T11699: Create a job to automate CNAME checks

[redbluegreenhat]

This PR does part of T11699. It introduces a job that is queued automatically when requests are created, and it automatically checks that the custom domain requested has the correct CNAME record.

https://issue-tracker.miraheze.org/T11699

Summary by CodeRabbit

• New Features

  • Introduced automated domain checking functionality.
  • Added configuration for specifying CNAME records for domain checks.

• Improvements

  • Enhanced domain verification process to ensure custom domains are correctly pointed.

• Backend Enhancements

  • Integrated job queue management for handling domain check tasks efficiently.

These updates aim to streamline domain management and enhance reliability in domain verification processes.

[redbluegreenhat]

 includes/DomainCheckJob.php:11 PhanUndeclaredFunction Call to undeclared function \__construct()
includes/DomainCheckJob.php:11 PhanUnusedGotoLabel Unused goto label parent
includes/DomainCheckJob.php:14 PhanTypeMissingReturn Method \Miraheze\RequestSSL\DomainCheckJob::run is declared to return bool in phpdoc but has no return value
includes/DomainCheckJob.php:19 PhanUndeclaredConstant Reference to undeclared constant \customDomain. This will cause a thrown Error in php 8.0+. (Did you mean $customDomain)
includes/DomainCheckJob.php:22 PhanTypeMismatchReturnProbablyReal Returning void of type void but run() is declared to return bool (no real type) (the inferred real return type has nothing in common with the declared phpdoc return type)
includes/DomainCheckJob.php:30 PhanUndeclaredClassMethod Call to method newSystemUser from undeclared class \Miraheze\RequestSSL\User
includes/DomainCheckJob.php:33 PhanUndeclaredClassMethod Call to method newSystemUser from undeclared class \Miraheze\RequestSSL\User
includes/DomainCheckJob.php:35 PhanUndeclaredClassMethod Call to method newSystemUser from undeclared class \Miraheze\RequestSSL\User

Add use User;
Return True on the job.

[redbluegreenhat]

@Universal-Omega This PR does the CNAME check, but more importantly, lays out how I want to approach the checks, with a job. What do you think? Also, in the future, the hardcoded strings at

RequestSSL/includes/DomainCheckJob.php

Lines 30 to 35 in c1483e6

	$requestSslManager->addComment( 'RequestSSL could not determine whether or not this domain is pointed: DNS returned no data during CNAME check.', User::newSystemUser( 'RequestSSL Extension' ) );
	} else {
	if ( $dnsCNAMEData[0]['type'] === 'CNAME' && $dnsCNAMEData[0]['target'] === $cname ) {
	$requestSslManager->addComment( 'Domain is pointed via CNAME.', User::newSystemUser( 'RequestSSL Extension' ) );
	} else {
	$requestSslManager->addComment( 'Domain is not pointed via CNAME. It is possible it is pointed via other means.', User::newSystemUser( 'RequestSSL Extension' ) );

will be interface messages.

[Universal-Omega]

Personally I think we should use a single associative array config, RequestSSLDomainChecks or something then an option for like CNAME, A, AAAA, and NS keys for supported options for checking.

[coderabbitai]

Walkthrough

This update introduces a new DomainCheckJob class to handle domain verification through CNAME records, integrates job queue management into the SpecialRequestSSL process, and adds a configuration for automatic domain checks. These enhancements streamline domain verification and SSL request processes, ensuring smoother operations and better domain management.

Changes

File Path	Change Summary
extension.json	Added DomainCheckJob class, JobQueueGroup service, and RequestSSLDomainCheckCNAME configuration.
includes/Jobs/DomainCheckJob.php	Introduced DomainCheckJob class with methods for domain verification using CNAME records.
includes/Specials/SpecialRequestSSL.php	Added job queue management and job creation in the onSubmit method.

In the land of code, where domains align,
A rabbit hops with tasks divine.
With CNAME checks and queues that hum,
SSL requests now swiftly come.
Through lines of code, the changes weave,
Ensuring domains never deceive.
🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

Out of diff range and nitpick comments (1)

includes/Jobs/DomainCheckJob.php (1)

28-37: Ensure proper documentation for constructor parameters.

The constructor's PHPDoc block should include descriptions for each parameter to improve code readability and maintainability.

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between d3cd494 and 0e1a6f4.

Files selected for processing (3)

• extension.json (3 hunks)
• includes/Jobs/DomainCheckJob.php (1 hunks)
• includes/Specials/SpecialRequestSSL.php (5 hunks)

Additional comments not posted (2)

extension.json (1)

41-49: Validate service dependencies for DomainCheckJob.

Ensure that the services listed under DomainCheckJob are correctly configured and necessary for the job's functionality. This includes verifying that ConfigFactory and RequestSSLManager are used appropriately within the job.

Verification successful

---

Verification of Service Dependencies for DomainCheckJob

The DomainCheckJob class uses both ConfigFactory and RequestSSLManager in its constructor, confirming that these services are correctly configured and necessary for the job's functionality.

Key Findings:

• Class Definition: DomainCheckJob extends Job and implements GenericParameterJob.
• Constructor: The constructor of DomainCheckJob accepts ConfigFactory and RequestSSLManager as parameters and uses them to initialize the class properties.

Relevant Code Snippets:

• Class Definition:

  class DomainCheckJob extends Job implements GenericParameterJob {
      /** @var Config */
      private $config;
  
      /** @var int */
      private $requestID;
  
      /** @var RequestSSLManager */
      private $requestSslManager;

• Constructor:

  public function __construct(
      array $params,
      ConfigFactory $configFactory,
      RequestSSLManager $requestSslManager
  ) {
      parent::__construct('DomainCheckJob', $params);
      $this->requestID = $params['requestID'];
      $this->config = $configFactory->makeConfig('RequestSSL');
      $this->requestSslManager = $requestSslManager;
  }

Conclusion:

The services ConfigFactory and RequestSSLManager are appropriately used within the DomainCheckJob class, confirming their necessity and correct configuration.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Check service usage in DomainCheckJob.
ast-grep --lang php --pattern $'class DomainCheckJob {
  $$$
  __construct($_, $_) {
    $$$
  }
  $$$  
}'

Length of output: 215

---

---

Script:

#!/bin/bash
# Description: Check for the constructor and service usage in DomainCheckJob.
# Search for the DomainCheckJob class definition
rg 'class DomainCheckJob' -A 10

# Search for the constructor within DomainCheckJob
rg 'function __construct' -A 10

# Search for the usage of ConfigFactory and RequestSSLManager within DomainCheckJob
rg 'ConfigFactory|RequestSSLManager' -A 10

Length of output: 19879

includes/Specials/SpecialRequestSSL.php (1)

233-235: Confirm job queue integration.

Verify that the JobSpecification for DomainCheckJob is correctly configured and that the job is being pushed to the job queue as expected. This is crucial for ensuring that the domain check functionality is operational.

Verification successful

---

Confirm job queue integration

The JobSpecification for DomainCheckJob is correctly instantiated and pushed to the job queue using lazyPush in the SpecialRequestSSL class.

• JobSpecification instantiation:

  $domainCheckJob = new JobSpecification( 'DomainCheckJob', ['requestID' => $requestID] );

• lazyPush method call:

  $this->jobQueueGroup->lazyPush( $domainCheckJob );

These lines confirm that the domain check functionality is operational as expected.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify job queue integration for DomainCheckJob.
ast-grep --lang php --pattern $'class SpecialRequestSSL {
  $$$
  onSubmit($_) {
    $$$
    new JobSpecification("DomainCheckJob", $$$)
    $$$
  }
  $$$  
}'

Length of output: 267

---

---

Script:

#!/bin/bash
# Description: Verify job queue integration for DomainCheckJob using ripgrep.
# Search for the instantiation of JobSpecification with 'DomainCheckJob' and the lazyPush method call within the SpecialRequestSSL class.
rg 'new JobSpecification\("DomainCheckJob"' -A 5 --context-separator='' --glob '**/SpecialRequestSSL.php'

Length of output: 105

---

---

Script:

#!/bin/bash
# Description: Verify job queue integration for DomainCheckJob using ripgrep.
# Search for all instances of JobSpecification and lazyPush within the SpecialRequestSSL file.
rg 'JobSpecification' -A 5 --context-separator='' --glob '**/SpecialRequestSSL.php'
rg 'lazyPush' -A 5 --context-separator='' --glob '**/SpecialRequestSSL.php'

Length of output: 1268

[coderabbitai]

Address potential issues with DNS lookup failure handling.

The method run checks for CNAME records but does not handle potential DNS lookup failures gracefully. Consider adding error handling for cases where dns_get_record might fail due to network issues or misconfigurations.

[coderabbitai]

Refactor to improve readability and reduce duplication.

The method run contains repeated calls to User::newSystemUser('RequestSSL Extension'). Consider storing this user in a variable at the start of the method to avoid multiple instantiations and improve code clarity.

+ $systemUser = User::newSystemUser('RequestSSL Extension');
...
- User::newSystemUser('RequestSSL Extension')
+ $systemUser

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	$this->requestSslManager->addComment( 'RequestSSL could not determine whether or not this domain is pointed: DNS returned no data during CNAME check.', User::newSystemUser( 'RequestSSL Extension' ) );
	} else {
	if ( $dnsCNAMEData[0]['type'] === 'CNAME' && $dnsCNAMEData[0]['target'] === $cname ) {
	$this->requestSslManager->addComment( 'Domain is pointed via CNAME.', User::newSystemUser( 'RequestSSL Extension' ) );
	} else {
	$this->requestSslManager->addComment( 'Domain is not pointed via CNAME. It is possible it is pointed via other means.', User::newSystemUser( 'RequestSSL Extension' ) );
	}
	$systemUser = User::newSystemUser('RequestSSL Extension');
	$this->requestSslManager->addComment( 'RequestSSL could not determine whether or not this domain is pointed: DNS returned no data during CNAME check.', $systemUser );
	} else {
	if ( $dnsCNAMEData[0]['type'] === 'CNAME' && $dnsCNAMEData[0]['target'] === $cname ) {
	$this->requestSslManager->addComment( 'Domain is pointed via CNAME.', $systemUser );
	} else {
	$this->requestSslManager->addComment( 'Domain is not pointed via CNAME. It is possible it is pointed via other means.', $systemUser );
	}