-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
155 lines (132 loc) · 3.92 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
const {
util, dnssec, Zone,
wire: {
Record,
CNAMERecord,
NSRecord,
SOARecord,
Message,
Question,
types,
typesByVal,
codes
}
} = require('bns');
const base32 = require('bs32');
const blake3 = require('blake3');
const { getAlias } = require('./alias');
const { ds, zsk, zskPriv, signResponse } = require('./dnssec');
const { hashName } = require('./script.js');
const { Context } = require('./context.js');
const context = new Context(process.env.ALIASING_NETWORK, undefined, process.env.ALIASING_API_KEY);
const { nodeClient, network } = context;
const empty = new Zone();
module.exports = () => ({
hostname: ':data.:protocol(_aliasing|aliasing|_ns).:gateway?.',
handler
});
async function handler ({ data, protocol }, name, type, res, rc, ns) {
const dataLabels = data.split('.');
const hip5data = dataLabels[dataLabels.length - 1];
if (name.indexOf(protocol) > 0) {
return sendSOA();
}
const nameLabels = name.split('.');
const count = ns.name.split('.').length;
const subLabels = nameLabels.slice(0, nameLabels.length - count);
const firstValidIndex = subLabels.findIndex(x => x[0] !== '_');
if (!rc._aliasPassthrough) {
rc._aliasPassthrough = true;
await this.middleware(rc);
const res = rc.res;
if (firstValidIndex < 0) {
res.answer = res.answer.filter(rec => {
return rec.name === name;
});
res.authority = res.authority.filter(rec => {
return rec.name === name;
});
return sendSOA(res);
} else {
const subLabel = subLabels[subLabels.length - 1];
console.log(`[${protocol}@${ns.name}] ${name} ${type} @ ${subLabel}.${hip5data}`);
let alias
if (protocol === '_ns') {
alias = base32.encode(hashName(subLabel, hip5data));
alias = await getAlias(subLabel, hip5data, nodeClient, network);
if (!alias) {
return empty.resolve(name, type);
}
} else {
alias = base32.encode(blake3.hash(subLabel+hip5data));
}
alias = util.fqdn(alias)
const top = nameLabels.slice(nameLabels.length - (count + 1)).join('.');
const cname = name.replace(top, alias);
if (process.env.ALIASING_CNAME) {
const rr = new Record();
rr.name = name;
rr.type = types.CNAME;
rr.ttl = 0;
rr.data = new CNAMERecord();
rr.data.target = cname;
rc.res.answer = [rr];
signResponse(rc.res, zsk, zskPriv);
return null;
}
if (process.env.ALIASING_NS || protocol === '_ns') {
const rr = new Record();
rr.name = name;
rr.type = types.NS;
rr.ttl = 0;
rr.data = new NSRecord();
rr.data.ns = alias;
rc.res.answer = [rr];
signResponse(rc.res, zsk, zskPriv);
return null;
}
// default mode for now, prob switching to ns to relieve gateways of trust burden
if (process.env.ALIASING_PROXY || true) {
const res = await this.stub.lookup(cname, types[type]);
res.question = rc.res.question;
const signed = signResponse(res, zsk, zskPriv, rec => {
rec.name = rec.name.replace(cname, name);
});
rc.res = res;
return null;
}
}
}
return null;
}
function serial () {
const date = new Date();
const y = date.getUTCFullYear() * 1e6;
const m = (date.getUTCMonth() + 1) * 1e4;
const d = date.getUTCDate() * 1e2;
const h = date.getUTCHours();
return y + m + d + h;
}
function toSOA () {
const rr = new Record();
const rd = new SOARecord();
rr.name = '.';
rr.type = types.SOA;
rr.ttl = 86400;
rr.data = rd;
rd.ns = '.';
rd.mbox = '.';
rd.serial = serial();
rd.refresh = 1800;
rd.retry = 900;
rd.expire = 604800;
rd.minttl = 21600;
return rr;
}
function sendSOA (res) {
res = res || new Message();
res.aa = true;
res.authority.push(toSOA());
dnssec.signType(res.authority, types.SOA, zsk, zskPriv);
return res;
}