initial commit
This commit is contained in:
commit
eb3d395f62
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"bracketSpacing": true,
|
||||
"printWidth": 80,
|
||||
"singleQuote": true,
|
||||
"tabWidth": 2,
|
||||
"trailingComma": "none",
|
||||
"useTabs": true
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
# [acme-dns-01-digitalocean](https://git.rootprojects.org/root/acme-dns-01-digitalocean) | a [Root](https://rootrpojects.org) project
|
||||
|
||||
Digital Ocean DNS for Let's Encrypt / ACME dns-01 challenges with ACME.js and Greenlock.js (Node.js).
|
||||
|
||||
# Tests
|
||||
|
||||
```
|
||||
# node ./test.js domain-zone api-token
|
||||
node ./test.js example.com xxxxxx
|
||||
```
|
|
@ -0,0 +1,3 @@
|
|||
'use strict';
|
||||
|
||||
module.exports = require('./lib/index.js');
|
|
@ -0,0 +1,152 @@
|
|||
'use strict';
|
||||
|
||||
var request = require('@root/request');
|
||||
request = require('util').promisify(request);
|
||||
|
||||
var defaults = {
|
||||
baseUrl: 'https://api.digitalocean.com'
|
||||
};
|
||||
|
||||
module.exports.create = function(config) {
|
||||
// config = { baseUrl, token }
|
||||
var baseUrl = config.baseUrl || defaults.baseUrl;
|
||||
var authtoken = config.token;
|
||||
return {
|
||||
set: function(data) {
|
||||
var ch = data.challenge;
|
||||
var domainname = ch.identifier.value;
|
||||
// PROBLEM: zone != domain
|
||||
// example.com, foo.example.com, and bar.foo.example.com are all in the example.com zone!!
|
||||
// Need to get list of "domains" (zones) and *then* set "subdomains" (domain records)
|
||||
// https://developers.digitalocean.com/documentation/v2/#domains
|
||||
var zone = domainname;
|
||||
// PROBLEM: dnsPrefix != dnsHost.split('.')[0]
|
||||
// _greenlock-dryrun-2277.bar.foo.example.com => _greenlock-dryrun-2277.bar.foo
|
||||
var dnsPrefix = ch.dnsHost.replace(new RegExp('.' + zone + '$'), '');
|
||||
var txt = ch.dnsAuthorization;
|
||||
// If the domain to be verified is
|
||||
var url = baseUrl + '/v2/domains/' + zone + '/records';
|
||||
|
||||
console.log('adding txt', data);
|
||||
return request({
|
||||
method: 'POST',
|
||||
url: url,
|
||||
headers: {
|
||||
Authorization: 'Bearer ' + authtoken,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
json: {
|
||||
type: 'TXT',
|
||||
name: dnsPrefix,
|
||||
data: txt,
|
||||
// PROBLEM (fixed) set a LOW ttl so that responses are not cached so long
|
||||
ttl: 300
|
||||
}
|
||||
}).then(function(resp) {
|
||||
resp = resp.body;
|
||||
console.log(resp);
|
||||
if (resp && resp.domain_record && resp.domain_record.data === txt) {
|
||||
return true;
|
||||
}
|
||||
throw new Error('record did not set. check subdomain, api key, etc');
|
||||
});
|
||||
},
|
||||
remove: function(data) {
|
||||
var domainname = data.challenge.altname;
|
||||
var zone = domainname;
|
||||
// PROBLEM: domainname != zone
|
||||
var url = baseUrl + '/v2/domains/' + zone + '/records';
|
||||
|
||||
// Digital ocean provides the api to remove records by ID. Since we do not have id, we fetch all the records,
|
||||
// filter the required TXT record and pass its id to remove API
|
||||
return request({
|
||||
method: 'GET',
|
||||
url: url,
|
||||
// PROBLEM (fixed): Remember to set json: true (not need to JSON.parse)
|
||||
json: true,
|
||||
headers: {
|
||||
Authorization: 'Bearer ' + authtoken,
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
})
|
||||
.then(function(resp) {
|
||||
resp = resp.body;
|
||||
var entries =
|
||||
resp &&
|
||||
resp.domain_records &&
|
||||
resp.domain_records.filter(function(x) {
|
||||
return x.type === 'TXT';
|
||||
});
|
||||
// PROBLEM entry[0] !== our entry
|
||||
// (see solution for other entries, down below)
|
||||
if (entries.length > 0) {
|
||||
return entries[0].id;
|
||||
} else {
|
||||
throw new Error(
|
||||
'Couldnt remove record. check subdomain, api key, etc'
|
||||
);
|
||||
}
|
||||
})
|
||||
.then(function(recordId) {
|
||||
var domainname = data.challenge.altname;
|
||||
var zone = domainname;
|
||||
var url = baseUrl + '/v2/domains/' + zone + '/records/' + recordId;
|
||||
|
||||
return request({
|
||||
method: 'DELETE',
|
||||
url: url,
|
||||
headers: {
|
||||
Authorization: 'Bearer ' + authtoken,
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
}).then(function(resp) {
|
||||
resp = resp.body;
|
||||
console.log(resp);
|
||||
return true;
|
||||
});
|
||||
});
|
||||
},
|
||||
get: function(data) {
|
||||
var ch = data.challenge;
|
||||
var domainname = data.challenge.altname;
|
||||
var zone = domainname;
|
||||
// PROBLEM: domainname != zone
|
||||
var url = baseUrl + '/v2/domains/' + zone + '/records';
|
||||
console.log('getting txt', data);
|
||||
|
||||
// Digital ocean provides the api to fetch records by ID. Since we do not have id, we fetch all the records,
|
||||
// filter the required TXT record
|
||||
|
||||
return request({
|
||||
method: 'GET',
|
||||
url: url,
|
||||
json: true,
|
||||
headers: {
|
||||
Authorization: 'Bearer ' + authtoken,
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
}).then(function(resp) {
|
||||
resp = resp.body;
|
||||
|
||||
var entries =
|
||||
resp &&
|
||||
resp.domain_records &&
|
||||
resp.domain_records.filter(function(x) {
|
||||
// PROBLEM should also check for prefix
|
||||
return x.type === 'TXT';
|
||||
});
|
||||
// PROBLEM (fixed): entries[0] !== our entry
|
||||
var entry = entries.filter(function(x) {
|
||||
console.log('data', x.data);
|
||||
console.log('dnsAuth', ch.dnsAuthorization, ch);
|
||||
return x.data === ch.dnsAuthorization;
|
||||
})[0];
|
||||
if (entry) {
|
||||
return { dnsAuthorization: entry.data };
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
};
|
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
"name": "acme-dns-01-digitalocean",
|
||||
"version": "3.0.0",
|
||||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
"@root/request": {
|
||||
"version": "1.3.11",
|
||||
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
|
||||
"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw=="
|
||||
},
|
||||
"acme-challenge-test": {
|
||||
"version": "3.1.0",
|
||||
"resolved": "https://registry.npmjs.org/acme-challenge-test/-/acme-challenge-test-3.1.0.tgz",
|
||||
"integrity": "sha512-k+2hNED8P245BdJh44+eJjmVr7oNcuxigMbfz2/7Emc5h4ZAI7iuRZ2M6t4Qui+q5YgiPPjnILDzCZTHLzb1Ag==",
|
||||
"dev": true
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
{
|
||||
"name": "acme-dns-01-digitalocean",
|
||||
"version": "3.0.0",
|
||||
"description": "Digital Ocean DNS for Let's Encrypt / ACME dns-01 challenges with ACME.js and Greenlock.js",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "node ./test.js"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://git.rootprojects.org/root/acme-dns-01-digitalocean.git"
|
||||
},
|
||||
"keywords": [
|
||||
"digitalocean",
|
||||
"digital-ocean",
|
||||
"dns",
|
||||
"dns-01",
|
||||
"letsencrypt",
|
||||
"acme",
|
||||
"greenlock"
|
||||
],
|
||||
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
|
||||
"license": "MPL-2.0",
|
||||
"dependencies": {
|
||||
"@root/request": "^1.3.11"
|
||||
},
|
||||
"devDependencies": {
|
||||
"acme-challenge-test": "^3.1.0"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/env node
|
||||
'use strict';
|
||||
|
||||
// See https://git.coolaj86.com/coolaj86/acme-challenge-test.js
|
||||
var tester = require('acme-challenge-test');
|
||||
|
||||
// Usage: node ./test.js example.com xxxxxxxxx
|
||||
var zone = process.argv[2];
|
||||
var challenger = require('./index.js').create({
|
||||
token: process.argv[3]
|
||||
});
|
||||
|
||||
// The dry-run tests can pass on, literally, 'example.com'
|
||||
// but the integration tests require that you have control over the domain
|
||||
tester
|
||||
.testZone('dns-01', zone, challenger)
|
||||
.then(function() {
|
||||
console.info('PASS', zone);
|
||||
})
|
||||
.catch(function(e) {
|
||||
console.error(e.message);
|
||||
console.error(e.stack);
|
||||
});
|
Loading…
Reference in New Issue