2015-10-28 16:02:06 -07:00
'use strict' ;
exports = module . exports = {
2021-08-13 17:22:28 -07:00
removePrivateFields ,
injectPrivateFields ,
upsert ,
get ,
del ,
wait ,
2022-01-05 22:41:41 -08:00
verifyDomainConfig
2015-10-28 16:02:06 -07:00
} ;
2021-08-13 17:22:28 -07:00
const assert = require ( 'assert' ) ,
2015-10-28 16:02:06 -07:00
AWS = require ( 'aws-sdk' ) ,
2019-10-23 10:02:04 -07:00
BoxError = require ( '../boxerror.js' ) ,
2020-05-14 23:01:44 +02:00
constants = require ( '../constants.js' ) ,
2015-10-28 16:02:06 -07:00
debug = require ( 'debug' ) ( 'box:dns/route53' ) ,
2021-08-13 17:22:28 -07:00
dns = require ( '../dns.js' ) ,
2019-01-04 18:44:54 -08:00
waitForDns = require ( './waitfordns.js' ) ,
2017-01-10 11:12:25 +01:00
_ = require ( 'underscore' ) ;
2015-10-28 16:02:06 -07:00
2019-02-08 11:11:49 +01:00
function removePrivateFields ( domainObject ) {
2020-05-14 23:01:44 +02:00
domainObject . config . secretAccessKey = constants . SECRET _PLACEHOLDER ;
2019-02-08 11:11:49 +01:00
return domainObject ;
}
2019-02-09 19:08:15 +01:00
function injectPrivateFields ( newConfig , currentConfig ) {
2020-05-14 23:01:44 +02:00
if ( newConfig . secretAccessKey === constants . SECRET _PLACEHOLDER ) newConfig . secretAccessKey = currentConfig . secretAccessKey ;
2019-02-09 19:08:15 +01:00
}
2022-01-05 22:41:41 -08:00
function getDnsCredentials ( domainConfig ) {
assert . strictEqual ( typeof domainConfig , 'object' ) ;
2015-10-28 16:02:06 -07:00
2015-11-08 23:14:39 -08:00
var credentials = {
2022-01-05 22:41:41 -08:00
accessKeyId : domainConfig . accessKeyId ,
secretAccessKey : domainConfig . secretAccessKey ,
region : domainConfig . region
2015-11-08 23:14:39 -08:00
} ;
2015-10-28 16:02:06 -07:00
2022-01-05 22:41:41 -08:00
if ( domainConfig . endpoint ) credentials . endpoint = new AWS . Endpoint ( domainConfig . endpoint ) ;
2015-10-28 16:02:06 -07:00
2015-11-08 23:14:39 -08:00
return credentials ;
2015-10-28 16:02:06 -07:00
}
2022-01-05 22:41:41 -08:00
function getZoneByName ( domainConfig , zoneName , callback ) {
assert . strictEqual ( typeof domainConfig , 'object' ) ;
2015-10-28 16:02:06 -07:00
assert . strictEqual ( typeof zoneName , 'string' ) ;
assert . strictEqual ( typeof callback , 'function' ) ;
2022-01-05 22:41:41 -08:00
var route53 = new AWS . Route53 ( getDnsCredentials ( domainConfig ) ) ;
2018-05-07 11:18:15 -07:00
// backward compat for 2.2, where we only required access to "listHostedZones"
let listHostedZones ;
2022-01-05 22:41:41 -08:00
if ( domainConfig . listHostedZonesByName ) {
2018-05-07 11:18:15 -07:00
listHostedZones = route53 . listHostedZonesByName . bind ( route53 , { MaxItems : '1' , DNSName : zoneName + '.' } ) ;
} else {
listHostedZones = route53 . listHostedZones . bind ( route53 , { } ) ; // currently, this route does not support > 100 zones
}
listHostedZones ( function ( error , result ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'AccessDenied' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'InvalidClientTokenId' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error ) return callback ( new BoxError ( BoxError . EXTERNAL _ERROR , error . message ) ) ;
2015-10-28 16:02:06 -07:00
2018-05-07 11:23:17 -07:00
var zone = result . HostedZones . filter ( function ( zone ) {
return zone . Name . slice ( 0 , - 1 ) === zoneName ; // aws zone name contains a '.' at the end
} ) [ 0 ] ;
2019-10-23 10:02:04 -07:00
if ( ! zone ) return callback ( new BoxError ( BoxError . NOT _FOUND , 'no such zone' ) ) ;
2018-05-07 11:23:17 -07:00
callback ( null , zone ) ;
2015-10-28 16:02:06 -07:00
} ) ;
}
2022-01-05 22:41:41 -08:00
function getHostedZone ( domainConfig , zoneName , callback ) {
assert . strictEqual ( typeof domainConfig , 'object' ) ;
2016-07-03 21:37:17 -05:00
assert . strictEqual ( typeof zoneName , 'string' ) ;
assert . strictEqual ( typeof callback , 'function' ) ;
2016-09-15 11:57:25 +02:00
2022-01-05 22:41:41 -08:00
getZoneByName ( domainConfig , zoneName , function ( error , zone ) {
2016-07-04 23:31:26 -05:00
if ( error ) return callback ( error ) ;
2022-01-05 22:41:41 -08:00
var route53 = new AWS . Route53 ( getDnsCredentials ( domainConfig ) ) ;
2016-07-03 21:37:17 -05:00
route53 . getHostedZone ( { Id : zone . Id } , function ( error , result ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'AccessDenied' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'InvalidClientTokenId' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error ) return callback ( new BoxError ( BoxError . EXTERNAL _ERROR , error . message ) ) ;
2016-07-03 21:37:17 -05:00
callback ( null , result ) ;
} ) ;
} ) ;
}
2019-01-04 18:44:54 -08:00
function upsert ( domainObject , location , type , values , callback ) {
assert . strictEqual ( typeof domainObject , 'object' ) ;
assert . strictEqual ( typeof location , 'string' ) ;
2015-10-28 16:02:06 -07:00
assert . strictEqual ( typeof type , 'string' ) ;
2021-05-02 11:26:08 -07:00
assert ( Array . isArray ( values ) ) ;
2015-10-28 16:02:06 -07:00
assert . strictEqual ( typeof callback , 'function' ) ;
2022-01-05 22:41:41 -08:00
const domainConfig = domainObject . config ,
2019-01-04 18:44:54 -08:00
zoneName = domainObject . zoneName ,
2021-08-13 17:22:28 -07:00
fqdn = dns . fqdn ( location , domainObject ) ;
2019-01-04 18:44:54 -08:00
debug ( 'add: %s for zone %s of type %s with values %j' , fqdn , zoneName , type , values ) ;
2015-10-30 13:04:43 -07:00
2022-01-05 22:41:41 -08:00
getZoneByName ( domainConfig , zoneName , function ( error , zone ) {
2015-10-28 16:02:06 -07:00
if ( error ) return callback ( error ) ;
2018-05-06 22:14:39 -07:00
var records = values . map ( function ( v ) { return { Value : v } ; } ) ; // for mx records, value is already of the '<priority> <server>' format
2015-10-30 13:04:43 -07:00
2015-10-28 16:02:06 -07:00
var params = {
ChangeBatch : {
Changes : [ {
Action : 'UPSERT' ,
ResourceRecordSet : {
Type : type ,
Name : fqdn ,
2015-10-30 13:04:43 -07:00
ResourceRecords : records ,
2015-10-28 16:02:06 -07:00
TTL : 1
}
} ]
} ,
HostedZoneId : zone . Id
} ;
2022-01-05 22:41:41 -08:00
var route53 = new AWS . Route53 ( getDnsCredentials ( domainConfig ) ) ;
2018-08-25 18:12:55 -07:00
route53 . changeResourceRecordSets ( params , function ( error ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'AccessDenied' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'InvalidClientTokenId' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'PriorRequestNotComplete' ) return callback ( new BoxError ( BoxError . BUSY , error . message ) ) ;
if ( error && error . code === 'InvalidChangeBatch' ) return callback ( new BoxError ( BoxError . BAD _FIELD , error . message ) ) ;
if ( error ) return callback ( new BoxError ( BoxError . EXTERNAL _ERROR , error . message ) ) ;
2015-10-28 16:02:06 -07:00
2018-06-29 22:25:34 +02:00
callback ( null ) ;
2015-10-28 16:02:06 -07:00
} ) ;
} ) ;
}
2019-01-04 18:44:54 -08:00
function get ( domainObject , location , type , callback ) {
assert . strictEqual ( typeof domainObject , 'object' ) ;
assert . strictEqual ( typeof location , 'string' ) ;
2015-10-29 15:37:42 -07:00
assert . strictEqual ( typeof type , 'string' ) ;
assert . strictEqual ( typeof callback , 'function' ) ;
2022-01-05 22:41:41 -08:00
const domainConfig = domainObject . config ,
2019-01-04 18:44:54 -08:00
zoneName = domainObject . zoneName ,
2021-08-13 17:22:28 -07:00
fqdn = dns . fqdn ( location , domainObject ) ;
2015-10-30 13:17:33 -07:00
2022-01-05 22:41:41 -08:00
getZoneByName ( domainConfig , zoneName , function ( error , zone ) {
2015-10-30 13:17:33 -07:00
if ( error ) return callback ( error ) ;
var params = {
2015-10-30 18:05:08 -07:00
HostedZoneId : zone . Id ,
2015-10-30 13:17:33 -07:00
MaxItems : '1' ,
2019-01-04 18:44:54 -08:00
StartRecordName : fqdn + '.' ,
2015-10-30 13:17:33 -07:00
StartRecordType : type
} ;
2022-01-05 22:41:41 -08:00
var route53 = new AWS . Route53 ( getDnsCredentials ( domainConfig ) ) ;
2015-11-08 23:14:39 -08:00
route53 . listResourceRecordSets ( params , function ( error , result ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'AccessDenied' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'InvalidClientTokenId' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error ) return callback ( new BoxError ( BoxError . EXTERNAL _ERROR , error . message ) ) ;
2015-11-08 23:14:39 -08:00
if ( result . ResourceRecordSets . length === 0 ) return callback ( null , [ ] ) ;
2016-09-05 15:17:42 -07:00
if ( result . ResourceRecordSets [ 0 ] . Name !== params . StartRecordName || result . ResourceRecordSets [ 0 ] . Type !== params . StartRecordType ) return callback ( null , [ ] ) ;
2015-10-30 13:17:33 -07:00
2015-11-08 23:14:39 -08:00
var values = result . ResourceRecordSets [ 0 ] . ResourceRecords . map ( function ( record ) { return record . Value ; } ) ;
2015-10-30 13:17:33 -07:00
2015-11-08 23:14:39 -08:00
callback ( null , values ) ;
2015-10-30 13:17:33 -07:00
} ) ;
} ) ;
2015-10-29 15:37:42 -07:00
}
2019-01-04 18:44:54 -08:00
function del ( domainObject , location , type , values , callback ) {
assert . strictEqual ( typeof domainObject , 'object' ) ;
assert . strictEqual ( typeof location , 'string' ) ;
2015-10-28 16:02:06 -07:00
assert . strictEqual ( typeof type , 'string' ) ;
2021-05-02 11:26:08 -07:00
assert ( Array . isArray ( values ) ) ;
2015-10-28 16:02:06 -07:00
assert . strictEqual ( typeof callback , 'function' ) ;
2022-01-05 22:41:41 -08:00
const domainConfig = domainObject . config ,
2019-01-04 18:44:54 -08:00
zoneName = domainObject . zoneName ,
2021-08-13 17:22:28 -07:00
fqdn = dns . fqdn ( location , domainObject ) ;
2019-01-04 18:44:54 -08:00
2022-01-05 22:41:41 -08:00
getZoneByName ( domainConfig , zoneName , function ( error , zone ) {
2015-10-28 16:02:06 -07:00
if ( error ) return callback ( error ) ;
2015-10-30 13:04:43 -07:00
var records = values . map ( function ( v ) { return { Value : v } ; } ) ;
2015-10-28 16:02:06 -07:00
var resourceRecordSet = {
Name : fqdn ,
Type : type ,
2015-10-30 13:04:43 -07:00
ResourceRecords : records ,
2015-10-28 16:02:06 -07:00
TTL : 1
} ;
var params = {
ChangeBatch : {
Changes : [ {
Action : 'DELETE' ,
ResourceRecordSet : resourceRecordSet
} ]
} ,
HostedZoneId : zone . Id
} ;
2022-01-05 22:41:41 -08:00
var route53 = new AWS . Route53 ( getDnsCredentials ( domainConfig ) ) ;
2018-02-08 10:21:31 -08:00
route53 . changeResourceRecordSets ( params , function ( error ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'AccessDenied' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
if ( error && error . code === 'InvalidClientTokenId' ) return callback ( new BoxError ( BoxError . ACCESS _DENIED , error . message ) ) ;
2015-11-08 23:14:39 -08:00
if ( error && error . message && error . message . indexOf ( 'it was not found' ) !== - 1 ) {
2015-12-17 20:30:30 -08:00
debug ( 'del: resource record set not found.' , error ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . NOT _FOUND , error . message ) ) ;
2015-11-08 23:14:39 -08:00
} else if ( error && error . code === 'NoSuchHostedZone' ) {
2015-12-17 20:30:30 -08:00
debug ( 'del: hosted zone not found.' , error ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . NOT _FOUND , error . message ) ) ;
2015-11-08 23:14:39 -08:00
} else if ( error && error . code === 'PriorRequestNotComplete' ) {
2015-12-17 20:30:30 -08:00
debug ( 'del: resource is still busy' , error ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . BUSY , error . message ) ) ;
2015-11-08 23:14:39 -08:00
} else if ( error && error . code === 'InvalidChangeBatch' ) {
2015-12-17 20:30:30 -08:00
debug ( 'del: invalid change batch. No such record to be deleted.' ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . NOT _FOUND , error . message ) ) ;
2015-11-08 23:14:39 -08:00
} else if ( error ) {
2015-12-17 20:30:30 -08:00
debug ( 'del: error' , error ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . EXTERNAL _ERROR , error . message ) ) ;
2015-11-08 23:14:39 -08:00
}
callback ( null ) ;
2015-10-28 16:02:06 -07:00
} ) ;
} ) ;
}
2022-02-03 16:15:14 -08:00
async function wait ( domainObject , subdomain , type , value , options ) {
2019-01-04 18:44:54 -08:00
assert . strictEqual ( typeof domainObject , 'object' ) ;
2022-02-03 16:15:14 -08:00
assert . strictEqual ( typeof subdomain , 'string' ) ;
2019-01-04 18:44:54 -08:00
assert . strictEqual ( typeof type , 'string' ) ;
assert . strictEqual ( typeof value , 'string' ) ;
assert ( options && typeof options === 'object' ) ; // { interval: 5000, times: 50000 }
2017-01-10 11:12:25 +01:00
2022-02-03 16:15:14 -08:00
const fqdn = dns . fqdn ( subdomain , domainObject ) ;
2019-01-04 18:44:54 -08:00
2022-02-03 16:15:14 -08:00
await waitForDns ( fqdn , domainObject . zoneName , type , value , options ) ;
2019-01-04 18:44:54 -08:00
}
2022-01-05 22:41:41 -08:00
function verifyDomainConfig ( domainObject , callback ) {
2019-01-04 18:44:54 -08:00
assert . strictEqual ( typeof domainObject , 'object' ) ;
assert . strictEqual ( typeof callback , 'function' ) ;
2022-01-05 22:41:41 -08:00
const domainConfig = domainObject . config ,
2019-01-04 18:44:54 -08:00
zoneName = domainObject . zoneName ;
2022-01-05 22:41:41 -08:00
if ( ! domainConfig . accessKeyId || typeof domainConfig . accessKeyId !== 'string' ) return callback ( new BoxError ( BoxError . BAD _FIELD , 'accessKeyId must be a non-empty string' , { field : 'accessKeyId' } ) ) ;
if ( ! domainConfig . secretAccessKey || typeof domainConfig . secretAccessKey !== 'string' ) return callback ( new BoxError ( BoxError . BAD _FIELD , 'secretAccessKey must be a non-empty string' , { field : 'secretAccessKey' } ) ) ;
2018-06-17 21:44:08 -07:00
2017-01-10 11:32:44 +01:00
var credentials = {
2022-01-05 22:41:41 -08:00
accessKeyId : domainConfig . accessKeyId ,
secretAccessKey : domainConfig . secretAccessKey ,
region : domainConfig . region || 'us-east-1' ,
endpoint : domainConfig . endpoint || null ,
2018-08-22 12:16:19 +02:00
listHostedZonesByName : true , // new/updated creds require this perm
2017-01-10 11:32:44 +01:00
} ;
2019-01-04 18:44:54 -08:00
const ip = '127.0.0.1' ;
2017-01-10 16:44:28 -08:00
if ( process . env . BOX _ENV === 'test' ) return callback ( null , credentials ) ; // this shouldn't be here
2018-02-08 14:39:35 -08:00
dns . resolve ( zoneName , 'NS' , { timeout : 5000 } , function ( error , nameservers ) {
2019-10-23 10:02:04 -07:00
if ( error && error . code === 'ENOTFOUND' ) return callback ( new BoxError ( BoxError . BAD _FIELD , 'Unable to resolve nameservers for this domain' , { field : 'nameservers' } ) ) ;
if ( error || ! nameservers ) return callback ( new BoxError ( BoxError . BAD _FIELD , error ? error . message : 'Unable to get nameservers' , { field : 'nameservers' } ) ) ;
2017-01-10 11:12:25 +01:00
2017-06-11 22:32:05 -07:00
getHostedZone ( credentials , zoneName , function ( error , zone ) {
2017-01-10 11:12:25 +01:00
if ( error ) return callback ( error ) ;
if ( ! _ . isEqual ( zone . DelegationSet . NameServers . sort ( ) , nameservers . sort ( ) ) ) {
2022-01-05 22:41:41 -08:00
debug ( 'verifyDomainConfig: %j and %j do not match' , nameservers , zone . DelegationSet . NameServers ) ;
2019-10-23 10:02:04 -07:00
return callback ( new BoxError ( BoxError . BAD _FIELD , 'Domain nameservers are not set to Route53' , { field : 'nameservers' } ) ) ;
2017-01-10 11:12:25 +01:00
}
2019-01-04 18:44:54 -08:00
const location = 'cloudrontestdns' ;
2020-08-07 09:54:02 -07:00
const newDomainObject = Object . assign ( { } , domainObject , { config : credentials } ) ;
2017-06-11 22:32:05 -07:00
2020-08-07 09:54:02 -07:00
upsert ( newDomainObject , location , 'A' , [ ip ] , function ( error ) {
2017-02-14 22:29:33 -08:00
if ( error ) return callback ( error ) ;
2017-01-10 11:12:25 +01:00
2022-01-05 22:41:41 -08:00
debug ( 'verifyDomainConfig: Test A record added' ) ;
2017-01-10 11:12:25 +01:00
2020-08-07 09:54:02 -07:00
del ( newDomainObject , location , 'A' , [ ip ] , function ( error ) {
2017-11-07 23:13:58 +01:00
if ( error ) return callback ( error ) ;
2022-01-05 22:41:41 -08:00
debug ( 'verifyDomainConfig: Test A record removed again' ) ;
2017-11-07 23:13:58 +01:00
callback ( null , credentials ) ;
} ) ;
2017-01-10 11:12:25 +01:00
} ) ;
} ) ;
} ) ;
}
