mirror of
https://github.com/ZeusWPI/ZNS.git
synced 2024-11-21 21:41:10 +01:00
make default soa and zauth optional
This commit is contained in:
parent
0c8775c80e
commit
3779125367
4 changed files with 31 additions and 19 deletions
|
@ -6,11 +6,12 @@ use zns::labelstring::LabelString;
|
|||
static CONFIG: OnceLock<Config> = OnceLock::new();
|
||||
|
||||
pub struct Config {
|
||||
pub zauth_url: String,
|
||||
pub zauth_url: Option<String>,
|
||||
pub db_uri: String,
|
||||
pub authoritative_zone: LabelString,
|
||||
pub port: u16,
|
||||
pub address: IpAddr,
|
||||
pub default_soa: bool,
|
||||
}
|
||||
|
||||
impl Config {
|
||||
|
@ -25,7 +26,7 @@ impl Config {
|
|||
dotenv().ok();
|
||||
Config {
|
||||
db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
|
||||
zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
|
||||
zauth_url: env::var("ZAUTH_URL").ok(),
|
||||
authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
|
||||
port: env::var("ZNS_PORT")
|
||||
.map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
|
||||
|
@ -34,6 +35,10 @@ impl Config {
|
|||
.unwrap_or(String::from("127.0.0.1"))
|
||||
.parse()
|
||||
.expect("ZNS_ADDRESS is invalid"),
|
||||
default_soa: env::var("ZNS_DEFAULT_SOA")
|
||||
.unwrap_or(String::from("true"))
|
||||
.parse()
|
||||
.expect("ZNS_DEFAULT_SOA should have value `true` or `false`"),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler {
|
|||
if rrs.is_empty() {
|
||||
rrs.extend(try_wildcard(question, connection)?);
|
||||
if rrs.is_empty() {
|
||||
if question.qtype == Type::Type(RRType::SOA) {
|
||||
if question.qtype == Type::Type(RRType::SOA)
|
||||
&& Config::get().default_soa
|
||||
{
|
||||
rrs.extend([get_soa(&question.qname)?])
|
||||
} else {
|
||||
return Err(ZNSError::NXDomain {
|
||||
|
@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result<Ve
|
|||
|
||||
fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
|
||||
let auth_zone = Config::get().authoritative_zone.clone();
|
||||
let rdata = if &Config::get().authoritative_zone == name {
|
||||
let rdata = if &auth_zone == name {
|
||||
// Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
|
||||
Ok(SoaRData {
|
||||
mname: auth_zone,
|
||||
|
|
|
@ -18,15 +18,20 @@ pub async fn authenticate(
|
|||
zone: &LabelString,
|
||||
connection: &mut PgConnection,
|
||||
) -> Result<bool, ZNSError> {
|
||||
if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() {
|
||||
if zone.len() > Config::get().authoritative_zone.len() {
|
||||
let ssh_verified = match &Config::get().zauth_url {
|
||||
Some(url) => {
|
||||
let username = &zone.as_slice()
|
||||
[zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
|
||||
|
||||
let ssh_verified = validate_ssh(&username.to_lowercase(), sig)
|
||||
validate_ssh(&username.to_lowercase(), url, sig)
|
||||
.await
|
||||
.map_err(|e| ZNSError::Servfail {
|
||||
message: e.to_string(),
|
||||
})?;
|
||||
})?
|
||||
}
|
||||
None => false,
|
||||
};
|
||||
|
||||
if ssh_verified {
|
||||
Ok(true)
|
||||
|
@ -40,14 +45,14 @@ pub async fn authenticate(
|
|||
}
|
||||
}
|
||||
|
||||
async fn validate_ssh(username: &String, sig: &Sig) -> Result<bool, reqwest::Error> {
|
||||
async fn validate_ssh(
|
||||
username: &String,
|
||||
zauth_url: &String,
|
||||
sig: &Sig,
|
||||
) -> Result<bool, reqwest::Error> {
|
||||
let client = reqwest::Client::new();
|
||||
Ok(client
|
||||
.get(format!(
|
||||
"{}/users/{}/keys",
|
||||
Config::get().zauth_url,
|
||||
username
|
||||
))
|
||||
.get(format!("{}/users/{}/keys", zauth_url, username))
|
||||
.header(ACCEPT, "application/json")
|
||||
.send()
|
||||
.await?
|
||||
|
|
|
@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler {
|
|||
let rlen = rr.name.as_slice().len();
|
||||
|
||||
// Check if rr has same zone
|
||||
if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) {
|
||||
if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) {
|
||||
return Err(ZNSError::Refused {
|
||||
message: "RR has different zone from Question".to_string(),
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue