netlify.go raw
1 // Package netlify implements a DNS provider for solving the DNS-01 challenge using Netlify.
2 package netlify
3
4 import (
5 "context"
6 "errors"
7 "fmt"
8 "net/http"
9 "strings"
10 "sync"
11 "time"
12
13 "github.com/go-acme/lego/v4/challenge"
14 "github.com/go-acme/lego/v4/challenge/dns01"
15 "github.com/go-acme/lego/v4/platform/config/env"
16 "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
17 "github.com/go-acme/lego/v4/providers/dns/netlify/internal"
18 )
19
20 // Environment variables names.
21 const (
22 envNamespace = "NETLIFY_"
23
24 EnvToken = envNamespace + "TOKEN"
25
26 EnvTTL = envNamespace + "TTL"
27 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
28 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
29 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
30 )
31
32 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
33
34 // Config is used to configure the creation of the DNSProvider.
35 type Config struct {
36 Token string
37 PropagationTimeout time.Duration
38 PollingInterval time.Duration
39 TTL int
40 HTTPClient *http.Client
41 }
42
43 // NewDefaultConfig returns a default configuration for the DNSProvider.
44 func NewDefaultConfig() *Config {
45 return &Config{
46 TTL: env.GetOrDefaultInt(EnvTTL, 300),
47 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
48 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
49 HTTPClient: &http.Client{
50 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
51 },
52 }
53 }
54
55 // DNSProvider implements the challenge.Provider interface.
56 type DNSProvider struct {
57 config *Config
58 client *internal.Client
59
60 recordIDs map[string]string
61 recordIDsMu sync.Mutex
62 }
63
64 // NewDNSProvider returns a DNSProvider instance configured for Netlify.
65 // Credentials must be passed in the environment variable: NETLIFY_TOKEN.
66 func NewDNSProvider() (*DNSProvider, error) {
67 values, err := env.Get(EnvToken)
68 if err != nil {
69 return nil, fmt.Errorf("netlify: %w", err)
70 }
71
72 config := NewDefaultConfig()
73 config.Token = values[EnvToken]
74
75 return NewDNSProviderConfig(config)
76 }
77
78 // NewDNSProviderConfig return a DNSProvider instance configured for Netlify.
79 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
80 if config == nil {
81 return nil, errors.New("netlify: the configuration of the DNS provider is nil")
82 }
83
84 if config.Token == "" {
85 return nil, errors.New("netlify: incomplete credentials, missing token")
86 }
87
88 client := internal.NewClient(
89 clientdebug.Wrap(
90 internal.OAuthStaticAccessToken(config.HTTPClient, config.Token),
91 ),
92 )
93
94 return &DNSProvider{
95 config: config,
96 client: client,
97 recordIDs: make(map[string]string),
98 }, nil
99 }
100
101 // Timeout returns the timeout and interval to use when checking for DNS propagation.
102 // Adjusting here to cope with spikes in propagation times.
103 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
104 return d.config.PropagationTimeout, d.config.PollingInterval
105 }
106
107 // Present creates a TXT record using the specified parameters.
108 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
109 info := dns01.GetChallengeInfo(domain, keyAuth)
110
111 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
112 if err != nil {
113 return fmt.Errorf("netlify: could not find zone for domain %q: %w", domain, err)
114 }
115
116 authZone = dns01.UnFqdn(authZone)
117
118 record := internal.DNSRecord{
119 Hostname: dns01.UnFqdn(info.EffectiveFQDN),
120 TTL: d.config.TTL,
121 Type: "TXT",
122 Value: info.Value,
123 }
124
125 resp, err := d.client.CreateRecord(context.Background(), strings.ReplaceAll(authZone, ".", "_"), record)
126 if err != nil {
127 return fmt.Errorf("netlify: failed to create TXT records: fqdn=%s, authZone=%s: %w", info.EffectiveFQDN, authZone, err)
128 }
129
130 d.recordIDsMu.Lock()
131 d.recordIDs[token] = resp.ID
132 d.recordIDsMu.Unlock()
133
134 return nil
135 }
136
137 // CleanUp removes the TXT record matching the specified parameters.
138 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
139 info := dns01.GetChallengeInfo(domain, keyAuth)
140
141 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
142 if err != nil {
143 return fmt.Errorf("netlify: could not find zone for domain %q: %w", domain, err)
144 }
145
146 authZone = dns01.UnFqdn(authZone)
147
148 // gets the record's unique ID from when we created it
149 d.recordIDsMu.Lock()
150 recordID, ok := d.recordIDs[token]
151 d.recordIDsMu.Unlock()
152
153 if !ok {
154 return fmt.Errorf("netlify: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
155 }
156
157 err = d.client.RemoveRecord(context.Background(), strings.ReplaceAll(authZone, ".", "_"), recordID)
158 if err != nil {
159 return fmt.Errorf("netlify: failed to delete TXT records: fqdn=%s, authZone=%s, recordID=%s: %w", info.EffectiveFQDN, authZone, recordID, err)
160 }
161
162 // deletes record ID from map
163 d.recordIDsMu.Lock()
164 delete(d.recordIDs, token)
165 d.recordIDsMu.Unlock()
166
167 return nil
168 }
169