fix(core,schemas): use http method for cloudflare ssl (#3986)

2025-01-27 21:39:16 -05:00 · 2023-06-08 11:59:34 +09:00 · 2023-06-08 11:59:34 +09:00 · 71f1fe4436
commit 71f1fe4436
parent 2cde8254b6
5 changed files with 19 additions and 75 deletions
--- a/packages/core/src/libraries/domain.test.ts
+++ b/packages/core/src/libraries/domain.test.ts
@ -7,10 +7,6 @@ import {
  mockCloudflareDataPendingSSL,
  mockDomain,
  mockDomainWithCloudflareData,
-  mockSslTxtName,
-  mockSslTxtValue,
-  mockTxtName,
-  mockTxtValue,
 } from '#src/__mocks__/domain.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import SystemContext from '#src/tenants/SystemContext.js';
@ -59,6 +55,11 @@ describe('addDomain()', () => {
    expect(createCustomHostname).toBeCalledTimes(1);
    expect(insertDomain).toBeCalledTimes(1);
    expect(response.cloudflareData).toMatchObject(mockCloudflareData);
+    expect(response.dnsRecords).toContainEqual({
+      type: 'CNAME',
+      name: mockDomainWithCloudflareData.domain,
+      value: fallbackOrigin,
+    });
  });
 });

@ -81,32 +82,12 @@ describe('syncDomainStatus()', () => {
  it('should sync and get result with pendingVerification', async () => {
    const response = await syncDomainStatus(mockDomainWithCloudflareData);
    expect(response.status).toBe(DomainStatus.PendingVerification);
-    expect(response.dnsRecords).toContainEqual({
-      type: 'CNAME',
-      name: mockDomainWithCloudflareData.domain,
-      value: fallbackOrigin,
-    });
-    expect(response.dnsRecords).toContainEqual({
-      type: 'TXT',
-      name: mockTxtName,
-      value: mockTxtValue,
-    });
-    expect(response.dnsRecords).toContainEqual({
-      type: 'TXT',
-      name: mockSslTxtName,
-      value: mockSslTxtValue,
-    });
  });

  it('should sync and get result with pendingSsl', async () => {
    getCustomHostname.mockResolvedValueOnce(mockCloudflareDataPendingSSL);
    const response = await syncDomainStatus(mockDomainWithCloudflareData);
    expect(response.status).toBe(DomainStatus.PendingSsl);
-    expect(response.dnsRecords).toContainEqual({
-      type: 'TXT',
-      name: mockSslTxtName,
-      value: mockSslTxtValue,
-    });
  });

  it('should sync and get result with active', async () => {
--- a/packages/core/src/libraries/domain.ts
+++ b/packages/core/src/libraries/domain.ts
@ -1,9 +1,4 @@
-import {
-  type CloudflareData,
-  type Domain,
-  type DomainDnsRecords,
-  DomainStatus,
-} from '@logto/schemas';
+import { type CloudflareData, type Domain, DomainStatus } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';

 import type Queries from '#src/tenants/Queries.js';
@ -14,7 +9,6 @@ import {
  createCustomHostname,
  deleteCustomHostname,
 } from '#src/utils/cloudflare/index.js';
-import { findSslTxtRecord, findVerificationTxtRecord } from '#src/utils/cloudflare/utils.js';

 export type DomainLibrary = ReturnType<typeof createDomainLibrary>;

@ -36,14 +30,12 @@ export const createDomainLibrary = (queries: Queries) => {

  const syncDomainStatusFromCloudflareData = async (
    domain: Domain,
-    cloudflareData: CloudflareData,
-    origin: string
+    cloudflareData: CloudflareData
  ): Promise<Domain> => {
    const status = getDomainStatusFromCloudflareData(cloudflareData);
    const {
      verification_errors: verificationErrors,
-      ssl: { validation_errors: sslVerificationErrors, txt_name: txtName, txt_value: txtValue },
-      ownership_verification: ownershipVerification,
+      ssl: { validation_errors: sslVerificationErrors },
    } = cloudflareData;

    const errorMessage: string = [
@ -53,26 +45,7 @@ export const createDomainLibrary = (queries: Queries) => {
      .filter(Boolean)
      .join('\n');

-    const dnsRecords: DomainDnsRecords = [
-      // Verification CNAME, fixed value, generated by us
-      {
-        type: 'CNAME',
-        name: domain.domain,
-        value: origin,
-      },
-      // SSL TXT, generated by Cloudflare
-      txtName && txtValue
-        ? { type: 'TXT', name: txtName, value: txtValue }
-        : findSslTxtRecord(domain.dnsRecords),
-      // Ownership TXT, generated by Cloudflare
-      ownershipVerification ?? findVerificationTxtRecord(domain.dnsRecords),
-    ].filter(Boolean);
-
-    return updateDomainById(
-      domain.id,
-      { cloudflareData, errorMessage, dnsRecords, status },
-      'replace'
-    );
+    return updateDomainById(domain.id, { cloudflareData, errorMessage, status }, 'replace');
  };

  const syncDomainStatus = async (domain: Domain): Promise<Domain> => {
@ -86,11 +59,7 @@ export const createDomainLibrary = (queries: Queries) => {
      domain.cloudflareData.id
    );

-    return syncDomainStatusFromCloudflareData(
-      domain,
-      cloudflareData,
-      hostnameProviderConfig.fallbackOrigin
-    );
+    return syncDomainStatusFromCloudflareData(domain, cloudflareData);
  };

  const addDomain = async (hostname: string): Promise<Domain> => {
@ -104,6 +73,14 @@ export const createDomainLibrary = (queries: Queries) => {
      id: generateStandardId(),
      cloudflareData,
      status: DomainStatus.PendingVerification,
+      dnsRecords: [
+        // Verification CNAME, fixed value, generated by us
+        {
+          type: 'CNAME',
+          name: hostname,
+          value: hostnameProviderConfig.fallbackOrigin,
+        },
+      ],
    });
  };

--- a/packages/core/src/utils/cloudflare/index.ts
+++ b/packages/core/src/utils/cloudflare/index.ts
@ -29,7 +29,7 @@ export const createCustomHostname = async (auth: HostnameProviderData, hostname:
      },
      json: {
        hostname,
-        ssl: { method: 'txt', type: 'dv', settings: { min_tls_version: '1.0' } },
+        ssl: { method: 'http', type: 'dv', settings: { min_tls_version: '1.2' } },
      },
      throwHttpErrors: false,
    }
--- a/packages/core/src/utils/cloudflare/utils.ts
+++ b/packages/core/src/utils/cloudflare/utils.ts
@ -1,5 +1,4 @@
 import { parseJson } from '@logto/connector-kit';
-import { type DomainDnsRecords } from '@logto/schemas';

 import assertThat from '../assert-that.js';

@ -12,13 +11,3 @@ export const parseCloudflareResponse = (body: string) => {

  return result.data.result;
 };
-
-export const findVerificationTxtRecord = (records: DomainDnsRecords) =>
-  records.find(
-    ({ type, name }) => type.toUpperCase() === 'TXT' && name.includes('_cf-custom-hostname')
-  );
-
-export const findSslTxtRecord = (records: DomainDnsRecords) =>
-  records.find(
-    ({ type, name }) => type.toUpperCase() === 'TXT' && name.includes('_acme-challenge')
-  );
--- a/packages/schemas/src/foundations/jsonb-types.ts
+++ b/packages/schemas/src/foundations/jsonb-types.ts
@ -252,8 +252,6 @@ export const cloudflareDataGuard = z
    ssl: z
      .object({
        status: z.string(),
-        txt_name: z.string().optional(),
-        txt_value: z.string().optional(),
        validation_errors: z
          .object({
            message: z.string(),
@ -263,7 +261,6 @@ export const cloudflareDataGuard = z
          .optional(),
      })
      .catchall(z.unknown()),
-    ownership_verification: domainDnsRecordGuard.catchall(z.unknown()).optional(),
    verification_errors: z.string().array().optional(),
  })
  .catchall(z.unknown());