From 71f1fe4436958503b96875a5e8232f74cffd09fc Mon Sep 17 00:00:00 2001 From: wangsijie Date: Thu, 8 Jun 2023 11:59:34 +0900 Subject: [PATCH] fix(core,schemas): use http method for cloudflare ssl (#3986) --- packages/core/src/libraries/domain.test.ts | 29 ++--------- packages/core/src/libraries/domain.ts | 49 +++++-------------- packages/core/src/utils/cloudflare/index.ts | 2 +- packages/core/src/utils/cloudflare/utils.ts | 11 ----- .../schemas/src/foundations/jsonb-types.ts | 3 -- 5 files changed, 19 insertions(+), 75 deletions(-) diff --git a/packages/core/src/libraries/domain.test.ts b/packages/core/src/libraries/domain.test.ts index 129f9b5e3..936375360 100644 --- a/packages/core/src/libraries/domain.test.ts +++ b/packages/core/src/libraries/domain.test.ts @@ -7,10 +7,6 @@ import { mockCloudflareDataPendingSSL, mockDomain, mockDomainWithCloudflareData, - mockSslTxtName, - mockSslTxtValue, - mockTxtName, - mockTxtValue, } from '#src/__mocks__/domain.js'; import RequestError from '#src/errors/RequestError/index.js'; import SystemContext from '#src/tenants/SystemContext.js'; @@ -59,6 +55,11 @@ describe('addDomain()', () => { expect(createCustomHostname).toBeCalledTimes(1); expect(insertDomain).toBeCalledTimes(1); expect(response.cloudflareData).toMatchObject(mockCloudflareData); + expect(response.dnsRecords).toContainEqual({ + type: 'CNAME', + name: mockDomainWithCloudflareData.domain, + value: fallbackOrigin, + }); }); }); @@ -81,32 +82,12 @@ describe('syncDomainStatus()', () => { it('should sync and get result with pendingVerification', async () => { const response = await syncDomainStatus(mockDomainWithCloudflareData); expect(response.status).toBe(DomainStatus.PendingVerification); - expect(response.dnsRecords).toContainEqual({ - type: 'CNAME', - name: mockDomainWithCloudflareData.domain, - value: fallbackOrigin, - }); - expect(response.dnsRecords).toContainEqual({ - type: 'TXT', - name: mockTxtName, - value: mockTxtValue, - }); - expect(response.dnsRecords).toContainEqual({ - type: 'TXT', - name: mockSslTxtName, - value: mockSslTxtValue, - }); }); it('should sync and get result with pendingSsl', async () => { getCustomHostname.mockResolvedValueOnce(mockCloudflareDataPendingSSL); const response = await syncDomainStatus(mockDomainWithCloudflareData); expect(response.status).toBe(DomainStatus.PendingSsl); - expect(response.dnsRecords).toContainEqual({ - type: 'TXT', - name: mockSslTxtName, - value: mockSslTxtValue, - }); }); it('should sync and get result with active', async () => { diff --git a/packages/core/src/libraries/domain.ts b/packages/core/src/libraries/domain.ts index 93966bfc4..49e6c323f 100644 --- a/packages/core/src/libraries/domain.ts +++ b/packages/core/src/libraries/domain.ts @@ -1,9 +1,4 @@ -import { - type CloudflareData, - type Domain, - type DomainDnsRecords, - DomainStatus, -} from '@logto/schemas'; +import { type CloudflareData, type Domain, DomainStatus } from '@logto/schemas'; import { generateStandardId } from '@logto/shared'; import type Queries from '#src/tenants/Queries.js'; @@ -14,7 +9,6 @@ import { createCustomHostname, deleteCustomHostname, } from '#src/utils/cloudflare/index.js'; -import { findSslTxtRecord, findVerificationTxtRecord } from '#src/utils/cloudflare/utils.js'; export type DomainLibrary = ReturnType; @@ -36,14 +30,12 @@ export const createDomainLibrary = (queries: Queries) => { const syncDomainStatusFromCloudflareData = async ( domain: Domain, - cloudflareData: CloudflareData, - origin: string + cloudflareData: CloudflareData ): Promise => { const status = getDomainStatusFromCloudflareData(cloudflareData); const { verification_errors: verificationErrors, - ssl: { validation_errors: sslVerificationErrors, txt_name: txtName, txt_value: txtValue }, - ownership_verification: ownershipVerification, + ssl: { validation_errors: sslVerificationErrors }, } = cloudflareData; const errorMessage: string = [ @@ -53,26 +45,7 @@ export const createDomainLibrary = (queries: Queries) => { .filter(Boolean) .join('\n'); - const dnsRecords: DomainDnsRecords = [ - // Verification CNAME, fixed value, generated by us - { - type: 'CNAME', - name: domain.domain, - value: origin, - }, - // SSL TXT, generated by Cloudflare - txtName && txtValue - ? { type: 'TXT', name: txtName, value: txtValue } - : findSslTxtRecord(domain.dnsRecords), - // Ownership TXT, generated by Cloudflare - ownershipVerification ?? findVerificationTxtRecord(domain.dnsRecords), - ].filter(Boolean); - - return updateDomainById( - domain.id, - { cloudflareData, errorMessage, dnsRecords, status }, - 'replace' - ); + return updateDomainById(domain.id, { cloudflareData, errorMessage, status }, 'replace'); }; const syncDomainStatus = async (domain: Domain): Promise => { @@ -86,11 +59,7 @@ export const createDomainLibrary = (queries: Queries) => { domain.cloudflareData.id ); - return syncDomainStatusFromCloudflareData( - domain, - cloudflareData, - hostnameProviderConfig.fallbackOrigin - ); + return syncDomainStatusFromCloudflareData(domain, cloudflareData); }; const addDomain = async (hostname: string): Promise => { @@ -104,6 +73,14 @@ export const createDomainLibrary = (queries: Queries) => { id: generateStandardId(), cloudflareData, status: DomainStatus.PendingVerification, + dnsRecords: [ + // Verification CNAME, fixed value, generated by us + { + type: 'CNAME', + name: hostname, + value: hostnameProviderConfig.fallbackOrigin, + }, + ], }); }; diff --git a/packages/core/src/utils/cloudflare/index.ts b/packages/core/src/utils/cloudflare/index.ts index 590ecf6fd..3b90c8b91 100644 --- a/packages/core/src/utils/cloudflare/index.ts +++ b/packages/core/src/utils/cloudflare/index.ts @@ -29,7 +29,7 @@ export const createCustomHostname = async (auth: HostnameProviderData, hostname: }, json: { hostname, - ssl: { method: 'txt', type: 'dv', settings: { min_tls_version: '1.0' } }, + ssl: { method: 'http', type: 'dv', settings: { min_tls_version: '1.2' } }, }, throwHttpErrors: false, } diff --git a/packages/core/src/utils/cloudflare/utils.ts b/packages/core/src/utils/cloudflare/utils.ts index 43a3625ba..4f03e21fe 100644 --- a/packages/core/src/utils/cloudflare/utils.ts +++ b/packages/core/src/utils/cloudflare/utils.ts @@ -1,5 +1,4 @@ import { parseJson } from '@logto/connector-kit'; -import { type DomainDnsRecords } from '@logto/schemas'; import assertThat from '../assert-that.js'; @@ -12,13 +11,3 @@ export const parseCloudflareResponse = (body: string) => { return result.data.result; }; - -export const findVerificationTxtRecord = (records: DomainDnsRecords) => - records.find( - ({ type, name }) => type.toUpperCase() === 'TXT' && name.includes('_cf-custom-hostname') - ); - -export const findSslTxtRecord = (records: DomainDnsRecords) => - records.find( - ({ type, name }) => type.toUpperCase() === 'TXT' && name.includes('_acme-challenge') - ); diff --git a/packages/schemas/src/foundations/jsonb-types.ts b/packages/schemas/src/foundations/jsonb-types.ts index 46376290f..3fd715e13 100644 --- a/packages/schemas/src/foundations/jsonb-types.ts +++ b/packages/schemas/src/foundations/jsonb-types.ts @@ -252,8 +252,6 @@ export const cloudflareDataGuard = z ssl: z .object({ status: z.string(), - txt_name: z.string().optional(), - txt_value: z.string().optional(), validation_errors: z .object({ message: z.string(), @@ -263,7 +261,6 @@ export const cloudflareDataGuard = z .optional(), }) .catchall(z.unknown()), - ownership_verification: domainDnsRecordGuard.catchall(z.unknown()).optional(), verification_errors: z.string().array().optional(), }) .catchall(z.unknown());