beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add-dns.php: CNAME&co sourcing support

Browse source
This commit is contained in:
Miraty 2023-09-16 19:45:46 +02:00
parent 63554b4908
commit 3df402e8e9
4 changed files with 93 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
locales/fr/C/LC_MESSAGES/messages.po
View file

@ -1,7 +1,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-07-31 01:03+0200\n" "POT-Creation-Date: 2023-09-10 22:30+0200\n"
"Language: fr\n" "Language: fr\n"
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
@ -111,7 +111,7 @@ msgstr "Modifier des enregistrements"
#: pages.php:68 #: pages.php:68
msgid "Set registry records to delegate a domain to chosen name servers" msgid "Set registry records to delegate a domain to chosen name servers"
msgstr "Définir les enregistrements du registre pour déléguer un domaine à des serveurs de noms de son choix" msgstr "Définir les enregistrements du registre pour déléguer un domaine à des serveurs de nom de son choix"
#: pages.php:72 pages.php:77 pages.php:122 pages.php:127 pages.php:132 #: pages.php:72 pages.php:77 pages.php:122 pages.php:127 pages.php:132
#: pages.php:137 pages.php:142 pages.php:147 pages.php:152 pages.php:157 #: pages.php:137 pages.php:142 pages.php:147 pages.php:152 pages.php:157
@ -299,10 +299,6 @@ msgstr "Gérer les clés SSH"
msgid "Choose what SSH key can edit what directory" msgid "Choose what SSH key can edit what directory"
msgstr "Choisir quelle clé SSH peut modifier quel dossier" msgstr "Choisir quelle clé SSH peut modifier quel dossier"
#: router.php:68
msgid "This account doesn't exist anymore. Log out to end this ghost session."
msgstr "Ce compte n'existe plus. Déconnectez-vous pour terminer cette session fantôme."
#: router.php:106 view.php:40 #: router.php:106 view.php:40
msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it." msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
msgstr "Ce service est en cours de maintenance. Aucune action ne peut être effectuée avant qu'ane administrataire termine de le réparer." msgstr "Ce service est en cours de maintenance. Aucune action ne peut être effectuée avant qu'ane administrataire termine de le réparer."
@ -358,7 +354,7 @@ msgstr "<strong>Erreur de l'utilisataire</strong>&nbsp;: "
msgid "<strong>Server error</strong>: " msgid "<strong>Server error</strong>: "
msgstr "<strong>Erreur du serveur</strong>&nbsp;: " msgstr "<strong>Erreur du serveur</strong>&nbsp;: "
#: fn/common.php:155 #: fn/common.php:156
msgid "Wrong proof." msgid "Wrong proof."
msgstr "Preuve incorrecte." msgstr "Preuve incorrecte."
@ -447,8 +443,8 @@ msgstr "Ce domaine existe déjà sur ce service. Utilisez-en un autre."
#: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25 #: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25
#, php-format #, php-format
msgid "Can't retrieve the %s record." msgid "Can't retrieve the %1$s record for domain %2$s."
msgstr "Impossible de récupérer l'enregistrement %s." msgstr "Impossible de récupérer l'enregistrement %1$s pour le domaine %2$s."
#: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21 #: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21
#, php-format #, php-format
@ -456,8 +452,9 @@ msgid "This domain must have %2$s as its only %1$s record."
msgstr "Ce domaine doit avoir %2$s pour unique enregistrement %1$s." msgstr "Ce domaine doit avoir %2$s pour unique enregistrement %1$s."
#: pg-act/ht/add-dns.php:27 #: pg-act/ht/add-dns.php:27
msgid "No TXT record with the expected format has been found." #, php-format
msgstr "Aucun enregistrement TXT avec le format attendu n'a été trouvé." msgid "No TXT record with the expected format has been found on domain %s."
msgstr "Aucun enregistrement TXT avec le format attendu n'a été trouvé pour le domaine %s."
#: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50 #: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50
#: pg-act/ht/add-subdomain.php:19 pg-act/ht/add-subpath.php:19 #: pg-act/ht/add-subdomain.php:19 pg-act/ht/add-subpath.php:19
@ -536,15 +533,20 @@ msgstr "Enregistrements synchronisés mis à jour."
msgid "This zone already exists on the service." msgid "This zone already exists on the service."
msgstr "Cette zone existe déjà sur ce service." msgstr "Cette zone existe déjà sur ce service."
#: pg-act/ns/zone-add.php:18 #: pg-act/ns/zone-add.php:11
msgid "Parent zone's name servers not found." msgid "Parent zone's name servers not found."
msgstr "Serveurs de nom de la zone parente introuvables." msgstr "Serveurs de nom de la zone parente introuvables."
#: pg-act/ns/zone-add.php:30 pg-act/reg/transfer.php:24 #: pg-act/ns/zone-add.php:17
#, php-format
msgid "The %s first tried name servers failed to answer."
msgstr "Les %s premiers serveurs de nom essayés n'ont pas répondu."
#: pg-act/ns/zone-add.php:27 pg-act/reg/transfer.php:16
msgid "NS authentication record not found." msgid "NS authentication record not found."
msgstr "Enregistrement d'authentification NS introuvable." msgstr "Enregistrement d'authentification NS introuvable."
#: pg-act/ns/zone-add.php:67 #: pg-act/ns/zone-add.php:64
msgid "Zone created." msgid "Zone created."
msgstr "Zone créée." msgstr "Zone créée."
@ -596,7 +598,7 @@ msgstr "Domaine enregistré."
msgid "The current account already owns this domain." msgid "The current account already owns this domain."
msgstr "Le compte actuel possède déjà ce domaine." msgstr "Le compte actuel possède déjà ce domaine."
#: pg-act/reg/transfer.php:39 #: pg-act/reg/transfer.php:31
msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted." msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted."
msgstr "Le domaine a été transféré vers le compte actuel ; l'enregistrement d'authentification NS a été automatiquement supprimé." msgstr "Le domaine a été transféré vers le compte actuel ; l'enregistrement d'authentification NS a été automatiquement supprimé."
@ -719,26 +721,36 @@ msgid "Update username"
msgstr "Mettre à jour l'identifiant" msgstr "Mettre à jour l'identifiant"
#: pg-view/ht/add-dns.php:3 #: pg-view/ht/add-dns.php:3
msgid "A Let's Encrypt certificate will be obtained." msgid "A Let's Encrypt certificate will be obtained for this domain."
msgstr "Un certificat Let's Encrypt sera obtenu." msgstr "Un certificat Let's Encrypt sera obtenu pour ce domaine."
#: pg-view/ht/add-dns.php:7 #: pg-view/ht/add-dns.php:7
msgid "The domain must have the following records when the form is being processed." #, php-format
msgstr "Le domaine doit avoir les enregistrements suivants pendant le traitement du formulaire." msgid "The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard \"ALIAS\", \"synchronized\" or \"flattened CNAME\" record for an apex domain. You may alternatively manually copy records values, but it'll require a manual update when these values change."
msgstr "Les enregistrements AAAA, A et CAA pour le domaine doivent résoudre vers les même valeurs que %s. Ça peut être fait en créant un enregistrement CNAME qui pointe vers ce domaine pour une domaine non-apex, ou en utilisant un enregistrement non-standard \"ALIAS\", \"synchronisé\" ou \"CNAME aplatit (<span lang=\"en\">flattened</span>)\" pour un domaine apex. Vous pouvez alternativement copier manuellement les valeurs des enregistrements, mais ça nécessitera une mise à jour manuelle quand ces valeurs changeront."
#: pg-view/ht/add-dns.php:30 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33 #: pg-view/ht/add-dns.php:11
msgid "Required values (for manual copy)"
msgstr "Valeurs requises (pour une copie manuelle)"
#: pg-view/ht/add-dns.php:29
#, php-format
msgid "Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed."
msgstr "Aussi, pour prouver que vous possédez bien ce domaine, son sous-domaine %1$s doit posséder un enregistrement TXT égal à %2$s lors du traitement de ce formulaire."
#: pg-view/ht/add-dns.php:33 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10 #: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10
#: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2 #: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2
#: pg-view/reg/unregister.php:7 #: pg-view/reg/unregister.php:7
msgid "Domain" msgid "Domain"
msgstr "Domaine" msgstr "Domaine"
#: pg-view/ht/add-dns.php:32 pg-view/ht/add-onion.php:3 #: pg-view/ht/add-dns.php:35 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9 #: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9
msgid "Target directory" msgid "Target directory"
msgstr "Dossier ciblé" msgstr "Dossier ciblé"
#: pg-view/ht/add-dns.php:41 pg-view/ht/add-onion.php:12 #: pg-view/ht/add-dns.php:44 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18 #: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18
msgid "Setup access" msgid "Setup access"
msgstr "Créer l'accès" msgstr "Créer l'accès"

46
locales/messages.pot
View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-07-31 01:03+0200\n" "POT-Creation-Date: 2023-09-10 22:30+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -311,10 +311,6 @@ msgstr ""
msgid "Choose what SSH key can edit what directory" msgid "Choose what SSH key can edit what directory"
msgstr "" msgstr ""
#: router.php:68
msgid "This account doesn't exist anymore. Log out to end this ghost session."
msgstr ""
#: router.php:106 view.php:40 #: router.php:106 view.php:40
msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it." msgid "This service is currently under maintenance. No action can be taken on it until an administrator finishes repairing it."
msgstr "" msgstr ""
@ -370,7 +366,7 @@ msgstr ""
msgid "<strong>Server error</strong>: " msgid "<strong>Server error</strong>: "
msgstr "" msgstr ""
#: fn/common.php:155 #: fn/common.php:156
msgid "Wrong proof." msgid "Wrong proof."
msgstr "" msgstr ""
@ -459,7 +455,7 @@ msgstr ""
#: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25 #: pg-act/ht/add-dns.php:13 pg-act/ht/add-dns.php:19 pg-act/ht/add-dns.php:25
#, php-format #, php-format
msgid "Can't retrieve the %s record." msgid "Can't retrieve the %1$s record for domain %2$s."
msgstr "" msgstr ""
#: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21 #: pg-act/ht/add-dns.php:15 pg-act/ht/add-dns.php:21
@ -468,7 +464,8 @@ msgid "This domain must have %2$s as its only %1$s record."
msgstr "" msgstr ""
#: pg-act/ht/add-dns.php:27 #: pg-act/ht/add-dns.php:27
msgid "No TXT record with the expected format has been found." #, php-format
msgid "No TXT record with the expected format has been found on domain %s."
msgstr "" msgstr ""
#: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50 #: pg-act/ht/add-dns.php:48 pg-act/ht/add-onion.php:50
@ -548,15 +545,20 @@ msgstr ""
msgid "This zone already exists on the service." msgid "This zone already exists on the service."
msgstr "" msgstr ""
#: pg-act/ns/zone-add.php:18 #: pg-act/ns/zone-add.php:11
msgid "Parent zone's name servers not found." msgid "Parent zone's name servers not found."
msgstr "" msgstr ""
#: pg-act/ns/zone-add.php:30 pg-act/reg/transfer.php:24 #: pg-act/ns/zone-add.php:17
#, php-format
msgid "The %s first tried name servers failed to answer."
msgstr ""
#: pg-act/ns/zone-add.php:27 pg-act/reg/transfer.php:16
msgid "NS authentication record not found." msgid "NS authentication record not found."
msgstr "" msgstr ""
#: pg-act/ns/zone-add.php:67 #: pg-act/ns/zone-add.php:64
msgid "Zone created." msgid "Zone created."
msgstr "" msgstr ""
@ -608,7 +610,7 @@ msgstr ""
msgid "The current account already owns this domain." msgid "The current account already owns this domain."
msgstr "" msgstr ""
#: pg-act/reg/transfer.php:39 #: pg-act/reg/transfer.php:31
msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted." msgid "The domain has been transferred to the current account ; the NS authentication record has been automatically deleted."
msgstr "" msgstr ""
@ -731,26 +733,36 @@ msgid "Update username"
msgstr "" msgstr ""
#: pg-view/ht/add-dns.php:3 #: pg-view/ht/add-dns.php:3
msgid "A Let's Encrypt certificate will be obtained." msgid "A Let's Encrypt certificate will be obtained for this domain."
msgstr "" msgstr ""
#: pg-view/ht/add-dns.php:7 #: pg-view/ht/add-dns.php:7
msgid "The domain must have the following records when the form is being processed." #, php-format
msgid "The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard \"ALIAS\", \"synchronized\" or \"flattened CNAME\" record for an apex domain. You may alternatively manually copy records values, but it'll require a manual update when these values change."
msgstr "" msgstr ""
#: pg-view/ht/add-dns.php:30 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33 #: pg-view/ht/add-dns.php:11
msgid "Required values (for manual copy)"
msgstr ""
#: pg-view/ht/add-dns.php:29
#, php-format
msgid "Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed."
msgstr ""
#: pg-view/ht/add-dns.php:33 pg-view/ns/form.ns.php:9 pg-view/ns/print.php:33
#: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10 #: pg-view/ns/zone-add.php:7 pg-view/reg/glue.php:5 pg-view/reg/print.php:10
#: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2 #: pg-view/reg/register.php:12 pg-view/reg/select-domain.inc.php:2
#: pg-view/reg/unregister.php:7 #: pg-view/reg/unregister.php:7
msgid "Domain" msgid "Domain"
msgstr "" msgstr ""
#: pg-view/ht/add-dns.php:32 pg-view/ht/add-onion.php:3 #: pg-view/ht/add-dns.php:35 pg-view/ht/add-onion.php:3
#: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9 #: pg-view/ht/add-subdomain.php:9 pg-view/ht/add-subpath.php:9
msgid "Target directory" msgid "Target directory"
msgstr "" msgstr ""
#: pg-view/ht/add-dns.php:41 pg-view/ht/add-onion.php:12 #: pg-view/ht/add-dns.php:44 pg-view/ht/add-onion.php:12
#: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18 #: pg-view/ht/add-subdomain.php:18 pg-view/ht/add-subpath.php:18
msgid "Setup access" msgid "Setup access"
msgstr "" msgstr ""

14
pg-act/ht/add-dns.php
View file

@ -10,23 +10,23 @@ if (query('select', 'sites', ['address' => $_POST['domain']], 'address') !== [])
$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA); $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
if (is_array($remoteAaaaRecords) !== true) if (is_array($remoteAaaaRecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'AAAA')); output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'AAAA', '<code>' . htmlspecialchars($_POST['domain']) . '</code>'));
if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true) if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'AAAA', '<code>' . CONF['ht']['ipv6_address'] . '</code>')); output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'AAAA', '<code>' . CONF['ht']['ipv6_address'] . '</code>'));
$remoteARecords = dns_get_record($_POST['domain'], DNS_A); $remoteARecords = dns_get_record($_POST['domain'], DNS_A);
if (is_array($remoteARecords) !== true) if (is_array($remoteARecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'A')); output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'A', '<code>' . htmlspecialchars($_POST['domain']) . '</code>'));
if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true) if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'A', '<code>' . CONF['ht']['ipv4_address'] . '</code>')); output(403, sprintf(_('This domain must have %2$s as its only %1$s record.'), 'A', '<code>' . CONF['ht']['ipv4_address'] . '</code>'));
$remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT); $remoteTXTRecords = dns_get_record('_auth.' . $_POST['domain'], DNS_TXT);
if (is_array($remoteTXTRecords) !== true) if (is_array($remoteTXTRecords) !== true)
output(500, sprintf(_('Can\'t retrieve the %s record.'), 'TXT')); output(500, sprintf(_('Can\'t retrieve the %1$s record for domain %2$s.'), 'TXT', '<code>_auth.' . htmlspecialchars($_POST['domain']) . '</code>'));
if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=([0-9a-f]{8})-([0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1) if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1)
output(403, _('No TXT record with the expected format has been found.')); output(403, sprintf(_('No TXT record with the expected format has been found on domain %s.'), '<code>_auth.' . htmlspecialchars($_POST['domain']) . '</code>'));
checkAuthToken($matches[1], $matches[2]); checkAuthToken($matches['salt'], $matches['hash']);
rateLimit(); rateLimit();

43
pg-view/ht/add-dns.php
View file

@ -1,30 +1,33 @@
<?php declare(strict_types=1); ?> <?php declare(strict_types=1); ?>
<p> <p>
<?= _('A Let\'s Encrypt certificate will be obtained.') ?> <?= _('A Let\'s Encrypt certificate will be obtained for this domain.') ?>
</p> </p>
<p> <p>
<?= _('The domain must have the following records when the form is being processed.') ?> <?= sprintf(_('The AAAA, A and CAA records for the domain must resolve to the same values as %s. This can be done by creating a CNAME record pointing to this domain for a non-apex domain, or using a nonstandard "ALIAS", "synchronized" or "flattened CNAME" record for an apex domain. You may alternatively manually copy records values, but it\'ll require a manual update when these values change.'), '<code>' . CONF['ht']['cname'] . '</code>') ?>
</p> </p>
<dl> <details>
<dt><code>AAAA</code></dt> <summary><?= _('Required values (for manual copy)') ?></summary>
<dd> <dl>
<code><?= CONF['ht']['ipv6_address'] ?></code> <dt><code>AAAA</code></dt>
</dd> <dd>
<dt><code>A</code></dt> <code><?= CONF['ht']['ipv6_address'] ?></code>
<dd> </dd>
<code><?= CONF['ht']['ipv4_address'] ?></code> <dt><code>A</code></dt>
</dd> <dd>
<dt><code>TXT</code></dt> <code><?= CONF['ht']['ipv4_address'] ?></code>
<dd> </dd>
<code><?= SERVER_NAME ?>_domain-verification=<?= getAuthToken() ?></code> <dt><code>CAA</code></dt>
</dd> <dd>
<dt><code>CAA</code></dt> <code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
<dd> </dd>
<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code> </dl>
</dd> </details>
</dl>
<p>
<?= sprintf(_('Also, to prove that you own this domain, its subdomain %1$s must have a TXT record equal to %2$s when the form is being processed.'), '<code>_auth</code>', '<code>' . SERVER_NAME . '_domain-verification=' . getAuthToken() . '</code>') ?>
</p>
<form method="post"> <form method="post">
<label for="domain"><?= _('Domain') ?></label><br> <label for="domain"><?= _('Domain') ?></label><br>