keep verification state in PENDING instead of FAILED; use _snverify as TXT record to be checked; light cleanup

Author: Soxasora

api/resolvers/domain.js

@@ -37,41 +37,32 @@ export default {
         if (existing && existing.domain === domain && existing.status !== 'HOLD') {
           throw new GqlInputError('domain already set')
         }
+
+        const initializeDomain = {
+          domain,
+          status: 'PENDING',
+          verification: {
+            dns: {
+              state: 'PENDING',
+              cname: 'stacker.news',
+              txt: randomBytes(32).toString('base64')
+            },
+            ssl: {
+              state: 'WAITING',
+              arn: null,
+              cname: null,
+              value: null
+            }
+          }
+        }
+
         const updatedDomain = await models.customDomain.upsert({
           where: { subName },
           update: {
-            domain,
-            status: 'PENDING',
-            verification: {
-              dns: {
-                state: 'PENDING',
-                cname: 'stacker.news',
-                txt: randomBytes(32).toString('base64')
-              },
-              ssl: {
-                state: 'WAITING',
-                arn: null,
-                cname: null,
-                value: null
-              }
-            }
+            ...initializeDomain
           },
           create: {
-            domain,
-            status: 'PENDING',
-            verification: {
-              dns: {
-                state: 'PENDING',
-                cname: 'stacker.news',
-                txt: randomBytes(32).toString('base64')
-              },
-              ssl: {
-                state: 'WAITING',
-                arn: null,
-                cname: null,
-                value: null
-              }
-            },
+            ...initializeDomain,
             sub: {
               connect: { name: subName }
             }

components/territory-domains.js

@@ -74,23 +74,19 @@ const getStatusBadge = (status) => {
   switch (status) {
     case 'VERIFIED':
       return <Badge bg='success'>DNS verified</Badge>
-    case 'PENDING':
+    default:
       return <Badge bg='warning'>DNS pending</Badge>
-    case 'FAILED':
-      return <Badge bg='danger'>DNS failed</Badge>
   }
 }
 
 const getSSLStatusBadge = (status) => {
   switch (status) {
     case 'VERIFIED':
       return <Badge bg='success'>SSL verified</Badge>
-    case 'PENDING':
-      return <Badge bg='warning'>SSL pending</Badge>
-    case 'FAILED':
-      return <Badge bg='danger'>SSL failed</Badge>
     case 'WAITING':
       return <Badge bg='info'>SSL waiting</Badge>
+    default:
+      return <Badge bg='warning'>SSL pending</Badge>
   }
 }
 
@@ -172,7 +168,7 @@ const DomainGuidelines = ({ customDomain }) => {
           {dnsRecord(domain || 'www', verification?.dns?.cname)}
           <hr />
           <h6>TXT</h6>
-          {dnsRecord(domain || 'www', verification?.dns?.txt)}
+          {dnsRecord(`_snverify.${domain}`, verification?.dns?.txt)}
         </div>
       )}
       {verification?.ssl?.state === 'PENDING' && (

lib/domain-verification.js

@@ -61,6 +61,7 @@ export async function getValidationValues (certificateArn) {
 // Verify the DNS records for a custom domain
 export async function verifyDomainDNS (domainName, verificationTxt, verificationCname) {
   const cname = verificationCname || process.env.NEXT_PUBLIC_URL.replace(/^https?:\/\//, '')
+  const txtHost = `_snverify.${domainName}`
   const result = {
     txtValid: false,
     cnameValid: false,
@@ -72,7 +73,7 @@ export async function verifyDomainDNS (domainName, verificationTxt, verification
 
   // TXT Records checking
   try {
-    const txtRecords = await dnsPromises.resolve(domainName, 'TXT')
+    const txtRecords = await dnsPromises.resolve(txtHost, 'TXT')
     const txtText = txtRecords.flat().join(' ')
 
     // the TXT record should include the verificationTxt that we have in the database

worker/domainVerification.js

@@ -51,7 +51,7 @@ async function verifyDomain (domain, models) {
     await updateCertificateStatus(data)
   }
 
-  if (data.verification?.dns?.state === 'FAILED' || data.verification?.ssl?.state === 'FAILED') {
+  if (data.verification?.dns?.state === 'PENDING' || data.verification?.ssl?.state === 'PENDING') {
     data.failedAttempts += 1
     // exponential backoff at the 11th attempt is roughly 48 hours
     if (data.failedAttempts > 11) {
@@ -71,7 +71,7 @@ async function verifyDNS (data) {
   const { txtValid, cnameValid } = await verifyDomainDNS(data.domain, data.verification.dns.txt)
   console.log(`${data.domain}: TXT ${txtValid ? 'valid' : 'invalid'}, CNAME ${cnameValid ? 'valid' : 'invalid'}`)
 
-  data.verification.dns.state = txtValid && cnameValid ? 'VERIFIED' : 'FAILED'
+  data.verification.dns.state = txtValid && cnameValid ? 'VERIFIED' : 'PENDING'
   return data
 }
 
@@ -96,7 +96,7 @@ async function issueCertificate (data) {
       }
     }
   } else {
-    data.verification.ssl.state = 'FAILED'
+    data.verification.ssl.state = 'PENDING'
   }
 
   return data