import apps from './apps.js'; import assert from 'node:assert'; import BoxError from './boxerror.js'; import constants from './constants.js'; import dashboard from './dashboard.js'; import logger from './logger.js'; import domains from './domains.js'; import ipaddr from './ipaddr.js'; import mail from './mail.js'; import mailServer from './mailserver.js'; import network from './network.js'; import retry from './retry.js'; import safe from 'safetydance'; import tasks from './tasks.js'; import tld from 'tldjs'; import dnsBunny from './dns/bunny.js'; import dnsCloudflare from './dns/cloudflare.js'; import dnsDesec from './dns/desec.js'; import dnsDnsimple from './dns/dnsimple.js'; import dnsRoute53 from './dns/route53.js'; import dnsGcdns from './dns/gcdns.js'; import dnsDigitalocean from './dns/digitalocean.js'; import dnsGandi from './dns/gandi.js'; import dnsGodaddy from './dns/godaddy.js'; import dnsInwx from './dns/inwx.js'; import dnsLinode from './dns/linode.js'; import dnsVultr from './dns/vultr.js'; import dnsNamecom from './dns/namecom.js'; import dnsNamecheap from './dns/namecheap.js'; import dnsNetcup from './dns/netcup.js'; import dnsHetzner from './dns/hetzner.js'; import dnsHetznercloud from './dns/hetznercloud.js'; import dnsNoop from './dns/noop.js'; import dnsManual from './dns/manual.js'; import dnsOvh from './dns/ovh.js'; import dnsPorkbun from './dns/porkbun.js'; import dnsWildcard from './dns/wildcard.js'; const { log } = logger('dns'); const DNS_PROVIDERS = { bunny: dnsBunny, cloudflare: dnsCloudflare, desec: dnsDesec, dnsimple: dnsDnsimple, route53: dnsRoute53, gcdns: dnsGcdns, digitalocean: dnsDigitalocean, gandi: dnsGandi, godaddy: dnsGodaddy, inwx: dnsInwx, linode: dnsLinode, vultr: dnsVultr, namecom: dnsNamecom, namecheap: dnsNamecheap, netcup: dnsNetcup, hetzner: dnsHetzner, hetznercloud: dnsHetznercloud, noop: dnsNoop, manual: dnsManual, ovh: dnsOvh, porkbun: dnsPorkbun, wildcard: dnsWildcard }; // choose which subdomain backend we use for test purpose we use route53 function api(provider) { assert.strictEqual(typeof provider, 'string'); return DNS_PROVIDERS[provider] || null; } function fqdn(subdomain, domain) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); return subdomain + (subdomain ? '.' : '') + domain; } // Hostname validation comes from RFC 1123 (section 2.1) // Domain name validation comes from RFC 2181 (Name syntax) // https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names // We are validating the validity of the location-fqdn as host name (and not dns name) function validateHostname(subdomain, domain) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); const hostname = fqdn(subdomain, domain); // workaround https://github.com/oncletom/tld.js/issues/73 const tmp = hostname.replace('_', '-'); if (!tld.isValid(tmp)) return new BoxError(BoxError.BAD_FIELD, 'Hostname is not a valid domain name'); if (hostname.length > 253) return new BoxError(BoxError.BAD_FIELD, 'Hostname length exceeds 253 characters'); if (subdomain) { // label validation if (subdomain.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new BoxError(BoxError.BAD_FIELD, 'Invalid subdomain length'); if (subdomain.match(/^[A-Za-z0-9-.]+$/) === null) return new BoxError(BoxError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot'); if (/^[-.]/.test(subdomain)) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot'); } return null; } // returns the 'name' that needs to be inserted into zone // eslint-disable-next-line no-unused-vars function getName(domain, subdomain, type) { const part = domain.domain.slice(0, -domain.zoneName.length - 1); if (subdomain === '') return part; return part ? `${subdomain}.${part}` : subdomain; } async function getDnsRecords(subdomain, domain, type) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); assert.strictEqual(typeof type, 'string'); const domainObject = await domains.get(domain); return await api(domainObject.provider).get(domainObject, subdomain, type); } async function checkDnsRecords(subdomain, domain) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); const cnameRecords = await getDnsRecords(subdomain, domain, 'CNAME'); if (cnameRecords.length !== 0) return { needsOverwrite: true }; const ipv4 = await network.getIPv4(); if (ipv4) { const ipv4Records = await getDnsRecords(subdomain, domain, 'A'); // if empty OR exactly one record with the ip, we don't need to overwrite if (ipv4Records.length !== 0 && (ipv4Records.length !== 1 || ipv4Records[0] !== ipv4)) return { needsOverwrite: true }; } const ipv6 = await network.getIPv6(); if (ipv6) { const ipv6Records = await getDnsRecords(subdomain, domain, 'AAAA'); // if empty OR exactly one record with the ip, we don't need to overwrite if (ipv6Records.length !== 0 && (ipv6Records.length !== 1 || !ipaddr.isEqual(ipv6Records[0], ipv6))) return { needsOverwrite: true }; } return { needsOverwrite: false }; // one record exists and in sync } // note: for TXT records the values must be quoted async function upsertDnsRecords(subdomain, domain, type, values) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); assert.strictEqual(typeof type, 'string'); assert(Array.isArray(values)); log(`upsertDnsRecords: subdomain:${subdomain} domain:${domain} type:${type} values:${JSON.stringify(values)}`); const domainObject = await domains.get(domain); await api(domainObject.provider).upsert(domainObject, subdomain, type, values); } async function removeDnsRecords(subdomain, domain, type, values) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); assert.strictEqual(typeof type, 'string'); assert(Array.isArray(values)); log(`removeDnsRecords: subdomain:${subdomain} domain:${domain} type:${type} values:${JSON.stringify(values)}`); const domainObject = await domains.get(domain); const [error] = await safe(api(domainObject.provider).del(domainObject, subdomain, type, values)); if (error && error.reason !== BoxError.NOT_FOUND) throw error; // this is never returned afaict } async function waitForDnsRecord(subdomain, domain, type, value, options) { assert.strictEqual(typeof subdomain, 'string'); assert.strictEqual(typeof domain, 'string'); assert(type === 'A' || type === 'AAAA' || type === 'TXT'); assert.strictEqual(typeof value, 'string'); assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 } const domainObject = await domains.get(domain); // linode DNS takes ~15mins if (!options.interval) options.interval = domainObject.provider === 'linode' ? 20000 : 5000; await api(domainObject.provider).wait(domainObject, subdomain, type, value, options); } async function waitForLocations(locations, progressCallback) { assert(Array.isArray(locations)); assert.strictEqual(typeof progressCallback, 'function'); if (constants.TEST) return; const ipv4 = await network.getIPv4(); const ipv6 = await network.getIPv6(); for (const location of locations) { const { subdomain, domain } = location; progressCallback({ message: `Waiting for propagation of ${fqdn(subdomain, domain)}` }); if (ipv4) { const [error] = await safe(waitForDnsRecord(subdomain, domain, 'A', ipv4, { times: 240 })); if (error) throw new BoxError(BoxError.DNS_ERROR, `DNS A Record of ${fqdn(subdomain, domain)} is not synced yet: ${error.message}`); } if (ipv6) { const [error] = await safe(waitForDnsRecord(subdomain, domain, 'AAAA', ipv6, { times: 240 })); if (error) throw new BoxError(BoxError.DNS_ERROR, `DNS AAAA Record of ${fqdn(subdomain, domain)} is not synced yet: ${error.message}`); } } } function makeWildcard(recordFqdn) { assert.strictEqual(typeof recordFqdn, 'string'); // if the fqdn is like *.example.com, this function will do nothing const parts = recordFqdn.split('.'); parts[0] = '*'; return parts.join('.'); } async function registerLocation(location, options, recordType, recordValue) { assert.strictEqual(typeof location, 'object'); assert.strictEqual(typeof options, 'object'); assert.strictEqual(typeof recordType, 'string'); assert.strictEqual(typeof recordValue, 'string'); const overwriteDns = options.overwriteDns || false; // get the current record before updating it const [getError, values] = await safe(getDnsRecords(location.subdomain, location.domain, recordType)); if (getError) { const retryable = getError.reason !== BoxError.ACCESS_DENIED && getError.reason !== BoxError.NOT_FOUND; // NOT_FOUND is when zone is not found log(`registerLocation: Get error. retryable: ${retryable}. ${getError.message}`); throw new BoxError(getError.reason, `${location.domain}: ${getError.message}`, { domain: location, retryable }); } if (values.length === 1 && values[0] === recordValue) return; // up-to-date // refuse to update any existing DNS record for custom domains that we did not create if (values.length !== 0 && !overwriteDns) throw new BoxError(BoxError.ALREADY_EXISTS, `DNS ${recordType} record already exists`, { domain: location, retryable: false }); const [upsertError] = await safe(upsertDnsRecords(location.subdomain, location.domain, recordType, [ recordValue ])); if (upsertError) { const retryable = upsertError.reason === BoxError.BUSY || upsertError.reason === BoxError.EXTERNAL_ERROR; log(`registerLocation: Upsert error. retryable: ${retryable}. ${upsertError.message}`); throw new BoxError(BoxError.EXTERNAL_ERROR, `${location.domain}: ${getError.message}`, { domain: location, retryable }); } } async function registerLocations(locations, options, progressCallback) { assert(Array.isArray(locations)); assert.strictEqual(typeof options, 'object'); assert.strictEqual(typeof progressCallback, 'function'); log(`registerLocations: Will register ${JSON.stringify(locations)} with options ${JSON.stringify(options)}`); const ipv4 = await network.getIPv4(); const ipv6 = await network.getIPv6(); for (const location of locations) { progressCallback({ message: `Registering location ${fqdn(location.subdomain, location.domain)}` }); await retry({ times: 200, interval: 5000, log, retry: (error) => error.retryable }, async function () { // cname records cannot co-exist with other records const [getError, values] = await safe(getDnsRecords(location.subdomain, location.domain, 'CNAME')); if (!getError && values.length === 1) { if (!options.overwriteDns) throw new BoxError(BoxError.ALREADY_EXISTS, 'DNS CNAME record already exists', { domain: location, retryable: false }); log(`registerLocations: removing CNAME record of ${fqdn(location.subdomain, location.domain)}`); await removeDnsRecords(location.subdomain, location.domain, 'CNAME', values); } if (ipv4) { await registerLocation(location, options, 'A', ipv4); } else { const [aError, aValues] = await safe(getDnsRecords(location.subdomain, location.domain, 'A')); if (!aError && aValues.length) await safe(removeDnsRecords(location.subdomain, location.domain, 'A', aValues), { debug: log }); } if (ipv6) { await registerLocation(location, options, 'AAAA', ipv6); } else { const [aaaaError, aaaaValues] = await safe(getDnsRecords(location.subdomain, location.domain, 'AAAA')); if (!aaaaError && aaaaValues.length) await safe(removeDnsRecords(location.subdomain, location.domain, 'AAAA', aaaaValues), { debug: log }); } }); } } async function unregisterLocation(location, recordType, recordValue) { assert.strictEqual(typeof location, 'object'); assert.strictEqual(typeof recordType, 'string'); assert.strictEqual(typeof recordValue, 'string'); const [error] = await safe(removeDnsRecords(location.subdomain, location.domain, recordType, [ recordValue ])); if (!error || error.reason === BoxError.NOT_FOUND) return; const retryable = error.reason === BoxError.BUSY || error.reason === BoxError.EXTERNAL_ERROR; log(`unregisterLocation: Error unregistering location ${recordType}. retryable: ${retryable}. ${error.message}`); throw new BoxError(BoxError.EXTERNAL_ERROR, `${location.domain}: ${error.message}`, { domain: location, retryable }); } async function unregisterLocations(locations, progressCallback) { assert(Array.isArray(locations)); assert.strictEqual(typeof progressCallback, 'function'); const ipv4 = await network.getIPv4(); const ipv6 = await network.getIPv6(); for (const location of locations) { progressCallback({ message: `Unregistering location: ${location.subdomain ? (location.subdomain + '.') : ''}${location.domain}` }); await retry({ times: 30, interval: 5000, log, retry: (error) => error.retryable }, async function () { if (ipv4) await unregisterLocation(location, 'A', ipv4); if (ipv6) await unregisterLocation(location, 'AAAA', ipv6); }); } } async function syncDnsRecords(options, progressCallback) { assert.strictEqual(typeof options, 'object'); assert.strictEqual(typeof progressCallback, 'function'); const errors = []; if (options.domain && options.type === 'mail') { const [error] = await safe(mail.setDnsRecords(options.domain)); if (error) errors.push({ domain: options.domain, error: error.message }); return errors; } let allDomains = await domains.list(); if (options.domain) allDomains = allDomains.filter(d => d.domain === options.domain); const { domain:mailDomain, fqdn:mailFqdn, subdomain:mailSubdomain } = await mailServer.getLocation(); const dashboardLocation = await dashboard.getLocation(); const allApps = await apps.list(); let progress = 1; // we sync by domain only to get some nice progress for (const domain of allDomains) { progressCallback({ percent: progress, message: `Updating DNS of ${domain.domain}`}); progress = Math.min(progress + Math.round(90 / (1 + allDomains.length)), 95); let locations = []; if (domain.domain === dashboardLocation.domain) locations.push({ subdomain: dashboardLocation.subdomain, domain: dashboardLocation.domain }); if (domain.domain === mailDomain && mailFqdn !== dashboardLocation.fqdn) locations.push({ subdomain: mailSubdomain, domain: mailDomain }); for (const app of allApps) { const appLocations = [{ subdomain: app.subdomain, domain: app.domain }] .concat(app.secondaryDomains) .concat(app.redirectDomains) .concat(app.aliasDomains); locations = locations.concat(appLocations.filter(al => al.domain === domain.domain)); } try { await registerLocations(locations, { overwriteDns: true }, progressCallback); progressCallback({ message: `Updating mail DNS of ${domain.domain}`}); await mail.setDnsRecords(domain.domain); } catch (error) { errors.push({ domain: domain.domain, message: error.message }); } } progressCallback({ percent: 100, message: 'Done' }); return { errors }; } async function startSyncDnsRecords(options) { assert.strictEqual(typeof options, 'object'); const taskId = await tasks.add(tasks.TASK_SYNC_DNS_RECORDS, [ options ]); safe(tasks.startTask(taskId, {}), { debug: log }); // background return taskId; } export default { fqdn, getName, getDnsRecords, upsertDnsRecords, removeDnsRecords, waitForDnsRecord, waitForLocations, validateHostname, makeWildcard, registerLocations, unregisterLocations, checkDnsRecords, syncDnsRecords, startSyncDnsRecords };