npm - roster-server - Versions diffs - 2.2.7 → 2.2.9 - Mend

roster-server 2.2.7 → 2.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/tasks/lessons.md +1 -0
package/vendor/acme-dns-01-cli-wrapper.js +41 -71

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "roster-server",
-    "version": "2.2.7",
+    "version": "2.2.9",
     "description": "👾 RosterServer - A domain host router to host multiple HTTPS.",
     "main": "index.js",
     "scripts": {

package/tasks/lessons.md CHANGED Viewed

@@ -1,3 +1,4 @@
 # Lessons Learned
 - When wildcard TLS must run under Bun, do not rely on manual DNS instructions; default to API-driven DNS-01 TXT creation/removal (Linode/Akamai) with propagation polling, then fall back to manual mode only when no provider token is configured.
+- Prefer the simplest robust DNS verification path first (dig against 1.1.1.1/8.8.8.8) and avoid adding extra resolver complexity unless there is clear evidence it improves reliability.

package/vendor/acme-dns-01-cli-wrapper.js CHANGED Viewed

@@ -3,6 +3,7 @@
 const legacyCli = require('acme-dns-01-cli');
 const log = require('lemonlog')('acme-dns-01');
 const dns = require('node:dns').promises;
+const { execFileSync } = require('node:child_process');
 let envFileLoadAttempted = false;
 function loadEnvFileSafely() {
@@ -120,7 +121,6 @@ module.exports.create = function create(config = {}) {
         resolver.setServers([server]);
         return { server, resolver };
     });
-    const authoritativeResolverClientsByHost = new Map();
     const normalizeProvider = (value) => String(value || '').trim().toLowerCase();
     const configuredProvider = normalizeProvider(
         config.provider
@@ -150,85 +150,55 @@ module.exports.create = function create(config = {}) {
         return candidate ? String(candidate).trim() : '';
     }
-    function zoneCandidatesFromDnsHost(dnsHost) {
-        const normalized = String(dnsHost || '')
-            .replace(/^_acme-challenge\./, '')
-            .replace(/^_greenlock-[^.]+\./, '')
-            .replace(/\.$/, '')
-            .toLowerCase();
-        if (!normalized) return [];
-        const labels = normalized.split('.').filter(Boolean);
-        const candidates = [];
-        for (let i = 0; i <= labels.length - 2; i += 1) {
-            candidates.push(labels.slice(i).join('.'));
-        }
-        return candidates;
-    }
-    async function resolveAuthoritativeResolverClients(dnsHost) {
-        const cached = authoritativeResolverClientsByHost.get(dnsHost);
-        if (cached) return cached;
-        const candidates = zoneCandidatesFromDnsHost(dnsHost);
-        for (const zone of candidates) {
-            let nsRecords = [];
-            try {
-                nsRecords = await dns.resolveNs(zone);
-            } catch {
-                continue;
-            }
-            if (!Array.isArray(nsRecords) || nsRecords.length === 0) continue;
-            const clients = [];
-            for (const nsNameRaw of nsRecords) {
-                const nsName = String(nsNameRaw || '').replace(/\.$/, '');
-                if (!nsName) continue;
-                let ips = [];
-                try {
-                    ips = await dns.resolve4(nsName);
-                } catch {}
-                if (ips.length === 0) {
-                    try {
-                        ips = await dns.resolve6(nsName);
-                    } catch {}
-                }
-                for (const ip of ips) {
-                    try {
-                        const resolver = new dns.Resolver();
-                        resolver.setServers([ip]);
-                        clients.push({ server: `${nsName}/${ip}`, resolver });
-                    } catch {}
-                }
-            }
-            if (clients.length > 0) {
-                authoritativeResolverClientsByHost.set(dnsHost, clients);
-                return clients;
-            }
-        }
-        authoritativeResolverClientsByHost.set(dnsHost, []);
-        return [];
-    }
     async function resolveTxtRecords(dnsHost) {
         const records = [];
         const errors = [];
-        const authClients = await resolveAuthoritativeResolverClients(dnsHost);
-        const resolverClients = [...staticResolverClients, ...authClients];
+        const resolverClients = staticResolverClients;
         const seenServers = new Set();
         for (const { server, resolver } of resolverClients) {
             if (seenServers.has(server)) continue;
             seenServers.add(server);
-            try {
-                const result = await resolver.resolveTxt(dnsHost);
-                if (Array.isArray(result)) {
-                    records.push(...result);
+            // Primary path: query with dig directly (more reliable under Bun).
+            const serverTarget = String(server || '');
+            let digAttempted = false;
+            if (typeof execFileSync === 'function' && serverTarget) {
+                digAttempted = true;
+                try {
+                    const output = execFileSync('dig', ['+short', 'TXT', dnsHost, `@${serverTarget}`], {
+                        encoding: 'utf8',
+                        stdio: ['ignore', 'pipe', 'ignore'],
+                        timeout: 4000
+                    });
+                    const lines = String(output || '')
+                        .split('\n')
+                        .map((line) => line.trim())
+                        .filter(Boolean);
+                    if (lines.length > 0) {
+                        for (const line of lines) {
+                            const normalized = normalizeTxtChunk(line);
+                            if (normalized) records.push([normalized]);
+                        }
+                    } else {
+                        errors.push(`${server}:ENOTFOUND`);
+                    }
+                    continue;
+                } catch (error) {
+                    errors.push(`${server}:DIG_${error?.code || error?.signal || 'ERROR'}`);
+                }
+            }
+            // Fallback path only if dig is unavailable/failed unexpectedly.
+            if ((!digAttempted || records.length === 0) && resolver) {
+                try {
+                    const result = await resolver.resolveTxt(dnsHost);
+                    if (Array.isArray(result)) {
+                        records.push(...result);
+                    }
+                } catch (error) {
+                    errors.push(`${server}:${error?.code || error?.message || error}`);
                 }
-            } catch (error) {
-                errors.push(`${server}:${error?.code || error?.message || error}`);
             }
         }
         return { records, errors };