forked from dat-ecosystem-archive/dat-dns
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
377 lines (345 loc) · 12.5 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
const debug = require('debug')('dat')
const url = require('url')
const https = require('https')
const Emitter = require('events')
const { stringify } = require('querystring')
const memoryCache = require('./cache')
const callMeMaybe = require('call-me-maybe')
const concat = require('concat-stream')
const DAT_HASH_REGEX = /^[0-9a-f]{64}?$/i
const DAT_PROTOCOL_REGEX = /^dat:\/\/([0-9a-f]{64})/i
const DAT_RECORD_NAME = 'dat'
const DAT_TXT_REGEX = /"?datkey=([0-9a-f]{64})"?/i
const VERSION_REGEX = /(\+[^\/]+)$/
const DEFAULT_DAT_DNS_TTL = 3600 // 1hr
const MAX_DAT_DNS_TTL = 3600 * 24 * 7 // 1 week
const DEFAULT_DNS_PROVIDERS = [['cloudflare-dns.com', 443, '/dns-query'], ['dns.google', 443, '/resolve'], ['dns.quad9.net', 5053, '/dns-query'], ['doh.opendns.com', 443, '/dns-query']]
// helper to support node6
function _asyncToGenerator (fn) { return function () { var gen = fn.apply(this, arguments); return new Promise(function (resolve, reject) { function step (key, arg) { try { var info = gen[key](arg); var value = info.value } catch (error) { reject(error); return } if (info.done) { resolve(value) } else { return Promise.resolve(value).then(function (value) { step('next', value) }, function (err) { step('throw', err) }) } } return step('next') }) } }
// helper to call promise-generating function
function maybe (cb, p) {
if (typeof p === 'function') {
p = p()
}
return callMeMaybe(cb, p)
}
module.exports = function (datDnsOpts) {
datDnsOpts = datDnsOpts || {}
if (datDnsOpts.hashRegex && !(datDnsOpts.hashRegex instanceof RegExp)) { throw new Error('opts.hashRegex must be a RegExp object') }
if (datDnsOpts.txtRegex && !(datDnsOpts.txtRegex instanceof RegExp)) { throw new Error('opts.txtRegex must be a RegExp object') }
if (datDnsOpts.protocolRegex && !(datDnsOpts.protocolRegex instanceof RegExp)) { throw new Error('opts.protocolRegex must be a RegExp object') }
var hashRegex = datDnsOpts.hashRegex || DAT_HASH_REGEX
var dnsTxtRegex = datDnsOpts.txtRegex || DAT_TXT_REGEX
var protocolRegex = datDnsOpts.protocolRegex || DAT_PROTOCOL_REGEX
var recordName = datDnsOpts.recordName || DAT_RECORD_NAME
var pCache = datDnsOpts.persistentCache
var mCache = memoryCache()
mCache.init({
ttl: 60,
interval: datDnsOpts.cacheCleanSeconds || 60,
});
var dnsHost
var dnsPort
var dnsPath
if (!datDnsOpts.dnsHost || !datDnsOpts.dnsPath) {
let dnsProvider = DEFAULT_DNS_PROVIDERS[Math.floor(Math.random() * DEFAULT_DNS_PROVIDERS.length)]
dnsHost = dnsProvider[0]
dnsPort = dnsProvider[1]
dnsPath = dnsProvider[2]
} else {
dnsHost = datDnsOpts.dnsHost
dnsPort = datDnsOpts.dnsPort || 443
dnsPath = datDnsOpts.dnsPath
}
var datDns = new Emitter()
function resolveName (name, opts, cb) {
if (typeof opts === 'function') {
cb = opts
opts = null
}
var ignoreCache = opts && opts.ignoreCache
var ignoreCachedMiss = opts && opts.ignoreCachedMiss
var noDnsOverHttps = opts && opts.noDnsOverHttps
var noWellknownDat = opts && opts.noWellknownDat
return maybe(cb, _asyncToGenerator(function * () {
// parse the name as needed
var nameParsed = url.parse(name)
name = nameParsed.hostname || nameParsed.pathname
// strip the version
name = name.replace(VERSION_REGEX, '')
// is it a hash?
if (hashRegex.test(name)) {
return name.slice(0, 64)
}
try {
// check the cache
if (!ignoreCache) {
const cachedKey = mCache.get(name)
if (typeof cachedKey !== 'undefined') {
if (cachedKey || (!cachedKey && !ignoreCachedMiss)) {
debug('In-memory cache hit for name', name, cachedKey)
if (cachedKey) return cachedKey
else throw new Error('DNS record not found') // cached miss
}
}
}
var res
if (!noDnsOverHttps) {
try {
// do a DNS-over-HTTPS lookup
res = yield fetchDnsOverHttpsRecord(datDns, name, { host: dnsHost, port: dnsPort, path: dnsPath })
// parse the record
res = parseDnsOverHttpsRecord(datDns, name, res.body, dnsTxtRegex)
datDns.emit('resolved', {
method: 'dns-over-https',
name,
key: res.key
})
debug('dns-over-http resolved', name, 'to', res.key)
} catch (e) {
// ignore, we'll try .well-known/`${recordName}` next
res = false
}
}
if (!res && !noWellknownDat) {
// do a .well-known/`${recordName}` lookup
let redirect_count = 0;
let fetch_well_known_host = name;
let fetch_well_known_path = recordName;
while (redirect_count < 7) {
res = yield fetchWellKnownRecord(fetch_well_known_host, fetch_well_known_path)
if (res.statusCode === 200) {
break;
} else if (res.statusCode === 0 || res.statusCode === 404) {
debug('.well-known/' + recordName + ' lookup failed for name:', name, res.statusCode, res.err)
datDns.emit('failed', {
method: 'well-known',
name,
err: 'HTTP code ' + res.statusCode + ' ' + res.err
})
mCache.set(name, false, 60) // cache the miss for a minute
throw new Error('DNS record error or not found')
} else if ([301, 302, 307, 308].includes(res.statusCode)) {
if (redirect_count >= 6)
{
debug('.well-known/' + recordName + ' lookup exceeded redirection limit', name, res.statusCode)
throw new Error('DNS record lookup exceeded redirection limit')
}
debug('.well-known/' + recordName + ' lookup redirected name:', name, res.statusCode)
if (!'location' in res.headers)
{
debug('.well-known/' + recordName + ' lookup redirect did not contain destination Location header:', name, res.statusCode)
throw new Error('DNS record redirected to nowhere')
}
// resolve relative paths with original URL as base URL
let redirect_uri = new URL(res.headers['location'], 'https://' + fetch_well_known_host);
if (redirect_uri.protocol != 'https:')
{
debug('.well-known/' + recordName + ' lookup redirected name to protocol other than https:', name, res.statusCode)
throw new Error('DNS record redirected to non https: protocol')
}
fetch_well_known_host = redirect_uri.host
fetch_well_known_path = redirect_uri.pathname + redirect_uri.search
redirect_count++;
continue;
} else if (res.statusCode !== 200) {
debug('.well-known/' + recordName + ' lookup failed for name:', name, res.statusCode)
datDns.emit('failed', {
method: 'well-known',
name,
err: 'HTTP code ' + res.statusCode
})
throw new Error('DNS record did not return OK status')
}
}
// parse the record
res = parseWellknownDatRecord(datDns, name, res.body, protocolRegex, recordName)
datDns.emit('resolved', {
method: 'well-known',
name,
key: res.key
})
debug('.well-known/' + recordName + ' resolved', name, 'to', res.key)
}
// cache
if (res.ttl !== 0) mCache.set(name, res.key, res.ttl)
if (pCache) pCache.write(name, res.key, res.ttl)
return res.key
} catch (err) {
if (pCache) {
// read from persistent cache on failure
return pCache.read(name, err)
}
throw err
}
}))
}
function listCache () {
return mCache.list()
}
function flushCache () {
datDns.emit('cache-flushed')
mCache.flush()
}
datDns.resolveName = resolveName
datDns.listCache = listCache
datDns.flushCache = flushCache
return datDns
}
function fetchDnsOverHttpsRecord (datDns, name, { host, port, path }) {
return new Promise((resolve, reject) => {
// ensure the name is a FQDN
if (!name.includes('.')) {
debug('dns-over-https failed', name, 'Not an a FQDN')
datDns.emit('failed', {
method: 'dns-over-https',
name,
err: 'Name is not a FQDN'
})
reject(new Error('Domain is not a FQDN.'))
} else if (!name.endsWith('.')) {
name = name + '.'
}
var query = {
name,
type: 'TXT'
}
debug('dns-over-https lookup for name:', name)
https.get({
host,
port,
path: `${path}?${stringify(query)}`,
// Cloudflare requires this exact header; luckily everyone else ignores it
headers: {
'Accept': 'application/dns-json'
},
timeout: 2000
}, function (res) {
res.setEncoding('utf-8')
res.pipe(concat(body => resolve({ statusCode: res.statusCode, body })))
}).on('error', function (err) {
resolve({ statusCode: 0, err, body: '' })
})
})
}
function parseDnsOverHttpsRecord (datDns, name, body, dnsTxtRegex) {
// decode to obj
var record
try {
record = JSON.parse(body)
} catch (e) {
debug('dns-over-https failed', name, 'did not give a valid JSON response')
datDns.emit('failed', {
method: 'dns-over-https',
name,
err: 'Failed to parse JSON response'
})
throw new Error('Invalid dns-over-https record, must provide json')
}
// find valid answers
var answers = record['Answer']
if (!answers || !Array.isArray(answers)) {
debug('dns-over-https failed', name, 'did not give any TXT answers')
datDns.emit('failed', {
method: 'dns-over-https',
name,
err: 'Did not give any TXT answers'
})
throw new Error('Invalid dns-over-https record, no TXT answers given')
}
answers = answers.filter(a => {
if (!a || typeof a !== 'object') {
return false
}
if (typeof a.data !== 'string') {
return false
}
var match = dnsTxtRegex.exec(a.data)
if (!match) {
return false
}
a.key = match[1]
return true
})
if (!answers[0]) {
debug('dns-over-https failed', name, 'did not give any TXT answers')
datDns.emit('failed', {
method: 'dns-over-https',
name,
err: 'Did not give any TXT answers'
})
throw new Error('Invalid dns-over-https record, no TXT answer given')
}
// put together res
var res = { key: answers[0].key, ttl: answers[0].TTL }
if (!Number.isSafeInteger(res.ttl) || res.ttl < 0) {
res.ttl = DEFAULT_DAT_DNS_TTL
}
if (res.ttl > MAX_DAT_DNS_TTL) {
res.ttl = MAX_DAT_DNS_TTL
}
return res
}
function fetchWellKnownRecord (name, recordName) {
return new Promise((resolve, reject) => {
debug('.well-known/dat lookup for name:', name)
if (!recordName.startsWith('/'))
{
recordName = '/.well-known/' + recordName
}
https.get({
host: name,
path: recordName,
timeout: 2000
}, function (res) {
res.setEncoding('utf-8')
res.pipe(concat(body => resolve({ statusCode: res.statusCode, headers: res.headers, body })))
}).on('error', function (err) {
resolve({ statusCode: 0, err, body: '' })
})
})
}
function parseWellknownDatRecord (datDns, name, body, protocolRegex, recordName) {
if (!body || typeof body !== 'string') {
datDns.emit('failed', {
method: 'well-known',
name,
err: 'Empty response'
})
throw new Error('DNS record not found')
}
const lines = body.split('\n')
var key, ttl
// parse url
try {
key = protocolRegex.exec(lines[0])[1]
} catch (e) {
debug('.well-known/' + recordName + ' failed', name, 'must conform to ' + protocolRegex)
datDns.emit('failed', {
method: 'well-known',
name,
err: 'Record did not conform to ' + protocolRegex
})
throw new Error('Invalid .well-known/' + recordName + ' record, must conform to' + protocolRegex)
}
// parse ttl
try {
if (lines[1]) {
ttl = +(/^ttl=(\d+)$/i.exec(lines[1])[1])
}
} catch (e) {
datDns.emit('failed', {
method: 'well-known',
name,
err: 'Failed to parse TTL line, error: ' + e.toString()
})
debug('.well-known/' + recordName + ' failed to parse TTL for %s, line: %s, error:', name, lines[1], e)
}
if (!Number.isSafeInteger(ttl) || ttl < 0) {
ttl = DEFAULT_DAT_DNS_TTL
}
if (ttl > MAX_DAT_DNS_TTL) {
ttl = MAX_DAT_DNS_TTL
}
return { key, ttl }
}