beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add-dns.php: CNAME&co sourcing support

Browse source
This commit is contained in:
Miraty 2023-09-16 19:45:46 +02:00
parent 63554b4908
commit 3df402e8e9
4 changed files with 93 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
locales/fr/C/LC_MESSAGES/messages.po
View file

@ -1,7 +1,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-07-31 01:03+0200\n"
"POT-Creation-Date: 2023-09-10 22:30+0200\n"
"Language: fr\n"
"Content-Type: text/plain; charset=UTF-8\n"
@ -111,7 +111,7 @@ msgstr "Modifier des enregistrements"
#: pages.php:68
msgid "Set registry records to delegate a domain to chosen name servers"
msgstr "Définir les enregistrements du registre pour déléguer un domaine à des serveurs de noms de son choix"
msgstr "Définir les enregistrements du registre pour déléguer un domaine à des serveurs de nom de son choix"
#: pages.php:72 pages.php:77 pages.php:122 pages.php:127 pages.php:132
#: pages.php:137 pages.php:142 pages.php:147 pages.php:152 pages.php:157
@ -299,10 +299,6 @@ msgstr "Gérer les clés SSH"
msgid "Choose what SSH key can edit what directory"
msgstr "Choisir quelle clé SSH peut modifier quel dossier"
#: router.php:68
msgid "This account doesn't exist anymore. Log out to end this ghost session."
msgstr "Ce compte n'existe plus. Déconnectez-vous pour terminer cette session fantôme."
#: router.php:106 view.php:40
msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
msgstr "Ce service est en cours de maintenance. Aucune action ne peut être effectuée avant qu'ane administrataire termine de le réparer."
@ -358,7 +354,7 @@ msgstr "<strong>Erreur de l'utilisataire</strong>&nbsp;: "
msgid "<strong>Server error</strong>: "
msgstr "<strong>Erreur du serveur</strong>&nbsp;: "
#: fn/common.php:155
#: fn/common.php:156
msgid "Wrong proof."
msgstr "Preuve incorrecte."
@ -447,8 +443,8 @@ msgstr "Ce domaine existe déjà sur ce service. Utilisez-en un autre."
#: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25
#, php-format
msgid "Can't retrieve the %s record."
msgstr "Impossible de récupérer l'enregistrement %s."
msgid "Can't retrieve the %1$s record for domain %2$s."
msgstr "Impossible de récupérer l'enregistrement %1$s pour le domaine %2$s."
#: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21
#, php-format
@ -456,8 +452,9 @@ msgid "This domain must have %2$s as its only %1$s record."
msgstr "Ce domaine doit avoir %2$s pour unique enregistrement %1$s."
#: pg-act/ht/add-dns.php:27
msgid "No TXT record with the expected format has been found."
msgstr "Aucun enregistrement TXT avec le format attendu n'a été trouvé."
#, php-format
msgid "No TXT record with the expected format has been found on domain %s."
msgstr "Aucun enregistrement TXT avec le format attendu n'a été trouvé pour le domaine %s."
#: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50
#: pg-act/ht/add-subdomain.php:19 pg-act/ht/add-subpath.php:19
@ -536,15 +533,20 @@ msgstr "Enregistrements synchronisés mis à jour."
msgid "This zone already exists on the service."
msgstr "Cette zone existe déjà sur ce service."
#: pg-act/ns/zone-add.php:18
#: pg-act/ns/zone-add.php:11
msgid "Parent zone's name servers not found."
msgstr "Serveurs de nom de la zone parente introuvables."
#: pg-act/ns/zone-add.php:30 pg-act/reg/transfer.php:24
#: pg-act/ns/zone-add.php:17
#, php-format
msgid "The %s first tried name servers failed to answer."
msgstr "Les %s premiers serveurs de nom essayés n'ont pas répondu."
#: pg-act/ns/zone-add.php:27 pg-act/reg/transfer.php:16
msgid "NS authentication record not found."
msgstr "Enregistrement d'authentification NS introuvable."
#: pg-act/ns/zone-add.php:67
#: pg-act/ns/zone-add.php:64
msgid "Zone created."
msgstr "Zone créée."
@ -596,7 +598,7 @@ msgstr "Domaine enregistré."
msgid "The current account already owns this domain."
msgstr "Le compte actuel possède déjà ce domaine."
#: pg-act/reg/transfer.php:39
#: pg-act/reg/transfer.php:31
msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted."
msgstr "Le domaine a été transféré vers le compte actuel ; l'enregistrement d'authentification NS a été automatiquement supprimé."
@ -719,26 +721,36 @@ msgid "Update username"
msgstr "Mettre à jour l'identifiant"
#: pg-view/ht/add-dns.php:3
msgid "A Let's Encrypt certificate will be obtained."
msgstr "Un certificat Let's Encrypt sera obtenu."
msgid "A Let's Encrypt certificate will be obtained for this domain."
msgstr "Un certificat Let's Encrypt sera obtenu pour ce domaine."
#: pg-view/ht/add-dns.php:7
msgid "The domain must have the following records when the form is being processed."
msgstr "Le domaine doit avoir les enregistrements suivants pendant le traitement du formulaire."
#, php-format
msgid "The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard \"ALIAS\", \"synchronized\" or \"flattened CNAME\" record for an apex domain. You may alternatively manually copy records values, but it'll require a manual update when these values change."
msgstr "Les enregistrements AAAA, A et CAA pour le domaine doivent résoudre vers les même valeurs que %s. Ça peut être fait en créant un enregistrement CNAME qui pointe vers ce domaine pour une domaine non-apex, ou en utilisant un enregistrement non-standard \"ALIAS\", \"synchronisé\" ou \"CNAME aplatit (<span lang=\"en\">flattened</span>)\" pour un domaine apex. Vous pouvez alternativement copier manuellement les valeurs des enregistrements, mais ça nécessitera une mise à jour manuelle quand ces valeurs changeront."
#: pg-view/ht/add-dns.php:30 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ht/add-dns.php:11
msgid "Required values (for manual copy)"
msgstr "Valeurs requises (pour une copie manuelle)"
#: pg-view/ht/add-dns.php:29
#, php-format
msgid "Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed."
msgstr "Aussi, pour prouver que vous possédez bien ce domaine, son sous-domaine %1$s doit posséder un enregistrement TXT égal à %2$s lors du traitement de ce formulaire."
#: pg-view/ht/add-dns.php:33 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10
#: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2
#: pg-view/reg/unregister.php:7
msgid "Domain"
msgstr "Domaine"
#: pg-view/ht/add-dns.php:32 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-dns.php:35 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9
msgid "Target directory"
msgstr "Dossier ciblé"
#: pg-view/ht/add-dns.php:41 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-dns.php:44 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18
msgid "Setup access"
msgstr "Créer l'accès"

46
locales/messages.pot
View file

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-07-31 01:03+0200\n"
"POT-Creation-Date: 2023-09-10 22:30+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -311,10 +311,6 @@ msgstr ""
msgid "Choose what SSH key can edit what directory"
msgstr ""
#: router.php:68
msgid "This account doesn't exist anymore. Log out to end this ghost session."
msgstr ""
#: router.php:106 view.php:40
msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
msgstr ""
@ -370,7 +366,7 @@ msgstr ""
msgid "<strong>Server error</strong>: "
msgstr ""
#: fn/common.php:155
#: fn/common.php:156
msgid "Wrong proof."
msgstr ""
@ -459,7 +455,7 @@ msgstr ""
#: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25
#, php-format
msgid "Can't retrieve the %s record."
msgid "Can't retrieve the %1$s record for domain %2$s."
msgstr ""
#: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21
@ -468,7 +464,8 @@ msgid "This domain must have %2$s as its only %1$s record."
msgstr ""
#: pg-act/ht/add-dns.php:27
msgid "No TXT record with the expected format has been found."
#, php-format
msgid "No TXT record with the expected format has been found on domain %s."
msgstr ""
#: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50
@ -548,15 +545,20 @@ msgstr ""
msgid "This zone already exists on the service."
msgstr ""
#: pg-act/ns/zone-add.php:18
#: pg-act/ns/zone-add.php:11
msgid "Parent zone's name servers not found."
msgstr ""
#: pg-act/ns/zone-add.php:30 pg-act/reg/transfer.php:24
#: pg-act/ns/zone-add.php:17
#, php-format
msgid "The %s first tried name servers failed to answer."
msgstr ""
#: pg-act/ns/zone-add.php:27 pg-act/reg/transfer.php:16
msgid "NS authentication record not found."
msgstr ""
#: pg-act/ns/zone-add.php:67
#: pg-act/ns/zone-add.php:64
msgid "Zone created."
msgstr ""
@ -608,7 +610,7 @@ msgstr ""
msgid "The current account already owns this domain."
msgstr ""
#: pg-act/reg/transfer.php:39
#: pg-act/reg/transfer.php:31
msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted."
msgstr ""
@ -731,26 +733,36 @@ msgid "Update username"
msgstr ""
#: pg-view/ht/add-dns.php:3
msgid "A Let's Encrypt certificate will be obtained."
msgid "A Let's Encrypt certificate will be obtained for this domain."
msgstr ""
#: pg-view/ht/add-dns.php:7
msgid "The domain must have the following records when the form is being processed."
#, php-format
msgid "The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard \"ALIAS\", \"synchronized\" or \"flattened CNAME\" record for an apex domain. You may alternatively manually copy records values, but it'll require a manual update when these values change."
msgstr ""
#: pg-view/ht/add-dns.php:30 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ht/add-dns.php:11
msgid "Required values (for manual copy)"
msgstr ""
#: pg-view/ht/add-dns.php:29
#, php-format
msgid "Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed."
msgstr ""
#: pg-view/ht/add-dns.php:33 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10
#: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2
#: pg-view/reg/unregister.php:7
msgid "Domain"
msgstr ""
#: pg-view/ht/add-dns.php:32 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-dns.php:35 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9
msgid "Target directory"
msgstr ""
#: pg-view/ht/add-dns.php:41 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-dns.php:44 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18
msgid "Setup access"
msgstr ""

14
pg-act/ht/add-dns.php
View file

@ -10,23 +10,23 @@ if (query('select', 'sites', ['address' => $_POST['domain']], 'address') !== [])
$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
if (is_array($remoteAaaaRecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'AAAA'));
output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'AAAA', '<code>' . htmlspecialchars($_POST['domain']) . '</code>'));
if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'AAAA', '<code>' . CONF['ht']['ipv6_address'] . '</code>'));
$remoteARecords = dns_get_record($_POST['domain'], DNS_A);
if (is_array($remoteARecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'A'));
output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'A', '<code>' . htmlspecialchars($_POST['domain']) . '</code>'));
if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'A', '<code>' . CONF['ht']['ipv4_address'] . '</code>'));
$remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT);
$remoteTXTRecords = dns_get_record('_auth.' . $_POST['domain'], DNS_TXT);
if (is_array($remoteTXTRecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'TXT'));
if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=([0-9a-f]{8})-([0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1)
output(403, _('No TXT record with the expected format has been found.'));
output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'TXT', '<code>_auth.' . htmlspecialchars($_POST['domain']) . '</code>'));
if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1)
output(403, sprintf(_('No TXT record with the expected format has been found on domain %s.'), '<code>_auth.' . htmlspecialchars($_POST['domain']) . '</code>'));
checkAuthToken($matches[1], $matches[2]);
checkAuthToken($matches['salt'], $matches['hash']);
rateLimit();

43
pg-view/ht/add-dns.php
View file

@ -1,30 +1,33 @@
<?php declare(strict_types=1); ?>
<p>
<?= _('A Let\'s Encrypt certificate will be obtained.') ?>
<?= _('A Let\'s Encrypt certificate will be obtained for this domain.') ?>
</p>
<p>
<?= _('The domain must have the following records when the form is being processed.') ?>
<?= sprintf(_('The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard "ALIAS", "synchronized" or "flattened CNAME" record for an apex domain. You may alternatively manually copy records values, but it\'ll require a manual update when these values change.'), '<code>' . CONF['ht']['cname'] . '</code>') ?>
</p>
<dl>
<dt><code>AAAA</code></dt>
<dd>
<code><?= CONF['ht']['ipv6_address'] ?></code>
</dd>
<dt><code>A</code></dt>
<dd>
<code><?= CONF['ht']['ipv4_address'] ?></code>
</dd>
<dt><code>TXT</code></dt>
<dd>
<code><?= SERVER_NAME ?>_domain-verification=<?= getAuthToken() ?></code>
</dd>
<dt><code>CAA</code></dt>
<dd>
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
</dd>
</dl>
<details>
<summary><?= _('Required values (for manual copy)') ?></summary>
<dl>
<dt><code>AAAA</code></dt>
<dd>
<code><?= CONF['ht']['ipv6_address'] ?></code>
</dd>
<dt><code>A</code></dt>
<dd>
<code><?= CONF['ht']['ipv4_address'] ?></code>
</dd>
<dt><code>CAA</code></dt>
<dd>
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
</dd>
</dl>
</details>
<p>
<?= sprintf(_('Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed.'), '<code>_auth</code>', '<code>' . SERVER_NAME . '_domain-verification=' . getAuthToken() . '</code>') ?>
</p>
<form method="post">
<label for="domain"><?= _('Domain') ?></label><br>