Fixed #297

- Added UI to showcase ZeroSSL do not support DNS challenge - Added test case for origin picker - Updated zerotier struct info (wip)
2025-06-01 13:17:21 +02:00 · 2024-09-09 21:12:12 +08:00 · 2024-09-09 21:12:12 +08:00 · 3392013a5c
commit 3392013a5c
parent 8b4c601d50
8 changed files with 215 additions and 30 deletions
--- a/src/main.go
+++ b/src/main.go
@ -59,9 +59,9 @@ var enableAutoUpdate = flag.Bool("cfgupgrade", true, "Enable auto config upgrade

 var (
 	name        = "Zoraxy"
-	version     = "3.1.1"
+	version     = "3.1.2"
 	nodeUUID    = "generic" //System uuid, in uuidv4 format
-	development = false     //Set this to false to use embedded web fs
+	development = true      //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()

 	/*
--- a/src/mod/dynamicproxy/domainsniff/domainsniff.go
+++ b/src/mod/dynamicproxy/domainsniff/domainsniff.go
@ -1,11 +1,19 @@
 package domainsniff

+/*
+	Domainsniff
+
+	This package contain codes that perform project / domain specific behavior in Zoraxy
+	If you want Zoraxy to handle a particular domain or open source project in a special way,
+	you can add the checking logic here.
+
+*/
 import (
 	"net"
 	"time"
 )

-//Check if the domain is reachable and return err if not reachable
+// Check if the domain is reachable and return err if not reachable
 func DomainReachableWithError(domain string) error {
 	timeout := 1 * time.Second
 	conn, err := net.DialTimeout("tcp", domain, timeout)
@ -17,7 +25,7 @@ func DomainReachableWithError(domain string) error {
 	return nil
 }

-//Check if domain reachable
+// Check if domain reachable
 func DomainReachable(domain string) bool {
 	return DomainReachableWithError(domain) == nil
 }
--- a/src/mod/dynamicproxy/dpcore/dpcore_test.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore_test.go
@ -1,29 +1,67 @@
 package dpcore_test

 import (
+	"net/url"
 	"testing"

 	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
 )

 func TestReplaceLocationHost(t *testing.T) {
-	urlString := "http://private.com/test/newtarget/"
-	rrr := &dpcore.ResponseRewriteRuleSet{
-		OriginalHost: "test.example.com",
-		ProxyDomain:  "private.com/test",
-		UseTLS:       true,
-	}
-	useTLS := true
+	tests := []struct {
+		name           string
+		urlString      string
+		rrr            *dpcore.ResponseRewriteRuleSet
+		useTLS         bool
+		expectedResult string
+		expectError    bool
+	}{
+		{
+			name:           "Basic HTTP to HTTPS redirection",
+			urlString:      "http://example.com/resource",
+			rrr:            &dpcore.ResponseRewriteRuleSet{ProxyDomain: "example.com", OriginalHost: "proxy.example.com", UseTLS: true},
+			useTLS:         true,
+			expectedResult: "https://proxy.example.com/resource",
+			expectError:    false,
+		},

-	expectedResult := "https://test.example.com/newtarget/"
-
-	result, err := dpcore.ReplaceLocationHost(urlString, rrr, useTLS)
-	if err != nil {
-		t.Errorf("Error occurred: %v", err)
+		{
+			name:           "Basic HTTPS to HTTP redirection",
+			urlString:      "https://proxy.example.com/resource",
+			rrr:            &dpcore.ResponseRewriteRuleSet{ProxyDomain: "proxy.example.com", OriginalHost: "proxy.example.com", UseTLS: false},
+			useTLS:         false,
+			expectedResult: "http://proxy.example.com/resource",
+			expectError:    false,
+		},
+		{
+			name:           "No rewrite on mismatched domain",
+			urlString:      "http://anotherdomain.com/resource",
+			rrr:            &dpcore.ResponseRewriteRuleSet{ProxyDomain: "proxy.example.com", OriginalHost: "proxy.example.com", UseTLS: true},
+			useTLS:         true,
+			expectedResult: "http://anotherdomain.com/resource",
+			expectError:    false,
+		},
+		{
+			name:           "Subpath trimming with HTTPS",
+			urlString:      "https://blog.example.com/post?id=1",
+			rrr:            &dpcore.ResponseRewriteRuleSet{ProxyDomain: "blog.example.com", OriginalHost: "proxy.example.com/blog", UseTLS: true},
+			useTLS:         true,
+			expectedResult: "https://proxy.example.com/blog/post?id=1",
+			expectError:    false,
+		},
 	}

-	if result != expectedResult {
-		t.Errorf("Expected: %s, but got: %s", expectedResult, result)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := dpcore.ReplaceLocationHost(tt.urlString, tt.rrr, tt.useTLS)
+			if (err != nil) != tt.expectError {
+				t.Errorf("Expected error: %v, got: %v", tt.expectError, err)
+			}
+			if result != tt.expectedResult {
+				result, _ = url.QueryUnescape(result)
+				t.Errorf("Expected result: %s, got: %s", tt.expectedResult, result)
+			}
+		})
 	}
 }

@ -36,7 +74,7 @@ func TestReplaceLocationHostRelative(t *testing.T) {
 	}
 	useTLS := true

-	expectedResult := "https://test.example.com/api/"
+	expectedResult := "api/"

 	result, err := dpcore.ReplaceLocationHost(urlString, rrr, useTLS)
 	if err != nil {
--- a/src/mod/dynamicproxy/dpcore/utils.go
+++ b/src/mod/dynamicproxy/dpcore/utils.go
@ -60,7 +60,7 @@ func replaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS b
 	return u.String(), nil
 }

-// Debug functions
+// Debug functions for replaceLocationHost
 func ReplaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS bool) (string, error) {
 	return replaceLocationHost(urlString, rrr, useTLS)
 }
--- a/src/mod/dynamicproxy/loadbalance/originPicker_test.go
+++ b/src/mod/dynamicproxy/loadbalance/originPicker_test.go
@ -0,0 +1,100 @@
+package loadbalance
+
+import (
+	"fmt"
+	"math"
+	"math/rand"
+	"testing"
+	"time"
+)
+
+// func getRandomUpstreamByWeight(upstreams []*Upstream) (*Upstream, int, error) { ... }
+func TestRandomUpstreamSelection(t *testing.T) {
+	rand.Seed(time.Now().UnixNano()) // Seed for randomness
+
+	// Define some test upstreams
+	upstreams := []*Upstream{
+		{
+			OriginIpOrDomain:         "192.168.1.1:8080",
+			RequireTLS:               false,
+			SkipCertValidations:      false,
+			SkipWebSocketOriginCheck: false,
+			Weight:                   1,
+			MaxConn:                  0, // No connection limit for now
+		},
+		{
+			OriginIpOrDomain:         "192.168.1.2:8080",
+			RequireTLS:               false,
+			SkipCertValidations:      false,
+			SkipWebSocketOriginCheck: false,
+			Weight:                   1,
+			MaxConn:                  0,
+		},
+		{
+			OriginIpOrDomain:         "192.168.1.3:8080",
+			RequireTLS:               true,
+			SkipCertValidations:      true,
+			SkipWebSocketOriginCheck: true,
+			Weight:                   1,
+			MaxConn:                  0,
+		},
+		{
+			OriginIpOrDomain:         "192.168.1.4:8080",
+			RequireTLS:               true,
+			SkipCertValidations:      true,
+			SkipWebSocketOriginCheck: true,
+			Weight:                   1,
+			MaxConn:                  0,
+		},
+	}
+
+	// Track how many times each upstream is selected
+	selectionCount := make(map[string]int)
+	totalPicks := 10000 // Number of times to call getRandomUpstreamByWeight
+	//expectedPickCount := totalPicks / len(upstreams) // Ideal count for each upstream
+
+	// Pick upstreams and record their selection count
+	for i := 0; i < totalPicks; i++ {
+		upstream, _, err := getRandomUpstreamByWeight(upstreams)
+		if err != nil {
+			t.Fatalf("Error getting random upstream: %v", err)
+		}
+		selectionCount[upstream.OriginIpOrDomain]++
+	}
+
+	// Condition 1: Ensure every upstream has been picked at least once
+	for _, upstream := range upstreams {
+		if selectionCount[upstream.OriginIpOrDomain] == 0 {
+			t.Errorf("Upstream %s was never selected", upstream.OriginIpOrDomain)
+		}
+	}
+
+	// Condition 2: Check that the distribution is within 1-2 standard deviations
+	counts := make([]float64, len(upstreams))
+	for i, upstream := range upstreams {
+		counts[i] = float64(selectionCount[upstream.OriginIpOrDomain])
+	}
+
+	mean := float64(totalPicks) / float64(len(upstreams))
+	stddev := calculateStdDev(counts, mean)
+
+	tolerance := 2 * stddev // Allowing up to 2 standard deviations
+	for i, count := range counts {
+		if math.Abs(count-mean) > tolerance {
+			t.Errorf("Selection of upstream %s is outside acceptable range: %v picks (mean: %v, stddev: %v)", upstreams[i].OriginIpOrDomain, count, mean, stddev)
+		}
+	}
+
+	fmt.Println("Selection count:", selectionCount)
+	fmt.Printf("Mean: %.2f, StdDev: %.2f\n", mean, stddev)
+}
+
+// Helper function to calculate standard deviation
+func calculateStdDev(data []float64, mean float64) float64 {
+	var sumOfSquares float64
+	for _, value := range data {
+		sumOfSquares += (value - mean) * (value - mean)
+	}
+	variance := sumOfSquares / float64(len(data))
+	return math.Sqrt(variance)
+}
--- a/src/mod/ganserv/ganserv.go
+++ b/src/mod/ganserv/ganserv.go
@ -1,6 +1,7 @@
 package ganserv

 import (
+	"log"
 	"net"

 	"imuslab.com/zoraxy/mod/database"
@ -85,6 +86,7 @@ func NewNetworkManager(option *NetworkManagerOptions) *NetworkManager {
 	//Get controller info
 	instanceInfo, err := getControllerInfo(option.AuthToken, option.ApiPort)
 	if err != nil {
+		log.Println("ZeroTier connection failed: ", err.Error())
 		return &NetworkManager{
 			authToken:        option.AuthToken,
 			apiPort:          option.ApiPort,
--- a/src/mod/ganserv/zerotier.go
+++ b/src/mod/ganserv/zerotier.go
@ -28,11 +28,17 @@ type NodeInfo struct {
 	Clock   int64  `json:"clock"`
 	Config  struct {
 		Settings struct {
-			AllowTCPFallbackRelay bool   `json:"allowTcpFallbackRelay"`
-			PortMappingEnabled    bool   `json:"portMappingEnabled"`
-			PrimaryPort           int    `json:"primaryPort"`
-			SoftwareUpdate        string `json:"softwareUpdate"`
-			SoftwareUpdateChannel string `json:"softwareUpdateChannel"`
+			AllowTCPFallbackRelay bool     `json:"allowTcpFallbackRelay,omitempty"`
+			ForceTCPRelay         bool     `json:"forceTcpRelay,omitempty"`
+			HomeDir               string   `json:"homeDir,omitempty"`
+			ListeningOn           []string `json:"listeningOn,omitempty"`
+			PortMappingEnabled    bool     `json:"portMappingEnabled,omitempty"`
+			PrimaryPort           int      `json:"primaryPort,omitempty"`
+			SecondaryPort         int      `json:"secondaryPort,omitempty"`
+			SoftwareUpdate        string   `json:"softwareUpdate,omitempty"`
+			SoftwareUpdateChannel string   `json:"softwareUpdateChannel,omitempty"`
+			SurfaceAddresses      []string `json:"surfaceAddresses,omitempty"`
+			TertiaryPort          int      `json:"tertiaryPort,omitempty"`
 		} `json:"settings"`
 	} `json:"config"`
 	Online               bool   `json:"online"`
@ -46,7 +52,6 @@ type NodeInfo struct {
 	VersionMinor         int    `json:"versionMinor"`
 	VersionRev           int    `json:"versionRev"`
 }
-
 type ErrResp struct {
 	Message string `json:"message"`
 }
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@ -91,8 +91,11 @@
  <div class="ui form">
    <div class="field">
      <label>Domain(s)</label>
-      <input id="domainsInput" type="text" placeholder="example.com" onkeyup="checkIfInputDomainIsMultiple();">
-      <small>If you have more than one domain in a single certificate, enter the domains separated by commas (e.g. s1.dev.example.com,s2.dev.example.com)</small>
+      <input id="domainsInput" type="text" placeholder="example.com" onkeyup="handlePostInputAutomation();">
+      <small>If you have more than one domain in a single certificate, enter the domains separated by commas (e.g. s1.dev.example.com,s2.dev.example.com)
+        <span id="caNoDNSSupportWarning" style="color: #ffaf2e; display:none;"><br> <i class="exclamation triangle icon"></i> Current selected CA do not support DNS challenge</span>
+      </small>
+      
    </div>
    <div class="field multiDomainOnly" style="display:none;">
      <label>Matching Rule</label>
@ -113,7 +116,6 @@
          <div class="item" data-value="Buypass">Buypass</div>
          <div class="item" data-value="ZeroSSL">ZeroSSL</div>
          <div class="item" data-value="Custom ACME Server">Custom ACME Server</div>
-          <!-- <div class="item" data-value="Google">Google</div> -->
        </div>
      </div>
    </div>
@ -389,7 +391,7 @@
      
      
    });
-
+    
    //On CA change in dropdown
    $("input[name=ca]").on('change', function() {
      if(this.value == "Custom ACME Server") {
@ -740,6 +742,7 @@
      });
    }

+    //Check if the entered domain contains multiple domains
    function checkIfInputDomainIsMultiple(){
      var inputDomains = $("#domainsInput").val();
      if (inputDomains.includes(",")){
@ -749,6 +752,35 @@
      }
    }

+    //Validate if the current combinations of domain and CA supports DNS challenge
+    function validateDNSChallengeSupport(){
+      if ($("#domainsInput").val().includes("*")){
+        var ca = $("#ca").dropdown("get value");
+        if (ca == "Let's Encrypt" || ca == ""){
+          $("#caNoDNSSupportWarning").hide();
+        }else{
+          $("#caNoDNSSupportWarning").show();
+        }
+      }else{
+        $("#caNoDNSSupportWarning").hide();
+      }
+    }
+
+    //call to validateDNSChallengeSupport() on #ca value change
+    $("#ca").dropdown({
+      onChange: function(value, text, $selectedItem) {
+        validateDNSChallengeSupport();
+      }
+    });
+
+    //Handle the input change event on domain input
+    function handlePostInputAutomation(){
+      checkIfInputDomainIsMultiple();
+      validateDNSChallengeSupport();
+    }
+
+    
+
    function toggleDnsChallenge(){
      if ( $("#useDnsChallenge")[0].checked){
        $(".dnsChallengeOnly").show();