diff --git a/src/dns/caas.js b/src/dns/caas.js index 25b5ccc0c..c07191b2c 100644 --- a/src/dns/caas.js +++ b/src/dns/caas.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -24,6 +25,11 @@ function getFqdn(location, domain) { return (location === '') ? domain : location + '-' + domain; } +function removePrivateFields(domainObject) { + domainObject.config.token = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/cloudflare.js b/src/dns/cloudflare.js index ed962449c..886fbdfa8 100644 --- a/src/dns/cloudflare.js +++ b/src/dns/cloudflare.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -22,6 +23,11 @@ var assert = require('assert'), // we are using latest v4 stable API https://api.cloudflare.com/#getting-started-endpoints var CLOUDFLARE_ENDPOINT = 'https://api.cloudflare.com/client/v4'; +function removePrivateFields(domainObject) { + domainObject.config.token = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function translateRequestError(result, callback) { assert.strictEqual(typeof result, 'object'); assert.strictEqual(typeof callback, 'function'); diff --git a/src/dns/digitalocean.js b/src/dns/digitalocean.js index d41795da3..bc0a93863 100644 --- a/src/dns/digitalocean.js +++ b/src/dns/digitalocean.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -25,6 +26,11 @@ function formatError(response) { return util.format('DigitalOcean DNS error [%s] %j', response.statusCode, response.body); } +function removePrivateFields(domainObject) { + domainObject.config.token = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function getInternal(dnsConfig, zoneName, name, type, callback) { assert.strictEqual(typeof dnsConfig, 'object'); assert.strictEqual(typeof zoneName, 'string'); diff --git a/src/dns/gandi.js b/src/dns/gandi.js index 096449849..9f97697bb 100644 --- a/src/dns/gandi.js +++ b/src/dns/gandi.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -23,6 +24,11 @@ function formatError(response) { return util.format(`Gandi DNS error [${response.statusCode}] ${response.body.message}`); } +function removePrivateFields(domainObject) { + domainObject.config.token = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/gcdns.js b/src/dns/gcdns.js index 2fe44d939..e325c703f 100644 --- a/src/dns/gcdns.js +++ b/src/dns/gcdns.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -18,6 +19,11 @@ var assert = require('assert'), waitForDns = require('./waitfordns.js'), _ = require('underscore'); +function removePrivateFields(domainObject) { + domainObject.config.credentials.private_key = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function getDnsCredentials(dnsConfig) { assert.strictEqual(typeof dnsConfig, 'object'); diff --git a/src/dns/godaddy.js b/src/dns/godaddy.js index 58fd2101e..d00fc2e82 100644 --- a/src/dns/godaddy.js +++ b/src/dns/godaddy.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -29,6 +30,11 @@ function formatError(response) { return util.format(`GoDaddy DNS error [${response.statusCode}] ${response.body.message}`); } +function removePrivateFields(domainObject) { + domainObject.config.apiSecret = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/interface.js b/src/dns/interface.js index 458906a03..c332489aa 100644 --- a/src/dns/interface.js +++ b/src/dns/interface.js @@ -7,6 +7,7 @@ // ------------------------------------------- exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -17,6 +18,11 @@ exports = module.exports = { var assert = require('assert'), util = require('util'); +function removePrivateFields(domainObject) { + // in-place removal of tokens and api keys with domains.SECRET_PLACEHOLDER + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/manual.js b/src/dns/manual.js index 4893ad84a..850056e79 100644 --- a/src/dns/manual.js +++ b/src/dns/manual.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -16,6 +17,10 @@ var assert = require('assert'), util = require('util'), waitForDns = require('./waitfordns.js'); +function removePrivateFields(domainObject) { + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/namecheap.js b/src/dns/namecheap.js index d620cc999..145b9b4b1 100644 --- a/src/dns/namecheap.js +++ b/src/dns/namecheap.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -22,6 +23,11 @@ function formatError(response) { return util.format('NameCheap DNS error [%s] %j', response.code, response.message); } +function removePrivateFields(domainObject) { + domainObject.config.apiKey = domains.SECRET_PLACEHOLDER; + return domainObject; +} + // Only send required fields - https://www.namecheap.com/support/api/methods/domains-dns/set-hosts.aspx function mapHosts(hosts) { return hosts.map(function (host) { diff --git a/src/dns/namecom.js b/src/dns/namecom.js index 444245b2e..788c1994c 100644 --- a/src/dns/namecom.js +++ b/src/dns/namecom.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -24,6 +25,11 @@ function formatError(response) { return `Name.com DNS error [${response.statusCode}] ${response.text}`; } +function removePrivateFields(domainObject) { + domainObject.config.token = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function addRecord(dnsConfig, zoneName, name, type, values, callback) { assert.strictEqual(typeof dnsConfig, 'object'); assert.strictEqual(typeof zoneName, 'string'); diff --git a/src/dns/noop.js b/src/dns/noop.js index 02bfeb0d4..8f30ad337 100644 --- a/src/dns/noop.js +++ b/src/dns/noop.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -12,6 +13,10 @@ var assert = require('assert'), debug = require('debug')('box:dns/noop'), util = require('util'); +function removePrivateFields(domainObject) { + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/dns/route53.js b/src/dns/route53.js index 1e92cb140..815e91f38 100644 --- a/src/dns/route53.js +++ b/src/dns/route53.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -18,6 +19,11 @@ var assert = require('assert'), waitForDns = require('./waitfordns.js'), _ = require('underscore'); +function removePrivateFields(domainObject) { + domainObject.config.secretAccessKey = domains.SECRET_PLACEHOLDER; + return domainObject; +} + function getDnsCredentials(dnsConfig) { assert.strictEqual(typeof dnsConfig, 'object'); diff --git a/src/dns/wildcard.js b/src/dns/wildcard.js index 08a4850e2..99531ff8a 100644 --- a/src/dns/wildcard.js +++ b/src/dns/wildcard.js @@ -1,6 +1,7 @@ 'use strict'; exports = module.exports = { + removePrivateFields: removePrivateFields, upsert: upsert, get: get, del: del, @@ -17,6 +18,10 @@ var assert = require('assert'), util = require('util'), waitForDns = require('./waitfordns.js'); +function removePrivateFields(domainObject) { + return domainObject; +} + function upsert(domainObject, location, type, values, callback) { assert.strictEqual(typeof domainObject, 'object'); assert.strictEqual(typeof location, 'string'); diff --git a/src/domains.js b/src/domains.js index 9f848875e..ee550c532 100644 --- a/src/domains.js +++ b/src/domains.js @@ -28,7 +28,9 @@ module.exports = exports = { prepareDashboardDomain: prepareDashboardDomain, - DomainsError: DomainsError + DomainsError: DomainsError, + + SECRET_PLACEHOLDER: 'hidden' }; var assert = require('assert'), @@ -458,11 +460,7 @@ function waitForDnsRecord(location, domain, type, value, options, callback) { function removePrivateFields(domain) { var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'config', 'tlsConfig', 'fallbackCertificate', 'locked'); if (result.fallbackCertificate) delete result.fallbackCertificate.key; // do not return the 'key'. in caas, this is private - - // remove 'apiSecret' and 'secretAccessKey'. not remove 'apiKey' and 'accessKeyId' as these are meant to be user visible - result.config = _.omit(result.config, (v, k) => k === 'token' || k === 'credentials' || k.toLowerCase().includes('secret')); - - return result; + return api(result.provider).removePrivateFields(result); } // removes all fields that are not accessible by a normal user