diff --git a/src/domains.js b/src/domains.js index 6ae5acf27..ae21523ab 100644 --- a/src/domains.js +++ b/src/domains.js @@ -92,14 +92,12 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, provider, callback) { if (error && error.reason === BoxError.EXTERNAL_ERROR) return callback(new BoxError(BoxError.BAD_FIELD, `Configuration error: ${error.message}`)); if (error) return callback(error); - result.hyphenatedSubdomains = !!dnsConfig.hyphenatedSubdomains; - callback(null, result); }); } function fqdn(location, domainObject) { - return location + (location ? (domainObject.config.hyphenatedSubdomains ? '-' : '.') : '') + domainObject.domain; + return location + (location ? '.' : '') + domainObject.domain; } // Hostname validation comes from RFC 1123 (section 2.1) @@ -133,10 +131,6 @@ function validateHostname(location, domainObject) { if (/^[-.]/.test(location)) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot', { field: 'location' }); } - if (domainObject.config.hyphenatedSubdomains) { - if (location.indexOf('.') !== -1) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot contain a dot', { field: 'location' }); - } - return null; } @@ -339,19 +333,7 @@ function getName(domain, location, type) { if (location === '') return part; - if (!domain.config.hyphenatedSubdomains) return part ? `${location}.${part}` : location; - - // hyphenatedSubdomains - if (type !== 'TXT') return `${location}-${part}`; - - if (location.startsWith('_acme-challenge.')) { - return `${location}-${part}`; - } else if (location === '_acme-challenge') { - const up = part.replace(/^[^.]*\.?/, ''); // this gets the domain one level up - return up ? `${location}.${up}` : location; - } else { - return `${location}.${part}`; - } + return part ? `${location}.${part}` : location; } function getDnsRecords(location, domain, type, callback) { @@ -459,8 +441,7 @@ function removePrivateFields(domain) { function removeRestrictedFields(domain) { var result = _.pick(domain, 'domain', 'zoneName', 'provider'); - // always ensure config object - result.config = { hyphenatedSubdomains: !!domain.config.hyphenatedSubdomains }; + result.config = {}; // always ensure config object return result; } diff --git a/src/reverseproxy.js b/src/reverseproxy.js index 9758fa11d..4f41085a0 100644 --- a/src/reverseproxy.js +++ b/src/reverseproxy.js @@ -181,9 +181,9 @@ function generateFallbackCertificateSync(domainObject) { let opensslConf = safe.fs.readFileSync('/etc/ssl/openssl.cnf', 'utf8'); // SAN must contain all the domains since CN check is based on implementation if SAN is found. -checkhost also checks only SAN if present! let opensslConfWithSan; - let cn = domainObject.config.hyphenatedSubdomains ? domains.parentDomain(domain) : domain; + let cn = domain; - debug(`generateFallbackCertificateSync: domain=${domainObject.domain} cn=${cn} hyphenated=${domainObject.config.hyphenatedSubdomains}`); + debug(`generateFallbackCertificateSync: domain=${domainObject.domain} cn=${cn}`); opensslConfWithSan = `${opensslConf}\n[SAN]\nsubjectAltName=DNS:${domain},DNS:*.${cn}\n`; let configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf'); diff --git a/src/routes/domains.js b/src/routes/domains.js index 2d29e8e69..952ad8532 100644 --- a/src/routes/domains.js +++ b/src/routes/domains.js @@ -24,7 +24,6 @@ function add(req, res, next) { if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string')); if (!req.body.config || typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object')); - if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean')); if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean')); if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string')); @@ -85,7 +84,6 @@ function update(req, res, next) { if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be an object')); if (!req.body.config || typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object')); - if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean')); if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean')); if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string')); diff --git a/src/test/acme2-test.js b/src/test/acme2-test.js index 84b96e2dd..f3ee41447 100644 --- a/src/test/acme2-test.js +++ b/src/test/acme2-test.js @@ -8,8 +8,7 @@ var async = require('async'), database = require('../database.js'), acme2 = require('../cert/acme2.js'), - expect = require('expect.js'), - _ = require('underscore'); + expect = require('expect.js'); describe('Acme2', function () { before(function (done) { @@ -35,7 +34,7 @@ describe('Acme2', function () { it('wildcard', function () { expect(acme2._getChallengeSubdomain('*.example.com', 'example.com')).to.be('_acme-challenge'); expect(acme2._getChallengeSubdomain('*.git.example.com', 'example.com')).to.be('_acme-challenge.git'); - expect(acme2._getChallengeSubdomain('*.example.com', 'customer.example.com')).to.be('_acme-challenge'); // for hyphenatedSubdomains + expect(acme2._getChallengeSubdomain('*.example.com', 'customer.example.com')).to.be('_acme-challenge'); }); }); }); diff --git a/src/test/domains-test.js b/src/test/domains-test.js index b613d3c7e..503c1bf0e 100644 --- a/src/test/domains-test.js +++ b/src/test/domains-test.js @@ -9,8 +9,7 @@ var async = require('async'), database = require('../database.js'), domains = require('../domains.js'), expect = require('expect.js'), - settings = require('../settings.js'), - _ = require('underscore'); + settings = require('../settings.js'); describe('Domains', function () { before(function (done) { @@ -71,19 +70,10 @@ describe('Domains', function () { expect(domains.validateHostname('a0.x.y', domain)).to.be(null); expect(domains.validateHostname('01', domain)).to.be(null); }); - - it('hyphenatedSubdomains', function () { - let domainCopy = _.extend({}, domain); - domainCopy.config.hyphenatedSubdomains = true; - - expect(domains.validateHostname('a', domain)).to.be(null); - expect(domains.validateHostname('a0-x', domain)).to.be(null); - expect(domains.validateHostname('a0.x', domain)).to.be.an(Error); - }); }); describe('getName', function () { - it('works with zoneName==domain (not hyphenated)', function () { + it('works with zoneName==domain', function () { const domain = { domain: 'example.com', zoneName: 'example.com', @@ -101,7 +91,7 @@ describe('Domains', function () { expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev'); }); - it('works when zoneName!=domain (not hyphenated)', function () { + it('works when zoneName!=domain', function () { const domain = { domain: 'dev.example.com', zoneName: 'example.com', @@ -118,49 +108,5 @@ describe('Domains', function () { expect(domains.getName(domain, 'www', 'TXT')).to.be('www.dev'); expect(domains.getName(domain, 'www.dev', 'TXT')).to.be('www.dev.dev'); }); - - it('works when hyphenated - level1', function () { - const domain = { - domain: 'customer.example.com', - zoneName: 'example.com', - config: { - hyphenatedSubdomains: true - } - }; - - expect(domains.getName(domain, '', 'A')).to.be('customer'); - expect(domains.getName(domain, 'www', 'A')).to.be('www-customer'); - expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev-customer'); - - expect(domains.getName(domain, '', 'MX')).to.be('customer'); - - expect(domains.getName(domain, '', 'TXT')).to.be('customer'); - expect(domains.getName(domain, '_dmarc', 'TXT')).to.be('_dmarc.customer'); - expect(domains.getName(domain, 'cloudron._domainkey', 'TXT')).to.be('cloudron._domainkey.customer'); - expect(domains.getName(domain, '_acme-challenge.my', 'TXT')).to.be('_acme-challenge.my-customer'); - expect(domains.getName(domain, '_acme-challenge', 'TXT')).to.be('_acme-challenge'); - }); - - it('works when hyphenated - level2', function () { - const domain = { - domain: 'customer.dev.example.com', - zoneName: 'example.com', - config: { - hyphenatedSubdomains: true - } - }; - - expect(domains.getName(domain, '', 'A')).to.be('customer.dev'); - expect(domains.getName(domain, 'www', 'A')).to.be('www-customer.dev'); - expect(domains.getName(domain, 'www.dev', 'A')).to.be('www.dev-customer.dev'); - - expect(domains.getName(domain, '', 'MX')).to.be('customer.dev'); - - expect(domains.getName(domain, '', 'TXT')).to.be('customer.dev'); - expect(domains.getName(domain, '_dmarc', 'TXT')).to.be('_dmarc.customer.dev'); - expect(domains.getName(domain, 'cloudron._domainkey', 'TXT')).to.be('cloudron._domainkey.customer.dev'); - expect(domains.getName(domain, '_acme-challenge.my', 'TXT')).to.be('_acme-challenge.my-customer.dev'); - expect(domains.getName(domain, '_acme-challenge', 'TXT')).to.be('_acme-challenge.dev'); - }); }); }); diff --git a/src/test/reverseproxy-test.js b/src/test/reverseproxy-test.js index 34b63667d..52cc59df8 100644 --- a/src/test/reverseproxy-test.js +++ b/src/test/reverseproxy-test.js @@ -41,7 +41,7 @@ describe('Certificates', function () { describe('validateCertificate', function () { let foobarDomain = { domain: 'foobar.com', - config: { hypenatedSubdomains: false } + config: {} }; let amazingDomain = { @@ -140,7 +140,7 @@ describe('Certificates', function () { }); }); - describe('generateFallbackCertificiate - non-hyphenated', function () { + describe('generateFallbackCertificiate', function () { let domainObject = { domain: 'cool.com', config: {} @@ -159,27 +159,6 @@ describe('Certificates', function () { }); }); - describe('generateFallbackCertificiate - hyphenated', function () { - let domainObject = { - domain: 'customer.cool.com', - config: { hyphenatedSubdomains: true } - }; - let result; - - it('can generate fallback certs', function () { - result = reverseProxy.generateFallbackCertificateSync(domainObject); - expect(result).to.be.ok(); - expect(result.error).to.be(null); - }); - - it('can validate the certs', function () { - expect(reverseProxy.validateCertificate('foo', domainObject, result)).to.be(null); - expect(reverseProxy.validateCertificate('', domainObject, result)).to.be(null); - - expect(reverseProxy.validateCertificate('foo', { domain: 'customer.cool.com', config: {} }, result)).to.be.an(Error); - }); - }); - describe('getApi - letsencrypt-prod', function () { before(function (done) { DOMAIN_0.tlsConfig = { provider: 'letsencrypt-prod' };