err = json.Unmarshal(dataJSON, &geo) if err != nil { - _ = fmt.Errorf("get vpn cert has failed with status: %s", resp.Status) + log.Println("ERROR: cannot parse geolocation json", fmt.Errorf("%s", err)) + log.Println(string(dataJSON)) + _ = fmt.Errorf("bad json") return nil, err } + log.Println("Got sorted gateways:", geo.SortedGateways) return geo.SortedGateways, nil } diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go index ff73da9..49f4bb1 100644 --- a/pkg/vpn/bonafide/eip_service.go +++ b/pkg/vpn/bonafide/eip_service.go @@ -214,6 +214,7 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) { } } } + for _, host := range geolocatedGateways { for _, gw := range eip.Gateways { if gw.Host == host { @@ -221,7 +222,17 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) { } } } - eip.Gateways = gws + + if len(gws) == 0 { + log.Println("ERROR: avoiding to replace eip.Gateways will null list. Is the geolocation service properly configured?") + } else { + if len(gws) > 2 { + eip.Gateways = gws[:3] + } else { + eip.Gateways = gws + } + log.Println("Picked best gateways for location:", eip.Gateways) + } } type gatewayDistance struct { diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index 6055e6a..4997a34 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -158,7 +158,7 @@ func (b *Bitmask) getCert() (certPath string, err error) { certPath = b.getCertPemPath() if _, err := os.Stat(certPath); os.IsNotExist(err) { - log.Println("Cert does not exist in ", certPath, "...fetching") + log.Println("Fetching certificate to", certPath) cert, err := b.bonafide.GetPemCertificate() if err != nil { return "", err -- cgit v1.2.3