checker: expose standalone /check route via CheckerInteractive
Implements RenderForm/ParseForm on the provider: users can hit /check with just a domain name; ParseForm resolves CAA records via direct DNS queries (walking up the label tree per RFC 8659) and hands the SDK a synthetic service payload so the standard Collect → Evaluate pipeline runs without a happyDomain host. TLS probes are not gathered here, so the rule reports StatusUnknown for the TLS cross-check in this mode.
This commit is contained in:
parent
2c1eb7560c
commit
1d562e7aa4
1 changed files with 4 additions and 3 deletions
|
|
@ -36,6 +36,7 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
|
|||
return nil, errors.New("domain is required")
|
||||
}
|
||||
domain = dns.Fqdn(domain)
|
||||
bare := strings.TrimSuffix(domain, ".")
|
||||
|
||||
records, err := lookupCAA(domain)
|
||||
if err != nil {
|
||||
|
|
@ -55,12 +56,12 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
|
|||
|
||||
svc := serviceMessage{
|
||||
Type: serviceType,
|
||||
Domain: strings.TrimSuffix(domain, "."),
|
||||
Domain: bare,
|
||||
Service: svcBody,
|
||||
}
|
||||
|
||||
return sdk.CheckerOptions{
|
||||
"domain": strings.TrimSuffix(domain, "."),
|
||||
"domain": bare,
|
||||
"service": svc,
|
||||
}, nil
|
||||
}
|
||||
|
|
@ -74,12 +75,12 @@ func lookupCAA(fqdn string) ([]CAARecord, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
c := new(dns.Client)
|
||||
for name := fqdn; name != "" && name != "."; {
|
||||
msg := new(dns.Msg)
|
||||
msg.SetQuestion(name, dns.TypeCAA)
|
||||
msg.RecursionDesired = true
|
||||
|
||||
c := new(dns.Client)
|
||||
in, _, err := c.Exchange(msg, resolver)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue