npm - roster-server - Versions diffs - 2.2.5 → 2.2.7 - Mend

roster-server 2.2.5 → 2.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/test/acme-dns-01-cli-wrapper.test.js +45 -0
package/vendor/acme-dns-01-cli-wrapper.js +77 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "roster-server",
-    "version": "2.2.5",
+    "version": "2.2.7",
     "description": "👾 RosterServer - A domain host router to host multiple HTTPS.",
     "main": "index.js",
     "scripts": {

package/test/acme-dns-01-cli-wrapper.test.js CHANGED Viewed

@@ -130,6 +130,51 @@ describe('acme-dns-01-cli-wrapper automatic Linode DNS', () => {
         assert.strictEqual(payload.name, '_acme-challenge.sub');
     });
+    it('prefers apex zone over www zone for www challenges', async () => {
+        const calls = [];
+        global.fetch = async (url, options = {}) => {
+            calls.push({ url, options });
+            if (url.endsWith('/domains?page_size=500')) {
+                return {
+                    ok: true,
+                    status: 200,
+                    json: async () => ({
+                        data: [
+                            { id: 777, domain: 'www.tagnu.com' },
+                            { id: 888, domain: 'tagnu.com' }
+                        ]
+                    })
+                };
+            }
+            if (url.endsWith('/domains/888/records?page_size=500')) {
+                return { ok: true, status: 200, json: async () => ({ data: [] }) };
+            }
+            if (url.endsWith('/domains/888/records') && options.method === 'POST') {
+                return { ok: true, status: 200, json: async () => ({ id: 333 }) };
+            }
+            return { ok: true, status: 204, json: async () => ({}) };
+        };
+        const challenger = wrapper.create({
+            provider: 'linode',
+            linodeApiKey: 'fake-token',
+            verifyDnsBeforeContinue: false,
+            propagationDelay: 0,
+            dryRunDelay: 0
+        });
+        await challenger.set({
+            challenge: {
+                altname: 'www.tagnu.com',
+                dnsHost: '_greenlock-dryrun-abc.www.tagnu.com',
+                dnsAuthorization: 'www-token'
+            }
+        });
+        assert.ok(calls.some((c) => c.url.endsWith('/domains/888/records') && c.options.method === 'POST'));
+        assert.ok(!calls.some((c) => c.url.endsWith('/domains/777/records') && c.options.method === 'POST'));
+    });
     it('falls back to manual when provider mode has no API key (default)', async () => {
         const prevLinode = process.env.LINODE_API_KEY;
         delete process.env.LINODE_API_KEY;

package/vendor/acme-dns-01-cli-wrapper.js CHANGED Viewed

@@ -115,11 +115,12 @@ module.exports.create = function create(config = {}) {
         ? config.dnsResolvers.map((s) => String(s).trim()).filter(Boolean)
         : parseResolvers(process.env.ROSTER_DNS_RESOLVERS);
     const effectiveResolvers = configuredResolvers.length > 0 ? configuredResolvers : ['1.1.1.1', '8.8.8.8'];
-    const resolverClients = effectiveResolvers.map((server) => {
+    const staticResolverClients = effectiveResolvers.map((server) => {
         const resolver = new dns.Resolver();
         resolver.setServers([server]);
         return { server, resolver };
     });
+    const authoritativeResolverClientsByHost = new Map();
     const normalizeProvider = (value) => String(value || '').trim().toLowerCase();
     const configuredProvider = normalizeProvider(
         config.provider
@@ -149,11 +150,78 @@ module.exports.create = function create(config = {}) {
         return candidate ? String(candidate).trim() : '';
     }
+    function zoneCandidatesFromDnsHost(dnsHost) {
+        const normalized = String(dnsHost || '')
+            .replace(/^_acme-challenge\./, '')
+            .replace(/^_greenlock-[^.]+\./, '')
+            .replace(/\.$/, '')
+            .toLowerCase();
+        if (!normalized) return [];
+        const labels = normalized.split('.').filter(Boolean);
+        const candidates = [];
+        for (let i = 0; i <= labels.length - 2; i += 1) {
+            candidates.push(labels.slice(i).join('.'));
+        }
+        return candidates;
+    }
+    async function resolveAuthoritativeResolverClients(dnsHost) {
+        const cached = authoritativeResolverClientsByHost.get(dnsHost);
+        if (cached) return cached;
+        const candidates = zoneCandidatesFromDnsHost(dnsHost);
+        for (const zone of candidates) {
+            let nsRecords = [];
+            try {
+                nsRecords = await dns.resolveNs(zone);
+            } catch {
+                continue;
+            }
+            if (!Array.isArray(nsRecords) || nsRecords.length === 0) continue;
+            const clients = [];
+            for (const nsNameRaw of nsRecords) {
+                const nsName = String(nsNameRaw || '').replace(/\.$/, '');
+                if (!nsName) continue;
+                let ips = [];
+                try {
+                    ips = await dns.resolve4(nsName);
+                } catch {}
+                if (ips.length === 0) {
+                    try {
+                        ips = await dns.resolve6(nsName);
+                    } catch {}
+                }
+                for (const ip of ips) {
+                    try {
+                        const resolver = new dns.Resolver();
+                        resolver.setServers([ip]);
+                        clients.push({ server: `${nsName}/${ip}`, resolver });
+                    } catch {}
+                }
+            }
+            if (clients.length > 0) {
+                authoritativeResolverClientsByHost.set(dnsHost, clients);
+                return clients;
+            }
+        }
+        authoritativeResolverClientsByHost.set(dnsHost, []);
+        return [];
+    }
     async function resolveTxtRecords(dnsHost) {
         const records = [];
         const errors = [];
+        const authClients = await resolveAuthoritativeResolverClients(dnsHost);
+        const resolverClients = [...staticResolverClients, ...authClients];
+        const seenServers = new Set();
         for (const { server, resolver } of resolverClients) {
+            if (seenServers.has(server)) continue;
+            seenServers.add(server);
             try {
                 const result = await resolver.resolveTxt(dnsHost);
                 if (Array.isArray(result)) {
@@ -212,6 +280,14 @@ module.exports.create = function create(config = {}) {
             }
         };
+        // Prefer apex zone when validating www.<domain> challenges so records are
+        // created in the commonly delegated parent zone (e.g. tagnu.com).
+        if (altname) {
+            const normalizedAltname = String(altname).replace(/^\*\./, '').replace(/\.$/, '').toLowerCase();
+            if (normalizedAltname.startsWith('www.')) {
+                add(normalizedAltname.slice(4));
+            }
+        }
         if (dnsHost) {
             const normalizedDnsHost = String(dnsHost).replace(/^_acme-challenge\./, '').replace(/^_greenlock-[^.]+\./, '');
             add(normalizedDnsHost);