1
0
mirror of https://github.com/go-acme/lego.git synced 2025-01-03 15:23:32 +02:00

Add DNS provider for SelfHost.(de|eu) (#2278)

Co-authored-by: Dominik Menke <git@dmke.org>
This commit is contained in:
Ludovic Fernandez 2024-09-20 13:46:38 +02:00 committed by GitHub
parent eb7de2a32f
commit 20c8d6c413
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 1018 additions and 8 deletions

View File

@ -80,13 +80,14 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns).
| [Open Telekom Cloud](https://go-acme.github.io/lego/dns/otc/) | [Oracle Cloud](https://go-acme.github.io/lego/dns/oraclecloud/) | [OVH](https://go-acme.github.io/lego/dns/ovh/) | [plesk.com](https://go-acme.github.io/lego/dns/plesk/) |
| [Porkbun](https://go-acme.github.io/lego/dns/porkbun/) | [PowerDNS](https://go-acme.github.io/lego/dns/pdns/) | [Rackspace](https://go-acme.github.io/lego/dns/rackspace/) | [RcodeZero](https://go-acme.github.io/lego/dns/rcodezero/) |
| [reg.ru](https://go-acme.github.io/lego/dns/regru/) | [RFC2136](https://go-acme.github.io/lego/dns/rfc2136/) | [RimuHosting](https://go-acme.github.io/lego/dns/rimuhosting/) | [Sakura Cloud](https://go-acme.github.io/lego/dns/sakuracloud/) |
| [Scaleway](https://go-acme.github.io/lego/dns/scaleway/) | [Selectel v2](https://go-acme.github.io/lego/dns/selectelv2/) | [Selectel](https://go-acme.github.io/lego/dns/selectel/) | [Servercow](https://go-acme.github.io/lego/dns/servercow/) |
| [Shellrent](https://go-acme.github.io/lego/dns/shellrent/) | [Simply.com](https://go-acme.github.io/lego/dns/simply/) | [Sonic](https://go-acme.github.io/lego/dns/sonic/) | [Stackpath](https://go-acme.github.io/lego/dns/stackpath/) |
| [Tencent Cloud DNS](https://go-acme.github.io/lego/dns/tencentcloud/) | [TransIP](https://go-acme.github.io/lego/dns/transip/) | [UKFast SafeDNS](https://go-acme.github.io/lego/dns/safedns/) | [Ultradns](https://go-acme.github.io/lego/dns/ultradns/) |
| [Variomedia](https://go-acme.github.io/lego/dns/variomedia/) | [VegaDNS](https://go-acme.github.io/lego/dns/vegadns/) | [Vercel](https://go-acme.github.io/lego/dns/vercel/) | [Versio.[nl/eu/uk]](https://go-acme.github.io/lego/dns/versio/) |
| [VinylDNS](https://go-acme.github.io/lego/dns/vinyldns/) | [VK Cloud](https://go-acme.github.io/lego/dns/vkcloud/) | [Vscale](https://go-acme.github.io/lego/dns/vscale/) | [Vultr](https://go-acme.github.io/lego/dns/vultr/) |
| [Webnames](https://go-acme.github.io/lego/dns/webnames/) | [Websupport](https://go-acme.github.io/lego/dns/websupport/) | [WEDOS](https://go-acme.github.io/lego/dns/wedos/) | [Yandex 360](https://go-acme.github.io/lego/dns/yandex360/) |
| [Yandex Cloud](https://go-acme.github.io/lego/dns/yandexcloud/) | [Yandex PDD](https://go-acme.github.io/lego/dns/yandex/) | [Zone.ee](https://go-acme.github.io/lego/dns/zoneee/) | [Zonomi](https://go-acme.github.io/lego/dns/zonomi/) |
| [Scaleway](https://go-acme.github.io/lego/dns/scaleway/) | [Selectel v2](https://go-acme.github.io/lego/dns/selectelv2/) | [Selectel](https://go-acme.github.io/lego/dns/selectel/) | [SelfHost.(de/eu)](https://go-acme.github.io/lego/dns/selfhostde/) |
| [Servercow](https://go-acme.github.io/lego/dns/servercow/) | [Shellrent](https://go-acme.github.io/lego/dns/shellrent/) | [Simply.com](https://go-acme.github.io/lego/dns/simply/) | [Sonic](https://go-acme.github.io/lego/dns/sonic/) |
| [Stackpath](https://go-acme.github.io/lego/dns/stackpath/) | [Tencent Cloud DNS](https://go-acme.github.io/lego/dns/tencentcloud/) | [TransIP](https://go-acme.github.io/lego/dns/transip/) | [UKFast SafeDNS](https://go-acme.github.io/lego/dns/safedns/) |
| [Ultradns](https://go-acme.github.io/lego/dns/ultradns/) | [Variomedia](https://go-acme.github.io/lego/dns/variomedia/) | [VegaDNS](https://go-acme.github.io/lego/dns/vegadns/) | [Vercel](https://go-acme.github.io/lego/dns/vercel/) |
| [Versio.[nl/eu/uk]](https://go-acme.github.io/lego/dns/versio/) | [VinylDNS](https://go-acme.github.io/lego/dns/vinyldns/) | [VK Cloud](https://go-acme.github.io/lego/dns/vkcloud/) | [Vscale](https://go-acme.github.io/lego/dns/vscale/) |
| [Vultr](https://go-acme.github.io/lego/dns/vultr/) | [Webnames](https://go-acme.github.io/lego/dns/webnames/) | [Websupport](https://go-acme.github.io/lego/dns/websupport/) | [WEDOS](https://go-acme.github.io/lego/dns/wedos/) |
| [Yandex 360](https://go-acme.github.io/lego/dns/yandex360/) | [Yandex Cloud](https://go-acme.github.io/lego/dns/yandexcloud/) | [Yandex PDD](https://go-acme.github.io/lego/dns/yandex/) | [Zone.ee](https://go-acme.github.io/lego/dns/zoneee/) |
| [Zonomi](https://go-acme.github.io/lego/dns/zonomi/) | | | |
<!-- END DNS PROVIDERS LIST -->

View File

@ -125,6 +125,7 @@ func allDNSCodes() string {
"scaleway",
"selectel",
"selectelv2",
"selfhostde",
"servercow",
"shellrent",
"simply",
@ -2553,6 +2554,28 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/selectelv2`)
case "selfhostde":
// generated from: providers/dns/selfhostde/selfhostde.toml
ew.writeln(`Configuration for SelfHost.(de|eu).`)
ew.writeln(`Code: 'selfhostde'`)
ew.writeln(`Since: 'v4.19.0'`)
ew.writeln()
ew.writeln(`Credentials:`)
ew.writeln(` - "SELFHOSTDE_PASSWORD": Password`)
ew.writeln(` - "SELFHOSTDE_RECORDS_MAPPING": Record IDs mapping with domains (ex: example.com:123:456,example.org:789,foo.example.com:147)`)
ew.writeln(` - "SELFHOSTDE_USERNAME": Username`)
ew.writeln()
ew.writeln(`Additional Configuration:`)
ew.writeln(` - "SELFHOSTDE_HTTP_TIMEOUT": API request timeout`)
ew.writeln(` - "SELFHOSTDE_POLLING_INTERVAL": Time between DNS propagation check`)
ew.writeln(` - "SELFHOSTDE_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
ew.writeln(` - "SELFHOSTDE_TTL": The TTL of the TXT record used for the DNS challenge`)
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/selfhostde`)
case "servercow":
// generated from: providers/dns/servercow/servercow.toml
ew.writeln(`Configuration for Servercow.`)

View File

@ -0,0 +1,96 @@
---
title: "SelfHost.(de|eu)"
date: 2019-03-03T16:39:46+01:00
draft: false
slug: selfhostde
dnsprovider:
since: "v4.19.0"
code: "selfhostde"
url: "https://www.selfhost.de"
---
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
<!-- providers/dns/selfhostde/selfhostde.toml -->
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
Configuration for [SelfHost.(de|eu)](https://www.selfhost.de).
<!--more-->
- Code: `selfhostde`
- Since: v4.19.0
Here is an example bash command using the SelfHost.(de|eu) provider:
```bash
SELFHOSTDE_USERNAME=xxx \
SELFHOSTDE_PASSWORD=yyy \
SELFHOSTDE_RECORDS_MAPPING=my.example.com:123 \
lego --email you@example.com --dns selfhostde --domains my.example.org run
```
## Credentials
| Environment Variable Name | Description |
|-----------------------|-------------|
| `SELFHOSTDE_PASSWORD` | Password |
| `SELFHOSTDE_RECORDS_MAPPING` | Record IDs mapping with domains (ex: example.com:123:456,example.org:789,foo.example.com:147) |
| `SELFHOSTDE_USERNAME` | Username |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).
## Additional Configuration
| Environment Variable Name | Description |
|--------------------------------|-------------|
| `SELFHOSTDE_HTTP_TIMEOUT` | API request timeout |
| `SELFHOSTDE_POLLING_INTERVAL` | Time between DNS propagation check |
| `SELFHOSTDE_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
| `SELFHOSTDE_TTL` | The TTL of the TXT record used for the DNS challenge |
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).
SelfHost.de doesn't have an API to create or delete TXT records,
there is only an "unofficial" and undocumented endpoint to update an existing TXT record.
So, before using lego to request a certificate for a given domain or wildcard (such as `my.example.org` or `*.my.example.org`),
you must create:
- one TXT record named `_acme-challenge.my.example.org` if you are **not** using wildcard for this domain.
- two TXT records named `_acme-challenge.my.example.org` if you are using wildcard for this domain.
After that you must edit the TXT record(s) to get the ID(s).
You then must prepare the `SELFHOSTDE_RECORDS_MAPPING` environment variable with the following format:
```
<domain_A>:<record_id_A1>:<record_id_A2>,<domain_B>:<record_id_B1>:<record_id_B2>,<domain_C>:<record_id_C1>:<record_id_C2>
```
where each group of domain + record ID(s) is separated with a comma (`,`),
and the domain and record ID(s) are separated with a colon (`:`).
For example, if you want to create or renew a certificate for `my.example.org`, `*.my.example.org`, and `other.example.org`,
you would need:
- two separate records for `_acme-challenge.my.example.org`
- and another separate record for `_acme-challenge.other.example.org`
The resulting environment variable would then be: `SELFHOSTDE_RECORDS_MAPPING=my.example.com:123:456,other.example.com:789`
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
<!-- providers/dns/selfhostde/selfhostde.toml -->
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->

View File

@ -139,7 +139,7 @@ To display the documentation for a specific DNS provider, run:
$ lego dnshelp -c code
Supported DNS providers:
acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, constellix, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, servercow, shellrent, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, webnames, websupport, wedos, yandex, yandex360, yandexcloud, zoneee, zonomi
acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, constellix, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, webnames, websupport, wedos, yandex, yandex360, yandexcloud, zoneee, zonomi
More information: https://go-acme.github.io/lego/dns
"""

View File

@ -116,6 +116,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/scaleway"
"github.com/go-acme/lego/v4/providers/dns/selectel"
"github.com/go-acme/lego/v4/providers/dns/selectelv2"
"github.com/go-acme/lego/v4/providers/dns/selfhostde"
"github.com/go-acme/lego/v4/providers/dns/servercow"
"github.com/go-acme/lego/v4/providers/dns/shellrent"
"github.com/go-acme/lego/v4/providers/dns/simply"
@ -369,6 +370,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return selectel.NewDNSProvider()
case "selectelv2":
return selectelv2.NewDNSProvider()
case "selfhostde":
return selfhostde.NewDNSProvider()
case "servercow":
return servercow.NewDNSProvider()
case "shellrent":

View File

@ -0,0 +1,66 @@
package internal
import (
"context"
"fmt"
"net/http"
"net/url"
"time"
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
const defaultBaseURL = "https://selfhost.de/cgi-bin/api.pl"
// Client the SelfHost client.
type Client struct {
username string
password string
baseURL string
HTTPClient *http.Client
}
// NewClient Creates a new Client.
func NewClient(username, password string) *Client {
return &Client{
username: username,
password: password,
baseURL: defaultBaseURL,
HTTPClient: &http.Client{Timeout: 5 * time.Second},
}
}
// UpdateTXTRecord updates content of an existing TXT record.
func (c *Client) UpdateTXTRecord(ctx context.Context, recordID, content string) error {
endpoint, err := url.Parse(c.baseURL)
if err != nil {
return fmt.Errorf("parse URL: %w", err)
}
query := endpoint.Query()
query.Set("username", c.username)
query.Set("password", c.password)
query.Set("rid", recordID)
query.Set("content", content)
endpoint.RawQuery = query.Encode()
req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint.String(), nil)
if err != nil {
return fmt.Errorf("new HTTP request: %w", err)
}
resp, err := c.HTTPClient.Do(req)
if err != nil {
return errutils.NewHTTPDoError(req, err)
}
defer func() { _ = resp.Body.Close() }()
if resp.StatusCode/100 != 2 {
return errutils.NewUnexpectedResponseStatusCodeError(req, resp)
}
return nil
}

View File

@ -0,0 +1,65 @@
package internal
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/stretchr/testify/require"
)
func setupTest(t *testing.T) (*Client, *http.ServeMux) {
t.Helper()
mux := http.NewServeMux()
server := httptest.NewServer(mux)
t.Cleanup(server.Close)
client := NewClient("user", "secret")
serverURL, err := url.Parse(server.URL)
require.NoError(t, err)
client.baseURL = serverURL.String()
return client, mux
}
func TestClient_UpdateTXTRecord(t *testing.T) {
client, mux := setupTest(t)
mux.HandleFunc("GET /", func(rw http.ResponseWriter, req *http.Request) {
query := req.URL.Query()
fields := map[string]string{
"username": "user",
"password": "secret",
"rid": "123456",
"content": "txt",
}
for k, v := range fields {
value := query.Get(k)
if value != v {
http.Error(rw, fmt.Sprintf("%s: unexpected value: %s (%s)", k, value, v), http.StatusBadRequest)
return
}
}
})
err := client.UpdateTXTRecord(context.Background(), "123456", "txt")
require.NoError(t, err)
}
func TestClient_UpdateTXTRecord_error(t *testing.T) {
client, mux := setupTest(t)
mux.HandleFunc("GET /", func(rw http.ResponseWriter, _ *http.Request) {
http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
})
err := client.UpdateTXTRecord(context.Background(), "123456", "txt")
require.Error(t, err)
}

View File

@ -0,0 +1,7 @@
# SelfHost.(de|eu)
SelfHost doesn't provide an official API documentation and there are no endpoints for create a TXT record or delete a TXT record.
## More
The documentation found at https://kirk.selfhost.de/cgi-bin/selfhost?p=document&name=api (PDF) describes the DynDNS/ddns API endpoint and is not used by our client.

View File

@ -0,0 +1,131 @@
package selfhostde
import (
"errors"
"fmt"
"strings"
)
const (
lineSep = ","
recordSep = ":"
)
type Seq struct {
cursor int
ids []string
}
func NewSeq(ids ...string) *Seq {
return &Seq{ids: ids}
}
func (s *Seq) Next() string {
if len(s.ids) == 1 {
return s.ids[0]
}
v := s.ids[s.cursor]
if s.cursor < len(s.ids)-1 {
s.cursor++
} else {
s.cursor = 0
}
return v
}
func parseRecordsMapping(raw string) (map[string]*Seq, error) {
raw = strings.ReplaceAll(raw, " ", "")
if raw == "" {
return nil, errors.New("empty mapping")
}
acc := map[string]*Seq{}
for {
index, err := safeIndex(raw, lineSep)
if err != nil {
return nil, err
}
if index != -1 {
name, seq, err := parseLine(raw[:index])
if err != nil {
return nil, err
}
acc[name] = seq
// Data for the next iteration.
raw = raw[index+1:]
continue
}
name, seq, errP := parseLine(raw)
if errP != nil {
return nil, errP
}
acc[name] = seq
return acc, nil
}
}
func parseLine(line string) (string, *Seq, error) {
idx, err := safeIndex(line, recordSep)
if err != nil {
return "", nil, err
}
if idx == -1 {
return "", nil, fmt.Errorf("missing %q: %s", recordSep, line)
}
name, rawIDs := line[:idx], line[idx+1:]
var ids []string
var count int
for {
idx, err = safeIndex(rawIDs, recordSep)
if err != nil {
return "", nil, err
}
if count == 2 {
return "", nil, fmt.Errorf("too many record IDs for one domain: %s", line)
}
if idx != -1 {
ids = append(ids, rawIDs[:idx])
count++
// Data for the next iteration.
rawIDs = rawIDs[idx+1:]
continue
}
ids = append(ids, rawIDs)
return name, NewSeq(ids...), nil
}
}
func safeIndex(v, sep string) (int, error) {
index := strings.Index(v, sep)
if index == 0 {
return 0, fmt.Errorf("first char is %q: %s", sep, v)
}
if index == len(v)-1 {
return 0, fmt.Errorf("last char is %q: %s", sep, v)
}
return index, nil
}

View File

@ -0,0 +1,173 @@
package selfhostde
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_parseRecordsMapping(t *testing.T) {
testCases := []struct {
desc string
rawData string
expected map[string]*Seq
}{
{
desc: "one domain, one record id",
rawData: "example.com:123",
expected: map[string]*Seq{
"example.com": NewSeq("123"),
},
},
{
desc: "several domain, one record id",
rawData: "example.com:123, example.org:456,foo.example.com:789",
expected: map[string]*Seq{
"example.com": NewSeq("123"),
"example.org": NewSeq("456"),
"foo.example.com": NewSeq("789"),
},
},
{
desc: "one domain, 2 record ids",
rawData: "example.com:123:456",
expected: map[string]*Seq{
"example.com": NewSeq("123", "456"),
},
},
{
desc: "several domain, 2 record ids",
rawData: "example.com:123:321, example.org:456:654,foo.example.com:789:987",
expected: map[string]*Seq{
"example.com": NewSeq("123", "321"),
"example.org": NewSeq("456", "654"),
"foo.example.com": NewSeq("789", "987"),
},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
mapping, err := parseRecordsMapping(test.rawData)
require.NoError(t, err)
assert.Equal(t, test.expected, mapping)
})
}
}
func Test_parseRecordsMapping_error(t *testing.T) {
testCases := []struct {
desc string
rawData string
expected string
}{
{
desc: "empty",
rawData: "",
expected: "empty mapping",
},
{
desc: "only spaces",
rawData: " ",
expected: "empty mapping",
},
{
desc: "one domain, no record id",
rawData: "example.com",
expected: `missing ":": example.com`,
},
{
desc: "one domain, more than 2 record ids",
rawData: "example.com:123:456:789",
expected: "too many record IDs for one domain: example.com:123:456:789",
},
{
desc: "several domain, more than 2 record ids",
rawData: "example.com:123, example.org:456:789:147",
expected: "too many record IDs for one domain: example.org:456:789:147",
},
{
desc: "no ids, ends with 2 dots",
rawData: "example.com:",
expected: `last char is ":": example.com:`,
},
{
desc: "no ids,starts with 2 dots",
rawData: ":example.com",
expected: `first char is ":": :example.com`,
},
{
desc: "with ids but ends with 2 dots",
rawData: "example.com:123:",
expected: `last char is ":": 123:`,
},
{
desc: "only 2 dots",
rawData: ":",
expected: `first char is ":": :`,
},
{
desc: "only comma",
rawData: ",",
expected: `first char is ",": ,`,
},
{
desc: "ends with comma",
rawData: "example.com,",
expected: `last char is ",": example.com,`,
},
{
desc: "combo",
rawData: "::::,::",
expected: `first char is ":": ::::`,
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
_, err := parseRecordsMapping(test.rawData)
require.EqualError(t, err, test.expected)
})
}
}
func TestSeq_Next(t *testing.T) {
testCases := []struct {
desc string
ids []string
expected []string
}{
{
desc: "one value",
ids: []string{"a"},
expected: []string{"a", "a", "a"},
},
{
desc: "two values",
ids: []string{"a", "b"},
expected: []string{"a", "b", "a", "b"},
},
{
desc: "three values",
ids: []string{"a", "b", "c"},
expected: []string{"a", "b", "c", "a", "b", "c", "a"},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
seq := NewSeq(test.ids...)
for _, s := range test.expected {
assert.Equal(t, s, seq.Next())
}
})
}
}

View File

@ -0,0 +1,183 @@
// Package selfhostde implements a DNS provider for solving the DNS-01 challenge using SelfHost.(de|eu).
package selfhostde
import (
"context"
"errors"
"fmt"
"net/http"
"strings"
"sync"
"time"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/selfhostde/internal"
)
// Environment variables.
const (
envNamespace = "SELFHOSTDE_"
EnvUsername = envNamespace + "USERNAME"
EnvPassword = envNamespace + "PASSWORD"
EnvRecordsMapping = envNamespace + "RECORDS_MAPPING"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
Username string
Password string
RecordsMapping map[string]*Seq
recordsMappingMu sync.Mutex
TTL int
PropagationTimeout time.Duration
PollingInterval time.Duration
HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 4*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 30*time.Second),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
},
}
}
func (c *Config) getSeqNext(domain string) (string, error) {
effectiveDomain := strings.TrimPrefix(domain, "_acme-challenge.")
c.recordsMappingMu.Lock()
defer c.recordsMappingMu.Unlock()
seq, ok := c.RecordsMapping[effectiveDomain]
if !ok {
// fallback
seq, ok = c.RecordsMapping[domain]
if !ok {
return "", fmt.Errorf("record mapping not found for %q", effectiveDomain)
}
}
return seq.Next(), nil
}
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
client *internal.Client
recordIDs map[string]string
recordIDsMu sync.Mutex
}
// NewDNSProvider returns a DNSProvider instance configured for SelfHost.(de|eu).
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get(EnvUsername, EnvPassword, EnvRecordsMapping)
if err != nil {
return nil, fmt.Errorf("selfhostde: %w", err)
}
config := NewDefaultConfig()
config.Username = values[EnvUsername]
config.Password = values[EnvPassword]
mapping, err := parseRecordsMapping(values[EnvRecordsMapping])
if err != nil {
return nil, fmt.Errorf("selfhostde: malformed records mapping: %w", err)
}
config.RecordsMapping = mapping
return NewDNSProviderConfig(config)
}
// NewDNSProviderConfig return a DNSProvider instance configured for SelfHost.(de|eu).
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("selfhostde: supplied configuration is nil")
}
if config.Username == "" || config.Password == "" {
return nil, errors.New("selfhostde: credentials missing")
}
if len(config.RecordsMapping) == 0 {
return nil, errors.New("selfhostde: missing record mapping")
}
for domain, seq := range config.RecordsMapping {
if seq == nil || len(seq.ids) == 0 {
return nil, fmt.Errorf("selfhostde: missing record ID for %q", domain)
}
}
client := internal.NewClient(config.Username, config.Password)
if config.HTTPClient != nil {
client.HTTPClient = config.HTTPClient
}
return &DNSProvider{
config: config,
client: client,
recordIDs: make(map[string]string),
}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
recordID, err := d.config.getSeqNext(dns01.UnFqdn(info.EffectiveFQDN))
if err != nil {
return fmt.Errorf("selfhostde: %w", err)
}
err = d.client.UpdateTXTRecord(context.Background(), recordID, info.Value)
if err != nil {
return fmt.Errorf("selfhostde: update DNS TXT record (id=%s): %w", recordID, err)
}
d.recordIDsMu.Lock()
d.recordIDs[token] = recordID
d.recordIDsMu.Unlock()
return nil
}
// CleanUp removes the TXT record previously created.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
if !ok {
return fmt.Errorf("selfhostde: unknown record ID for %q", dns01.UnFqdn(info.EffectiveFQDN))
}
err := d.client.UpdateTXTRecord(context.Background(), recordID, "empty")
if err != nil {
return fmt.Errorf("selfhostde: emptied DNS TXT record (id=%s): %w", recordID, err)
}
return nil
}

View File

@ -0,0 +1,54 @@
Name = "SelfHost.(de|eu)"
Description = ''''''
URL = "https://www.selfhost.de"
Code = "selfhostde"
Since = "v4.19.0"
Example = '''
SELFHOSTDE_USERNAME=xxx \
SELFHOSTDE_PASSWORD=yyy \
SELFHOSTDE_RECORDS_MAPPING=my.example.com:123 \
lego --email you@example.com --dns selfhostde --domains my.example.org run
'''
Additional = """
SelfHost.de doesn't have an API to create or delete TXT records,
there is only an "unofficial" and undocumented endpoint to update an existing TXT record.
So, before using lego to request a certificate for a given domain or wildcard (such as `my.example.org` or `*.my.example.org`),
you must create:
- one TXT record named `_acme-challenge.my.example.org` if you are **not** using wildcard for this domain.
- two TXT records named `_acme-challenge.my.example.org` if you are using wildcard for this domain.
After that you must edit the TXT record(s) to get the ID(s).
You then must prepare the `SELFHOSTDE_RECORDS_MAPPING` environment variable with the following format:
```
<domain_A>:<record_id_A1>:<record_id_A2>,<domain_B>:<record_id_B1>:<record_id_B2>,<domain_C>:<record_id_C1>:<record_id_C2>
```
where each group of domain + record ID(s) is separated with a comma (`,`),
and the domain and record ID(s) are separated with a colon (`:`).
For example, if you want to create or renew a certificate for `my.example.org`, `*.my.example.org`, and `other.example.org`,
you would need:
- two separate records for `_acme-challenge.my.example.org`
- and another separate record for `_acme-challenge.other.example.org`
The resulting environment variable would then be: `SELFHOSTDE_RECORDS_MAPPING=my.example.com:123:456,other.example.com:789`
"""
[Configuration]
[Configuration.Credentials]
SELFHOSTDE_USERNAME = "Username"
SELFHOSTDE_PASSWORD = "Password"
SELFHOSTDE_RECORDS_MAPPING = "Record IDs mapping with domains (ex: example.com:123:456,example.org:789,foo.example.com:147)"
[Configuration.Additional]
SELFHOSTDE_POLLING_INTERVAL = "Time between DNS propagation check"
SELFHOSTDE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
SELFHOSTDE_TTL = "The TTL of the TXT record used for the DNS challenge"
SELFHOSTDE_HTTP_TIMEOUT = "API request timeout"

View File

@ -0,0 +1,208 @@
package selfhostde
import (
"testing"
"time"
"github.com/go-acme/lego/v4/platform/tester"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const envDomain = envNamespace + "DOMAIN"
var envTest = tester.NewEnvTest(EnvUsername, EnvPassword, EnvRecordsMapping).
WithDomain(envDomain)
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
desc string
envVars map[string]string
expected string
}{
{
desc: "success",
envVars: map[string]string{
EnvUsername: "user",
EnvPassword: "secret",
EnvRecordsMapping: "example.com:123",
},
},
{
desc: "missing username",
envVars: map[string]string{
EnvPassword: "secret",
EnvRecordsMapping: "example.com:123",
},
expected: "selfhostde: some credentials information are missing: SELFHOSTDE_USERNAME",
},
{
desc: "missing password",
envVars: map[string]string{
EnvUsername: "user",
EnvRecordsMapping: "example.com:123",
},
expected: "selfhostde: some credentials information are missing: SELFHOSTDE_PASSWORD",
},
{
desc: "missing records mapping",
envVars: map[string]string{
EnvUsername: "user",
EnvPassword: "secret",
},
expected: "selfhostde: some credentials information are missing: SELFHOSTDE_RECORDS_MAPPING",
},
{
desc: "invalid records mapping",
envVars: map[string]string{
EnvUsername: "user",
EnvPassword: "secret",
EnvRecordsMapping: "example.com",
},
expected: `selfhostde: malformed records mapping: missing ":": example.com`,
},
{
desc: "missing information",
envVars: map[string]string{},
expected: "selfhostde: some credentials information are missing: SELFHOSTDE_USERNAME,SELFHOSTDE_PASSWORD,SELFHOSTDE_RECORDS_MAPPING",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
envTest.ClearEnv()
envTest.Apply(test.envVars)
p, err := NewDNSProvider()
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
assert.NotNil(t, p.config)
assert.NotNil(t, p.client)
} else {
require.EqualError(t, err, test.expected)
}
})
}
}
func TestNewDNSProviderConfig(t *testing.T) {
testCases := []struct {
desc string
username string
password string
recordMapping map[string]*Seq
expected string
}{
{
desc: "success",
username: "user",
password: "secret",
recordMapping: map[string]*Seq{
"example.com": NewSeq("123"),
},
},
{
desc: "missing username",
password: "secret",
recordMapping: map[string]*Seq{
"example.com": NewSeq("123"),
},
expected: "selfhostde: credentials missing",
},
{
desc: "missing password",
username: "user",
recordMapping: map[string]*Seq{
"example.com": NewSeq("123"),
},
expected: "selfhostde: credentials missing",
},
{
desc: "missing sequence",
username: "user",
password: "secret",
recordMapping: map[string]*Seq{
"example.com": nil,
},
expected: `selfhostde: missing record ID for "example.com"`,
},
{
desc: "empty sequence",
username: "user",
password: "secret",
recordMapping: map[string]*Seq{
"example.com": NewSeq(),
},
expected: `selfhostde: missing record ID for "example.com"`,
},
{
desc: "missing records mapping",
username: "user",
password: "secret",
expected: "selfhostde: missing record mapping",
},
{
desc: "empty records mapping",
username: "user",
password: "secret",
recordMapping: map[string]*Seq{},
expected: "selfhostde: missing record mapping",
},
{
desc: "missing information",
expected: "selfhostde: credentials missing",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
config := NewDefaultConfig()
config.Username = test.username
config.Password = test.password
config.RecordsMapping = test.recordMapping
p, err := NewDNSProviderConfig(config)
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
assert.NotNil(t, p.config)
assert.NotNil(t, p.client)
} else {
require.EqualError(t, err, test.expected)
}
})
}
}
func TestLivePresent(t *testing.T) {
if !envTest.IsLiveTest() {
t.Skip("skipping live test")
}
envTest.RestoreEnv()
provider, err := NewDNSProvider()
require.NoError(t, err)
err = provider.Present(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}
func TestLiveCleanUp(t *testing.T) {
if !envTest.IsLiveTest() {
t.Skip("skipping live test")
}
envTest.RestoreEnv()
provider, err := NewDNSProvider()
require.NoError(t, err)
time.Sleep(2 * time.Second)
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}