src/dns/gandi.js

'use strict';

exports = module.exports = {
    removePrivateFields,
    injectPrivateFields,
    upsert,
    get,
    del,
    wait,
    verifyDomainConfig
};

const assert = require('node:assert'),
    BoxError = require('../boxerror.js'),
    constants = require('../constants.js'),
    debug = require('debug')('box:dns/gandi'),
    dig = require('../dig.js'),
    dns = require('../dns.js'),
    safe = require('safetydance'),
    superagent = require('@cloudron/superagent'),
    waitForDns = require('./waitfordns.js');

const GANDI_API = 'https://dns.api.gandi.net/api/v5';

function formatError(response) {
    return `Gandi DNS error [${response.status}] ${response.text}`;
}

function removePrivateFields(domainObject) {
    domainObject.config.token = constants.SECRET_PLACEHOLDER;
    return domainObject;
}

function injectPrivateFields(newConfig, currentConfig) {
    if (newConfig.token === constants.SECRET_PLACEHOLDER) newConfig.token = currentConfig.token;
}

function createRequest(method, url, domainConfig) {
    assert.strictEqual(typeof method, 'string');
    assert.strictEqual(typeof url, 'string');
    assert.strictEqual(typeof domainConfig, 'object');

    const request = superagent.request(method, url).timeout(30 * 1000).ok(() => true);

    // https://api.gandi.net/docs/authentication/
    if (domainConfig.tokenType === 'ApiKey') {
        request.set('X-Api-Key', domainConfig.token);
        request.set('Authorization', `Apikey ${domainConfig.token}`);
    } else { // PAT
        request.set('Authorization', `Bearer ${domainConfig.token}`);
    }

    return request;
}

async function upsert(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    debug(`upsert: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);

    const data = {
        'rrset_ttl': 300, // this is the minimum allowed
        'rrset_values': values // for mx records, value is already of the '<priority> <server>' format
    };

    const [error, response] = await safe(createRequest('PUT', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig)
        .send(data));

    if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
    if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
    if (response.status === 400) throw new BoxError(BoxError.BAD_FIELD, formatError(response));
    if (response.status !== 201) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
}

async function get(domainObject, location, type) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    debug(`get: ${name} in zone ${zoneName} of type ${type}`);

    const [error, response] = await safe(createRequest('GET', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig));

    if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
    if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
    if (response.status === 404) return [];
    if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));

    return response.body.rrset_values;
}

async function del(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        name = dns.getName(domainObject, location, type) || '@';

    debug(`del: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);

    const [error, response] = await safe(createRequest('DELETE', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig));

    if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);
    if (response.status === 404) return;
    if (response.status === 403 || response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));
    if (response.status !== 204) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));
}

async function wait(domainObject, subdomain, type, value, options) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof value, 'string');
    assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }

    const fqdn = dns.fqdn(subdomain, domainObject.domain);

    await waitForDns(fqdn, domainObject.zoneName, type, value, options);
}

async function verifyDomainConfig(domainObject) {
    assert.strictEqual(typeof domainObject, 'object');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName;

    if (!domainConfig.token || typeof domainConfig.token !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string');
    if (domainConfig.tokenType !== 'PAT' && domainConfig.tokenType !== 'ApiKey') throw new BoxError(BoxError.BAD_FIELD, 'tokenType is required');
    if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');

    const credentials = {
        token: domainConfig.token,
        tokenType: domainConfig.tokenType,
        customNameservers: !!domainConfig.customNameservers
    };

    const ip = '127.0.0.1';

    if (constants.TEST) return credentials; // this shouldn't be here

    const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));
    if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');
    if (error || !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');

    if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.gandi.net') !== -1; })) {
        debug('verifyDomainConfig: %j does not contain Gandi NS', nameservers);
        if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Gandi');
    }

    const location = 'cloudrontestdns';

    await upsert(domainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record added');

    await del(domainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record removed again');

    return credentials;
}
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`'use strict';`

			`exports = module.exports = {`
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`removePrivateFields,`
			`injectPrivateFields,`
			`upsert,`
			`get,`
			`del,`
			`wait,`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`verifyDomainConfig`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`};`

use node: prefix for requires 2025-08-14 11:17:38 +05:30			`const assert = require('node:assert'),`
Move DomainsError to BoxError 2019-10-23 10:02:04 -07:00			`BoxError = require('../boxerror.js'),`
Always use constants.SECRET_PLACEHOLDER 2020-05-14 23:01:44 +02:00			`constants = require('../constants.js'),`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`debug = require('debug')('box:dns/gandi'),`
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`dig = require('../dig.js'),`
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`dns = require('../dns.js'),`
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`safe = require('safetydance'),`
use the @cloudron/superagent module 2025-07-10 10:55:52 +02:00			`superagent = require('@cloudron/superagent'),`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`waitForDns = require('./waitfordns.js');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`const GANDI_API = 'https://dns.api.gandi.net/api/v5';`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
			`function formatError(response) {`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			return `Gandi DNS error [${response.status}] ${response.text}`;
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`}`

add provider specific removePrivateFields to redact tokens and secrets 2019-02-08 11:11:49 +01:00			`function removePrivateFields(domainObject) {`
Always use constants.SECRET_PLACEHOLDER 2020-05-14 23:01:44 +02:00			`domainObject.config.token = constants.SECRET_PLACEHOLDER;`
add provider specific removePrivateFields to redact tokens and secrets 2019-02-08 11:11:49 +01:00			`return domainObject;`
			`}`

Add dns interface api to inject hidden files for verification 2019-02-09 19:08:15 +01:00			`function injectPrivateFields(newConfig, currentConfig) {`
Always use constants.SECRET_PLACEHOLDER 2020-05-14 23:01:44 +02:00			`if (newConfig.token === constants.SECRET_PLACEHOLDER) newConfig.token = currentConfig.token;`
Add dns interface api to inject hidden files for verification 2019-02-09 19:08:15 +01:00			`}`

gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			`function createRequest(method, url, domainConfig) {`
			`assert.strictEqual(typeof method, 'string');`
			`assert.strictEqual(typeof url, 'string');`
			`assert.strictEqual(typeof domainConfig, 'object');`

replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`const request = superagent.request(method, url).timeout(30 * 1000).ok(() => true);`
gandi: use PAT token instead 2024-10-08 17:06:53 +02:00
			`// https://api.gandi.net/docs/authentication/`
			`if (domainConfig.tokenType === 'ApiKey') {`
			`request.set('X-Api-Key', domainConfig.token);`
			request.set('Authorization', `Apikey ${domainConfig.token}`);
			`} else { // PAT`
			request.set('Authorization', `Bearer ${domainConfig.token}`);
			`}`

			`return request;`
			`}`

make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`async function upsert(domainObject, location, type, values) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`assert.strictEqual(typeof type, 'string');`
Use Array.isArray instead 2021-05-02 11:26:08 -07:00			`assert(Array.isArray(values));`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`name = dns.getName(domainObject, location, type) \|\| '@';`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			debug(`upsert: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`const data = {`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`'rrset_ttl': 300, // this is the minimum allowed`
Add note on MX records 2018-05-06 22:14:39 -07:00			`'rrset_values': values // for mx records, value is already of the '<priority> <server>' format`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`};`

gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			const [error, response] = await safe(createRequest('PUT', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig)
			`.send(data));`
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00
Fix assert 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status === 400) throw new BoxError(BoxError.BAD_FIELD, formatError(response));`
			`if (response.status !== 201) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`}`

make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`async function get(domainObject, location, type) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`assert.strictEqual(typeof type, 'string');`

dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`name = dns.getName(domainObject, location, type) \|\| '@';`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			debug(`get: ${name} in zone ${zoneName} of type ${type}`);
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			const [error, response] = await safe(createRequest('GET', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig));
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
Fix assert 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status === 404) return [];`
			`if (response.status !== 200) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`return response.body.rrset_values;`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`}`

make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`async function del(domainObject, location, type, values) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`assert.strictEqual(typeof type, 'string');`
Use Array.isArray instead 2021-05-02 11:26:08 -07:00			`assert(Array.isArray(values));`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
merge domaindb.js into domains.js 2021-08-13 17:22:28 -07:00			`name = dns.getName(domainObject, location, type) \|\| '@';`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			debug(`del: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			const [error, response] = await safe(createRequest('DELETE', `${GANDI_API}/domains/${zoneName}/records/${name}/${type}`, domainConfig));
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
Fix assert 2024-11-19 17:08:19 +05:30			`if (error) throw new BoxError(BoxError.NETWORK_ERROR, error);`
replace with custom superagent based on fetch API 2025-02-14 17:26:54 +01:00			`if (response.status === 404) return;`
			`if (response.status === 403 \|\| response.status === 401) throw new BoxError(BoxError.ACCESS_DENIED, formatError(response));`
			`if (response.status !== 204) throw new BoxError(BoxError.EXTERNAL_ERROR, formatError(response));`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`}`

make waitForDns async 2022-02-03 16:15:14 -08:00			`async function wait(domainObject, subdomain, type, value, options) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
make waitForDns async 2022-02-03 16:15:14 -08:00			`assert.strictEqual(typeof subdomain, 'string');`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof value, 'string');`
			`assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }`

dns: fqdn only needs domain string 2022-11-28 21:23:06 +01:00			`const fqdn = dns.fqdn(subdomain, domainObject.domain);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00
make waitForDns async 2022-02-03 16:15:14 -08:00			`await waitForDns(fqdn, domainObject.zoneName, type, value, options);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`}`

make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`async function verifyDomainConfig(domainObject) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName;`

make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`if (!domainConfig.token \|\| typeof domainConfig.token !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string');`
gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			`if (domainConfig.tokenType !== 'PAT' && domainConfig.tokenType !== 'ApiKey') throw new BoxError(BoxError.BAD_FIELD, 'tokenType is required');`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');`
validate dns config parameters 2018-06-17 21:44:08 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`const credentials = {`
gandi: use PAT token instead 2024-10-08 17:06:53 +02:00			`token: domainConfig.token,`
			`tokenType: domainConfig.tokenType,`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`customNameservers: !!domainConfig.customNameservers`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`};`

rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`const ip = '127.0.0.1';`

Use constants.TEST 2023-10-01 13:52:19 +05:30			`if (constants.TEST) return credentials; // this shouldn't be here`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));`
			`if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');`
			`if (error \|\| !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.gandi.net') !== -1; })) {`
			`debug('verifyDomainConfig: %j does not contain Gandi NS', nameservers);`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Gandi');`
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`}`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`const location = 'cloudrontestdns';`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`await upsert(domainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record added');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`await del(domainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record removed again');`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00
make cloudflare, gandi, manual, noop, wildcard, netcup, godaddy, namecom async 2022-02-04 13:58:29 -08:00			`return credentials;`
Add Gandi LiveDNS backend 2018-05-06 18:57:27 -07:00			`}`