From 64f7f23ec5cf407c147d2d712c856db9ee147689 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Sun, 22 Aug 2021 14:53:14 +0200
Subject: [PATCH] Show more information on page to diagnose initial problems

---
 commander                      | 31 +++++++++++++++++++++++----
 gui/dashboard.go               |  3 +++
 gui/main.go                    | 38 ++++++++++++++++++++++++++++++++--
 gui/templates/views/error.tmpl |  9 ++++++++
 4 files changed, 75 insertions(+), 6 deletions(-)

diff --git a/commander b/commander
index 783fbf0..74a62eb 100755
--- a/commander
+++ b/commander
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-set -e
+set -euo pipefail
 
 LOGFILE=/home/labca/logs/commander.log
 
@@ -18,8 +18,15 @@ function wait_server() {
 
     local status=0
     local cnt=0
+
+    set +e
+    res=$(curl -o /dev/null -sSL --head --write-out '%{http_code}\n' $url 2>&1)
+    if [ $? -ne 0 ]; then
+        echo -n $res
+    fi
+    set -e
     while [ $cnt -lt 40 ] && [ "$status" != "200" ]; do
-        status=$(curl -o /dev/null -sSL --head --write-out '%{http_code}\n' $url)
+        status=$(curl -o /dev/null -sSL --head --write-out '%{http_code}\n' $url &>>$LOGFILE)
         let cnt=$cnt+1
         if [ "$status" != "200" ]; then
             sleep 5
@@ -70,13 +77,21 @@ case $txt in
     service nginx restart
     ;;
 "log-cert")
-    tail -200 /etc/nginx/ssl/acme_tiny.log
+    [ -f /etc/nginx/ssl/acme_tiny.log ] && tail -200 /etc/nginx/ssl/acme_tiny.log || /bin/true
+    exit 0
+    ;;
+"log-commander")
+    [ -f $LOGFILE ] && tail -200 $LOGFILE || /bin/true
     exit 0
     ;;
 "log-boulder")
     cd /home/labca/boulder
     docker-compose logs -f --no-color --tail=50 boulder
     ;;
+"log-boulder-notail")
+    cd /home/labca/boulder
+    docker-compose logs --no-color --tail=50 boulder
+    ;;
 "log-audit")
     cd /home/labca/boulder
     docker-compose logs --no-color boulder | grep "\[AUDIT\]" | grep -v "grpc: parseServiceConfig error unmarshaling  due to unexpected end of JSON input" | tail -50
@@ -92,11 +107,19 @@ case $txt in
     cd /home/labca/boulder
     docker-compose logs -f --no-color --tail=50 labca
     ;;
+"log-labca-notail")
+    cd /home/labca/boulder
+    docker-compose logs --no-color --tail=50 labca
+    ;;
+"log-labca-err")
+    [ -f /var/log/labca.err ] && tail -200 /var/log/labca.err || /bin/true
+    exit 0
+    ;;
 "log-web")
     tail -f -n 50 /var/log/nginx/access.log
     ;;
 "log-weberr")
-    tail -200 /var/log/nginx/error.log
+    [ -f /var/log/nginx/error.log ] && tail -200 /var/log/nginx/error.log || /bin/true
     exit 0
     ;;
 "log-components")
diff --git a/gui/dashboard.go b/gui/dashboard.go
index 2a9970a..9d3613f 100644
--- a/gui/dashboard.go
+++ b/gui/dashboard.go
@@ -47,6 +47,9 @@ func _parseLine(line string, loc *time.Location) Activity {
 
 	re := regexp.MustCompile("^.*\\|\\s*(\\S)(\\S+) (\\S+) (\\S+) (.*)$")
 	result := re.FindStringSubmatch(line)
+	if len(result) == 0 {
+		return activity
+	}
 
 	activity.Class = ""
 	if result[1] == "W" {
diff --git a/gui/main.go b/gui/main.go
index 23b7337..114b1f9 100644
--- a/gui/main.go
+++ b/gui/main.go
@@ -186,10 +186,18 @@ func (cfg *SetupConfig) Validate(orgRequired bool) bool {
 		cfg.Errors["LockdownDomains"] = "Please enter one or more domains that this PKI host is locked down to"
 	}
 
+	if cfg.DomainMode == "lockdown" && strings.HasPrefix(cfg.LockdownDomains, ".") {
+		cfg.Errors["LockdownDomains"] = "Domain should not start with a dot"
+	}
+
 	if cfg.DomainMode == "whitelist" && strings.TrimSpace(cfg.WhitelistDomains) == "" {
 		cfg.Errors["WhitelistDomains"] = "Please enter one or more domains that are whitelisted for this PKI host"
 	}
 
+	if cfg.DomainMode == "whitelist" && strings.HasPrefix(cfg.WhitelistDomains, ".") {
+		cfg.Errors["WhitelistDomains"] = "Domain should not start with a dot"
+	}
+
 	return len(cfg.Errors) == 0
 }
 
@@ -234,8 +242,34 @@ func errorHandler(w http.ResponseWriter, r *http.Request, err error, status int)
 		}
 		fmt.Print(strings.Join(lines, "\n"))
 
-		render(w, r, "error", map[string]interface{}{"Message": "Some unexpected error occurred!"})
-		// TODO: send email eventually with info on the error
+		if viper.GetBool("config.complete") {
+			render(w, r, "error", map[string]interface{}{"Message": "Some unexpected error occurred!"})
+		} else {
+			// ONLY in the setup phase to prevent leaking too much details to users
+			var FileErrors []interface{}
+			data := getLog(w, r, "cert")
+			if data != "" {
+				FileErrors = append(FileErrors, map[string]interface{}{"FileName": "/etc/nginx/ssl/acme_tiny.log", "Content": data})
+			}
+			data = getLog(w, r, "commander")
+			if data != "" {
+				FileErrors = append(FileErrors, map[string]interface{}{"FileName": "/home/labca/logs/commander.log", "Content": data})
+			}
+			data = getLog(w, r, "labca-notail")
+			if data != "" {
+				FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs labca", "Content": data})
+			}
+			data = getLog(w, r, "boulder-notail")
+			if data != "" {
+				FileErrors = append(FileErrors, map[string]interface{}{"FileName": "docker-compose logs boulder", "Content": data})
+			}
+			data = getLog(w, r, "labca-err")
+			if data != "" {
+				FileErrors = append(FileErrors, map[string]interface{}{"FileName": "/var/log/labca.err", "Content": data})
+			}
+
+			render(w, r, "error", map[string]interface{}{"Message": "Some unexpected error occurred!", "FileErrors": FileErrors})
+		}
 	}
 }
 
diff --git a/gui/templates/views/error.tmpl b/gui/templates/views/error.tmpl
index 53d07a4..0ace428 100644
--- a/gui/templates/views/error.tmpl
+++ b/gui/templates/views/error.tmpl
@@ -1,4 +1,13 @@
 {{ define "body" }}
     <h3>OOPS</h3>
     <p>{{ .Message }}</p>
+    {{ if .FileErrors }}
+    <br/>
+    <h4>Diagnostics</h4>
+    <p>These log files might help you determine what the problem is:</p>
+        {{ range $item := .FileErrors }}
+            <p><b>{{ $item.FileName }}</b></p>
+            <pre>{{ $item.Content }}</pre>
+        {{ end }}
+    {{ end }}
 {{ end }}