mirror of
https://github.com/go-acme/lego.git
synced 2024-12-23 09:15:11 +02:00
325 lines
8.5 KiB
Go
325 lines
8.5 KiB
Go
package internal
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"path"
|
|
"time"
|
|
)
|
|
|
|
const defaultBaseURL = "https://api.hyperone.com/v2"
|
|
|
|
const defaultLocationID = "pl-waw-1"
|
|
|
|
type signer interface {
|
|
GetJWT() (string, error)
|
|
}
|
|
|
|
// Client the HyperOne client.
|
|
type Client struct {
|
|
HTTPClient *http.Client
|
|
|
|
apiEndpoint string
|
|
locationID string
|
|
projectID string
|
|
|
|
passport *Passport
|
|
signer signer
|
|
}
|
|
|
|
// NewClient Creates a new HyperOne client.
|
|
func NewClient(apiEndpoint, locationID string, passport *Passport) (*Client, error) {
|
|
if passport == nil {
|
|
return nil, errors.New("the passport is missing")
|
|
}
|
|
|
|
projectID, err := passport.ExtractProjectID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
baseURL := defaultBaseURL
|
|
if apiEndpoint != "" {
|
|
baseURL = apiEndpoint
|
|
}
|
|
|
|
tokenSigner := &TokenSigner{
|
|
PrivateKey: passport.PrivateKey,
|
|
KeyID: passport.CertificateID,
|
|
Audience: baseURL,
|
|
Issuer: passport.Issuer,
|
|
Subject: passport.SubjectID,
|
|
}
|
|
|
|
client := &Client{
|
|
HTTPClient: &http.Client{Timeout: 5 * time.Second},
|
|
apiEndpoint: baseURL,
|
|
locationID: locationID,
|
|
passport: passport,
|
|
projectID: projectID,
|
|
signer: tokenSigner,
|
|
}
|
|
|
|
if client.locationID == "" {
|
|
client.locationID = defaultLocationID
|
|
}
|
|
|
|
return client, nil
|
|
}
|
|
|
|
// FindRecordset looks for recordset with given recordType and name and returns it.
|
|
// In case if recordset is not found returns nil.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_list
|
|
func (c *Client) FindRecordset(zoneID, recordType, name string) (*Recordset, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset")
|
|
|
|
req, err := c.createRequest(http.MethodGet, resourceURL, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordSets []Recordset
|
|
|
|
err = c.do(req, &recordSets)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get recordsets from server: %w", err)
|
|
}
|
|
|
|
for _, v := range recordSets {
|
|
if v.RecordType == recordType && v.Name == name {
|
|
return &v, nil
|
|
}
|
|
}
|
|
|
|
// when recordset is not present returns nil, but error is not thrown
|
|
return nil, nil
|
|
}
|
|
|
|
// CreateRecordset creates recordset and record with given value within one request.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_create
|
|
func (c *Client) CreateRecordset(zoneID, recordType, name, recordValue string, ttl int) (*Recordset, error) {
|
|
recordsetInput := Recordset{
|
|
RecordType: recordType,
|
|
Name: name,
|
|
TTL: ttl,
|
|
Record: &Record{Content: recordValue},
|
|
}
|
|
|
|
requestBody, err := json.Marshal(recordsetInput)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to marshal recordset: %w", err)
|
|
}
|
|
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset")
|
|
|
|
req, err := c.createRequest(http.MethodPost, resourceURL, bytes.NewBuffer(requestBody))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordsetResponse Recordset
|
|
|
|
err = c.do(req, &recordsetResponse)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create recordset: %w", err)
|
|
}
|
|
|
|
return &recordsetResponse, nil
|
|
}
|
|
|
|
// DeleteRecordset deletes a recordset.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_delete
|
|
func (c *Client) DeleteRecordset(zoneID string, recordsetID string) error {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset", recordsetID)
|
|
|
|
req, err := c.createRequest(http.MethodDelete, resourceURL, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.do(req, nil)
|
|
}
|
|
|
|
// GetRecords gets all records within specified recordset.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_list
|
|
func (c *Client) GetRecords(zoneID string, recordsetID string) ([]Record, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset", recordsetID, "record")
|
|
|
|
req, err := c.createRequest(http.MethodGet, resourceURL, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var records []Record
|
|
|
|
err = c.do(req, &records)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get records from server: %w", err)
|
|
}
|
|
|
|
return records, err
|
|
}
|
|
|
|
// CreateRecord creates a record.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_create
|
|
func (c *Client) CreateRecord(zoneID, recordsetID, recordContent string) (*Record, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset", recordsetID, "record")
|
|
|
|
requestBody, err := json.Marshal(Record{Content: recordContent})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to marshal record: %w", err)
|
|
}
|
|
|
|
req, err := c.createRequest(http.MethodPost, resourceURL, bytes.NewBuffer(requestBody))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var recordResponse Record
|
|
|
|
err = c.do(req, &recordResponse)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to set record: %w", err)
|
|
}
|
|
|
|
return &recordResponse, nil
|
|
}
|
|
|
|
// DeleteRecord deletes a record.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_recordset_record_delete
|
|
func (c *Client) DeleteRecord(zoneID, recordsetID, recordID string) error {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone/{zoneId}/recordset/{recordsetId}/record/{recordId}
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone", zoneID, "recordset", recordsetID, "record", recordID)
|
|
|
|
req, err := c.createRequest(http.MethodDelete, resourceURL, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return c.do(req, nil)
|
|
}
|
|
|
|
// FindZone looks for DNS Zone and returns nil if it does not exist.
|
|
func (c *Client) FindZone(name string) (*Zone, error) {
|
|
zones, err := c.GetZones()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for _, zone := range zones {
|
|
if zone.DNSName == name {
|
|
return &zone, nil
|
|
}
|
|
}
|
|
|
|
return nil, fmt.Errorf("failed to find zone for %s", name)
|
|
}
|
|
|
|
// GetZones gets all user's zones.
|
|
// https://api.hyperone.com/v2/docs#operation/dns_project_zone_list
|
|
func (c *Client) GetZones() ([]Zone, error) {
|
|
// https://api.hyperone.com/v2/dns/{locationId}/project/{projectId}/zone
|
|
resourceURL := path.Join("dns", c.locationID, "project", c.projectID, "zone")
|
|
|
|
req, err := c.createRequest(http.MethodGet, resourceURL, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var zones []Zone
|
|
|
|
err = c.do(req, &zones)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to fetch available zones: %w", err)
|
|
}
|
|
|
|
return zones, nil
|
|
}
|
|
|
|
func (c *Client) createRequest(method, uri string, body io.Reader) (*http.Request, error) {
|
|
baseURL, err := url.Parse(c.apiEndpoint)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
endpoint, err := baseURL.Parse(path.Join(baseURL.Path, uri))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req, err := http.NewRequest(method, endpoint.String(), body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
jwt, err := c.signer.GetJWT()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to sign the request: %w", err)
|
|
}
|
|
|
|
req.Header.Set("Authorization", "Bearer "+jwt)
|
|
req.Header.Set("Content-Type", "application/json")
|
|
|
|
return req, nil
|
|
}
|
|
|
|
func (c *Client) do(req *http.Request, v interface{}) error {
|
|
resp, err := c.HTTPClient.Do(req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
err = checkResponse(resp)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if v == nil {
|
|
return nil
|
|
}
|
|
|
|
raw, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to read body: %w", err)
|
|
}
|
|
|
|
if err = json.Unmarshal(raw, v); err != nil {
|
|
return fmt.Errorf("unmarshaling %T error: %w: %s", v, err, string(raw))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func checkResponse(resp *http.Response) error {
|
|
if resp.StatusCode/100 == 2 {
|
|
return nil
|
|
}
|
|
|
|
var msg string
|
|
if resp.StatusCode == http.StatusForbidden {
|
|
msg = "forbidden: check if service account you are trying to use has permissions required for managing DNS"
|
|
} else {
|
|
msg = fmt.Sprintf("%d: unknown error", resp.StatusCode)
|
|
}
|
|
|
|
// add response body to error message if not empty
|
|
responseBody, _ := io.ReadAll(resp.Body)
|
|
if len(responseBody) > 0 {
|
|
msg = fmt.Sprintf("%s: %s", msg, string(responseBody))
|
|
}
|
|
|
|
return errors.New(msg)
|
|
}
|