npm - roster-server - Versions diffs - 2.2.8 → 2.2.9 - Mend

roster-server 2.2.8 → 2.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/tasks/lessons.md +1 -0
package/vendor/acme-dns-01-cli-wrapper.js +3 -67

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "roster-server",
-    "version": "2.2.8",
+    "version": "2.2.9",
     "description": "👾 RosterServer - A domain host router to host multiple HTTPS.",
     "main": "index.js",
     "scripts": {

package/tasks/lessons.md CHANGED Viewed

@@ -1,3 +1,4 @@
 # Lessons Learned
 - When wildcard TLS must run under Bun, do not rely on manual DNS instructions; default to API-driven DNS-01 TXT creation/removal (Linode/Akamai) with propagation polling, then fall back to manual mode only when no provider token is configured.
+- Prefer the simplest robust DNS verification path first (dig against 1.1.1.1/8.8.8.8) and avoid adding extra resolver complexity unless there is clear evidence it improves reliability.

package/vendor/acme-dns-01-cli-wrapper.js CHANGED Viewed

@@ -121,7 +121,6 @@ module.exports.create = function create(config = {}) {
         resolver.setServers([server]);
         return { server, resolver };
     });
-    const authoritativeResolverClientsByHost = new Map();
     const normalizeProvider = (value) => String(value || '').trim().toLowerCase();
     const configuredProvider = normalizeProvider(
         config.provider
@@ -151,73 +150,10 @@ module.exports.create = function create(config = {}) {
         return candidate ? String(candidate).trim() : '';
     }
-    function zoneCandidatesFromDnsHost(dnsHost) {
-        const normalized = String(dnsHost || '')
-            .replace(/^_acme-challenge\./, '')
-            .replace(/^_greenlock-[^.]+\./, '')
-            .replace(/\.$/, '')
-            .toLowerCase();
-        if (!normalized) return [];
-        const labels = normalized.split('.').filter(Boolean);
-        const candidates = [];
-        for (let i = 0; i <= labels.length - 2; i += 1) {
-            candidates.push(labels.slice(i).join('.'));
-        }
-        return candidates;
-    }
-    async function resolveAuthoritativeResolverClients(dnsHost) {
-        const cached = authoritativeResolverClientsByHost.get(dnsHost);
-        if (cached) return cached;
-        const candidates = zoneCandidatesFromDnsHost(dnsHost);
-        for (const zone of candidates) {
-            let nsRecords = [];
-            try {
-                nsRecords = await dns.resolveNs(zone);
-            } catch {
-                continue;
-            }
-            if (!Array.isArray(nsRecords) || nsRecords.length === 0) continue;
-            const clients = [];
-            for (const nsNameRaw of nsRecords) {
-                const nsName = String(nsNameRaw || '').replace(/\.$/, '');
-                if (!nsName) continue;
-                let ips = [];
-                try {
-                    ips = await dns.resolve4(nsName);
-                } catch {}
-                if (ips.length === 0) {
-                    try {
-                        ips = await dns.resolve6(nsName);
-                    } catch {}
-                }
-                for (const ip of ips) {
-                    try {
-                        const resolver = new dns.Resolver();
-                        resolver.setServers([ip]);
-                        clients.push({ server: `${nsName}/${ip}`, resolver });
-                    } catch {}
-                }
-            }
-            if (clients.length > 0) {
-                authoritativeResolverClientsByHost.set(dnsHost, clients);
-                return clients;
-            }
-        }
-        authoritativeResolverClientsByHost.set(dnsHost, []);
-        return [];
-    }
     async function resolveTxtRecords(dnsHost) {
         const records = [];
         const errors = [];
-        const authClients = await resolveAuthoritativeResolverClients(dnsHost);
-        const resolverClients = [...staticResolverClients, ...authClients];
+        const resolverClients = staticResolverClients;
         const seenServers = new Set();
         for (const { server, resolver } of resolverClients) {
@@ -225,7 +161,7 @@ module.exports.create = function create(config = {}) {
             seenServers.add(server);
             // Primary path: query with dig directly (more reliable under Bun).
-            const serverTarget = String(server || '').includes('/') ? String(server).split('/').pop() : String(server || '');
+            const serverTarget = String(server || '');
             let digAttempted = false;
             if (typeof execFileSync === 'function' && serverTarget) {
                 digAttempted = true;
@@ -254,7 +190,7 @@ module.exports.create = function create(config = {}) {
             }
             // Fallback path only if dig is unavailable/failed unexpectedly.
-            if (!digAttempted || records.length === 0) {
+            if ((!digAttempted || records.length === 0) && resolver) {
                 try {
                     const result = await resolver.resolveTxt(dnsHost);
                     if (Array.isArray(result)) {