adjust schema and worker validation

Author: Soxasora

api/resolvers/sub.js

@@ -311,6 +311,7 @@ export default {
           return await models.customDomain.create({
             data: {
               domain,
+              dnsState: 'PENDING',
               cname: 'todo', // TODO: explore other options
               verificationTxt: randomBytes(32).toString('base64'), // TODO: explore other options
               sub: {

api/typeDefs/sub.js

@@ -14,12 +14,12 @@ export default gql`
     updatedAt: Date!
     domain: String!
     subName: String!
-    dnsState: String!
-    sslState: String!
+    dnsState: String
+    sslState: String
     certificateArn: String
     lastVerifiedAt: Date
-    cname: String!
-    verificationTxt: String!
+    cname: String
+    verificationTxt: String
   }
 
   type Subs {

prisma/migrations/20250304121322_custom_domains/migration.sql

@@ -5,12 +5,12 @@ CREATE TABLE "CustomDomain" (
     "updated_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
     "domain" TEXT NOT NULL,
     "subName" CITEXT NOT NULL,
-    "dnsState" TEXT NOT NULL DEFAULT 'PENDING',
-    "sslState" TEXT NOT NULL DEFAULT 'PENDING',
+    "dnsState" TEXT,
+    "sslState" TEXT,
     "certificateArn" TEXT,
     "lastVerifiedAt" TIMESTAMP(3),
-    "cname" TEXT NOT NULL,
-    "verificationTxt" TEXT NOT NULL,
+    "cname" TEXT,
+    "verificationTxt" TEXT,
 
     CONSTRAINT "CustomDomain_pkey" PRIMARY KEY ("id")
 );

prisma/schema.prisma

@@ -1207,12 +1207,12 @@ model CustomDomain {
   updatedAt         DateTime  @default(now()) @updatedAt @map("updated_at")
   domain            String    @unique
   subName           String    @unique @db.Citext
-  dnsState          String    @default("PENDING")
-  sslState          String    @default("PENDING")
-  certificateArn    String
+  dnsState          String?
+  sslState          String?
+  certificateArn    String?
   lastVerifiedAt    DateTime?
-  cname             String
-  verificationTxt   String
+  cname             String?
+  verificationTxt   String?
   sub               Sub       @relation(fields: [subName], references: [name], onDelete: Cascade, onUpdate: Cascade)
   
   @@index([domain])

worker/domainVerification.js

@@ -9,37 +9,40 @@ export async function domainVerification () {
     const domains = await models.customDomain.findMany()
 
     for (const domain of domains) {
-      const { domain: domainName, verificationTxt, cname, id } = domain
+      const { domain: domainName, dnsState, sslState, certificateArn, verificationTxt, cname, id } = domain
       try {
         const data = { lastVerifiedAt: new Date() }
         // DNS verification
-        if (domain.dnsState === 'PENDING' || domain.dnsState === 'FAILED') {
+        if (dnsState === 'PENDING' || dnsState === 'FAILED') {
           const { txtValid, cnameValid } = await verifyDomainDNS(domainName, verificationTxt, cname)
           console.log(`${domainName}: TXT ${txtValid ? 'valid' : 'invalid'}, CNAME ${cnameValid ? 'valid' : 'invalid'}`)
           data.dnsState = txtValid && cnameValid ? 'VERIFIED' : 'FAILED'
         }
 
         // SSL issuing
-        if (domain.dnsState === 'VERIFIED' && (domain.sslState === 'NOT_ISSUED' || domain.sslState === 'FAILED')) {
+        if (dnsState === 'VERIFIED' && (!certificateArn || sslState === 'FAILED')) {
           const certificateArn = await issueDomainCertificate(domainName)
           console.log(`${domainName}: Certificate issued: ${certificateArn}`)
           if (certificateArn) {
             const sslState = await checkCertificateStatus(certificateArn)
             console.log(`${domainName}: Issued certificate status: ${sslState}`)
             if (sslState) data.sslState = sslState
             data.certificateArn = certificateArn
+          } else {
+            data.sslState = 'FAILED'
           }
         }
 
         // SSL checking
-        if (domain.dnsState === 'VERIFIED' && domain.sslState === 'PENDING') {
-          const sslState = await checkCertificateStatus(domain.certificateArn)
+        if (dnsState === 'VERIFIED' && sslState === 'PENDING') {
+          const sslState = await checkCertificateStatus(certificateArn)
           console.log(`${domainName}: Certificate status: ${sslState}`)
           if (sslState) data.sslState = sslState
         }
 
         await models.customDomain.update({ where: { id }, data })
       } catch (error) {
+        // TODO: this considers only DNS verification errors, we should also consider SSL verification errors
         console.error(`Failed to verify domain ${domainName}:`, error)
 
         // TODO: DNS inconcistencies can happen, we should retry at least 3 times before marking it as FAILED