From 709220836e10f559a11c2b70177f6d58d9b7a0a1 Mon Sep 17 00:00:00 2001
From: "kali kaneko (leap communications)" <kali@leap.se>
Date: Wed, 19 Aug 2020 17:40:36 +0200
Subject: [PATCH] [debug] improve error handling for geolocation
---
branding/config/vendor.conf | 4 +--
pkg/config/config.go | 59 +++++++++++++++++++++++----------
pkg/vpn/bonafide/auth_sip.go | 1 -
pkg/vpn/bonafide/bonafide.go | 19 +++++++++--
pkg/vpn/bonafide/eip_service.go | 13 +++++++-
pkg/vpn/openvpn.go | 2 +-
6 files changed, 72 insertions(+), 26 deletions(-)
diff --git a/branding/config/vendor.conf b/branding/config/vendor.conf
index 90ef36cf..4b3d4a94 100644
--- a/branding/config/vendor.conf
+++ b/branding/config/vendor.conf
@@ -1,6 +1,6 @@
[default]
-provider = demolib
+provider = riseup
[riseup]
@@ -79,7 +79,7 @@ infoURL = https://libraryvpn.org/
tosURL = https://libraryvpn.org/
helpURL = https://libraryvpn.org/
-geolocationAPI = https://getmyip.vpnlib.bitmask.net/
+geolocationAPI = https://getmyip.vpnlib.bitmask.net/json
askForDonations = false
donateURL =
diff --git a/pkg/config/config.go b/pkg/config/config.go
index f3f9e6e0..e7991761 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,22 +1,22 @@
// Code generated by go generate; DO NOT EDIT.
// This file was generated by vendorize.py
-// At 2020-08-15 20:39:01
+// At 2020-08-19 17:38:43
package config
/* All these constants are defined in the vendor.conf file
*/
const (
- Provider = "vpnlib.bitmask.net"
- ApplicationName = "DemoLib"
- BinaryName = "demo-lib"
- Auth = "sip"
- DonateURL = ""
- AskForDonations = "false"
- HelpURL = "https://libraryvpn.org/"
- TosURL = "https://libraryvpn.org/"
- APIURL = "https://api.vpnlib.bitmask.net:4430/"
- GeolocationAPI = "https://getmyip.vpnlib.bitmask.net/"
+ Provider = "riseup.net"
+ ApplicationName = "RiseupVPN"
+ BinaryName = "riseup-vpn"
+ Auth = "anon"
+ DonateURL = "https://riseup.net/vpn/donate"
+ AskForDonations = "true"
+ HelpURL = "https://riseup.net/support"
+ TosURL = "https://riseup.net/tos"
+ APIURL = "https://api.black.riseup.net/"
+ GeolocationAPI = "https://api.black.riseup.net:9001/json"
)
var Version string
@@ -29,11 +29,34 @@ CaCert : a string containing a representation of the provider CA, used to
*/
var CaCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIBQzCB6aADAgECAgEBMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDExFQVAgUm9v
-dCBDQTAeFw0yMDA4MDYxOTA3NDRaFw0yNTA4MDYxOTEyNDRaMBcxFTATBgNVBAMT
-DExFQVAgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIG5POr4cAdK
-kTavKpSJr8nW1V7HLpr27qKaShpk1TUy5ipaAlusmavGLxKsPE+i3AMlvf/f6ch3
-1MjAtIf5rYujJjAkMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEB
-MAoGCCqGSM49BAMCA0kAMEYCIQDXj280LNZbSbi0Y2WvtQrJBUw4wdm8qAeOeuH7
-6XiLEwIhAPBRsmst/ujcChsG2t6LpG+p8s4rfIfh8YLo/4qrcc5p
+MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
+dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
+AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw
+NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM
+Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv
+b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m
+TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a
+7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE
+LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY
+iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK
+5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx
+HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58
+m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF
+PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q
+hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj
+shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k
+ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu
+f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD
+VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB
+AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v
+qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/
+3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ
+4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7
+3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch
+Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf
+Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg
+tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF
+tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ
+UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp
+0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO
-----END CERTIFICATE-----`)
diff --git a/pkg/vpn/bonafide/auth_sip.go b/pkg/vpn/bonafide/auth_sip.go
index e00252f3..0c8ee4f1 100644
--- a/pkg/vpn/bonafide/auth_sip.go
+++ b/pkg/vpn/bonafide/auth_sip.go
@@ -40,7 +40,6 @@ func (a *sipAuthentication) needsCredentials() bool {
func (a *sipAuthentication) getToken(user, password string) ([]byte, error) {
/* TODO refresh session token periodically */
if hasRecentToken() {
- log.Println("Got cached token")
return readToken()
}
credJSON, err := formatCredentials(user, password)
diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go
index b81fd841..99634483 100644
--- a/pkg/vpn/bonafide/bonafide.go
+++ b/pkg/vpn/bonafide/bonafide.go
@@ -232,23 +232,36 @@ func (b *Bonafide) GetOpenvpnArgs() ([]string, error) {
}
func (b *Bonafide) fetchGeolocation() ([]string, error) {
+ /* FIXME in float deployments, geolocation is served on gemyip.domain/json, with a LE certificate.
+ So this is a workaround until we streamline that behavior */
resp, err := b.client.Post(config.GeolocationAPI, "", nil)
if err != nil {
- return nil, err
+ client := &http.Client{}
+ _resp, err := client.Post(config.GeolocationAPI, "", nil)
+ if err != nil {
+ log.Println("ERROR: could not fetch geolocation:", fmt.Errorf("%s", err))
+ return nil, err
+ }
+ resp = _resp
}
+
defer resp.Body.Close()
if resp.StatusCode != 200 {
- return nil, fmt.Errorf("get geolocation failed with status: %s", resp.Status)
+ log.Println("ERROR: bad status code while fetching geolocation:", fmt.Errorf("%s", resp.Status))
+ return nil, fmt.Errorf("Get geolocation failed with status: %s", resp.Status)
}
geo := &geoLocation{}
dataJSON, err := ioutil.ReadAll(resp.Body)
err = json.Unmarshal(dataJSON, &geo)
if err != nil {
- _ = fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+ log.Println("ERROR: cannot parse geolocation json", fmt.Errorf("%s", err))
+ log.Println(string(dataJSON))
+ _ = fmt.Errorf("bad json")
return nil, err
}
+ log.Println("Got sorted gateways:", geo.SortedGateways)
return geo.SortedGateways, nil
}
diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go
index ff73da9f..49f4bb1f 100644
--- a/pkg/vpn/bonafide/eip_service.go
+++ b/pkg/vpn/bonafide/eip_service.go
@@ -214,6 +214,7 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) {
}
}
}
+
for _, host := range geolocatedGateways {
for _, gw := range eip.Gateways {
if gw.Host == host {
@@ -221,7 +222,17 @@ func (eip *eipService) sortGatewaysByGeolocation(geolocatedGateways []string) {
}
}
}
- eip.Gateways = gws
+
+ if len(gws) == 0 {
+ log.Println("ERROR: avoiding to replace eip.Gateways will null list. Is the geolocation service properly configured?")
+ } else {
+ if len(gws) > 2 {
+ eip.Gateways = gws[:3]
+ } else {
+ eip.Gateways = gws
+ }
+ log.Println("Picked best gateways for location:", eip.Gateways)
+ }
}
type gatewayDistance struct {
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 6055e6a5..4997a34d 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -158,7 +158,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
certPath = b.getCertPemPath()
if _, err := os.Stat(certPath); os.IsNotExist(err) {
- log.Println("Cert does not exist in ", certPath, "...fetching")
+ log.Println("Fetching certificate to", certPath)
cert, err := b.bonafide.GetPemCertificate()
if err != nil {
return "", err
--
GitLab