Support enough to get Complement to run the tests

f9e878ec · Travis Ralston · 2a808058 · f9e878ec · f9e878ec · f9e878ec
Commit f9e878ec authored 4 years ago by Travis Ralston
--- a/Complement.Dockerfile
+++ b/Complement.Dockerfile
@@ -23,6 +23,7 @@ COPY ./docker/complement.yaml /data/media-repo.yaml
 ENV REPO_CONFIG=/data/media-repo.yaml
 ENV SERVER_NAME=localhost
 ENV PGDATA=/data/pgdata
+ENV MEDIA_REPO_UNSAFE_FEDERATION=true
 COPY ./docker/complement.sh ./docker/complement-run.sh /usr/local/bin/
 RUN dos2unix /usr/local/bin/complement.sh /usr/local/bin/complement-run.sh
@@ -35,8 +36,6 @@ RUN mkdir -p /run/postgresql
 RUN chown postgres:postgres /data/pgdata
 RUN chown postgres:postgres /run/postgresql
 RUN su postgres -c initdb
-RUN openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${SERVER_NAME}" -keyout /data/server.key  -out /data/server.crt
-RUN sed -i "s/SERVER_NAME/${SERVER_NAME}/g" /data/media-repo.yaml
 RUN sh /usr/local/bin/complement.sh
 CMD /usr/local/bin/complement-run.sh
\ No newline at end of file
--- a/cmd/complement_hs/main.go
+++ b/cmd/complement_hs/main.go
 package main
 import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"os/signal"
+	"strconv"
+	"strings"
 	"sync"
 	"github.com/gorilla/mux"
+	"github.com/turt2live/matrix-media-repo/util/cleanup"
 )
+type VersionsResponse struct {
+	CSAPIVersions []string `json:"versions,flow"`
+}
+type RegisterRequest struct {
+	DesiredUsername string `json:"username"`
+}
+type RegisterResponse struct {
+	UserID string `json:"user_id"`
+	AccessToken string `json:"access_token"`
+}
+type WhoamiResponse struct {
+	UserID string `json:"user_id"`
+}
+func requestJson(r *http.Request, i interface{}) error {
+	b, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(b, &i)
+}
+func respondJson(w http.ResponseWriter, i interface{}) error {
+	resp, err := json.Marshal(i)
+	if err != nil {
+		return err
+	}
+	w.Header().Set("Content-Length",strconv.Itoa(len(resp)))
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(200)
+	_, err = w.Write(resp)
+	return err
+}
 func main() {
 	// Prepare local server
 	log.Println("Preparing local server...")
 	rtr := mux.NewRouter()
 	rtr.HandleFunc("/_matrix/client/versions", func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
+		defer cleanup.DumpAndCloseStream(r.Body)
-		w.WriteHeader(200)
+		err := respondJson(w, &VersionsResponse{CSAPIVersions: []string{"r0.6.0"}})
-		_, err := w.Write([]byte("{\"versions\":[\"r0.6.0\"]}"))
+		if err != nil {
+			log.Fatal(err)
+		}
+	})
+	rtr.HandleFunc("/_matrix/client/r0/register", func(w http.ResponseWriter, r *http.Request) {
+		rr := &RegisterRequest{}
+		err := requestJson(r, &rr)
+		if err != nil {
+			log.Fatal(err)
+		}
+		userId := fmt.Sprintf("@%s:%s", rr.DesiredUsername, os.Getenv("SERVER_NAME"))
+		err = respondJson(w, &RegisterResponse{
+			AccessToken: userId,
+			UserID: userId,
+		})
+		if err != nil {
+			log.Fatal(err)
+		}
+	})
+	rtr.HandleFunc("/_matrix/client/r0/account/whoami", func(w http.ResponseWriter, r *http.Request) {
+		defer cleanup.DumpAndCloseStream(r.Body)
+		userId := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ") // including space after Bearer.
+		err := respondJson(w, &WhoamiResponse{UserID: userId})
+		if err != nil {
+			log.Fatal(err)
+		}
+	})
+	rtr.PathPrefix("/_matrix/media/").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Proxy to the media repo running within the container
+		r2, err := http.NewRequest(r.Method, "http://127.0.0.1:8228" + r.RequestURI, r.Body)
+		if err != nil {
+			log.Fatal(err)
+		}
+		r2.Host = os.Getenv("SERVER_NAME")
+		resp, err := http.DefaultClient.Do(r2)
+		if err != nil {
+			log.Fatal(err)
+		}
+		err = resp.Header.Write(w)
+		if err != nil {
+			log.Fatal(err)
+		}
+		_, err = io.Copy(w, resp.Body)
 		if err != nil {
 			log.Fatal(err)
 		}

--- a/docker/complement-run.sh
+++ b/docker/complement-run.sh
 #!/usr/bin/env sh
+openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${SERVER_NAME}" -keyout /data/server.key  -out /data/server.crt
+sed -i "s/SERVER_NAME/${SERVER_NAME}/g" /data/media-repo.yaml
 su postgres -c "postgres -h 0.0.0.0" &
-sleep 3
+sleep 12
 /usr/local/bin/media_repo &
 /usr/local/bin/complement_hs
\ No newline at end of file
--- a/docker/complement.yaml
+++ b/docker/complement.yaml
--- a/matrix/federation.go
+++ b/matrix/federation.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -211,26 +212,55 @@ func FederatedGet(url string, realHost string, ctx rcontext.RequestContext) (*ht
 		req.Header.Set("User-Agent", "matrix-media-repo")
 		req.Host = realHost
-		// This is how we verify the certificate is valid for the host we expect.
+		var client *http.Client
-		// Previously using `req.URL.Host` we'd end up changing which server we were
+		if os.Getenv("MEDIA_REPO_UNSAFE_FEDERATION") != "true" {
-		// connecting to (ie: matrix.org instead of matrix.org.cdn.cloudflare.net),
+			// This is how we verify the certificate is valid for the host we expect.
-		// which obviously doesn't help us. We needed to do that though because the
+			// Previously using `req.URL.Host` we'd end up changing which server we were
-		// HTTP client doesn't verify against the req.Host certificate, but it does
+			// connecting to (ie: matrix.org instead of matrix.org.cdn.cloudflare.net),
-		// handle it off the req.URL.Host. So, we need to tell it which certificate
+			// which obviously doesn't help us. We needed to do that though because the
-		// to verify.
+			// HTTP client doesn't verify against the req.Host certificate, but it does
+			// handle it off the req.URL.Host. So, we need to tell it which certificate
-		h, _, err := net.SplitHostPort(realHost)
+			// to verify.
-		if err == nil {
-			// Strip the port first, certs are port-insensitive
+			h, _, err := net.SplitHostPort(realHost)
-			realHost = h
+			if err == nil {
-		}
+				// Strip the port first, certs are port-insensitive
-		client := http.Client{
+				realHost = h
-			Transport: &http.Transport{
+			}
-				TLSClientConfig: &tls.Config{
+			client = &http.Client{
-					ServerName: realHost,
+				Transport: &http.Transport{
+					TLSClientConfig: &tls.Config{
+						ServerName: realHost,
+					},
 				},
-			},
+				Timeout: time.Duration(ctx.Config.TimeoutSeconds.Federation) * time.Second,
-			Timeout: time.Duration(ctx.Config.TimeoutSeconds.Federation) * time.Second,
+			}
+		} else {
+			ctx.Log.Warn("Ignoring any certificate errors while making request")
+			tr := &http.Transport{
+				DisableKeepAlives: true,
+				TLSClientConfig:   &tls.Config{InsecureSkipVerify: true},
+				// Based on https://github.com/matrix-org/gomatrixserverlib/blob/51152a681e69a832efcd934b60080b92bc98b286/client.go#L74-L90
+				DialTLS: func(network, addr string) (net.Conn, error) {
+					rawconn, err := net.Dial(network, addr)
+					if err != nil {
+						return nil, err
+					}
+					// Wrap a raw connection ourselves since tls.Dial defaults the SNI
+					conn := tls.Client(rawconn, &tls.Config{
+						ServerName:         "",
+						InsecureSkipVerify: true,
+					})
+					if err := conn.Handshake(); err != nil {
+						return nil, err
+					}
+					return conn, nil
+				},
+			}
+			client = &http.Client{
+				Transport: tr,
+				Timeout:   time.Duration(ctx.Config.TimeoutSeconds.UrlPreviews) * time.Second,
+			}
 		}
 		resp, err = client.Do(req)