@serve.zone/dcrouter 13.5.0 → 13.7.1

package/dist_ts/opsserver/handlers/dns-record.handler.js

@@ -0,0 +1,98 @@
+import * as plugins from '../../plugins.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+/**
+ * CRUD handlers for DnsRecordDoc.
+ */
+export class DnsRecordHandler {
+    opsServerRef;
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    constructor(opsServerRef) {
+        this.opsServerRef = opsServerRef;
+        this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+        this.registerHandlers();
+    }
+    async requireAuth(request, requiredScope) {
+        if (request.identity?.jwt) {
+            try {
+                const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({
+                    identity: request.identity,
+                });
+                if (isAdmin)
+                    return request.identity.userId;
+            }
+            catch { /* fall through */ }
+        }
+        if (request.apiToken) {
+            const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (tokenManager) {
+                const token = await tokenManager.validateToken(request.apiToken);
+                if (token) {
+                    if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
+                        return token.createdBy;
+                    }
+                    throw new plugins.typedrequest.TypedResponseError('insufficient scope');
+                }
+            }
+        }
+        throw new plugins.typedrequest.TypedResponseError('unauthorized');
+    }
+    registerHandlers() {
+        // Get records by domain
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getDnsRecords', async (dataArg) => {
+            await this.requireAuth(dataArg, 'dns-records:read');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { records: [] };
+            const docs = await dnsManager.listRecordsForDomain(dataArg.domainId);
+            return { records: docs.map((d) => dnsManager.toPublicRecord(d)) };
+        }));
+        // Get single record
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getDnsRecord', async (dataArg) => {
+            await this.requireAuth(dataArg, 'dns-records:read');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { record: null };
+            const doc = await dnsManager.getRecord(dataArg.id);
+            return { record: doc ? dnsManager.toPublicRecord(doc) : null };
+        }));
+        // Create record
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('createDnsRecord', async (dataArg) => {
+            const userId = await this.requireAuth(dataArg, 'dns-records:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            return await dnsManager.createRecord({
+                domainId: dataArg.domainId,
+                name: dataArg.name,
+                type: dataArg.type,
+                value: dataArg.value,
+                ttl: dataArg.ttl,
+                proxied: dataArg.proxied,
+                createdBy: userId,
+            });
+        }));
+        // Update record
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('updateDnsRecord', async (dataArg) => {
+            await this.requireAuth(dataArg, 'dns-records:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            return await dnsManager.updateRecord({
+                id: dataArg.id,
+                name: dataArg.name,
+                value: dataArg.value,
+                ttl: dataArg.ttl,
+                proxied: dataArg.proxied,
+            });
+        }));
+        // Delete record
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('deleteDnsRecord', async (dataArg) => {
+            await this.requireAuth(dataArg, 'dns-records:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            return await dnsManager.deleteRecord(dataArg.id);
+        }));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLXJlY29yZC5oYW5kbGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvb3Bzc2VydmVyL2hhbmRsZXJzL2Rucy1yZWNvcmQuaGFuZGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBRTVDLE9BQU8sS0FBSyxVQUFVLE1BQU0saUNBQWlDLENBQUM7QUFFOUQ7O0dBRUc7QUFDSCxNQUFNLE9BQU8sZ0JBQWdCO0lBR1A7SUFGYixXQUFXLEdBQUcsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBRTVELFlBQW9CLFlBQXVCO1FBQXZCLGlCQUFZLEdBQVosWUFBWSxDQUFXO1FBQ3pDLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDL0QsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVPLEtBQUssQ0FBQyxXQUFXLENBQ3ZCLE9BQW9FLEVBQ3BFLGFBQThDO1FBRTlDLElBQUksT0FBTyxDQUFDLFFBQVEsRUFBRSxHQUFHLEVBQUUsQ0FBQztZQUMxQixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUM7b0JBQzNFLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUTtpQkFDM0IsQ0FBQyxDQUFDO2dCQUNILElBQUksT0FBTztvQkFBRSxPQUFPLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO1lBQzlDLENBQUM7WUFBQyxNQUFNLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ2hDLENBQUM7UUFFRCxJQUFJLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNyQixNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUM7WUFDbkUsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxLQUFLLEdBQUcsTUFBTSxZQUFZLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDakUsSUFBSSxLQUFLLEVBQUUsQ0FBQztvQkFDVixJQUFJLENBQUMsYUFBYSxJQUFJLFlBQVksQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLGFBQWEsQ0FBQyxFQUFFLENBQUM7d0JBQ2xFLE9BQU8sS0FBSyxDQUFDLFNBQVMsQ0FBQztvQkFDekIsQ0FBQztvQkFDRCxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO2dCQUMxRSxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRU8sZ0JBQWdCO1FBQ3RCLHdCQUF3QjtRQUN4QixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsZUFBZSxFQUNmLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDcEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQUM7WUFDeEMsTUFBTSxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ3JFLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDcEUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLG9CQUFvQjtRQUNwQixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsY0FBYyxFQUNkLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDcEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUM7WUFDekMsTUFBTSxHQUFHLEdBQUcsTUFBTSxVQUFVLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNuRCxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDakUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLGdCQUFnQjtRQUNoQixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsaUJBQWlCLEVBQ2pCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDcEUsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSw0QkFBNEIsRUFBRSxDQUFDO1lBQ2xGLE9BQU8sTUFBTSxVQUFVLENBQUMsWUFBWSxDQUFDO2dCQUNuQyxRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQzFCLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtnQkFDbEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJO2dCQUNsQixLQUFLLEVBQUUsT0FBTyxDQUFDLEtBQUs7Z0JBQ3BCLEdBQUcsRUFBRSxPQUFPLENBQUMsR0FBRztnQkFDaEIsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2dCQUN4QixTQUFTLEVBQUUsTUFBTTthQUNsQixDQUFDLENBQUM7UUFDTCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsZ0JBQWdCO1FBQ2hCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxpQkFBaUIsRUFDakIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsbUJBQW1CLENBQUMsQ0FBQztZQUNyRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUM7WUFDNUQsSUFBSSxDQUFDLFVBQVU7Z0JBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLDRCQUE0QixFQUFFLENBQUM7WUFDbEYsT0FBTyxNQUFNLFVBQVUsQ0FBQyxZQUFZLENBQUM7Z0JBQ25DLEVBQUUsRUFBRSxPQUFPLENBQUMsRUFBRTtnQkFDZCxJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUk7Z0JBQ2xCLEtBQUssRUFBRSxPQUFPLENBQUMsS0FBSztnQkFDcEIsR0FBRyxFQUFFLE9BQU8sQ0FBQyxHQUFHO2dCQUNoQixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU87YUFDekIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLGdCQUFnQjtRQUNoQixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsaUJBQWlCLEVBQ2pCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDckQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSw0QkFBNEIsRUFBRSxDQUFDO1lBQ2xGLE9BQU8sTUFBTSxVQUFVLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNuRCxDQUFDLENBQ0YsQ0FDRixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=

package/dist_ts/opsserver/handlers/domain.handler.d.ts

@@ -0,0 +1,13 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+/**
+ * CRUD handlers for DomainDoc.
+ */
+export declare class DomainHandler {
+    private opsServerRef;
+    typedrouter: plugins.typedrequest.TypedRouter<interfaces.typedrequestInterfaces.ITypedRequest>;
+    constructor(opsServerRef: OpsServer);
+    private requireAuth;
+    private registerHandlers;
+}

package/dist_ts/opsserver/handlers/domain.handler.js

@@ -0,0 +1,124 @@
+import * as plugins from '../../plugins.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+/**
+ * CRUD handlers for DomainDoc.
+ */
+export class DomainHandler {
+    opsServerRef;
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    constructor(opsServerRef) {
+        this.opsServerRef = opsServerRef;
+        this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+        this.registerHandlers();
+    }
+    async requireAuth(request, requiredScope) {
+        if (request.identity?.jwt) {
+            try {
+                const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({
+                    identity: request.identity,
+                });
+                if (isAdmin)
+                    return request.identity.userId;
+            }
+            catch { /* fall through */ }
+        }
+        if (request.apiToken) {
+            const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (tokenManager) {
+                const token = await tokenManager.validateToken(request.apiToken);
+                if (token) {
+                    if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
+                        return token.createdBy;
+                    }
+                    throw new plugins.typedrequest.TypedResponseError('insufficient scope');
+                }
+            }
+        }
+        throw new plugins.typedrequest.TypedResponseError('unauthorized');
+    }
+    registerHandlers() {
+        // Get all domains
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getDomains', async (dataArg) => {
+            await this.requireAuth(dataArg, 'domains:read');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { domains: [] };
+            const docs = await dnsManager.listDomains();
+            return { domains: docs.map((d) => dnsManager.toPublicDomain(d)) };
+        }));
+        // Get single domain
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getDomain', async (dataArg) => {
+            await this.requireAuth(dataArg, 'domains:read');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { domain: null };
+            const doc = await dnsManager.getDomain(dataArg.id);
+            return { domain: doc ? dnsManager.toPublicDomain(doc) : null };
+        }));
+        // Create manual domain
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('createDomain', async (dataArg) => {
+            const userId = await this.requireAuth(dataArg, 'domains:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            try {
+                const id = await dnsManager.createManualDomain({
+                    name: dataArg.name,
+                    description: dataArg.description,
+                    createdBy: userId,
+                });
+                return { success: true, id };
+            }
+            catch (err) {
+                return { success: false, message: err.message };
+            }
+        }));
+        // Import domains from a provider
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('importDomain', async (dataArg) => {
+            const userId = await this.requireAuth(dataArg, 'domains:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            try {
+                const importedIds = await dnsManager.importDomainsFromProvider({
+                    providerId: dataArg.providerId,
+                    domainNames: dataArg.domainNames,
+                    createdBy: userId,
+                });
+                return { success: true, importedIds };
+            }
+            catch (err) {
+                return { success: false, message: err.message };
+            }
+        }));
+        // Update domain metadata
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('updateDomain', async (dataArg) => {
+            await this.requireAuth(dataArg, 'domains:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            const ok = await dnsManager.updateDomain(dataArg.id, {
+                description: dataArg.description,
+            });
+            return ok ? { success: true } : { success: false, message: 'Domain not found' };
+        }));
+        // Delete domain
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('deleteDomain', async (dataArg) => {
+            await this.requireAuth(dataArg, 'domains:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            const ok = await dnsManager.deleteDomain(dataArg.id);
+            return ok ? { success: true } : { success: false, message: 'Domain not found' };
+        }));
+        // Force-resync provider domain
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('syncDomain', async (dataArg) => {
+            await this.requireAuth(dataArg, 'domains:write');
+            const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+            if (!dnsManager)
+                return { success: false, message: 'DnsManager not initialized' };
+            return await dnsManager.syncDomain(dataArg.id);
+        }));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9tYWluLmhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9vcHNzZXJ2ZXIvaGFuZGxlcnMvZG9tYWluLmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUU1QyxPQUFPLEtBQUssVUFBVSxNQUFNLGlDQUFpQyxDQUFDO0FBRTlEOztHQUVHO0FBQ0gsTUFBTSxPQUFPLGFBQWE7SUFHSjtJQUZiLFdBQVcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUFFLENBQUM7SUFFNUQsWUFBb0IsWUFBdUI7UUFBdkIsaUJBQVksR0FBWixZQUFZLENBQVc7UUFDekMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRU8sS0FBSyxDQUFDLFdBQVcsQ0FDdkIsT0FBb0UsRUFDcEUsYUFBOEM7UUFFOUMsSUFBSSxPQUFPLENBQUMsUUFBUSxFQUFFLEdBQUcsRUFBRSxDQUFDO1lBQzFCLElBQUksQ0FBQztnQkFDSCxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQztvQkFDM0UsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRO2lCQUMzQixDQUFDLENBQUM7Z0JBQ0gsSUFBSSxPQUFPO29CQUFFLE9BQU8sT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7WUFDOUMsQ0FBQztZQUFDLE1BQU0sQ0FBQyxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUVELElBQUksT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUNuRSxJQUFJLFlBQVksRUFBRSxDQUFDO2dCQUNqQixNQUFNLEtBQUssR0FBRyxNQUFNLFlBQVksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNqRSxJQUFJLEtBQUssRUFBRSxDQUFDO29CQUNWLElBQUksQ0FBQyxhQUFhLElBQUksWUFBWSxDQUFDLFFBQVEsQ0FBQyxLQUFLLEVBQUUsYUFBYSxDQUFDLEVBQUUsQ0FBQzt3QkFDbEUsT0FBTyxLQUFLLENBQUMsU0FBUyxDQUFDO29CQUN6QixDQUFDO29CQUNELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLG9CQUFvQixDQUFDLENBQUM7Z0JBQzFFLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsa0JBQWtCO1FBQ2xCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxZQUFZLEVBQ1osS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsY0FBYyxDQUFDLENBQUM7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQUM7WUFDeEMsTUFBTSxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDNUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNwRSxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsb0JBQW9CO1FBQ3BCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxXQUFXLEVBQ1gsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsY0FBYyxDQUFDLENBQUM7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUM7WUFDekMsTUFBTSxHQUFHLEdBQUcsTUFBTSxVQUFVLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNuRCxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDakUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLHVCQUF1QjtRQUN2QixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsY0FBYyxFQUNkLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBQ2hFLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQztZQUM1RCxJQUFJLENBQUMsVUFBVTtnQkFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsNEJBQTRCLEVBQUUsQ0FBQztZQUNsRixJQUFJLENBQUM7Z0JBQ0gsTUFBTSxFQUFFLEdBQUcsTUFBTSxVQUFVLENBQUMsa0JBQWtCLENBQUM7b0JBQzdDLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtvQkFDbEIsV0FBVyxFQUFFLE9BQU8sQ0FBQyxXQUFXO29CQUNoQyxTQUFTLEVBQUUsTUFBTTtpQkFDbEIsQ0FBQyxDQUFDO2dCQUNILE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO1lBQy9CLENBQUM7WUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO2dCQUN0QixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUcsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzdELENBQUM7UUFDSCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsaUNBQWlDO1FBQ2pDLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxjQUFjLEVBQ2QsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFDaEUsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSw0QkFBNEIsRUFBRSxDQUFDO1lBQ2xGLElBQUksQ0FBQztnQkFDSCxNQUFNLFdBQVcsR0FBRyxNQUFNLFVBQVUsQ0FBQyx5QkFBeUIsQ0FBQztvQkFDN0QsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO29CQUM5QixXQUFXLEVBQUUsT0FBTyxDQUFDLFdBQVc7b0JBQ2hDLFNBQVMsRUFBRSxNQUFNO2lCQUNsQixDQUFDLENBQUM7Z0JBQ0gsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLENBQUM7WUFDeEMsQ0FBQztZQUFDLE9BQU8sR0FBWSxFQUFFLENBQUM7Z0JBQ3RCLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRyxHQUFhLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDN0QsQ0FBQztRQUNILENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRix5QkFBeUI7UUFDekIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLGNBQWMsRUFDZCxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxlQUFlLENBQUMsQ0FBQztZQUNqRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUM7WUFDNUQsSUFBSSxDQUFDLFVBQVU7Z0JBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLDRCQUE0QixFQUFFLENBQUM7WUFDbEYsTUFBTSxFQUFFLEdBQUcsTUFBTSxVQUFVLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUU7Z0JBQ25ELFdBQVcsRUFBRSxPQUFPLENBQUMsV0FBVzthQUNqQyxDQUFDLENBQUM7WUFDSCxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsQ0FBQztRQUNsRixDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsZ0JBQWdCO1FBQ2hCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxjQUFjLEVBQ2QsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFDakQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO1lBQzVELElBQUksQ0FBQyxVQUFVO2dCQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSw0QkFBNEIsRUFBRSxDQUFDO1lBQ2xGLE1BQU0sRUFBRSxHQUFHLE1BQU0sVUFBVSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDckQsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLENBQUM7UUFDbEYsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLCtCQUErQjtRQUMvQixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsWUFBWSxFQUNaLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBQ2pELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQztZQUM1RCxJQUFJLENBQUMsVUFBVTtnQkFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsNEJBQTRCLEVBQUUsQ0FBQztZQUNsRixPQUFPLE1BQU0sVUFBVSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDakQsQ0FBQyxDQUNGLENBQ0YsQ0FBQztJQUNKLENBQUM7Q0FDRiJ9

package/dist_ts/opsserver/handlers/index.d.ts

@@ -14,3 +14,6 @@ export * from './source-profile.handler.js';
 export * from './target-profile.handler.js';
 export * from './network-target.handler.js';
 export * from './users.handler.js';
+export * from './dns-provider.handler.js';
+export * from './domain.handler.js';
+export * from './dns-record.handler.js';

package/dist_ts/opsserver/handlers/index.js

@@ -14,4 +14,7 @@ export * from './source-profile.handler.js';
 export * from './target-profile.handler.js';
 export * from './network-target.handler.js';
 export * from './users.handler.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9vcHNzZXJ2ZXIvaGFuZGxlcnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHFCQUFxQixDQUFDO0FBQ3BDLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLG9CQUFvQixDQUFDO0FBQ25DLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx3QkFBd0IsQ0FBQztBQUN2QyxjQUFjLDBCQUEwQixDQUFDO0FBQ3pDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywrQkFBK0IsQ0FBQztBQUM5QyxjQUFjLHdCQUF3QixDQUFDO0FBQ3ZDLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyw2QkFBNkIsQ0FBQztBQUM1QyxjQUFjLDZCQUE2QixDQUFDO0FBQzVDLGNBQWMsNkJBQTZCLENBQUM7QUFDNUMsY0FBYyxvQkFBb0IsQ0FBQyJ9
+export * from './dns-provider.handler.js';
+export * from './domain.handler.js';
+export * from './dns-record.handler.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9vcHNzZXJ2ZXIvaGFuZGxlcnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHFCQUFxQixDQUFDO0FBQ3BDLGNBQWMsbUJBQW1CLENBQUM7QUFDbEMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLG9CQUFvQixDQUFDO0FBQ25DLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx3QkFBd0IsQ0FBQztBQUN2QyxjQUFjLDBCQUEwQixDQUFDO0FBQ3pDLGNBQWMsNEJBQTRCLENBQUM7QUFDM0MsY0FBYywrQkFBK0IsQ0FBQztBQUM5QyxjQUFjLHdCQUF3QixDQUFDO0FBQ3ZDLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyw2QkFBNkIsQ0FBQztBQUM1QyxjQUFjLDZCQUE2QixDQUFDO0FBQzVDLGNBQWMsNkJBQTZCLENBQUM7QUFDNUMsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLDJCQUEyQixDQUFDO0FBQzFDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyx5QkFBeUIsQ0FBQyJ9

package/dist_ts_interfaces/data/dns-provider.d.ts

@@ -0,0 +1,112 @@
+/**
+ * Supported DNS provider types. Initially Cloudflare; the abstraction is
+ * designed so additional providers (Route53, Gandi, DigitalOcean…) can be
+ * added by implementing the IDnsProvider class interface in ts/dns/providers/.
+ */
+export type TDnsProviderType = 'cloudflare';
+/**
+ * Status of the last connection test against a provider.
+ */
+export type TDnsProviderStatus = 'untested' | 'ok' | 'error';
+/**
+ * Cloudflare-specific credential shape.
+ */
+export interface ICloudflareCredentials {
+    apiToken: string;
+}
+/**
+ * Discriminated union of all supported provider credential shapes.
+ * Persisted opaquely on `IDnsProvider.credentials`.
+ */
+export type TDnsProviderCredentials = ({
+    type: 'cloudflare';
+} & ICloudflareCredentials);
+/**
+ * A registered DNS provider account. Holds the credentials needed to
+ * call the provider's API and a snapshot of its last health check.
+ */
+export interface IDnsProvider {
+    id: string;
+    name: string;
+    type: TDnsProviderType;
+    /** Opaque credentials object — shape depends on `type`. */
+    credentials: TDnsProviderCredentials;
+    status: TDnsProviderStatus;
+    lastTestedAt?: number;
+    lastError?: string;
+    createdAt: number;
+    updatedAt: number;
+    createdBy: string;
+}
+/**
+ * A redacted view of IDnsProvider safe to send to the UI / over the wire.
+ * Strips secret fields from `credentials` while preserving the rest.
+ */
+export interface IDnsProviderPublic {
+    id: string;
+    name: string;
+    type: TDnsProviderType;
+    status: TDnsProviderStatus;
+    lastTestedAt?: number;
+    lastError?: string;
+    createdAt: number;
+    updatedAt: number;
+    createdBy: string;
+    /** Whether credentials are configured (true after creation). Never the secret itself. */
+    hasCredentials: boolean;
+}
+/**
+ * A domain reported by a provider's API (not yet imported into dcrouter).
+ */
+export interface IProviderDomainListing {
+    /** FQDN of the zone (e.g. 'example.com'). */
+    name: string;
+    /** Provider's internal zone identifier (zone_id for Cloudflare). */
+    externalId: string;
+    /** Authoritative nameservers reported by the provider. */
+    nameservers: string[];
+}
+/**
+ * Schema entry for a single credential field, used by the OpsServer UI to
+ * render a provider's credential form dynamically.
+ */
+export interface IDnsProviderCredentialField {
+    /** Key under which the value is stored in the credentials object. */
+    key: string;
+    /** Label shown to the user. */
+    label: string;
+    /** Optional inline help text. */
+    helpText?: string;
+    /** Whether the field must be filled. */
+    required: boolean;
+    /** True for secret fields (rendered as password input, never echoed back). */
+    secret: boolean;
+}
+/**
+ * Metadata describing a DNS provider type. Drives:
+ *  - the OpsServer UI's provider type picker + credential form,
+ *  - documentation of which credentials each provider needs,
+ *  - end-to-end consistency between the type union, the discriminated
+ *    credentials union, the runtime factory, and the form rendering.
+ *
+ * To add a new provider, append a new entry to `dnsProviderTypeDescriptors`
+ * below — and follow the checklist in `ts/dns/providers/factory.ts`.
+ */
+export interface IDnsProviderTypeDescriptor {
+    type: TDnsProviderType;
+    /** Human-readable name for the UI. */
+    displayName: string;
+    /** One-line description shown next to the type picker. */
+    description: string;
+    /** Schema for the credentials form. */
+    credentialFields: IDnsProviderCredentialField[];
+}
+/**
+ * Single source of truth for which DNS provider types exist and what
+ * credentials each one needs. Used by both backend and frontend.
+ */
+export declare const dnsProviderTypeDescriptors: ReadonlyArray<IDnsProviderTypeDescriptor>;
+/**
+ * Look up the descriptor for a given provider type.
+ */
+export declare function getDnsProviderTypeDescriptor(type: TDnsProviderType): IDnsProviderTypeDescriptor | undefined;

package/dist_ts_interfaces/data/dns-provider.js

@@ -0,0 +1,27 @@
+/**
+ * Single source of truth for which DNS provider types exist and what
+ * credentials each one needs. Used by both backend and frontend.
+ */
+export const dnsProviderTypeDescriptors = [
+    {
+        type: 'cloudflare',
+        displayName: 'Cloudflare',
+        description: 'Manages records via the Cloudflare API. Provider stays authoritative; dcrouter pushes record changes.',
+        credentialFields: [
+            {
+                key: 'apiToken',
+                label: 'API Token',
+                helpText: 'A Cloudflare API token with Zone:Read and DNS:Edit permissions for the target zones.',
+                required: true,
+                secret: true,
+            },
+        ],
+    },
+];
+/**
+ * Look up the descriptor for a given provider type.
+ */
+export function getDnsProviderTypeDescriptor(type) {
+    return dnsProviderTypeDescriptors.find((d) => d.type === type);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLXByb3ZpZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfaW50ZXJmYWNlcy9kYXRhL2Rucy1wcm92aWRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUErR0E7OztHQUdHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sMEJBQTBCLEdBQThDO0lBQ25GO1FBQ0UsSUFBSSxFQUFFLFlBQVk7UUFDbEIsV0FBVyxFQUFFLFlBQVk7UUFDekIsV0FBVyxFQUNULHVHQUF1RztRQUN6RyxnQkFBZ0IsRUFBRTtZQUNoQjtnQkFDRSxHQUFHLEVBQUUsVUFBVTtnQkFDZixLQUFLLEVBQUUsV0FBVztnQkFDbEIsUUFBUSxFQUNOLHNGQUFzRjtnQkFDeEYsUUFBUSxFQUFFLElBQUk7Z0JBQ2QsTUFBTSxFQUFFLElBQUk7YUFDYjtTQUNGO0tBQ0Y7Q0FDRixDQUFDO0FBRUY7O0dBRUc7QUFDSCxNQUFNLFVBQVUsNEJBQTRCLENBQzFDLElBQXNCO0lBRXRCLE9BQU8sMEJBQTBCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxDQUFDO0FBQ2pFLENBQUMifQ==

package/dist_ts_interfaces/data/dns-record.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Supported DNS record types.
+ */
+export type TDnsRecordType = 'A' | 'AAAA' | 'CNAME' | 'MX' | 'TXT' | 'NS' | 'SOA' | 'CAA';
+/**
+ * Where a DNS record came from.
+ *
+ * - 'manual' → created in the dcrouter UI / API
+ * - 'synced' → pulled from a provider during a sync operation
+ */
+export type TDnsRecordSource = 'manual' | 'synced';
+/**
+ * A DNS record. For manual (authoritative) domains, the record is registered
+ * with the embedded smartdns.DnsServer. For provider-managed domains, the
+ * record is mirrored from / pushed to the provider API and `providerRecordId`
+ * holds the provider's internal record id (for updates and deletes).
+ */
+export interface IDnsRecord {
+    id: string;
+    /** ID of the parent IDomain. */
+    domainId: string;
+    /** Fully qualified record name (e.g. 'www.example.com'). */
+    name: string;
+    type: TDnsRecordType;
+    /**
+     * Record value as a string. For MX records, formatted as
+     * `<priority> <exchange>` (e.g. `10 mail.example.com`).
+     */
+    value: string;
+    /** TTL in seconds. */
+    ttl: number;
+    /** Cloudflare-specific: whether the record is proxied through Cloudflare. */
+    proxied?: boolean;
+    source: TDnsRecordSource;
+    /** Provider's internal record id (for updates/deletes). Only set for provider records. */
+    providerRecordId?: string;
+    createdAt: number;
+    updatedAt: number;
+    createdBy: string;
+}

package/dist_ts_interfaces/data/dns-record.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLXJlY29yZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzX2ludGVyZmFjZXMvZGF0YS9kbnMtcmVjb3JkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIifQ==

package/dist_ts_interfaces/data/domain.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Where a domain came from / how it is managed.
+ *
+ * - 'manual'   → operator added the domain manually. dcrouter is the
+ *               authoritative DNS server for it; records are served by
+ *               the embedded smartdns.DnsServer.
+ * - 'provider' → domain was imported from an external DNS provider
+ *               (e.g. Cloudflare). The provider stays authoritative;
+ *               dcrouter only reads/writes records via the provider API.
+ */
+export type TDomainSource = 'manual' | 'provider';
+/**
+ * A domain under management by dcrouter.
+ */
+export interface IDomain {
+    id: string;
+    /** Fully qualified domain name (e.g. 'example.com'). */
+    name: string;
+    source: TDomainSource;
+    /** ID of the DnsProvider that owns this domain — only set when source === 'provider'. */
+    providerId?: string;
+    /** True when dcrouter is the authoritative DNS server for this domain (source === 'manual'). */
+    authoritative: boolean;
+    /** Authoritative nameservers (display only — populated from provider for imported domains). */
+    nameservers?: string[];
+    /** Provider's internal zone identifier — only set when source === 'provider'. */
+    externalZoneId?: string;
+    /** Last time records were synced from the provider — only set when source === 'provider'. */
+    lastSyncedAt?: number;
+    description?: string;
+    createdAt: number;
+    updatedAt: number;
+    createdBy: string;
+}

package/dist_ts_interfaces/data/domain.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9tYWluLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfaW50ZXJmYWNlcy9kYXRhL2RvbWFpbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/dist_ts_interfaces/data/index.d.ts

@@ -4,3 +4,6 @@ export * from './remoteingress.js';
 export * from './route-management.js';
 export * from './target-profile.js';
 export * from './vpn.js';
+export * from './dns-provider.js';
+export * from './domain.js';
+export * from './dns-record.js';

package/dist_ts_interfaces/data/index.js

@@ -4,4 +4,7 @@ export * from './remoteingress.js';
 export * from './route-management.js';
 export * from './target-profile.js';
 export * from './vpn.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90c19pbnRlcmZhY2VzL2RhdGEvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxVQUFVLENBQUMifQ==
+export * from './dns-provider.js';
+export * from './domain.js';
+export * from './dns-record.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90c19pbnRlcmZhY2VzL2RhdGEvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxVQUFVLENBQUM7QUFDekIsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLGFBQWEsQ0FBQztBQUM1QixjQUFjLGlCQUFpQixDQUFDIn0=

package/dist_ts_interfaces/data/route-management.d.ts

@@ -1,7 +1,7 @@
 import type { IRouteConfig } from '@push.rocks/smartproxy';
 import type { IDcRouterRouteConfig } from './remoteingress.js';
 export type IRouteSecurity = NonNullable<IRouteConfig['security']>;
-export type TApiTokenScope = 'routes:read' | 'routes:write' | 'config:read' | 'tokens:read' | 'tokens:manage' | 'source-profiles:read' | 'source-profiles:write' | 'target-profiles:read' | 'target-profiles:write' | 'targets:read' | 'targets:write';
+export type TApiTokenScope = 'routes:read' | 'routes:write' | 'config:read' | 'tokens:read' | 'tokens:manage' | 'source-profiles:read' | 'source-profiles:write' | 'target-profiles:read' | 'target-profiles:write' | 'targets:read' | 'targets:write' | 'dns-providers:read' | 'dns-providers:write' | 'domains:read' | 'domains:write' | 'dns-records:read' | 'dns-records:write';
 /**
  * A reusable, named source profile that can be referenced by routes.
  * Stores the full IRouteSecurity shape from SmartProxy.

package/dist_ts_interfaces/requests/dns-providers.d.ts

@@ -0,0 +1,117 @@
+import * as plugins from '../plugins.js';
+import type * as authInterfaces from '../data/auth.js';
+import type { IDnsProviderPublic, IProviderDomainListing, TDnsProviderType, TDnsProviderCredentials } from '../data/dns-provider.js';
+/**
+ * Get all DNS providers (public view, no secrets).
+ */
+export interface IReq_GetDnsProviders extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_GetDnsProviders> {
+    method: 'getDnsProviders';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+    };
+    response: {
+        providers: IDnsProviderPublic[];
+    };
+}
+/**
+ * Get a single DNS provider by id.
+ */
+export interface IReq_GetDnsProvider extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_GetDnsProvider> {
+    method: 'getDnsProvider';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        id: string;
+    };
+    response: {
+        provider: IDnsProviderPublic | null;
+    };
+}
+/**
+ * Create a new DNS provider.
+ */
+export interface IReq_CreateDnsProvider extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_CreateDnsProvider> {
+    method: 'createDnsProvider';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        name: string;
+        type: TDnsProviderType;
+        credentials: TDnsProviderCredentials;
+    };
+    response: {
+        success: boolean;
+        id?: string;
+        message?: string;
+    };
+}
+/**
+ * Update a DNS provider. Only supplied fields are updated.
+ * Pass `credentials` to rotate the secret.
+ */
+export interface IReq_UpdateDnsProvider extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_UpdateDnsProvider> {
+    method: 'updateDnsProvider';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        id: string;
+        name?: string;
+        credentials?: TDnsProviderCredentials;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Delete a DNS provider. Fails if any IDomain still references it
+ * unless `force: true` is set.
+ */
+export interface IReq_DeleteDnsProvider extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_DeleteDnsProvider> {
+    method: 'deleteDnsProvider';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        id: string;
+        force?: boolean;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Test the connection to a DNS provider. Used both for newly-saved
+ * providers and on demand from the UI.
+ */
+export interface IReq_TestDnsProvider extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_TestDnsProvider> {
+    method: 'testDnsProvider';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        id: string;
+    };
+    response: {
+        ok: boolean;
+        error?: string;
+        testedAt: number;
+    };
+}
+/**
+ * List the domains visible to a DNS provider's API account.
+ * Used when importing — does NOT persist anything.
+ */
+export interface IReq_ListProviderDomains extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ListProviderDomains> {
+    method: 'listProviderDomains';
+    request: {
+        identity?: authInterfaces.IIdentity;
+        apiToken?: string;
+        providerId: string;
+    };
+    response: {
+        success: boolean;
+        domains?: IProviderDomainListing[];
+        message?: string;
+    };
+}

package/dist_ts_interfaces/requests/dns-providers.js

@@ -0,0 +1,2 @@
+import * as plugins from '../plugins.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLXByb3ZpZGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzX2ludGVyZmFjZXMvcmVxdWVzdHMvZG5zLXByb3ZpZGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGVBQWUsQ0FBQyJ9