checker-delegation/checker/interactive.go

//go:build standalone

package checker

import (
	"encoding/json"
	"errors"
	"fmt"
	"net"
	"net/http"
	"strings"

	"github.com/miekg/dns"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

// RenderForm exposes a single "delegated domain" input for the standalone
// /check route. The parent zone is derived by stripping the left-most label
// and the declared NS / DS sets are resolved via the system resolver.
func (p *delegationProvider) RenderForm() []sdk.CheckerOptionField {
	return []sdk.CheckerOptionField{
		{
			Id:          "domain",
			Type:        "string",
			Label:       "Delegated domain",
			Placeholder: "sub.example.com",
			Required:    true,
			Description: "Fully-qualified name of the delegated zone to check.",
		},
	}
}

// ParseForm turns the submitted domain into the CheckerOptions that Collect
// expects: the parent zone, the sub-label, and a synthesized
// abstract.Delegation service populated with the NS / DS records resolved
// via the system resolver.
func (p *delegationProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
	domain := strings.TrimSpace(r.FormValue("domain"))
	if domain == "" {
		return nil, errors.New("domain is required")
	}
	fqdn := dns.Fqdn(domain)
	labels := dns.SplitDomainName(fqdn)
	if len(labels) < 2 {
		return nil, fmt.Errorf("%q has no parent zone", domain)
	}
	parentZone := strings.Join(labels[1:], ".")
	subdomain := labels[0]

	resolver, err := interactiveResolver()
	if err != nil {
		return nil, err
	}

	nsRecords, err := lookupDelegationNS(resolver, fqdn)
	if err != nil {
		return nil, fmt.Errorf("NS lookup for %s: %w", domain, err)
	}
	if len(nsRecords) == 0 {
		return nil, fmt.Errorf("no NS records found for %s", domain)
	}
	dsRecords, err := lookupDelegationDS(resolver, fqdn)
	if err != nil {
		return nil, fmt.Errorf("DS lookup for %s: %w", domain, err)
	}

	body, err := json.Marshal(delegationService{NameServers: nsRecords, DS: dsRecords})
	if err != nil {
		return nil, fmt.Errorf("marshal delegation service: %w", err)
	}

	svc := serviceMessage{
		Type:    "abstract.Delegation",
		Domain:  parentZone,
		Service: body,
	}

	return sdk.CheckerOptions{
		"domain_name": parentZone,
		"subdomain":   subdomain,
		"service":     svc,
	}, nil
}

func interactiveResolver() (string, error) {
	cfg, err := dns.ClientConfigFromFile("/etc/resolv.conf")
	if err != nil || len(cfg.Servers) == 0 {
		return net.JoinHostPort("1.1.1.1", "53"), nil
	}
	return net.JoinHostPort(cfg.Servers[0], cfg.Port), nil
}

func lookupDelegationNS(resolver, fqdn string) ([]*dns.NS, error) {
	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeNS)
	msg.RecursionDesired = true

	c := new(dns.Client)
	in, _, err := c.Exchange(msg, resolver)
	if err != nil {
		return nil, err
	}
	if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError {
		return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode])
	}

	var out []*dns.NS
	for _, rr := range in.Answer {
		if ns, ok := rr.(*dns.NS); ok {
			out = append(out, ns)
		}
	}
	return out, nil
}

func lookupDelegationDS(resolver, fqdn string) ([]*dns.DS, error) {
	msg := new(dns.Msg)
	msg.SetQuestion(fqdn, dns.TypeDS)
	msg.RecursionDesired = true
	msg.SetEdns0(4096, true)

	c := new(dns.Client)
	in, _, err := c.Exchange(msg, resolver)
	if err != nil {
		return nil, err
	}
	if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError {
		return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode])
	}

	var out []*dns.DS
	for _, rr := range in.Answer {
		if ds, ok := rr.(*dns.DS); ok {
			out = append(out, ds)
		}
	}
	return out, nil
}