bats

2024-05-05 eguneraketa
2024-05-05 17:12:45 +02:00 · 2024-05-05 16:47:07 +02:00 · 2024-05-05 16:45:21 +02:00 · 2024-05-05 16:40:57 +02:00 · 2024-03-04 09:09:14 +01:00 · 2024-03-01 23:17:00 +01:00
14 changed files with 63 additions and 90 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,20 @@
 # Changelog
 ## Unreleased 2024-05-05
 ### Adjust config
 * Replace deprecated legacy_ssl with c2s_direct_tls.
 * Removed use_libevent = true. This means the default is now used which is epoll.
 ### Test
 Added a test to check that no deprecated config settings are used.
 ## v1.3.2
 * Added Firewall module with optional custom blacklist
 ## v1.3.1
 * Added optional Firewall module for testing
--- a/11
+++ b/11
@ -102,17 +102,16 @@ COPY *.bash /usr/local/bin/
 RUN download-prosody-modules.bash \
 && docker-prosody-module-install.bash \
-        bookmarks `# XEP-0411: Bookmarks Conversion` \
+        #bookmarks `# XEP-0411: Bookmarks Conversion` \
-        carbons `# message carbons (XEP-0280)` \
+        #carbons `# message carbons (XEP-0280)` \
        cloud_notify `# XEP-0357: Push Notifications` \
-        csi `# client state indication (XEP-0352)` \
+        #csi `# client state indication (XEP-0352)` \
        e2e_policy `# require end-2-end encryption` \
        filter_chatstates `# disable "X is typing" type messages` \
-        smacks `# stream management (XEP-0198)` \
+        #smacks `# stream management (XEP-0198)` \
        throttle_presence `# presence throttling in CSI` \
        vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
- && docker-prosody-module-pre-install.bash \
+	    firewall `# anti-spam firewall` \
 	firewall `# anti-spam firewall` \
 && rm -rf "/usr/src/prosody-modules"
 RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
--- a/conf.d/01-modules.cfg.lua
+++ b/conf.d/01-modules.cfg.lua
@ -1,7 +1,8 @@
 plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };
 -- table of enabled modules
-local mods_enabled = {
+-- local mods_enabled = {
 modules_enabled = {
    -- Generally required
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
@ -48,19 +49,7 @@ local mods_enabled = {
    "server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
 };
-local enabled = os.getenv("ENABLE_FIREWALL") or "false"
+-- modules_enabled = mods_enabled;
 local spam_blocklist = os.getenv("SPAM_BLOCKLIST") and "/usr/local/etc/prosody/firewall/" .. os.getenv("SPAM_BLOCKLIST") or "module:scripts/spam-blocklists.pfw"
 if(enabled == "true")
 then
   table.insert(mods_enabled, "firewall");
   firewall_scripts = {
   	spam_blocklist;
   }
 end
 modules_enabled = mods_enabled;
 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
@ -69,4 +58,3 @@ modules_disabled = {
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
 };
--- a/conf.d/05-vhost.cfg.lua
+++ b/conf.d/05-vhost.cfg.lua
@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
 -- XEP-0368: SRV records for XMPP over TLS
 -- https://compliance.conversations.im/test/xep0368/
-legacy_ssl_ssl = {
+c2s_direct_tls_ssl = {
-	certificate = "certs/" .. domain .. "/fullchain.pem";
+    certificate = "certs/" .. domain .. "/fullchain.pem";
 	key = "certs/" .. domain .. "/privkey.pem";
 }
-legacy_ssl_ports = { 5223 }
+c2s_direct_tls_ports = { 5223 }
 -- https://prosody.im/doc/certificates#service_certificates
 -- https://prosody.im/doc/ports#ssl_configuration
--- a/docker-prosody-module-install.bash
+++ b/docker-prosody-module-install.bash
@ -43,7 +43,13 @@ for ext in $exts; do
 	# Skip this if the modules should not be added to modules_enabled.
 	if [ "$ext" != "http_upload" ] && [ "$ext" != "vcard_muc" ] ; then
 		echo " - enabling within ${config}"
-		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(mods_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
+		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
 		echo "${new_config}" > "${config}"
 	fi
 	# firewall module configuration
    	if [ "$ext" == "firewall" ] ; then
        	echo " - setting up mod_${ext}"
        	new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\t\"module:scripts/spam-blocking.pfw\";\n\tspam_blocklist;\n};")
        	echo "${new_config}" >> "${config}"
    	fi
 done
--- a/docker-prosody-module-pre-install.bash
+++ b/docker-prosody-module-pre-install.bash
@ -1,42 +0,0 @@
 #!/bin/bash
 set -e
 source="/usr/src/prosody-modules"
 target="/usr/local/lib/prosody/custom-modules"
 cd ${source}
 usage() {
 	echo "usage: $0 ext-name [ext-name ...]"
 	echo "   ie: $0 carbons e2e_policy proxy65"
 	echo
 	echo 'Possible values for ext-name:'
 	find . -mindepth 1 -maxdepth 1 -type d | sort | sed s/\.\\/mod_//g | xargs
 }
 exts=
 for ext; do
 	if [ -z "mod_$ext" ]; then
 		continue
 	fi
 	if [ ! -d "mod_$ext" ]; then
 		echo >&2 "error: $PWD/mod_$ext does not exist"
 		echo >&2
 		usage >&2
 		exit 1
 	fi
 	exts="$exts $ext"
 done
 if [ -z "$exts" ]; then
 	usage >&2
 	exit 1
 fi
 for ext in $exts; do
 	echo "Installing mod_${ext}"
 	echo " - copying to ${target}"
 	cp -r "${source}/mod_${ext}" "${target}/"
 done
--- a/extras/firewall/blacklist.txt
+++ b/extras/firewall/blacklist.txt
@ -2,13 +2,16 @@ bashtel.ru
 creep.im
 darkengine.biz
 default.rs
 exploit.im
 hiddenlizard.org
 jabber.bitactive.com
 jabber.cd
 jabber.cz
 jabber.freenet.de
 jabber.ipredator.se
 jabber.npw.net
 jabber.sampo.ru
 jabbim.pl
 labas.biz
 otr.chat
 paranoid.scarab.name
--- a/prosody.cfg.lua
+++ b/prosody.cfg.lua
@ -1,14 +1,12 @@
 -- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
 -- easily extendable by putting into different config files within conf.d folder
-local stringy = require "stringy" 
+local stringy = require "stringy"
 admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
 pidfile = "/var/run/prosody/prosody.pid"
 use_libevent = true; -- improves performance
 allow_registration = os.getenv("ALLOW_REGISTRATION");
 c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
--- a/readme.md
+++ b/readme.md
@ -1,14 +1,5 @@
 # Prosody XMPP Docker image
 ![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev)
 ![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody)
 [![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest)
 [![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest)
 [![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/)
 [![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/)
 [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues)
 [![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls)
 This docker image forked from [SaraSmiseth](https://github.com/SaraSmiseth)'s [repository](https://github.com/SaraSmiseth/prosody) provides you with a configured [Prosody](https://prosody.im/) XMPP server. Includes the _prosody-migrator_ tool for data migrations between different database types and there is also an option to create a bridges between the XMPP server and the most popular messaging services like Telegram or Matrix, via [Matterbridge](https://github.com/42wim/matterbridge). The image is based on `debian:bookworm-slim`.
 The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org).
 Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4.
@ -54,7 +45,7 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
 * Secure by default
  * SSL certificate required
  * End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
-  * Anti-spam filter (based on the pre-installed [Firewall](https://modules.prosody.im/mod_firewall) module)
+  * Anti-spam filter (based on [Firewall](https://modules.prosody.im/mod_firewall) module)
 * Data storage
  * SQLite message store
  * Configured file upload and image sharing
@ -158,7 +149,7 @@ docker build -t prosody/xmpp .
 Next I recommend using a ```docker-compose.yml``` file:
 ```yaml
-version: '3.7'
+version: '3.9'
 services:
  server:
@ -246,7 +237,6 @@ sudo chown 999:999 ./data
 | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:security@**DOMAIN**" |
 | **SERVER_CONTACT_INFO_SUPPORT**  | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:support@**DOMAIN**"  |
 | **PROSODY_ADMINS**               | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net"                         | *optional*                                   | ""                         |
 | **ENABLE_FIREWALL**              | Enable Firewall module                                                                                               | *optional*                                   | false                      |
 | **SPAM_BLOCKLIST**               | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw"                                                    | *optional*                                   |                       |
 #### DNS
@ -272,6 +262,11 @@ There is also ```docker-prosody-module-pre-install.bash``` which downloads the s
 If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
 #### Firewall module
 By default, the Firewall module obtains the list of spamming used known domains through the CDN service provided by [cdn.jsdelivr.net](https://cdn.jsdelivr.net/) at https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt , but additionally a custom blacklist can be used through the ```SPAM_BLOCKLIST``` environment variable.
 If you need more sophisticated rules, please refer to the module [documentation](https://modules.prosody.im/mod_firewall).
 ### Upgrade
 When migrating from prosody 0.10, you need to update the database once:
--- a/tests/bats/bats-assert
+++ b/tests/bats/bats-assert
@ -0,0 +1 @@
 Subproject commit e2d855bc78619ee15b0c702b5c30fb074101159f
--- a/tests/bats/bats-core
+++ b/tests/bats/bats-core
@ -0,0 +1 @@
 Subproject commit a751f3d3da4b7db830612322a068a18379c78d09
--- a/tests/bats/bats-support
+++ b/tests/bats/bats-support
@ -0,0 +1 @@
 Subproject commit 9bf10e876dd6b624fe44423f0b35e064225f7556
--- a/tests/docker-compose.yml
+++ b/tests/docker-compose.yml
@ -1,8 +1,6 @@
 version: "3.9"
 services:
  prosody:
-    image: prosody
+    image: prosody/xmpp:latest
    restart: unless-stopped
    ports:
      - "5000:5000"
@ -19,7 +17,7 @@ services:
      - ./certs:/usr/local/etc/prosody/certs
  prosody_postgres:
-    image: prosody
+    image: prosody/xmpp:latest
    restart: unless-stopped
    ports:
      - "5000:5000"
@ -53,7 +51,7 @@ services:
      POSTGRES_PASSWORD: prosody
  prosody_ldap:
-    image: prosody
+    image: prosody/xmpp:latest
    restart: unless-stopped
    ports:
      - "5000:5000"
--- a/tests/tests.bats
+++ b/tests/tests.bats
@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
  assert_output
 }
-@test "Should activate legacy_ssl" {
+@test "Should activate c2s_direct_tls" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
+  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
  assert_success
  assert_output
 }
@ -82,7 +82,17 @@ load 'bats/bats-assert/load'
 }
@test "Should show upload URL" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
+  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
  assert_success
  assert_output
 }
@test "Should not use deprecated config" {
  run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
  assert_failure
 }
@test "Should not have warnings in log" {
  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
  assert_failure
 }
Author	SHA1	Message	Date
aitzol	bce1639d25	bats	2024-05-05 17:12:45 +02:00
aitzol	0de34e5f74	2024-05-05 eguneraketa	2024-05-05 16:47:07 +02:00
aitzol	4857ee42e9	2024-05-05 eguneraketa	2024-05-05 16:45:21 +02:00
aitzol	da5371f30f	2024-05-05 eguneraketa	2024-05-05 16:40:57 +02:00
aitzol	73838d1aa5	fixed firewall scripts	2024-03-04 09:09:14 +01:00
aitzol	917824e3a9	v1.3.2	2024-03-01 23:17:00 +01:00
aitzol	c55a135d24	readme	2024-03-01 21:12:20 +01:00
aitzol	38674d073b	readme	2024-03-01 19:08:03 +01:00
aitzol	cedeabd6a8	v1.3.2	2024-03-01 17:21:11 +01:00
aitzol	95b4b5da6e	v1.3.2	2024-03-01 17:16:00 +01:00
aitzol	e7fa66e938	v1.3.2	2024-03-01 17:09:43 +01:00
		`@ -0,0 +1 @@`
							`Subproject commit e2d855bc78619ee15b0c702b5c30fb074101159f`
		`@ -0,0 +1 @@`
							`Subproject commit a751f3d3da4b7db830612322a068a18379c78d09`
		`@ -0,0 +1 @@`
							`Subproject commit 9bf10e876dd6b624fe44423f0b35e064225f7556`