diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9622ebd4a..ac9c92abd 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -21,10 +21,15 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Run tests + run: | + npm install + npx ava tests/*.test.js + - name: Generate creds.json run: echo '{"cloudflare":{"TYPE":"CLOUDFLAREAPI","apitoken":"$CLOUDFLARE_API_TOKEN"}}' > ./creds.json - - name: Publish + - name: Push DNS records uses: is-a-dev/dnscontrol-action@main env: CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml index f24d6052d..fa0fa8f5f 100644 --- a/.github/workflows/validation.yml +++ b/.github/workflows/validation.yml @@ -19,14 +19,13 @@ concurrency: cancel-in-progress: true jobs: - dns: - name: DNS + dnscontrol: + name: DNSControl runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Check - uses: is-a-dev/dnscontrol-action@main + - uses: is-a-dev/dnscontrol-action@main with: args: check @@ -38,5 +37,4 @@ jobs: - run: npm install - - name: Run tests - run: npx ava tests/*.test.js + - run: npx ava tests/*.test.js diff --git a/dnsconfig.js b/dnsconfig.js index 5ee924a87..3cd55b011 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -29,18 +29,14 @@ for (var subdomain in domains) { // Handle A records if (domainData.record.A) { for (var a in domainData.record.A) { - records.push( - A(subdomainName, IP(domainData.record.A[a]), proxyState) - ); + records.push(A(subdomainName, IP(domainData.record.A[a]), proxyState)); } } // Handle AAAA records if (domainData.record.AAAA) { for (var aaaa in domainData.record.AAAA) { - records.push( - AAAA(subdomainName, domainData.record.AAAA[aaaa], proxyState) - ); + records.push(AAAA(subdomainName, domainData.record.AAAA[aaaa], proxyState)); } } @@ -48,29 +44,14 @@ for (var subdomain in domains) { if (domainData.record.CAA) { for (var caa in domainData.record.CAA) { var caaRecord = domainData.record.CAA[caa]; - records.push( - CAA( - subdomainName, - caaRecord.flags, - caaRecord.tag, - caaRecord.value - ) - ); + records.push(CAA(subdomainName, caaRecord.tag, caaRecord.value)); } } // Handle CNAME records if (domainData.record.CNAME) { - // Allow CNAME record on root - if (subdomainName === "@") { - records.push( - ALIAS(subdomainName, domainData.record.CNAME + ".", proxyState) - ); - } else { - records.push( - CNAME(subdomainName, domainData.record.CNAME + ".", proxyState) - ); - } + // Use ALIAS instead of CNAME to support CNAME flattening on the root domain + records.push(ALIAS(subdomainName, domainData.record.CNAME + ".", proxyState)); } // Handle DS records @@ -78,13 +59,7 @@ for (var subdomain in domains) { for (var ds in domainData.record.DS) { var dsRecord = domainData.record.DS[ds]; records.push( - DS( - subdomainName, - dsRecord.key_tag, - dsRecord.algorithm, - dsRecord.digest_type, - dsRecord.digest - ) + DS(subdomainName, dsRecord.key_tag, dsRecord.algorithm, dsRecord.digest_type, dsRecord.digest) ); } } @@ -92,13 +67,7 @@ for (var subdomain in domains) { // Handle MX records if (domainData.record.MX) { for (var mx in domainData.record.MX) { - records.push( - MX( - subdomainName, - 10 + parseInt(mx), - domainData.record.MX[mx] + "." - ) - ); + records.push(MX(subdomainName, 10 + parseInt(mx), domainData.record.MX[mx] + ".")); } } @@ -114,13 +83,7 @@ for (var subdomain in domains) { for (var srv in domainData.record.SRV) { var srvRecord = domainData.record.SRV[srv]; records.push( - SRV( - subdomainName, - srvRecord.priority, - srvRecord.weight, - srvRecord.port, - srvRecord.target + "." - ) + SRV(subdomainName, srvRecord.priority, srvRecord.weight, srvRecord.port, srvRecord.target + ".") ); } } diff --git a/domains/_discord.krunch.json b/domains/_discord.krunch.json index 1a376298a..200efe570 100644 --- a/domains/_discord.krunch.json +++ b/domains/_discord.krunch.json @@ -1,7 +1,7 @@ { "owner": { "username": "RadioactivePotato", - "discord": "krunchiekrunch._." + "discord": "1166013268008120340" }, "record": { "TXT": "dh=df2bf9fb87a1dc3ee29c6ddfa51ed86da28581c5" diff --git a/domains/_github-pages-challenge-radioactivepotato.krunch.json b/domains/_github-pages-challenge-radioactivepotato.krunch.json index f8c99bf1d..2ddd73ce0 100644 --- a/domains/_github-pages-challenge-radioactivepotato.krunch.json +++ b/domains/_github-pages-challenge-radioactivepotato.krunch.json @@ -1,7 +1,7 @@ { "owner": { "username": "RadioactivePotato", - "discord": "krunchiekrunch._." + "discord": "1166013268008120340" }, "record": { "TXT": "05dc6febabf44f8decab35d01609ee" diff --git a/domains/aasoft.json b/domains/aasoft.json new file mode 100644 index 000000000..7a1b6c67c --- /dev/null +++ b/domains/aasoft.json @@ -0,0 +1,10 @@ +{ + "description": "alireza mohebbi threejs project - aasoft.ir", + "owner": { + "username": "aasoftir", + "email": "aasoftmohebbi@gmail.com" + }, + "record": { + "URL": "https://glitch-text-threejs.vercel.app/" + } +} diff --git a/domains/callcon.json b/domains/callcon.json new file mode 100644 index 000000000..9db82545c --- /dev/null +++ b/domains/callcon.json @@ -0,0 +1,9 @@ +{ + "owner": { + "username": "ItzYoVishal", + "email": "rockstarelitecoc@gmail.com" + }, + "record": { + "A": ["4.157.244.201"] + } +} diff --git a/domains/krunch.json b/domains/krunch.json index fa6655cf6..80350c61e 100644 --- a/domains/krunch.json +++ b/domains/krunch.json @@ -3,7 +3,7 @@ "repo": "https://github.com/RadioactivePotato/krunch-is-a-dev", "owner": { "username": "RadioactivePotato", - "discord": "krunchiekrunch._." + "discord": "1166013268008120340" }, "record": { "CNAME": "krunch.pages.dev" diff --git a/domains/link.krunch.json b/domains/link.krunch.json deleted file mode 100644 index 75476d8e7..000000000 --- a/domains/link.krunch.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "owner": { - "username": "RadioactivePotato", - "discord": "krunchiekrunch._." - }, - "record": { - "CNAME": "cname.short.io" - } -} diff --git a/domains/luisandre.json b/domains/luisandre.json index d6accd1e9..e8cdec4bd 100644 --- a/domains/luisandre.json +++ b/domains/luisandre.json @@ -4,7 +4,6 @@ "email": "luis073094@gmail.com" }, "record": { - "URL": "https://portafolioluisandre.azurewebsites.net", - "A": ["20.206.176.7"] + "URL": "https://portafolioluisandre.azurewebsites.net" } } diff --git a/domains/mail.krunch.json b/domains/mail.krunch.json index 45b36bb29..cdeedf725 100644 --- a/domains/mail.krunch.json +++ b/domains/mail.krunch.json @@ -1,8 +1,8 @@ { - "description": "ImprovMX Email", + "description": "ImprovMX Mail Forwarding", "owner": { "username": "RadioactivePotato", - "discord": "krunchiekrunch._." + "discord": "1166013268008120340" }, "record": { "MX": ["mx1.improvmx.com", "mx2.improvmx.com"], diff --git a/domains/marcos.json b/domains/marcos.json new file mode 100644 index 000000000..ee2c00027 --- /dev/null +++ b/domains/marcos.json @@ -0,0 +1,11 @@ +{ + "description": "Developer portfolio", + "repo": "https://github.com/mtoranzo", + "owner": { + "username": "mtoranzo", + "email": "mtoranzo@gmail.com" + }, + "record": { + "CNAME": "mtoranzo.github.io" + } +} \ No newline at end of file diff --git a/domains/minhtuan-1.json b/domains/minhtuan-1.json new file mode 100644 index 000000000..b7f2b9ffc --- /dev/null +++ b/domains/minhtuan-1.json @@ -0,0 +1,11 @@ +{ + "description": "profile-tuan.dev", + "owner": { + "username": "tuannguyen2002", + "email": "nxmtuan.2002@gmail.com", + "discord": "nightfury06749" + }, + "record": { + "CNAME": "cname.vercel-dns.com" + } +} diff --git a/domains/peme969.json b/domains/peme969.json index f0b522281..7c7bf68f5 100644 --- a/domains/peme969.json +++ b/domains/peme969.json @@ -11,7 +11,7 @@ "185.199.111.153" ], "TXT":[ - "forward-email=MzY4NGZhMjBlZjg4YjBhOC1lZjllYjNhOWE3YzFiNzE0ZWU5OGYwOTdmN2E0YTUzMWFmYjk5M2NhNTA1NGRjZTQ2ZmZlNjA4NWY3ODMyNzNh" + "forward-email=NTQwMmZhNmI3ZmRiMzQxNC1mOTU1YmRmOGJhMTQxMzhkMGRiNzUwMzg0MzFhOTI4OGE0ZmUwZDYyZTZmZDMyODkwYTE4OGE0ZmQ2YjFjOTk4MjkxN2NlMTUzMTgyNDZlYzE4ZWFkNDllYTBmNDNjY2M4NWVmZGFhMjdhNmY0ODFhZWM0ZWM4ZjhiMzJiMTIyMA==" ], "MX":[ "mx1.forwardemail.net", diff --git a/domains/sticknologic.json b/domains/sticknologic.json new file mode 100644 index 000000000..0a6a40d50 --- /dev/null +++ b/domains/sticknologic.json @@ -0,0 +1,16 @@ +{ + "description": "Simple Portfolio and Blog Website", + "repo": "https://github.com/sticknologic", + "owner": { + "username": "sticknologic", + "x": "STICKnoLOGIC", + "facebook":"STICKnoLOGIC", + "bsky":"STICKnoLOGIC" + }, + "record": { + "NS": [ + "ns1.heliohost.org", + "ns2.heliohost.org" + ] + } +} diff --git a/domains/tafviet.json b/domains/tafviet.json new file mode 100644 index 000000000..e28823b63 --- /dev/null +++ b/domains/tafviet.json @@ -0,0 +1,11 @@ +{ + "description": "Landing page for tafviet.is-a.dev", + "repo": "https://github.com/is-a-dev/docs", + "owner": { + "username": "is-a-dev", + "email": "meccar@protonmail.com" + }, + "record": { + "CNAME": "meccar.github.io" + } +} diff --git a/domains/w.json b/domains/w.json index 159f1b048..55dcef36b 100644 --- a/domains/w.json +++ b/domains/w.json @@ -5,5 +5,8 @@ }, "record": { "URL": "https://william.is-a.dev" + }, + "redirect_config": { + "redirect_paths": true } } diff --git a/domains/william.json b/domains/william.json index 6f3d1268b..fcec296e5 100644 --- a/domains/william.json +++ b/domains/william.json @@ -4,6 +4,12 @@ "email": "william@is-a.dev" }, "record": { - "URL": "https://github.com/wdhdev" + "URL": "https://wharrison.com.au" + }, + "redirect_config": { + "custom_paths": { + "/github": "https://github.com/wdhdev" + }, + "redirect_paths": true } } diff --git a/tests/domains.test.js b/tests/domains.test.js index f43b05254..ce2c3817d 100644 --- a/tests/domains.test.js +++ b/tests/domains.test.js @@ -5,72 +5,52 @@ const path = require("path"); const domainsPath = path.resolve("domains"); const files = fs.readdirSync(domainsPath); -function getParentSubdomain(subdomain) { - const parts = subdomain.split("."); - - if (parts.length <= 1) return null; // No parent for top-level subdomains - - // Attempt to find the parent subdomain by removing the last part - for (let i = parts.length - 1; i > 0; i--) { - const potentialParent = parts.slice(i - 1).join("."); - if (files.includes(`${potentialParent}.json`)) { - return potentialParent; // Return the parent subdomain if it exists - } - } - - return null; // Return null if no valid parent is found -} +const domainCache = {}; function getDomainData(subdomain) { + if (domainCache[subdomain]) { + return domainCache[subdomain]; + } + try { - return fs.readJsonSync(path.join(domainsPath, `${subdomain}.json`)); + const data = fs.readJsonSync(path.join(domainsPath, `${subdomain}.json`)); + domainCache[subdomain] = data; // Cache the domain data + return data; } catch (error) { throw new Error(`Failed to read JSON for ${subdomain}: ${error.message}`); } } -function expandReservedDomains() { - const reserved = require("../util/reserved-domains.json"); - const expandedList = [...reserved]; +function getParentSubdomain(subdomain) { + const parts = subdomain.split("."); - for (const item of reserved) { - const rangeMatch = item.match(/\[(\d+)-(\d+)\]/); // Matches [min-max] + if (parts.length <= 1) return null; // No parent for top-level subdomains - if (rangeMatch) { - const prefix = item.split("[")[0]; - const start = parseInt(rangeMatch[1], 10); - const end = parseInt(rangeMatch[2], 10); + // Try to find the parent subdomain by iterating over the parts + for (let i = parts.length - 1; i > 0; i--) { + const potentialParent = parts.slice(i - 1).join("."); - if (start < end) { - for (let i = start; i <= end; i++) { - expandedList.push(prefix + i); - } - - expandedList.splice(expandedList.indexOf(item), 1); - } else { - throw new Error(`[util/reserved-domains.json] Invalid range [${start}-${end}] in "${item}"`); - } + if (files.includes(`${potentialParent}.json`)) { + return potentialParent; } } - return expandedList; + return null; } t("Nested subdomains should not exist without a parent subdomain", (t) => { - for (const file of files) { + files.forEach((file) => { const subdomain = file.replace(/\.json$/, ""); if (subdomain.split(".").length > 1) { const parentSubdomain = getParentSubdomain(subdomain); - t.true(files.includes(`${parentSubdomain}.json`), `${file}: Parent subdomain does not exist`); + t.true(parentSubdomain && files.includes(`${parentSubdomain}.json`), `${file}: Parent subdomain does not exist`); } - } - - t.pass(); + }); }); t("Nested subdomains should not exist if the parent subdomain has NS records", (t) => { - for (const file of files) { + files.forEach((file) => { const subdomain = file.replace(/\.json$/, ""); if (subdomain.split(".").length > 1) { @@ -79,18 +59,15 @@ t("Nested subdomains should not exist if the parent subdomain has NS records", ( t.true(!parentDomain.record.NS, `${file}: Parent subdomain has NS records`); } - } - - t.pass(); + }); }); t("Nested subdomains should be owned by the parent subdomain's owner", (t) => { - for (const file of files) { + files.forEach((file) => { const subdomain = file.replace(/\.json$/, ""); if (subdomain.split(".").length > 1) { const data = getDomainData(subdomain); - const parentSubdomain = getParentSubdomain(subdomain); const parentDomain = getDomainData(parentSubdomain); @@ -99,45 +76,5 @@ t("Nested subdomains should be owned by the parent subdomain's owner", (t) => { `${file}: Owner does not match the parent subdomain` ); } - } + }); }); - -const reservedDomains = expandReservedDomains(); - -t("Subdomain names must not be reserved", (t) => { - for (const file of files) { - const subdomain = file.replace(/\.json$/, ""); - - t.true(!reservedDomains.includes(subdomain), `${file}: Subdomain name is reserved`); - } - - t.pass(); -}); - -t("Reserved domains file should be valid", (t) => { - const subdomainRegex = /^_?[a-zA-Z0-9]+([-\.][a-zA-Z0-9]+)*(\[\d+-\d+\])?$/; - - for (const item of reservedDomains) { - t.regex( - item, - subdomainRegex, - `[util/reserved-domains.json] Invalid subdomain name "${item}" at index ${reservedDomains.indexOf(item)}` - ); - } - - t.pass(); -}); - -const exceptedDomains = require("../util/excepted-domains.json"); - -t("Subdomains on the root should not start with an underscore", (t) => { - for (const file of files) { - const subdomain = file.replace(/\.json$/, ""); - - if (subdomain.split(".").length === 1 && !exceptedDomains.includes(subdomain)) { - t.true(subdomain[0] !== "_", `${file}: Root subdomains should not start with an underscore`); - } - } - - t.pass(); -}) diff --git a/tests/json.test.js b/tests/json.test.js index 4dab0ede7..80d83c9ab 100644 --- a/tests/json.test.js +++ b/tests/json.test.js @@ -2,13 +2,16 @@ const t = require("ava"); const fs = require("fs-extra"); const path = require("path"); +const ignoredRootJSONFiles = ["package-lock.json", "package.json"]; + const requiredFields = { owner: "object", record: "object" }; const optionalFields = { - proxied: "boolean" + proxied: "boolean", + redirect_config: "object" }; const requiredOwnerFields = { @@ -19,31 +22,87 @@ const optionalOwnerFields = { email: "string" }; +const optionalRedirectConfigFields = { + custom_paths: "object", + redirect_paths: "boolean" +}; + const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; const hostnameRegex = /^(?=.{1,253}$)(?:(?:[_a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)\.)+[a-zA-Z]{2,63}$/; +const exceptedDomains = require("../util/excepted-domains.json"); +const reservedDomains = require("../util/reserved-domains.json"); const domainsPath = path.resolve("domains"); const files = fs.readdirSync(domainsPath); -function validateRequiredFields(t, obj, requiredFields, file) { - Object.keys(requiredFields).forEach((key) => { - t.true(obj.hasOwnProperty(key), `${file}: Missing required field: ${key}`); - t.is(typeof obj[key], requiredFields[key], `${file}: Field ${key} should be of type ${requiredFields[key]}`); - }); -} +const expandReservedDomains = (reserved) => { + const expandedList = [...reserved]; + + reserved.forEach((item) => { + const rangeMatch = item.match(/\[(\d+)-(\d+)\]/); + + if (rangeMatch) { + const prefix = item.split("[")[0]; + const start = parseInt(rangeMatch[1], 10); + const end = parseInt(rangeMatch[2], 10); + + if (start < end) { + for (let i = start; i <= end; i++) { + expandedList.push(prefix + i); + } + expandedList.splice(expandedList.indexOf(item), 1); + } else { + throw new Error(`[util/reserved-domains.json] Invalid range [${start}-${end}] in "${item}"`); + } + } + }); + + return expandedList; +}; + +const expandedReservedDomains = expandReservedDomains(reservedDomains); + +function validateFields(t, obj, fields, file, prefix = "") { + Object.keys(fields).forEach((key) => { + const fieldPath = prefix ? `${prefix}.${key}` : key; -function validateOptionalFields(t, obj, optionalFields, file) { - Object.keys(optionalFields).forEach((key) => { if (obj.hasOwnProperty(key)) { - t.is( - typeof obj[key], - optionalFields[key], - `${file}: Field ${key} should be of type ${optionalFields[key]}` - ); + t.is(typeof obj[key], fields[key], `${file}: Field ${fieldPath} should be of type ${fields[key]}`); + } else if (fields === requiredFields) { + t.true(false, `${file}: Missing required field: ${fieldPath}`); } }); } +function validateFileName(t, file) { + t.true(file.endsWith(".json"), `${file}: File does not have .json extension`); + t.false(file.includes(".is-a.dev"), `${file}: File name should not contain .is-a.dev`); + t.true(file === file.toLowerCase(), `${file}: File name should be all lowercase`); + + // Ignore root domain + if (file !== "@.json") { + const subdomain = file.replace(/\.json$/, ""); + + t.regex( + subdomain + ".is-a.dev", + hostnameRegex, + `${file}: FQDN must be 1-253 characters, use letters, numbers, dots, or hyphens, and not start or end with a hyphen.` + ); + t.true(!expandedReservedDomains.includes(subdomain), `${file}: Subdomain name is reserved`); + + if (subdomain.split(".").length === 1 && !exceptedDomains.includes(subdomain)) { + t.false(subdomain.startsWith("_"), `${file}: Root subdomains should not start with an underscore`); + } + } +} + +t("JSON files should not be in the root directory", (t) => { + const rootFiles = fs + .readdirSync(path.resolve()) + .filter((file) => file.endsWith(".json") && !ignoredRootJSONFiles.includes(file)); + t.is(rootFiles.length, 0, "JSON files should not be in the root directory"); +}); + t("All files should be valid JSON", (t) => { files.forEach((file) => { t.notThrows(() => fs.readJsonSync(path.join(domainsPath, file)), `${file}: Invalid JSON file`); @@ -52,59 +111,47 @@ t("All files should be valid JSON", (t) => { t("All files should have valid file names", (t) => { files.forEach((file) => { - t.true(file.endsWith(".json"), `${file}: File does not have .json extension`); - t.false(file.includes(".is-a.dev"), `${file}: File name should not contain .is-a.dev`); - t.true(file === file.toLowerCase(), `${file}: File name should be lowercase`); - - // Ignore root domain - if (file !== "@.json") { - const subdomain = file.replace(/\.json$/, ""); - t.regex( - subdomain + ".is-a.dev", - hostnameRegex, - `${file}: FQDN must be 1-253 characters, use letters, numbers, dots, or hyphens, and not start or end with a hyphen.` - ); - } + validateFileName(t, file); }); }); -t("All files should have the required fields", (t) => { +t("All files should have valid required and optional fields", (t) => { files.forEach((file) => { const data = fs.readJsonSync(path.join(domainsPath, file)); // Validate top-level required fields - validateRequiredFields(t, data, requiredFields, file); + validateFields(t, data, requiredFields, file); - // Validate owner object fields - validateRequiredFields(t, data.owner, requiredOwnerFields, file); + // Validate owner fields + validateFields(t, data.owner, requiredOwnerFields, file, "owner"); + validateFields(t, data.owner, optionalOwnerFields, file, "owner"); + + // Validate optional fields for top-level and redirect config + validateFields(t, data, optionalFields, file); + if (data.redirect_config) { + validateFields(t, data.redirect_config, optionalRedirectConfigFields, file, "redirect_config"); + } + + // Validate email format + if (data.owner.email) { + t.regex(data.owner.email, emailRegex, `${file}: Owner email should be a valid email address`); + } // Ensure 'record' field is not empty t.true(Object.keys(data.record).length > 0, `${file}: Missing DNS records`); }); }); -t("All files should have valid optional fields", (t) => { - files.forEach((file) => { - const data = fs.readJsonSync(path.join(domainsPath, file)); +t("Reserved domains file should be valid", (t) => { + const subdomainRegex = /^_?[a-zA-Z0-9]+([-\.][a-zA-Z0-9]+)*(\[\d+-\d+\])?$/; - // Validate optional fields at top level - validateOptionalFields(t, data, optionalFields, file); - - // Validate optional fields for owner object - validateOptionalFields(t, data.owner, optionalOwnerFields, file); - - // Email validation (if provided) - if (data.owner.email) { - t.regex(data.owner.email, emailRegex, `${file}: Owner email should be a valid email address`); - } + expandedReservedDomains.forEach((item, index) => { + t.regex( + item, + subdomainRegex, + `[util/reserved-domains.json] Invalid subdomain name "${item}" at index ${index}` + ); }); -}); -const ignoredJSONFiles = ["package-lock.json", "package.json"]; - -t("JSON files should not be in the root directory", (t) => { - const rootFiles = fs - .readdirSync(path.resolve()) - .filter((file) => file.endsWith(".json") && !ignoredJSONFiles.includes(file)); - t.is(rootFiles.length, 0, "JSON files should not be in the root directory"); + t.pass(); }); diff --git a/tests/proxy.test.js b/tests/proxy.test.js index 2bb64b48c..d7c73bc5b 100644 --- a/tests/proxy.test.js +++ b/tests/proxy.test.js @@ -3,10 +3,25 @@ const fs = require("fs-extra"); const path = require("path"); const requiredRecordsToProxy = new Set(["A", "AAAA", "CNAME"]); -// URL records are not listed here because they are proxied by default, so they don't need the proxied flag + +const domainCache = {}; + +function getDomainData(file) { + if (domainCache[file]) { + return domainCache[file]; + } + + try { + const data = fs.readJsonSync(path.join(domainsPath, file)); + domainCache[file] = data; + return data; + } catch (error) { + throw new Error(`Failed to read JSON for ${file}: ${error.message}`); + } +} function validateProxiedRecords(t, data, file) { - // Convert the Set to an array for message display + // Convert the Set to an array for message display (moved outside the loop to optimize performance) const recordTypes = Array.from(requiredRecordsToProxy).join(", "); if (data.proxied) { @@ -22,9 +37,9 @@ function validateProxiedRecords(t, data, file) { const domainsPath = path.resolve("domains"); const files = fs.readdirSync(domainsPath).filter((file) => file.endsWith(".json")); -t("Domains with proxy enabled should have at least one record that can be proxied", (t) => { +t("Domains with proxy enabled must have at least one proxy-able record", (t) => { files.forEach((file) => { - const domain = fs.readJsonSync(path.join(domainsPath, file)); + const domain = getDomainData(file); validateProxiedRecords(t, domain, file); }); diff --git a/tests/records.test.js b/tests/records.test.js index de5ecbadc..a13530cf5 100644 --- a/tests/records.test.js +++ b/tests/records.test.js @@ -3,18 +3,32 @@ const fs = require("fs-extra"); const path = require("path"); const validRecordTypes = new Set(["A", "AAAA", "CAA", "CNAME", "DS", "MX", "NS", "SRV", "TXT", "URL"]); - const hostnameRegex = /^(?=.{1,253}$)(?:(?:[_a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)\.)+[a-zA-Z]{2,63}$/; const ipv4Regex = /^(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}$/; const ipv6Regex = /^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::(?:[0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:$|^(?:[0-9a-fA-F]{1,4}:){0,6}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}$/; const domainsPath = path.resolve("domains"); -const files = fs.readdirSync(domainsPath); +const files = fs.readdirSync(domainsPath).filter((file) => file.endsWith(".json")); + +const domainCache = {}; + +function getDomainData(file) { + if (domainCache[file]) { + return domainCache[file]; + } + + try { + const data = fs.readJsonSync(path.join(domainsPath, file)); + domainCache[file] = data; + return data; + } catch (error) { + throw new Error(`Failed to read JSON for ${file}: ${error.message}`); + } +} function expandIPv6(ip) { let segments = ip.split(":"); - const emptyIndex = segments.indexOf(""); if (emptyIndex !== -1) { @@ -31,7 +45,7 @@ function expandIPv6(ip) { return segments.map((segment) => segment.padStart(4, "0")).join(":"); } -function validateIPv4(ip, proxied, file, index) { +function validateIPv4(ip, proxied) { const parts = ip.split(".").map(Number); if (parts.length !== 4 || parts.some((part) => isNaN(part) || part < 0 || part > 255)) return false; @@ -74,135 +88,200 @@ function isValidHexadecimal(value) { return /^[0-9a-fA-F]+$/.test(value); } +function validateRecordValues(t, data, file) { + const subdomain = file.replace(/\.json$/, ""); + + Object.entries(data.record).forEach(([key, value]) => { + // General validation for arrays + if (["A", "AAAA", "MX", "NS"].includes(key)) { + t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); + + value.forEach((record, idx) => { + t.true( + typeof record === "string", + `${file}: Record value for ${key} should be a string at index ${idx}` + ); + + if (key === "A") { + t.true(ipv4Regex.test(record), `${file}: Invalid IPv4 address for ${key} at index ${idx}`); + t.true( + validateIPv4(record, data.proxied), + `${file}: Invalid IPv4 address for ${key} at index ${idx}` + ); + } else if (key === "AAAA") { + const expandedIPv6 = expandIPv6(record); + t.true(ipv6Regex.test(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`); + t.true(validateIPv6(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`); + } else if (["MX", "NS"].includes(key)) { + t.true(isValidHostname(record), `${file}: Invalid hostname for ${key} at index ${idx}`); + } + }); + } + + // CNAME and URL validations + if (["CNAME", "URL"].includes(key)) { + t.true(typeof value === "string", `${file}: Record value for ${key} should be a string`); + + if (key === "CNAME") { + t.true(isValidHostname(value), `${file}: Invalid hostname for ${key}`); + t.true(value !== file, `${file}: CNAME cannot point to itself`); + } else if (key === "URL") { + t.true( + value.startsWith("http://") || value.startsWith("https://"), + `${file}: Record value for ${key} must start with http:// or https://` + ); + t.notThrows(() => new URL(value), `${file}: Invalid URL for ${key}`); + + const urlHost = new URL(value).host; + const isSelfReferencing = + file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`; + + t.true(!isSelfReferencing, `${file}: URL cannot point to itself`); + } + } + + // CAA, DS, SRV validations + if (["CAA", "DS", "SRV"].includes(key)) { + t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); + + value.forEach((record, idx) => { + t.true( + typeof record === "object", + `${file}: Record value for ${key} should be an object at index ${idx}` + ); + + if (key === "CAA") { + t.true( + ["issue", "issuewild", "iodef"].includes(record.tag), + `${file}: Invalid tag for CAA at index ${idx}` + ); + t.true(typeof record.value === "string", `${file}: Invalid value for CAA at index ${idx}`); + t.true( + isValidHostname(record.value) || record.value === ";", + `${file}: Value must be a hostname or semicolon for CAA at index ${idx}` + ); + } else if (key === "DS") { + t.true( + Number.isInteger(record.key_tag) && record.key_tag >= 0 && record.key_tag <= 65535, + `${file}: Invalid key_tag for DS at index ${idx}` + ); + t.true( + Number.isInteger(record.algorithm) && record.algorithm >= 0 && record.algorithm <= 255, + `${file}: Invalid algorithm for DS at index ${idx}` + ); + t.true( + Number.isInteger(record.digest_type) && record.digest_type >= 0 && record.digest_type <= 255, + `${file}: Invalid digest_type for DS at index ${idx}` + ); + t.true(isValidHexadecimal(record.digest), `${file}: Invalid digest for DS at index ${idx}`); + } else if (key === "SRV") { + t.true( + Number.isInteger(record.priority) && record.priority >= 0 && record.priority <= 65535, + `${file}: Invalid priority for SRV at index ${idx}` + ); + t.true( + Number.isInteger(record.weight) && record.weight >= 0 && record.weight <= 65535, + `${file}: Invalid weight for SRV at index ${idx}` + ); + t.true( + Number.isInteger(record.port) && record.port >= 0 && record.port <= 65535, + `${file}: Invalid port for SRV at index ${idx}` + ); + t.true(isValidHostname(record.target), `${file}: Invalid target for SRV at index ${idx}`); + } + }); + } + + // TXT validation + if (key === "TXT") { + const values = Array.isArray(value) ? value : [value]; + values.forEach((record, idx) => { + t.true(typeof record === "string", `${file}: TXT record value should be a string at index ${idx}`); + }); + } + }); + + if (data.redirect_config) { + const customPaths = Object.keys(data.redirect_config.custom_paths || {}); + const pathRegex = /^\/[a-zA-Z0-9\-_\.\/]+(? { + const customRedirectURL = data.redirect_config.custom_paths[customPath]; + const urlMessage = `${file}: Custom path in redirect_config`; + + // Validate the custom path + t.true( + pathRegex.test(customPath), + `${urlMessage} must start with a slash, contain only alphanumeric characters, hyphens, underscores, periods, and slashes, and cannot end with a slash at index ${idx}` + ); + t.true( + customPath.length >= 2 && customPath.length <= 255, + `${urlMessage} should be 2-255 characters long at index ${idx}` + ); + + // Validate the redirect URL + t.true( + data.record.URL !== customRedirectURL, + `${urlMessage} should be different from the URL record at index ${idx}` + ); + t.true( + customRedirectURL.startsWith("http://") || customRedirectURL.startsWith("https://"), + `${urlMessage} must start with http:// or https:// at index ${idx}` + ); + t.notThrows(() => new URL(customRedirectURL), `${urlMessage} contains an invalid URL at index ${idx}`); + + // Check for self-referencing redirects + const urlHost = new URL(customRedirectURL).host; + const isSelfReferencing = file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`; + t.true(!isSelfReferencing, `${urlMessage} cannot point to itself at index ${idx}`); + }); + } +} + t("All files should have valid record types", (t) => { files.forEach((file) => { - const data = fs.readJsonSync(path.join(domainsPath, file)); + const data = getDomainData(file); const recordKeys = Object.keys(data.record); recordKeys.forEach((key) => { t.true(validateRecordType(key), `${file}: Invalid record type: ${key}`); }); - // Specific record rules for CNAME, NS, and DS + // Record type combinations validation if (recordKeys.includes("CNAME") && !data.proxied) { t.is(recordKeys.length, 1, `${file}: CNAME records cannot be combined with other records unless proxied`); } - if (recordKeys.includes("NS")) { t.true( recordKeys.length === 1 || (recordKeys.length === 2 && recordKeys.includes("DS")), `${file}: NS records cannot be combined with other records, except for DS records` ); } - if (recordKeys.includes("DS")) { t.true(recordKeys.includes("NS"), `${file}: DS records must be combined with NS records`); } + if (recordKeys.includes("URL")) { + t.true( + !recordKeys.includes("A") && !recordKeys.includes("AAAA") && !recordKeys.includes("CNAME"), + `${file}: URL records cannot be combined with A, AAAA, or CNAME records` + ); + } + if (data.redirect_config) { + t.true(recordKeys.includes("URL"), `${file}: Redirect config must be combined with a URL record`); + } + + validateRecordValues(t, data, file); }); + + t.pass(); }); t("All files should not have duplicate record keys", (t) => { files.forEach((file) => { - const data = fs.readJsonSync(path.join(domainsPath, file)); + const data = getDomainData(file); const recordKeys = Object.keys(data.record); const uniqueRecordKeys = new Set(recordKeys); t.is(recordKeys.length, uniqueRecordKeys.size, `${file}: Duplicate record keys found`); }); }); - -t("All files should have valid record values", (t) => { - files.forEach((file) => { - const data = fs.readJsonSync(path.join(domainsPath, file)); - - Object.keys(data.record).forEach((key) => { - const value = data.record[key]; - const subdomain = file.replace(/\.json$/, ""); // Get the subdomain from the filename - - // Validate A, AAAA, MX, NS records: Array of strings - if (["A", "AAAA", "MX", "NS"].includes(key)) { - t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); - - value.forEach((record, idx) => { - t.true( - typeof record === "string", - `${file}: Record value for ${key} should be a string at index ${idx}` - ); - - if (key === "A") { - t.regex(record, ipv4Regex, `${file}: Invalid IPv4 address for ${key} at index ${idx}`); - t.true( - validateIPv4(record, data.proxied, file, idx), - `${file}: Invalid IPv4 address for ${key} at index ${idx}` - ); - } - - if (key === "AAAA") { - t.regex( - expandIPv6(record), - ipv6Regex, - `${file}: Invalid IPv6 address for ${key} at index ${idx}` - ); - t.true(validateIPv6(record), `${file}: Invalid IPv6 address for ${key} at index ${idx}`); - } - - if (["MX", "NS"].includes(key)) { - t.true(isValidHostname(record), `${file}: Invalid hostname for ${key} at index ${idx}`); - } - }); - } - - // Validate CNAME and URL records: Single string - if (["CNAME", "URL"].includes(key)) { - t.true(typeof value === "string", `${file}: Record value for ${key} should be a string`); - - if (key === "CNAME") { - t.true(isValidHostname(value), `${file}: Invalid hostname for ${key}`); - t.true(value !== file, `${file}: CNAME cannot point to itself`); - if (file === "@.json") { - t.true(value !== "is-a.dev", `${file}: CNAME cannot point to itself`); - } - } - - if (key === "URL") { - t.true(value.startsWith("http://") || value.startsWith("https://"), `${file}: Record value for ${key} must start with http:// or https://`) - t.notThrows(() => new URL(value), `${file}: Invalid URL for ${key}`); - } - } - - // Validate CAA, DS, SRV records: Array of objects - if (["CAA", "DS", "SRV"].includes(key)) { - t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); - - value.forEach((record, idx) => { - t.true( - typeof record === "object", - `${file}: Record value for ${key} should be an object at index ${idx}` - ); - - if (key === "DS") { - t.true( - Number.isInteger(record.key_tag) && record.key_tag >= 0 && record.key_tag <= 65535, - `${file}: Invalid key_tag for DS at index ${idx}` - ); - t.true(isValidHexadecimal(record.digest), `${file}: Invalid digest for DS at index ${idx}`); - } - }); - } - - // TXT: Single string or array of strings - if (key === "TXT") { - if (Array.isArray(value)) { - value.forEach((record, idx) => { - t.true( - typeof record === "string", - `${file}: TXT record value should be a string at index ${idx}` - ); - }); - } else { - t.true(typeof value === "string", `${file}: TXT record value should be a string`); - } - } - }); - }); -}); diff --git a/util/reserved-domains.json b/util/reserved-domains.json index 797806d1b..16b3293c7 100644 --- a/util/reserved-domains.json +++ b/util/reserved-domains.json @@ -1,6 +1,4 @@ [ - "_atproto", - "_vercel", "account", "accounts", "admin",