RocketChat · kodiakhq · Aug 21, 2024 · Jun 1, 2024 · Jun 1, 2024 · Jun 1, 2024
diff --git a/apps/meteor/app/api/server/v1/federation.ts b/apps/meteor/app/api/server/v1/federation.ts
@@ -1,8 +1,30 @@
 import { Federation, FederationEE } from '@rocket.chat/core-services';
 import { License } from '@rocket.chat/license';
 import { isFederationVerifyMatrixIdProps } from '@rocket.chat/rest-typings';
+import { serverFetch as fetch } from '@rocket.chat/server-fetch';
+import { parse as urlParse } from 'node:url';
 
 import { API } from '../api';
+import { settings } from '../../../settings/server';
+
+const federationTesterHost = process.env.FEDERATION_TESTER_HOST?.trim()?.replace(/\/$/, '') || 'https://federationtester.matrix.org';
+
+function checkFederation(): Promise<boolean> {
+	const url = urlParse(settings.get('Site_Url'));
+
+	let domain = url.hostname;
+
+	if (url.port) {
+		domain += ':' + url.port;
+	}
+
+	return new Promise((resolve, reject) =>
+		fetch(`${federationTesterHost}/api/federation-ok?server_name=${domain}`)
+			.then((response) => response.text())
+			.then((text) => resolve(text === 'GOOD'))
+			.catch(reject),
+	);
+}
 
 API.v1.addRoute(
 	'federation/matrixIds.verify',
@@ -22,3 +44,49 @@
 		},
 	},
 );
+
+API.v1.addRoute(
+	'federation.verifyConfiguration',
+	{ authRequired: false },
+	{
+		async get() {
+			const federationService = License.hasValidLicense() ? FederationEE : Federation;
+
+			const response = {
+				appservice: { duration_ms: -1, ok: false },
+				federation: {
+					ok: false,
+				},
+			};
+
+			try {
+				response.federation.ok = await checkFederation();
+			} catch (error) {
+				return API.v1.failure({
+					federation: {
+						ok: false,
+						error: String(error),
+					},
+				});
+			}
+
+			try {
+				response.appservice = await federationService.verifyConfiguration();
+				response.appservice.ok = true;
+			} catch (error) {
+				return API.v1.failure({
+					federation: response.federation,
+					appservice: {
+						error: String(error),
+					},
+				});
+			}
+
+			if (response.federation.ok) {
+				return API.v1.success(response);
+			} else {
+				return API.v1.failure(response);
+			}
+		},
+	},
+);
diff --git a/apps/meteor/app/lib/server/index.ts b/apps/meteor/app/lib/server/index.ts
@@ -49,5 +49,6 @@ import './methods/unarchiveRoom';
 import './methods/unblockUser';
 import './methods/updateMessage';
 import './methods/saveCustomFields';
+import './methods/checkFederationConfiguration';
 
 export * from './lib';
diff --git a/apps/meteor/app/lib/server/methods/checkFederationConfiguration.ts b/apps/meteor/app/lib/server/methods/checkFederationConfiguration.ts
@@ -0,0 +1,93 @@
+import { Federation, FederationEE } from '@rocket.chat/core-services';
+import { License } from '@rocket.chat/license';
+import type { ServerMethods } from '@rocket.chat/ui-contexts';
+import { Meteor } from 'meteor/meteor';
+import { serverFetch as fetch } from '@rocket.chat/server-fetch';
+import { parse as urlParse } from 'node:url';
+import { Authorization } from '@rocket.chat/core-services';
+
+import { settings } from '../../../settings/server';
+
+const federationTesterHost = process.env.FEDERATION_TESTER_HOST?.trim()?.replace(/\/$/, '') || 'https://federationtester.matrix.org';
+
+function checkFederation(): Promise<boolean> {
+	const url = urlParse(settings.get('Site_Url'));
+
+	let domain = url.hostname;
+
+	if (url.port) {
+		domain += ':' + url.port;
+	}
+
+	return new Promise((resolve, reject) =>
+		fetch(`${federationTesterHost}/api/federation-ok?server_name=${domain}`)
+			.then((response) => response.text())
+			.then((text) => resolve(text === 'GOOD'))
+			.catch(reject),
+	);
+}
+
+declare module '@rocket.chat/ui-contexts' {
+	// eslint-disable-next-line @typescript-eslint/naming-convention
+	interface ServerMethods {
+		checkFederationConfiguration(): {};
+	}
+}
+
+Meteor.methods<ServerMethods>({
+	async checkFederationConfiguration() {
+		const uid = Meteor.userId();
+
+		if (!uid) {
+			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
+				method: 'checkFederationConfiguration',
+			});
+		}
+
+		if (!(await Authorization.hasPermission(uid, 'view-privileged-setting'))) {
+			throw new Meteor.Error('error-not-allowed', 'Action not allowed', {
+				method: 'checkFederationConfiguration',
+			});
+		}
+
+		const errors: string[] = [];
+
+		const successes: string[] = [];
+
+		const service = License.hasValidLicense() ? FederationEE : Federation;
+
+		try {
+			if (!(await checkFederation())) {
+				errors.push('external reachability could not be verified');
+				// throw new Meteor.Error('error-invalid-configuration',, { method: 'checkFederationConfiguration' });
+			} else {
+				successes.push('homeserver configuration looks good');
+			}
+		} catch (error) {
+			errors.push(`failed to verify external reachability: ${String(error)}`);
+		}
+
+		try {
+			const { duration_ms: duration } = await service.verifyConfiguration();
+			successes.push(`appservice configuration looks good, total round trip time to homeserver ${duration}ms`);
+		} catch (error) {
+			errors.push(`failed to verify appservice configuration: ${String(error)}`);
+		}
+
+		if (errors.length) {
+			if (successes.length) {
+				const message = ['Configuration could only be partially verified'].concat(successes).concat(errors).join(', ');
+
+				throw new Meteor.Error('error-invalid-configuration', message, { method: 'checkFederationConfiguration' });
+			}
+
+			throw new Meteor.Error('error-invalid-configuration', ['Invalid configuration'].concat(errors).join(', '), {
+				method: 'checkFederationConfiguration',
+			});
+		}
+
+		return {
+			message: ['All configuration looks good'].concat(successes).join(', '),
+		};
+	},
+});
diff --git a/apps/meteor/ee/server/local-services/federation/service.ts b/apps/meteor/ee/server/local-services/federation/service.ts
@@ -215,4 +215,8 @@ export class FederationServiceEE extends AbstractBaseFederationServiceEE impleme
 	async stopped(): Promise<void> {
 		return super.stopped();
 	}
+
+	public async verifyConfiguration() {
+		return super.verifyConfiguration()
+	}
 }
@@ -110,4 +110,5 @@ export interface IFederationBridge {
 		externalUserId: string,
 		externalRoomId: string,
 	): Promise<{ creator: { id: string; username: string }; name: string; joinedMembers: string[] } | undefined>;
+	ping(): Promise<{ duration_ms: number }>;
 }
@@ -1,6 +1,7 @@
 import type { IMessage } from '@rocket.chat/core-typings';
 import type { AppServiceOutput, Bridge } from '@rocket.chat/forked-matrix-appservice-bridge';
 import { serverFetch as fetch } from '@rocket.chat/server-fetch';
+import { type Request, type Response } from 'express';
 
 import type { IExternalUserProfileInformation, IFederationBridge, IFederationBridgeRegistrationFile } from '../../domain/IFederationBridge';
 import type { RocketChatSettingsAdapter } from '../rocket-chat/adapters/Settings';
@@ -43,7 +44,25 @@ export class MatrixBridge implements IFederationBridge {
 			await this.createInstance();
 
 			if (!this.isRunning) {
-				await this.bridgeInstance.run(this.internalSettings.getBridgePort());
+				const { AppService } = await import('@rocket.chat/forked-matrix-appservice-bridge');
+
+				const appservice = new AppService({ homeserverToken: this.internalSettings.getAppServiceRegistrationObject().homeserverToken });
+
+				const pinghandler = function (req: Request, res: Response) {
+					if (req.headers.authorization?.split(/\s+/)[1] !== (this as any).config.homeserverToken) {
+						res.status(401);
+						res.end();
+						return;
+					}
+
+					res.status(200);
+					res.json(req.body);
+				};
+
+				appservice.expressApp.post('/_matrix/app/v1/ping', pinghandler.bind(appservice));
+
+				await this.bridgeInstance.run(this.internalSettings.getBridgePort(), appservice);
+
 				this.isRunning = true;
 			}
 		} catch (err) {
@@ -752,4 +771,20 @@ export class MatrixBridge implements IFederationBridge {
 			'de.sorunome.msc2409.push_ephemeral': registrationFile.enableEphemeralEvents,
 		};
 	}
+
+	public async ping(): Promise<{ duration_ms: number }> {
+		if (!this.isRunning || !this.bridgeInstance) {
+			throw new Error("matrix bridge isn't yet running");
+		}
+
+		return this.bridgeInstance
+			.getIntent()
+			.matrixClient.doRequest(
+				'POST',
+				`/_matrix/client/v1/appservice/${this.internalSettings.getApplicationServiceId()}/ping`,
+				{},
+				{ transaction_id: 'meow' },
+				DEFAULT_TIMEOUT_IN_MS_FOR_JOINING_ROOMS,
+			);
+	}
 }
@@ -285,5 +285,15 @@ export class RocketChatSettingsAdapter {
 			group: 'Federation',
 			section: 'Matrix Bridge',
 		});
+
+		await settingsRegistry.add('Federation_Matrix_check_configuration_button', 'checkFederationConfiguration', {
+			type: 'action',
+			actionText: 'Federation_Matrix_check_configuration',
+			public: false,
+			enterprise: false,
+			invalidValue: '',
+			group: 'Federation',
+			section: 'Matrix Bridge',
+		});
 	}
 }
@@ -238,6 +238,10 @@ export abstract class AbstractFederationService extends ServiceClassInternal {
 	protected async verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>> {
 		return this.bridge.verifyInviteeIds(matrixIds);
 	}
+
+	public async verifyConfiguration() {
+		return this.bridge.ping()
+	}
 }
 
 abstract class AbstractBaseFederationService extends AbstractFederationService {
@@ -342,4 +346,8 @@ export class FederationService extends AbstractBaseFederationService implements
 	public async created(): Promise<void> {
 		return super.created();
 	}
+
+	public async verifyConfiguration() {
+		return super.verifyConfiguration()
+	}
 }
diff --git a/packages/core-services/src/types/IFederationService.ts b/packages/core-services/src/types/IFederationService.ts
@@ -4,6 +4,8 @@ export interface IFederationService {
 	createDirectMessageRoomAndInviteUser(internalInviterId: string, internalRoomId: string, externalInviteeId: string): Promise<void>;
 
 	verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>>;
+
+	verifyConfiguration(): Promise<{ duration_ms: number }>;
 }
 
 export interface IFederationJoinExternalPublicRoomInput {
@@ -38,4 +40,6 @@ export interface IFederationServiceEE {
 	joinExternalPublicRoom(input: IFederationJoinExternalPublicRoomInput): Promise<void>;
 
 	verifyMatrixIds(matrixIds: string[]): Promise<Map<string, string>>;
+
+	verifyConfiguration(): Promise<{ duration_ms: number }>;
 }
diff --git a/packages/i18n/src/locales/en.i18n.json b/packages/i18n/src/locales/en.i18n.json
@@ -2320,6 +2320,7 @@
   "Federation_Matrix_serve_well_known": "Serve Well Known",
   "Federation_Matrix_serve_well_known_Description": "Serve /.well-known/matrix/server and /.well-known/matrix/client directly from within Rocket.Chat instead of reverse proxy for federation",
   "Federation_Matrix_serve_well_known_Alert": "Keep this off if using DNS srv records for federation, or use a reverse proxy to return static JSON if federation traffic is heavy. <a target=\"_blank\" href=\"https://matrix-org.github.io/synapse/latest/federate.html\">Read mode</a>.",
+  "Federation_Matrix_check_configuration": "Verify configuration",
   "Field": "Field",
   "Field_removed": "Field removed",
   "Field_required": "Field required",