nodion.go raw
1 // Package nodion implements a DNS provider for solving the DNS-01 challenge using Nodion DNS.
2 package nodion
3
4 import (
5 "context"
6 "errors"
7 "fmt"
8 "net/http"
9 "sync"
10 "time"
11
12 "github.com/go-acme/lego/v4/challenge"
13 "github.com/go-acme/lego/v4/challenge/dns01"
14 "github.com/go-acme/lego/v4/platform/config/env"
15 "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
16 "github.com/nrdcg/nodion"
17 )
18
19 // Environment variables names.
20 const (
21 envNamespace = "NODION_"
22
23 EnvAPIToken = envNamespace + "API_TOKEN"
24
25 EnvTTL = envNamespace + "TTL"
26 EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
27 EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
28 EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
29 )
30
31 var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
32
33 // Config is used to configure the creation of the DNSProvider.
34 type Config struct {
35 APIToken string
36
37 PropagationTimeout time.Duration
38 PollingInterval time.Duration
39 TTL int
40 HTTPClient *http.Client
41 }
42
43 // NewDefaultConfig returns a default configuration for the DNSProvider.
44 func NewDefaultConfig() *Config {
45 return &Config{
46 TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
47 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
48 PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
49 HTTPClient: &http.Client{
50 Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
51 },
52 }
53 }
54
55 // DNSProvider implements the challenge.Provider interface.
56 type DNSProvider struct {
57 config *Config
58 client *nodion.Client
59
60 zoneIDs map[string]string
61 zoneIDsMu sync.Mutex
62 }
63
64 // NewDNSProvider returns a DNSProvider instance configured for Nodion.
65 // Credentials must be passed in the environment variable: NODION_API_TOKEN.
66 func NewDNSProvider() (*DNSProvider, error) {
67 values, err := env.Get(EnvAPIToken)
68 if err != nil {
69 return nil, fmt.Errorf("nodion: %w", err)
70 }
71
72 config := NewDefaultConfig()
73 config.APIToken = values[EnvAPIToken]
74
75 return NewDNSProviderConfig(config)
76 }
77
78 // NewDNSProviderConfig return a DNSProvider instance configured for Nodion.
79 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
80 if config == nil {
81 return nil, errors.New("nodion: the configuration of the DNS provider is nil")
82 }
83
84 if config.APIToken == "" {
85 return nil, errors.New("nodion: incomplete credentials, missing API token")
86 }
87
88 client, err := nodion.NewClient(config.APIToken)
89 if err != nil {
90 return nil, err
91 }
92
93 if config.HTTPClient != nil {
94 client.HTTPClient = config.HTTPClient
95 }
96
97 client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
98
99 return &DNSProvider{
100 config: config,
101 client: client,
102 zoneIDs: map[string]string{},
103 }, nil
104 }
105
106 // Timeout returns the timeout and interval to use when checking for DNS propagation.
107 // Adjusting here to cope with spikes in propagation times.
108 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
109 return d.config.PropagationTimeout, d.config.PollingInterval
110 }
111
112 // Present creates a TXT record using the specified parameters.
113 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
114 info := dns01.GetChallengeInfo(domain, keyAuth)
115
116 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
117 if err != nil {
118 return fmt.Errorf("nodion: could not find zone for domain %q: %w", domain, err)
119 }
120
121 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
122 if err != nil {
123 return fmt.Errorf("nodion: %w", err)
124 }
125
126 ctx := context.Background()
127
128 zones, err := d.client.GetZones(ctx, &nodion.ZonesFilter{Name: dns01.UnFqdn(authZone)})
129 if err != nil {
130 return fmt.Errorf("nodion: %w", err)
131 }
132
133 if len(zones) == 0 {
134 return fmt.Errorf("nodion: zone not found: %s", authZone)
135 }
136
137 if len(zones) > 1 {
138 return fmt.Errorf("nodion: too many possible zones for the domain %s: %v", authZone, zones)
139 }
140
141 zoneID := zones[0].ID
142
143 record := nodion.Record{
144 RecordType: nodion.TypeTXT,
145 Name: subDomain,
146 Content: info.Value,
147 TTL: d.config.TTL,
148 }
149
150 _, err = d.client.CreateRecord(ctx, zoneID, record)
151 if err != nil {
152 return fmt.Errorf("nodion: failed to create TXT records [domain: %s, sub domain: %s]: %w",
153 dns01.UnFqdn(authZone), subDomain, err)
154 }
155
156 d.zoneIDsMu.Lock()
157 d.zoneIDs[token] = zoneID
158 d.zoneIDsMu.Unlock()
159
160 return nil
161 }
162
163 // CleanUp removes the TXT record matching the specified parameters.
164 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
165 info := dns01.GetChallengeInfo(domain, keyAuth)
166
167 authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
168 if err != nil {
169 return fmt.Errorf("nodion: could not find zone for domain %q: %w", domain, err)
170 }
171
172 d.zoneIDsMu.Lock()
173 zoneID, ok := d.zoneIDs[token]
174 d.zoneIDsMu.Unlock()
175
176 if !ok {
177 return fmt.Errorf("nodion: unknown zone ID for '%s' '%s'", info.EffectiveFQDN, token)
178 }
179
180 subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
181 if err != nil {
182 return fmt.Errorf("nodion: %w", err)
183 }
184
185 ctx := context.Background()
186
187 filter := &nodion.RecordsFilter{
188 Name: subDomain,
189 RecordType: nodion.TypeTXT,
190 Content: info.Value,
191 }
192
193 records, err := d.client.GetRecords(ctx, zoneID, filter)
194 if err != nil {
195 return fmt.Errorf("nodion: %w", err)
196 }
197
198 if len(records) == 0 {
199 return fmt.Errorf("nodion: record not found: %s", authZone)
200 }
201
202 if len(records) > 1 {
203 return fmt.Errorf("nodion: too many possible records for the domain %s: %v", info.EffectiveFQDN, records)
204 }
205
206 _, err = d.client.DeleteRecord(ctx, zoneID, records[0].ID)
207 if err != nil {
208 return fmt.Errorf("regru: failed to remove TXT records [domain: %s]: %w", dns01.UnFqdn(authZone), err)
209 }
210
211 d.zoneIDsMu.Lock()
212 delete(d.zoneIDs, token)
213 d.zoneIDsMu.Unlock()
214
215 return nil
216 }
217