acme-dns/api.go

package main

import (
	"encoding/json"
	"fmt"
	"io"
	"net/http"

	"github.com/julienschmidt/httprouter"
	log "github.com/sirupsen/logrus"
)

// RegResponse is a struct for registration response JSON
type RegResponse struct {
	Username   string   `json:"username"`
	Password   string   `json:"password"`
	Fulldomain string   `json:"fulldomain"`
	Subdomain  string   `json:"subdomain"`
	Allowfrom  []string `json:"allowfrom"`
}

func webRegisterPost(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	var regStatus int
	var reg []byte
	var err error
	aTXT := ACMETxt{}
	bdata, _ := io.ReadAll(r.Body)
	if len(bdata) > 0 {
		err = json.Unmarshal(bdata, &aTXT)
		if err != nil {
			regStatus = http.StatusBadRequest
			reg = jsonError("malformed_json_payload")
			w.Header().Set("Content-Type", "application/json")
			w.WriteHeader(regStatus)
			_, _ = w.Write(reg)
			return
		}
	}

	// Fail with malformed CIDR mask in allowfrom
	err = aTXT.AllowFrom.isValid()
	if err != nil {
		regStatus = http.StatusBadRequest
		reg = jsonError("invalid_allowfrom_cidr")
		w.Header().Set("Content-Type", "application/json")
		w.WriteHeader(regStatus)
		_, _ = w.Write(reg)
		return
	}

	// Create new user
	nu, err := DB.Register(aTXT.AllowFrom)
	if err != nil {
		errstr := fmt.Sprintf("%v", err)
		reg = jsonError(errstr)
		regStatus = http.StatusInternalServerError
		log.WithFields(log.Fields{"error": err.Error()}).Debug("Error in registration")
	} else {
		log.WithFields(log.Fields{"user": nu.Username.String()}).Debug("Created new user")
		regStruct := RegResponse{nu.Username.String(), nu.Password, nu.Subdomain + "." + Config.General.Domain, nu.Subdomain, nu.AllowFrom.ValidEntries()}
		regStatus = http.StatusCreated
		reg, err = json.Marshal(regStruct)
		if err != nil {
			regStatus = http.StatusInternalServerError
			reg = jsonError("json_error")
			log.WithFields(log.Fields{"error": "json"}).Debug("Could not marshal JSON")
		}
	}
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(regStatus)
	_, _ = w.Write(reg)
}

func webUpdatePost(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	var updStatus int
	var upd []byte
	// Get user
	a, ok := r.Context().Value(ACMETxtKey).(ACMETxt)
	if !ok {
		log.WithFields(log.Fields{"error": "context"}).Error("Context error")
	}
	// NOTE: An invalid subdomain should not happen - the auth handler should
	// reject POSTs with an invalid subdomain before this handler. Reject any
	// invalid subdomains anyway as a matter of caution.
	if !validSubdomain(a.Subdomain) {
		log.WithFields(log.Fields{"error": "subdomain", "subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad update data")
		updStatus = http.StatusBadRequest
		upd = jsonError("bad_subdomain")
	} else if !validTXT(a.Value) {
		log.WithFields(log.Fields{"error": "txt", "subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad update data")
		updStatus = http.StatusBadRequest
		upd = jsonError("bad_txt")
	} else if validSubdomain(a.Subdomain) && validTXT(a.Value) {
		err := DB.Update(a.ACMETxtPost)
		if err != nil {
			log.WithFields(log.Fields{"error": err.Error()}).Debug("Error while trying to update record")
			updStatus = http.StatusInternalServerError
			upd = jsonError("db_error")
		} else {
			log.WithFields(log.Fields{"subdomain": a.Subdomain, "txt": a.Value}).Debug("TXT updated")
			updStatus = http.StatusOK
			upd = []byte("{\"txt\": \"" + a.Value + "\"}")
		}
	}
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(updStatus)
	_, _ = w.Write(upd)
}

// Endpoint used to check the readiness and/or liveness (health) of the server.
func healthCheck(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	w.WriteHeader(http.StatusOK)
}
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`package main`

			`import (`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"encoding/json"`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`"fmt"`
Update deps to support go 1.23 (#368) * Update deps to support go 1.23 * Test updated golangci config * Fix deprecated ioutil references 2024-12-15 18:00:37 +07:00			`"io"`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"net/http"`
Fixed iris version to v5 api (#9) 2017-01-30 17:19:22 +07:00
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"github.com/julienschmidt/httprouter"`
Use iris v6 and Go 1.8+ (#10) * Quick fixes to bring framework up to date * Script for test running, api tests need complete rewrite * Removed govendor from tests * Fix for AutoTLS 2017-08-02 23:25:27 +07:00			`log "github.com/sirupsen/logrus"`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`)`

Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`// RegResponse is a struct for registration response JSON`
			`type RegResponse struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			Fulldomain string `json:"fulldomain"`
			Subdomain string `json:"subdomain"`
			Allowfrom []string `json:"allowfrom"`
Refactoring, alpha v0.1 2016-11-13 19:50:44 +07:00			`}`

Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`func webRegisterPost(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
Coding style fixes 2016-11-17 00:15:36 +07:00			`var regStatus int`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`var reg []byte`
Fail closed with malformed allowfrom data in register endpoint (#148) * Prepare readme for release * Fail closed with malformed allowfrom data in register endpoint 2019-02-22 21:53:11 +07:00			`var err error`
Modified returned JSON structure 2016-12-03 15:31:15 +07:00			`aTXT := ACMETxt{}`
Update deps to support go 1.23 (#368) * Update deps to support go 1.23 * Test updated golangci config * Fix deprecated ioutil references 2024-12-15 18:00:37 +07:00			`bdata, _ := io.ReadAll(r.Body)`
Migrate to GitHub actions for coverage & unit test automation (#251) 2021-01-11 22:31:09 +07:00			`if len(bdata) > 0 {`
Fail closed with malformed allowfrom data in register endpoint (#148) * Prepare readme for release * Fail closed with malformed allowfrom data in register endpoint 2019-02-22 21:53:11 +07:00			`err = json.Unmarshal(bdata, &aTXT)`
Fail on malformed JSON payloads in register endpoint (#24) 2017-11-15 18:52:27 +07:00			`if err != nil {`
			`regStatus = http.StatusBadRequest`
			`reg = jsonError("malformed_json_payload")`
			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(regStatus)`
Migrate to GitHub actions for coverage & unit test automation (#251) 2021-01-11 22:31:09 +07:00			`_, _ = w.Write(reg)`
Fail on malformed JSON payloads in register endpoint (#24) 2017-11-15 18:52:27 +07:00			`return`
			`}`
			`}`
Fail closed with malformed allowfrom data in register endpoint (#148) * Prepare readme for release * Fail closed with malformed allowfrom data in register endpoint 2019-02-22 21:53:11 +07:00
			`// Fail with malformed CIDR mask in allowfrom`
			`err = aTXT.AllowFrom.isValid()`
			`if err != nil {`
			`regStatus = http.StatusBadRequest`
			`reg = jsonError("invalid_allowfrom_cidr")`
			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(regStatus)`
Migrate to GitHub actions for coverage & unit test automation (#251) 2021-01-11 22:31:09 +07:00			`_, _ = w.Write(reg)`
Fail closed with malformed allowfrom data in register endpoint (#148) * Prepare readme for release * Fail closed with malformed allowfrom data in register endpoint 2019-02-22 21:53:11 +07:00			`return`
			`}`

Removed register GET request in favor of POST, and did required HTTP api changes 2016-12-02 20:42:10 +07:00			`// Create new user`
Modified returned JSON structure 2016-12-03 15:31:15 +07:00			`nu, err := DB.Register(aTXT.AllowFrom)`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`if err != nil {`
			`errstr := fmt.Sprintf("%v", err)`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`reg = jsonError(errstr)`
			`regStatus = http.StatusInternalServerError`
Went logrus 2016-11-26 20:42:35 +07:00			`log.WithFields(log.Fields{"error": err.Error()}).Debug("Error in registration")`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`} else {`
Went logrus 2016-11-26 20:42:35 +07:00			`log.WithFields(log.Fields{"user": nu.Username.String()}).Debug("Created new user")`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`regStruct := RegResponse{nu.Username.String(), nu.Password, nu.Subdomain + "." + Config.General.Domain, nu.Subdomain, nu.AllowFrom.ValidEntries()}`
			`regStatus = http.StatusCreated`
			`reg, err = json.Marshal(regStruct)`
			`if err != nil {`
			`regStatus = http.StatusInternalServerError`
			`reg = jsonError("json_error")`
			`log.WithFields(log.Fields{"error": "json"}).Debug("Could not marshal JSON")`
			`}`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`}`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(regStatus)`
Migrate to GitHub actions for coverage & unit test automation (#251) 2021-01-11 22:31:09 +07:00			`_, _ = w.Write(reg)`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`}`

Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`func webUpdatePost(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
			`var updStatus int`
			`var upd []byte`
			`// Get user`
			`a, ok := r.Context().Value(ACMETxtKey).(ACMETxt)`
			`if !ok {`
			`log.WithFields(log.Fields{"error": "context"}).Error("Context error")`
			`}`
API: Differentiate bad TXT update error. Previous to this commit, if the update message had a valid subdomain but an invalid TXT the error returned was for a bad subdomain. This can confuse developers who were POSTing junk TXT records to test acme-dns :-) This commit adjusts the `webUpdatePost` error handling such that `!validSubdomain(input)` and `!validTXT(input)` give distinct errors. The `!validSubdomain` case should never happen in `webUpdatePost` because `auth.go`'s `Auth` function already vets the post data subdomain but I retained the error handling code just in case. Unit tests for an update with an invalid subdomain and an update with an invalid TXT are included. 2018-02-28 07:20:35 +07:00			`// NOTE: An invalid subdomain should not happen - the auth handler should`
			`// reject POSTs with an invalid subdomain before this handler. Reject any`
			`// invalid subdomains anyway as a matter of caution.`
			`if !validSubdomain(a.Subdomain) {`
			`log.WithFields(log.Fields{"error": "subdomain", "subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad update data")`
			`updStatus = http.StatusBadRequest`
			`upd = jsonError("bad_subdomain")`
			`} else if !validTXT(a.Value) {`
			`log.WithFields(log.Fields{"error": "txt", "subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad update data")`
			`updStatus = http.StatusBadRequest`
			`upd = jsonError("bad_txt")`
			`} else if validSubdomain(a.Subdomain) && validTXT(a.Value) {`
Refactor: Use more specific type in argument of DB.Update (#162) The DB.Update function takes a type of ACMETxt. However, the function only requires the Value and Subdomain fields. Refactor the function such that it takes ACMETxtPost instead of the full ACMETxt record. This will simplify extraction of txt-record related logic from the db code. 2019-06-12 19:41:02 +07:00			`err := DB.Update(a.ACMETxtPost)`
Refactoring, alpha v0.1 2016-11-13 19:50:44 +07:00			`if err != nil {`
Went logrus 2016-11-26 20:42:35 +07:00			`log.WithFields(log.Fields{"error": err.Error()}).Debug("Error while trying to update record")`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`updStatus = http.StatusInternalServerError`
			`upd = jsonError("db_error")`
			`} else {`
			`log.WithFields(log.Fields{"subdomain": a.Subdomain, "txt": a.Value}).Debug("TXT updated")`
			`updStatus = http.StatusOK`
			`upd = []byte("{\"txt\": \"" + a.Value + "\"}")`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`}`
			`}`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`w.Header().Set("Content-Type", "application/json")`
			`w.WriteHeader(updStatus)`
Migrate to GitHub actions for coverage & unit test automation (#251) 2021-01-11 22:31:09 +07:00			`_, _ = w.Write(upd)`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`}`
Added http health check endpoint. (#137) * Added http health check endpoint. * Fixed performing POST on GET endpoint. * Explicitly return http status 200 in health check endpoint. * Updated changelog. 2019-01-26 00:22:53 +07:00
			`// Endpoint used to check the readiness and/or liveness (health) of the server.`
			`func healthCheck(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
			`w.WriteHeader(http.StatusOK)`
			`}`