make default soa and zauth optional

2024-11-21 13:31:11 +01:00 · 2024-09-29 23:39:34 +02:00 · 2024-09-29 23:39:34 +02:00 · 3779125367
commit 3779125367
parent 0c8775c80e
4 changed files with 31 additions and 19 deletions
--- a/zns-daemon/src/config.rs
+++ b/zns-daemon/src/config.rs
@ -6,11 +6,12 @@ use zns::labelstring::LabelString;
 static CONFIG: OnceLock<Config> = OnceLock::new();

 pub struct Config {
-    pub zauth_url: String,
+    pub zauth_url: Option<String>,
    pub db_uri: String,
    pub authoritative_zone: LabelString,
    pub port: u16,
    pub address: IpAddr,
+    pub default_soa: bool,
 }

 impl Config {
@ -25,7 +26,7 @@ impl Config {
            dotenv().ok();
            Config {
                db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
-                zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
+                zauth_url: env::var("ZAUTH_URL").ok(),
                authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
                port: env::var("ZNS_PORT")
                    .map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
@ -34,6 +35,10 @@ impl Config {
                    .unwrap_or(String::from("127.0.0.1"))
                    .parse()
                    .expect("ZNS_ADDRESS is invalid"),
+                default_soa: env::var("ZNS_DEFAULT_SOA")
+                    .unwrap_or(String::from("true"))
+                    .parse()
+                    .expect("ZNS_DEFAULT_SOA should have value `true` or `false`"),
            }
        })
    }
--- a/zns-daemon/src/handlers/query.rs
+++ b/zns-daemon/src/handlers/query.rs
@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler {
                    if rrs.is_empty() {
                        rrs.extend(try_wildcard(question, connection)?);
                        if rrs.is_empty() {
-                            if question.qtype == Type::Type(RRType::SOA) {
+                            if question.qtype == Type::Type(RRType::SOA)
+                                && Config::get().default_soa
+                            {
                                rrs.extend([get_soa(&question.qname)?])
                            } else {
                                return Err(ZNSError::NXDomain {
@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result<Ve

 fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
    let auth_zone = Config::get().authoritative_zone.clone();
-    let rdata = if &Config::get().authoritative_zone == name {
+    let rdata = if &auth_zone == name {
        // Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
        Ok(SoaRData {
            mname: auth_zone,
--- a/zns-daemon/src/handlers/update/authenticate.rs
+++ b/zns-daemon/src/handlers/update/authenticate.rs
@ -18,15 +18,20 @@ pub async fn authenticate(
    zone: &LabelString,
    connection: &mut PgConnection,
 ) -> Result<bool, ZNSError> {
-    if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() {
-        let username = &zone.as_slice()
-            [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
+    if zone.len() > Config::get().authoritative_zone.len() {
+        let ssh_verified = match &Config::get().zauth_url {
+            Some(url) => {
+                let username = &zone.as_slice()
+                    [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];

-        let ssh_verified = validate_ssh(&username.to_lowercase(), sig)
-            .await
-            .map_err(|e| ZNSError::Servfail {
-                message: e.to_string(),
-            })?;
+                validate_ssh(&username.to_lowercase(), url, sig)
+                    .await
+                    .map_err(|e| ZNSError::Servfail {
+                        message: e.to_string(),
+                    })?
+            }
+            None => false,
+        };

        if ssh_verified {
            Ok(true)
@ -40,14 +45,14 @@ pub async fn authenticate(
    }
 }

-async fn validate_ssh(username: &String, sig: &Sig) -> Result<bool, reqwest::Error> {
+async fn validate_ssh(
+    username: &String,
+    zauth_url: &String,
+    sig: &Sig,
+) -> Result<bool, reqwest::Error> {
    let client = reqwest::Client::new();
    Ok(client
-        .get(format!(
-            "{}/users/{}/keys",
-            Config::get().zauth_url,
-            username
-        ))
+        .get(format!("{}/users/{}/keys", zauth_url, username))
        .header(ACCEPT, "application/json")
        .send()
        .await?
--- a/zns-daemon/src/handlers/update/mod.rs
+++ b/zns-daemon/src/handlers/update/mod.rs
@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler {
            let rlen = rr.name.as_slice().len();

            // Check if rr has same zone
-            if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) {
+            if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) {
                return Err(ZNSError::Refused {
                    message: "RR has different zone from Question".to_string(),
                });