tiennm99/is-a-dev
1
0
Fork 0
mirror of https://github.com/tiennm99/is-a-dev.git synced 2026-05-24 23:36:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into patch-11

Browse Source
This commit is contained in:
William Harrison
2025-01-13 20:05:52 +11:00
committed by GitHub
parent 347cbf5532 5ca8e5bdbb
commit 545dc0c197
23 changed files with 429 additions and 320 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/publish.yml
+6 -1
View File
@@ -21,10 +21,15 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Run tests
run: |
npm install
npx ava tests/*.test.js
- name: Generate creds.json
run: echo '{"cloudflare":{"TYPE":"CLOUDFLAREAPI","apitoken":"$CLOUDFLARE_API_TOKEN"}}' > ./creds.json
- name: Publish
- name: Push DNS records
uses: is-a-dev/dnscontrol-action@main
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
.github/workflows/validation.yml
+4 -6
View File
@@ -19,14 +19,13 @@ concurrency:
cancel-in-progress: true
jobs:
dns:
name: DNS
dnscontrol:
name: DNSControl
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check
uses: is-a-dev/dnscontrol-action@main
- uses: is-a-dev/dnscontrol-action@main
with:
args: check
@@ -38,5 +37,4 @@ jobs:
- run: npm install
- name: Run tests
run: npx ava tests/*.test.js
- run: npx ava tests/*.test.js
dnsconfig.js
+8 -45
View File
@@ -29,18 +29,14 @@ for (var subdomain in domains) {
// Handle A records
if (domainData.record.A) {
for (var a in domainData.record.A) {
records.push(
A(subdomainName, IP(domainData.record.A[a]), proxyState)
);
records.push(A(subdomainName, IP(domainData.record.A[a]), proxyState));
}
}
// Handle AAAA records
if (domainData.record.AAAA) {
for (var aaaa in domainData.record.AAAA) {
records.push(
AAAA(subdomainName, domainData.record.AAAA[aaaa], proxyState)
);
records.push(AAAA(subdomainName, domainData.record.AAAA[aaaa], proxyState));
}
}
@@ -48,29 +44,14 @@ for (var subdomain in domains) {
if (domainData.record.CAA) {
for (var caa in domainData.record.CAA) {
var caaRecord = domainData.record.CAA[caa];
records.push(
CAA(
subdomainName,
caaRecord.flags,
caaRecord.tag,
caaRecord.value
)
);
records.push(CAA(subdomainName, caaRecord.tag, caaRecord.value));
}
}
// Handle CNAME records
if (domainData.record.CNAME) {
// Allow CNAME record on root
if (subdomainName === "@") {
records.push(
ALIAS(subdomainName, domainData.record.CNAME + ".", proxyState)
);
} else {
records.push(
CNAME(subdomainName, domainData.record.CNAME + ".", proxyState)
);
}
// Use ALIAS instead of CNAME to support CNAME flattening on the root domain
records.push(ALIAS(subdomainName, domainData.record.CNAME + ".", proxyState));
}
// Handle DS records
@@ -78,13 +59,7 @@ for (var subdomain in domains) {
for (var ds in domainData.record.DS) {
var dsRecord = domainData.record.DS[ds];
records.push(
DS(
subdomainName,
dsRecord.key_tag,
dsRecord.algorithm,
dsRecord.digest_type,
dsRecord.digest
)
DS(subdomainName, dsRecord.key_tag, dsRecord.algorithm, dsRecord.digest_type, dsRecord.digest)
);
}
}
@@ -92,13 +67,7 @@ for (var subdomain in domains) {
// Handle MX records
if (domainData.record.MX) {
for (var mx in domainData.record.MX) {
records.push(
MX(
subdomainName,
10 + parseInt(mx),
domainData.record.MX[mx] + "."
)
);
records.push(MX(subdomainName, 10 + parseInt(mx), domainData.record.MX[mx] + "."));
}
}
@@ -114,13 +83,7 @@ for (var subdomain in domains) {
for (var srv in domainData.record.SRV) {
var srvRecord = domainData.record.SRV[srv];
records.push(
SRV(
subdomainName,
srvRecord.priority,
srvRecord.weight,
srvRecord.port,
srvRecord.target + "."
)
SRV(subdomainName, srvRecord.priority, srvRecord.weight, srvRecord.port, srvRecord.target + ".")
);
}
}
domains/_discord.krunch.json
+1 -1
View File
@@ -1,7 +1,7 @@
{
"owner": {
"username": "RadioactivePotato",
"discord": "krunchiekrunch._."
"discord": "1166013268008120340"
},
"record": {
"TXT": "dh=df2bf9fb87a1dc3ee29c6ddfa51ed86da28581c5"
domains/_github-pages-challenge-radioactivepotato.krunch.json
+1 -1
View File
@@ -1,7 +1,7 @@
{
"owner": {
"username": "RadioactivePotato",
"discord": "krunchiekrunch._."
"discord": "1166013268008120340"
},
"record": {
"TXT": "05dc6febabf44f8decab35d01609ee"
domains/aasoft.json
+10
View File
@@ -0,0 +1,10 @@
{
"description": "alireza mohebbi threejs project - aasoft.ir",
"owner": {
"username": "aasoftir",
"email": "aasoftmohebbi@gmail.com"
},
"record": {
"URL": "https://glitch-text-threejs.vercel.app/"
}
}
domains/callcon.json
+9
View File
@@ -0,0 +1,9 @@
{
"owner": {
"username": "ItzYoVishal",
"email": "rockstarelitecoc@gmail.com"
},
"record": {
"A": ["4.157.244.201"]
}
}
domains/krunch.json
+1 -1
View File
@@ -3,7 +3,7 @@
"repo": "https://github.com/RadioactivePotato/krunch-is-a-dev",
"owner": {
"username": "RadioactivePotato",
"discord": "krunchiekrunch._."
"discord": "1166013268008120340"
},
"record": {
"CNAME": "krunch.pages.dev"
domains/link.krunch.json
-9
View File
@@ -1,9 +0,0 @@
{
"owner": {
"username": "RadioactivePotato",
"discord": "krunchiekrunch._."
},
"record": {
"CNAME": "cname.short.io"
}
}
domains/luisandre.json
+1 -2
View File
@@ -4,7 +4,6 @@
"email": "luis073094@gmail.com"
},
"record": {
"URL": "https://portafolioluisandre.azurewebsites.net",
"A": ["20.206.176.7"]
"URL": "https://portafolioluisandre.azurewebsites.net"
}
}
domains/mail.krunch.json
+2 -2
View File
@@ -1,8 +1,8 @@
{
"description": "ImprovMX Email",
"description": "ImprovMX Mail Forwarding",
"owner": {
"username": "RadioactivePotato",
"discord": "krunchiekrunch._."
"discord": "1166013268008120340"
},
"record": {
"MX": ["mx1.improvmx.com", "mx2.improvmx.com"],
domains/marcos.json
+11
View File
@@ -0,0 +1,11 @@
{
"description": "Developer portfolio",
"repo": "https://github.com/mtoranzo",
"owner": {
"username": "mtoranzo",
"email": "mtoranzo@gmail.com"
},
"record": {
"CNAME": "mtoranzo.github.io"
}
}
domains/minhtuan-1.json
+11
View File
@@ -0,0 +1,11 @@
{
"description": "profile-tuan.dev",
"owner": {
"username": "tuannguyen2002",
"email": "nxmtuan.2002@gmail.com",
"discord": "nightfury06749"
},
"record": {
"CNAME": "cname.vercel-dns.com"
}
}
domains/peme969.json
+1 -1
View File
@@ -11,7 +11,7 @@
"185.199.111.153"
],
"TXT":[
"forward-email=MzY4NGZhMjBlZjg4YjBhOC1lZjllYjNhOWE3YzFiNzE0ZWU5OGYwOTdmN2E0YTUzMWFmYjk5M2NhNTA1NGRjZTQ2ZmZlNjA4NWY3ODMyNzNh"
"forward-email=NTQwMmZhNmI3ZmRiMzQxNC1mOTU1YmRmOGJhMTQxMzhkMGRiNzUwMzg0MzFhOTI4OGE0ZmUwZDYyZTZmZDMyODkwYTE4OGE0ZmQ2YjFjOTk4MjkxN2NlMTUzMTgyNDZlYzE4ZWFkNDllYTBmNDNjY2M4NWVmZGFhMjdhNmY0ODFhZWM0ZWM4ZjhiMzJiMTIyMA=="
],
"MX":[
"mx1.forwardemail.net",
domains/sticknologic.json
+16
View File
@@ -0,0 +1,16 @@
{
"description": "Simple Portfolio and Blog Website",
"repo": "https://github.com/sticknologic",
"owner": {
"username": "sticknologic",
"x": "STICKnoLOGIC",
"facebook":"STICKnoLOGIC",
"bsky":"STICKnoLOGIC"
},
"record": {
"NS": [
"ns1.heliohost.org",
"ns2.heliohost.org"
]
}
}
domains/tafviet.json
+11
View File
@@ -0,0 +1,11 @@
{
"description": "Landing page for tafviet.is-a.dev",
"repo": "https://github.com/is-a-dev/docs",
"owner": {
"username": "is-a-dev",
"email": "meccar@protonmail.com"
},
"record": {
"CNAME": "meccar.github.io"
}
}
domains/w.json
+3
View File
@@ -5,5 +5,8 @@
},
"record": {
"URL": "https://william.is-a.dev"
},
"redirect_config": {
"redirect_paths": true
}
}
domains/william.json
+7 -1
View File
@@ -4,6 +4,12 @@
"email": "william@is-a.dev"
},
"record": {
"URL": "https://github.com/wdhdev"
"URL": "https://wharrison.com.au"
},
"redirect_config": {
"custom_paths": {
"/github": "https://github.com/wdhdev"
},
"redirect_paths": true
}
}
tests/domains.test.js
+24 -87
View File
@@ -5,72 +5,52 @@ const path = require("path");
const domainsPath = path.resolve("domains");
const files = fs.readdirSync(domainsPath);
function getParentSubdomain(subdomain) {
const parts = subdomain.split(".");
if (parts.length <= 1) return null; // No parent for top-level subdomains
// Attempt to find the parent subdomain by removing the last part
for (let i = parts.length - 1; i > 0; i--) {
const potentialParent = parts.slice(i - 1).join(".");
if (files.includes(`${potentialParent}.json`)) {
return potentialParent; // Return the parent subdomain if it exists
}
}
return null; // Return null if no valid parent is found
}
const domainCache = {};
function getDomainData(subdomain) {
if (domainCache[subdomain]) {
return domainCache[subdomain];
}
try {
return fs.readJsonSync(path.join(domainsPath, `${subdomain}.json`));
const data = fs.readJsonSync(path.join(domainsPath, `${subdomain}.json`));
domainCache[subdomain] = data; // Cache the domain data
return data;
} catch (error) {
throw new Error(`Failed to read JSON for ${subdomain}: ${error.message}`);
}
}
function expandReservedDomains() {
const reserved = require("../util/reserved-domains.json");
const expandedList = [...reserved];
function getParentSubdomain(subdomain) {
const parts = subdomain.split(".");
for (const item of reserved) {
const rangeMatch = item.match(/\[(\d+)-(\d+)\]/); // Matches [min-max]
if (parts.length <= 1) return null; // No parent for top-level subdomains
if (rangeMatch) {
const prefix = item.split("[")[0];
const start = parseInt(rangeMatch[1], 10);
const end = parseInt(rangeMatch[2], 10);
// Try to find the parent subdomain by iterating over the parts
for (let i = parts.length - 1; i > 0; i--) {
const potentialParent = parts.slice(i - 1).join(".");
if (start < end) {
for (let i = start; i <= end; i++) {
expandedList.push(prefix + i);
}
expandedList.splice(expandedList.indexOf(item), 1);
} else {
throw new Error(`[util/reserved-domains.json] Invalid range [${start}-${end}] in "${item}"`);
}
if (files.includes(`${potentialParent}.json`)) {
return potentialParent;
}
}
return expandedList;
return null;
}
t("Nested subdomains should not exist without a parent subdomain", (t) => {
for (const file of files) {
files.forEach((file) => {
const subdomain = file.replace(/\.json$/, "");
if (subdomain.split(".").length > 1) {
const parentSubdomain = getParentSubdomain(subdomain);
t.true(files.includes(`${parentSubdomain}.json`), `${file}: Parent subdomain does not exist`);
t.true(parentSubdomain && files.includes(`${parentSubdomain}.json`), `${file}: Parent subdomain does not exist`);
}
}
t.pass();
});
});
t("Nested subdomains should not exist if the parent subdomain has NS records", (t) => {
for (const file of files) {
files.forEach((file) => {
const subdomain = file.replace(/\.json$/, "");
if (subdomain.split(".").length > 1) {
@@ -79,18 +59,15 @@ t("Nested subdomains should not exist if the parent subdomain has NS records", (
t.true(!parentDomain.record.NS, `${file}: Parent subdomain has NS records`);
}
}
t.pass();
});
});
t("Nested subdomains should be owned by the parent subdomain's owner", (t) => {
for (const file of files) {
files.forEach((file) => {
const subdomain = file.replace(/\.json$/, "");
if (subdomain.split(".").length > 1) {
const data = getDomainData(subdomain);
const parentSubdomain = getParentSubdomain(subdomain);
const parentDomain = getDomainData(parentSubdomain);
@@ -99,45 +76,5 @@ t("Nested subdomains should be owned by the parent subdomain's owner", (t) => {
`${file}: Owner does not match the parent subdomain`
);
}
}
});
});
const reservedDomains = expandReservedDomains();
t("Subdomain names must not be reserved", (t) => {
for (const file of files) {
const subdomain = file.replace(/\.json$/, "");
t.true(!reservedDomains.includes(subdomain), `${file}: Subdomain name is reserved`);
}
t.pass();
});
t("Reserved domains file should be valid", (t) => {
const subdomainRegex = /^_?[a-zA-Z0-9]+([-\.][a-zA-Z0-9]+)*(\[\d+-\d+\])?$/;
for (const item of reservedDomains) {
t.regex(
item,
subdomainRegex,
`[util/reserved-domains.json] Invalid subdomain name "${item}" at index ${reservedDomains.indexOf(item)}`
);
}
t.pass();
});
const exceptedDomains = require("../util/excepted-domains.json");
t("Subdomains on the root should not start with an underscore", (t) => {
for (const file of files) {
const subdomain = file.replace(/\.json$/, "");
if (subdomain.split(".").length === 1 && !exceptedDomains.includes(subdomain)) {
t.true(subdomain[0] !== "_", `${file}: Root subdomains should not start with an underscore`);
}
}
t.pass();
})
tests/json.test.js
+99 -52
View File
@@ -2,13 +2,16 @@ const t = require("ava");
const fs = require("fs-extra");
const path = require("path");
const ignoredRootJSONFiles = ["package-lock.json", "package.json"];
const requiredFields = {
owner: "object",
record: "object"
};
const optionalFields = {
proxied: "boolean"
proxied: "boolean",
redirect_config: "object"
};
const requiredOwnerFields = {
@@ -19,31 +22,87 @@ const optionalOwnerFields = {
email: "string"
};
const optionalRedirectConfigFields = {
custom_paths: "object",
redirect_paths: "boolean"
};
const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
const hostnameRegex = /^(?=.{1,253}$)(?:(?:[_a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)\.)+[a-zA-Z]{2,63}$/;
const exceptedDomains = require("../util/excepted-domains.json");
const reservedDomains = require("../util/reserved-domains.json");
const domainsPath = path.resolve("domains");
const files = fs.readdirSync(domainsPath);
function validateRequiredFields(t, obj, requiredFields, file) {
Object.keys(requiredFields).forEach((key) => {
t.true(obj.hasOwnProperty(key), `${file}: Missing required field: ${key}`);
t.is(typeof obj[key], requiredFields[key], `${file}: Field ${key} should be of type ${requiredFields[key]}`);
});
}
const expandReservedDomains = (reserved) => {
const expandedList = [...reserved];
reserved.forEach((item) => {
const rangeMatch = item.match(/\[(\d+)-(\d+)\]/);
if (rangeMatch) {
const prefix = item.split("[")[0];
const start = parseInt(rangeMatch[1], 10);
const end = parseInt(rangeMatch[2], 10);
if (start < end) {
for (let i = start; i <= end; i++) {
expandedList.push(prefix + i);
}
expandedList.splice(expandedList.indexOf(item), 1);
} else {
throw new Error(`[util/reserved-domains.json] Invalid range [${start}-${end}] in "${item}"`);
}
}
});
return expandedList;
};
const expandedReservedDomains = expandReservedDomains(reservedDomains);
function validateFields(t, obj, fields, file, prefix = "") {
Object.keys(fields).forEach((key) => {
const fieldPath = prefix ? `${prefix}.${key}` : key;
function validateOptionalFields(t, obj, optionalFields, file) {
Object.keys(optionalFields).forEach((key) => {
if (obj.hasOwnProperty(key)) {
t.is(
typeof obj[key],
optionalFields[key],
`${file}: Field ${key} should be of type ${optionalFields[key]}`
);
t.is(typeof obj[key], fields[key], `${file}: Field ${fieldPath} should be of type ${fields[key]}`);
} else if (fields === requiredFields) {
t.true(false, `${file}: Missing required field: ${fieldPath}`);
}
});
}
function validateFileName(t, file) {
t.true(file.endsWith(".json"), `${file}: File does not have .json extension`);
t.false(file.includes(".is-a.dev"), `${file}: File name should not contain .is-a.dev`);
t.true(file === file.toLowerCase(), `${file}: File name should be all lowercase`);
// Ignore root domain
if (file !== "@.json") {
const subdomain = file.replace(/\.json$/, "");
t.regex(
subdomain + ".is-a.dev",
hostnameRegex,
`${file}: FQDN must be 1-253 characters, use letters, numbers, dots, or hyphens, and not start or end with a hyphen.`
);
t.true(!expandedReservedDomains.includes(subdomain), `${file}: Subdomain name is reserved`);
if (subdomain.split(".").length === 1 && !exceptedDomains.includes(subdomain)) {
t.false(subdomain.startsWith("_"), `${file}: Root subdomains should not start with an underscore`);
}
}
}
t("JSON files should not be in the root directory", (t) => {
const rootFiles = fs
.readdirSync(path.resolve())
.filter((file) => file.endsWith(".json") && !ignoredRootJSONFiles.includes(file));
t.is(rootFiles.length, 0, "JSON files should not be in the root directory");
});
t("All files should be valid JSON", (t) => {
files.forEach((file) => {
t.notThrows(() => fs.readJsonSync(path.join(domainsPath, file)), `${file}: Invalid JSON file`);
@@ -52,59 +111,47 @@ t("All files should be valid JSON", (t) => {
t("All files should have valid file names", (t) => {
files.forEach((file) => {
t.true(file.endsWith(".json"), `${file}: File does not have .json extension`);
t.false(file.includes(".is-a.dev"), `${file}: File name should not contain .is-a.dev`);
t.true(file === file.toLowerCase(), `${file}: File name should be lowercase`);
// Ignore root domain
if (file !== "@.json") {
const subdomain = file.replace(/\.json$/, "");
t.regex(
subdomain + ".is-a.dev",
hostnameRegex,
`${file}: FQDN must be 1-253 characters, use letters, numbers, dots, or hyphens, and not start or end with a hyphen.`
);
}
validateFileName(t, file);
});
});
t("All files should have the required fields", (t) => {
t("All files should have valid required and optional fields", (t) => {
files.forEach((file) => {
const data = fs.readJsonSync(path.join(domainsPath, file));
// Validate top-level required fields
validateRequiredFields(t, data, requiredFields, file);
validateFields(t, data, requiredFields, file);
// Validate owner object fields
validateRequiredFields(t, data.owner, requiredOwnerFields, file);
// Validate owner fields
validateFields(t, data.owner, requiredOwnerFields, file, "owner");
validateFields(t, data.owner, optionalOwnerFields, file, "owner");
// Validate optional fields for top-level and redirect config
validateFields(t, data, optionalFields, file);
if (data.redirect_config) {
validateFields(t, data.redirect_config, optionalRedirectConfigFields, file, "redirect_config");
}
// Validate email format
if (data.owner.email) {
t.regex(data.owner.email, emailRegex, `${file}: Owner email should be a valid email address`);
}
// Ensure 'record' field is not empty
t.true(Object.keys(data.record).length > 0, `${file}: Missing DNS records`);
});
});
t("All files should have valid optional fields", (t) => {
files.forEach((file) => {
const data = fs.readJsonSync(path.join(domainsPath, file));
t("Reserved domains file should be valid", (t) => {
const subdomainRegex = /^_?[a-zA-Z0-9]+([-\.][a-zA-Z0-9]+)*(\[\d+-\d+\])?$/;
// Validate optional fields at top level
validateOptionalFields(t, data, optionalFields, file);
// Validate optional fields for owner object
validateOptionalFields(t, data.owner, optionalOwnerFields, file);
// Email validation (if provided)
if (data.owner.email) {
t.regex(data.owner.email, emailRegex, `${file}: Owner email should be a valid email address`);
}
expandedReservedDomains.forEach((item, index) => {
t.regex(
item,
subdomainRegex,
`[util/reserved-domains.json] Invalid subdomain name "${item}" at index ${index}`
);
});
});
const ignoredJSONFiles = ["package-lock.json", "package.json"];
t("JSON files should not be in the root directory", (t) => {
const rootFiles = fs
.readdirSync(path.resolve())
.filter((file) => file.endsWith(".json") && !ignoredJSONFiles.includes(file));
t.is(rootFiles.length, 0, "JSON files should not be in the root directory");
t.pass();
});
tests/proxy.test.js
+19 -4
View File
@@ -3,10 +3,25 @@ const fs = require("fs-extra");
const path = require("path");
const requiredRecordsToProxy = new Set(["A", "AAAA", "CNAME"]);
// URL records are not listed here because they are proxied by default, so they don't need the proxied flag
const domainCache = {};
function getDomainData(file) {
if (domainCache[file]) {
return domainCache[file];
}
try {
const data = fs.readJsonSync(path.join(domainsPath, file));
domainCache[file] = data;
return data;
} catch (error) {
throw new Error(`Failed to read JSON for ${file}: ${error.message}`);
}
}
function validateProxiedRecords(t, data, file) {
// Convert the Set to an array for message display
// Convert the Set to an array for message display (moved outside the loop to optimize performance)
const recordTypes = Array.from(requiredRecordsToProxy).join(", ");
if (data.proxied) {
@@ -22,9 +37,9 @@ function validateProxiedRecords(t, data, file) {
const domainsPath = path.resolve("domains");
const files = fs.readdirSync(domainsPath).filter((file) => file.endsWith(".json"));
t("Domains with proxy enabled should have at least one record that can be proxied", (t) => {
t("Domains with proxy enabled must have at least one proxy-able record", (t) => {
files.forEach((file) => {
const domain = fs.readJsonSync(path.join(domainsPath, file));
const domain = getDomainData(file);
validateProxiedRecords(t, domain, file);
});
tests/records.test.js
+184 -105
View File
@@ -3,18 +3,32 @@ const fs = require("fs-extra");
const path = require("path");
const validRecordTypes = new Set(["A", "AAAA", "CAA", "CNAME", "DS", "MX", "NS", "SRV", "TXT", "URL"]);
const hostnameRegex = /^(?=.{1,253}$)(?:(?:[_a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)\.)+[a-zA-Z]{2,63}$/;
const ipv4Regex = /^(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}$/;
const ipv6Regex =
/^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::(?:[0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:$|^(?:[0-9a-fA-F]{1,4}:){0,6}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}$/;
const domainsPath = path.resolve("domains");
const files = fs.readdirSync(domainsPath);
const files = fs.readdirSync(domainsPath).filter((file) => file.endsWith(".json"));
const domainCache = {};
function getDomainData(file) {
if (domainCache[file]) {
return domainCache[file];
}
try {
const data = fs.readJsonSync(path.join(domainsPath, file));
domainCache[file] = data;
return data;
} catch (error) {
throw new Error(`Failed to read JSON for ${file}: ${error.message}`);
}
}
function expandIPv6(ip) {
let segments = ip.split(":");
const emptyIndex = segments.indexOf("");
if (emptyIndex !== -1) {
@@ -31,7 +45,7 @@ function expandIPv6(ip) {
return segments.map((segment) => segment.padStart(4, "0")).join(":");
}
function validateIPv4(ip, proxied, file, index) {
function validateIPv4(ip, proxied) {
const parts = ip.split(".").map(Number);
if (parts.length !== 4 || parts.some((part) => isNaN(part) || part < 0 || part > 255)) return false;
@@ -74,135 +88,200 @@ function isValidHexadecimal(value) {
return /^[0-9a-fA-F]+$/.test(value);
}
function validateRecordValues(t, data, file) {
const subdomain = file.replace(/\.json$/, "");
Object.entries(data.record).forEach(([key, value]) => {
// General validation for arrays
if (["A", "AAAA", "MX", "NS"].includes(key)) {
t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`);
value.forEach((record, idx) => {
t.true(
typeof record === "string",
`${file}: Record value for ${key} should be a string at index ${idx}`
);
if (key === "A") {
t.true(ipv4Regex.test(record), `${file}: Invalid IPv4 address for ${key} at index ${idx}`);
t.true(
validateIPv4(record, data.proxied),
`${file}: Invalid IPv4 address for ${key} at index ${idx}`
);
} else if (key === "AAAA") {
const expandedIPv6 = expandIPv6(record);
t.true(ipv6Regex.test(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`);
t.true(validateIPv6(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`);
} else if (["MX", "NS"].includes(key)) {
t.true(isValidHostname(record), `${file}: Invalid hostname for ${key} at index ${idx}`);
}
});
}
// CNAME and URL validations
if (["CNAME", "URL"].includes(key)) {
t.true(typeof value === "string", `${file}: Record value for ${key} should be a string`);
if (key === "CNAME") {
t.true(isValidHostname(value), `${file}: Invalid hostname for ${key}`);
t.true(value !== file, `${file}: CNAME cannot point to itself`);
} else if (key === "URL") {
t.true(
value.startsWith("http://") || value.startsWith("https://"),
`${file}: Record value for ${key} must start with http:// or https://`
);
t.notThrows(() => new URL(value), `${file}: Invalid URL for ${key}`);
const urlHost = new URL(value).host;
const isSelfReferencing =
file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`;
t.true(!isSelfReferencing, `${file}: URL cannot point to itself`);
}
}
// CAA, DS, SRV validations
if (["CAA", "DS", "SRV"].includes(key)) {
t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`);
value.forEach((record, idx) => {
t.true(
typeof record === "object",
`${file}: Record value for ${key} should be an object at index ${idx}`
);
if (key === "CAA") {
t.true(
["issue", "issuewild", "iodef"].includes(record.tag),
`${file}: Invalid tag for CAA at index ${idx}`
);
t.true(typeof record.value === "string", `${file}: Invalid value for CAA at index ${idx}`);
t.true(
isValidHostname(record.value) || record.value === ";",
`${file}: Value must be a hostname or semicolon for CAA at index ${idx}`
);
} else if (key === "DS") {
t.true(
Number.isInteger(record.key_tag) && record.key_tag >= 0 && record.key_tag <= 65535,
`${file}: Invalid key_tag for DS at index ${idx}`
);
t.true(
Number.isInteger(record.algorithm) && record.algorithm >= 0 && record.algorithm <= 255,
`${file}: Invalid algorithm for DS at index ${idx}`
);
t.true(
Number.isInteger(record.digest_type) && record.digest_type >= 0 && record.digest_type <= 255,
`${file}: Invalid digest_type for DS at index ${idx}`
);
t.true(isValidHexadecimal(record.digest), `${file}: Invalid digest for DS at index ${idx}`);
} else if (key === "SRV") {
t.true(
Number.isInteger(record.priority) && record.priority >= 0 && record.priority <= 65535,
`${file}: Invalid priority for SRV at index ${idx}`
);
t.true(
Number.isInteger(record.weight) && record.weight >= 0 && record.weight <= 65535,
`${file}: Invalid weight for SRV at index ${idx}`
);
t.true(
Number.isInteger(record.port) && record.port >= 0 && record.port <= 65535,
`${file}: Invalid port for SRV at index ${idx}`
);
t.true(isValidHostname(record.target), `${file}: Invalid target for SRV at index ${idx}`);
}
});
}
// TXT validation
if (key === "TXT") {
const values = Array.isArray(value) ? value : [value];
values.forEach((record, idx) => {
t.true(typeof record === "string", `${file}: TXT record value should be a string at index ${idx}`);
});
}
});
if (data.redirect_config) {
const customPaths = Object.keys(data.redirect_config.custom_paths || {});
const pathRegex = /^\/[a-zA-Z0-9\-_\.\/]+(?<!\/)$/;
customPaths.forEach((customPath, idx) => {
const customRedirectURL = data.redirect_config.custom_paths[customPath];
const urlMessage = `${file}: Custom path in redirect_config`;
// Validate the custom path
t.true(
pathRegex.test(customPath),
`${urlMessage} must start with a slash, contain only alphanumeric characters, hyphens, underscores, periods, and slashes, and cannot end with a slash at index ${idx}`
);
t.true(
customPath.length >= 2 && customPath.length <= 255,
`${urlMessage} should be 2-255 characters long at index ${idx}`
);
// Validate the redirect URL
t.true(
data.record.URL !== customRedirectURL,
`${urlMessage} should be different from the URL record at index ${idx}`
);
t.true(
customRedirectURL.startsWith("http://") || customRedirectURL.startsWith("https://"),
`${urlMessage} must start with http:// or https:// at index ${idx}`
);
t.notThrows(() => new URL(customRedirectURL), `${urlMessage} contains an invalid URL at index ${idx}`);
// Check for self-referencing redirects
const urlHost = new URL(customRedirectURL).host;
const isSelfReferencing = file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`;
t.true(!isSelfReferencing, `${urlMessage} cannot point to itself at index ${idx}`);
});
}
}
t("All files should have valid record types", (t) => {
files.forEach((file) => {
const data = fs.readJsonSync(path.join(domainsPath, file));
const data = getDomainData(file);
const recordKeys = Object.keys(data.record);
recordKeys.forEach((key) => {
t.true(validateRecordType(key), `${file}: Invalid record type: ${key}`);
});
// Specific record rules for CNAME, NS, and DS
// Record type combinations validation
if (recordKeys.includes("CNAME") && !data.proxied) {
t.is(recordKeys.length, 1, `${file}: CNAME records cannot be combined with other records unless proxied`);
}
if (recordKeys.includes("NS")) {
t.true(
recordKeys.length === 1 || (recordKeys.length === 2 && recordKeys.includes("DS")),
`${file}: NS records cannot be combined with other records, except for DS records`
);
}
if (recordKeys.includes("DS")) {
t.true(recordKeys.includes("NS"), `${file}: DS records must be combined with NS records`);
}
if (recordKeys.includes("URL")) {
t.true(
!recordKeys.includes("A") && !recordKeys.includes("AAAA") && !recordKeys.includes("CNAME"),
`${file}: URL records cannot be combined with A, AAAA, or CNAME records`
);
}
if (data.redirect_config) {
t.true(recordKeys.includes("URL"), `${file}: Redirect config must be combined with a URL record`);
}
validateRecordValues(t, data, file);
});
t.pass();
});
t("All files should not have duplicate record keys", (t) => {
files.forEach((file) => {
const data = fs.readJsonSync(path.join(domainsPath, file));
const data = getDomainData(file);
const recordKeys = Object.keys(data.record);
const uniqueRecordKeys = new Set(recordKeys);
t.is(recordKeys.length, uniqueRecordKeys.size, `${file}: Duplicate record keys found`);
});
});
t("All files should have valid record values", (t) => {
files.forEach((file) => {
const data = fs.readJsonSync(path.join(domainsPath, file));
Object.keys(data.record).forEach((key) => {
const value = data.record[key];
const subdomain = file.replace(/\.json$/, ""); // Get the subdomain from the filename
// Validate A, AAAA, MX, NS records: Array of strings
if (["A", "AAAA", "MX", "NS"].includes(key)) {
t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`);
value.forEach((record, idx) => {
t.true(
typeof record === "string",
`${file}: Record value for ${key} should be a string at index ${idx}`
);
if (key === "A") {
t.regex(record, ipv4Regex, `${file}: Invalid IPv4 address for ${key} at index ${idx}`);
t.true(
validateIPv4(record, data.proxied, file, idx),
`${file}: Invalid IPv4 address for ${key} at index ${idx}`
);
}
if (key === "AAAA") {
t.regex(
expandIPv6(record),
ipv6Regex,
`${file}: Invalid IPv6 address for ${key} at index ${idx}`
);
t.true(validateIPv6(record), `${file}: Invalid IPv6 address for ${key} at index ${idx}`);
}
if (["MX", "NS"].includes(key)) {
t.true(isValidHostname(record), `${file}: Invalid hostname for ${key} at index ${idx}`);
}
});
}
// Validate CNAME and URL records: Single string
if (["CNAME", "URL"].includes(key)) {
t.true(typeof value === "string", `${file}: Record value for ${key} should be a string`);
if (key === "CNAME") {
t.true(isValidHostname(value), `${file}: Invalid hostname for ${key}`);
t.true(value !== file, `${file}: CNAME cannot point to itself`);
if (file === "@.json") {
t.true(value !== "is-a.dev", `${file}: CNAME cannot point to itself`);
}
}
if (key === "URL") {
t.true(value.startsWith("http://") || value.startsWith("https://"), `${file}: Record value for ${key} must start with http:// or https://`)
t.notThrows(() => new URL(value), `${file}: Invalid URL for ${key}`);
}
}
// Validate CAA, DS, SRV records: Array of objects
if (["CAA", "DS", "SRV"].includes(key)) {
t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`);
value.forEach((record, idx) => {
t.true(
typeof record === "object",
`${file}: Record value for ${key} should be an object at index ${idx}`
);
if (key === "DS") {
t.true(
Number.isInteger(record.key_tag) && record.key_tag >= 0 && record.key_tag <= 65535,
`${file}: Invalid key_tag for DS at index ${idx}`
);
t.true(isValidHexadecimal(record.digest), `${file}: Invalid digest for DS at index ${idx}`);
}
});
}
// TXT: Single string or array of strings
if (key === "TXT") {
if (Array.isArray(value)) {
value.forEach((record, idx) => {
t.true(
typeof record === "string",
`${file}: TXT record value should be a string at index ${idx}`
);
});
} else {
t.true(typeof value === "string", `${file}: TXT record value should be a string`);
}
}
});
});
});
util/reserved-domains.json
-2
View File
@@ -1,6 +1,4 @@
[
"_atproto",
"_vercel",
"account",
"accounts",
"admin",