update dns to not necessitate cname verifcation in cases of cname flattening

aottr.dev / wisp.place-monorepo

forked from nekomimi.pet/wisp.place-monorepo

fork atom

Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol.

fork atom

update dns to not necessitate cname verifcation in cases of cname flattening

nekomimi.pet 4 months ago 4ecb03e9 7f5fa737

+34 -4

2 changed files

expand all

public

editor

editor.tsx

src

lib

dns-verify.ts

+15 -1

public/editor/editor.tsx

··· 661 661 )} 662 662 </CardContent> 663 663 </Card> 664 + 665 + <div className="p-4 bg-muted/30 rounded-lg border-l-4 border-yellow-500/50"> 666 + <div className="flex items-start gap-2"> 667 + <AlertCircle className="w-4 h-4 text-yellow-600 dark:text-yellow-400 mt-0.5 flex-shrink-0" /> 668 + <div className="flex-1 space-y-1"> 669 + <p className="text-xs font-semibold text-yellow-600 dark:text-yellow-400"> 670 + Note about sites.wisp.place URLs 671 + </p> 672 + <p className="text-xs text-muted-foreground"> 673 + Complex sites hosted on <code className="px-1 py-0.5 bg-background rounded text-xs">sites.wisp.place</code> may have broken assets if they use absolute paths (e.g., <code className="px-1 py-0.5 bg-background rounded text-xs">/folder/script.js</code>) in CSS or JavaScript files. While HTML paths are automatically rewritten, CSS and JS files are served as-is. For best results, use a wisp.place subdomain or custom domain, or ensure your site uses relative paths. 674 + </p> 675 + </div> 676 + </div> 677 + </div> 664 678 </TabsContent> 665 679 666 680 {/* Domains Tab */} ··· 1604 1618 </div> 1605 1619 </div> 1606 1620 <p className="text-xs text-muted-foreground mt-2"> 1607 - Some DNS providers may require you to use @ or leave it blank for the root domain 1621 + Note: Some DNS providers (like Cloudflare) flatten CNAMEs to A records - this is fine and won't affect verification. 1608 1622 </p> 1609 1623 </div> 1610 1624 </div>

+19 -3

src/lib/dns-verify.ts

··· 135 135 } 136 136 137 137 /** 138 - * Verify both TXT and CNAME records for a custom domain 138 + * Verify custom domain using TXT record as authoritative proof 139 + * CNAME check is optional/advisory - TXT record is sufficient for verification 140 + * 141 + * This approach works with CNAME flattening (e.g., Cloudflare) where the CNAME 142 + * is resolved to A/AAAA records and won't be visible in DNS queries. 139 143 */ 140 144 export const verifyCustomDomain = async ( 141 145 domain: string, 142 146 expectedDid: string, 143 147 expectedHash: string 144 148 ): Promise<VerificationResult> => { 149 + // TXT record is authoritative - it proves ownership 145 150 const txtResult = await verifyDomainOwnership(domain, expectedDid) 146 151 if (!txtResult.verified) { 147 152 return txtResult 148 153 } 149 154 155 + // CNAME check is advisory only - we still check it for logging/debugging 156 + // but don't fail verification if it's missing (could be flattened) 150 157 const cnameResult = await verifyCNAME(domain, expectedHash) 158 + 159 + // Log CNAME status for debugging, but don't fail on it 151 160 if (!cnameResult.verified) { 152 - return cnameResult 161 + console.log(`[DNS Verify] ⚠️ CNAME verification failed (may be flattened):`, cnameResult.error) 153 162 } 154 163 155 - return { verified: true } 164 + // TXT verification is sufficient 165 + return { 166 + verified: true, 167 + found: { 168 + txt: txtResult.found?.txt, 169 + cname: cnameResult.found?.cname 170 + } 171 + } 156 172 }