switch to AWS localstack; mock ACM integration; add certificate DNS values; show DNS configs on territory edit

Author: Soxasora

.env.development

@@ -170,6 +170,7 @@ AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
 AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 PERSISTENCE=1
 SKIP_SSL_CERT_DOWNLOAD=1
+LOCALSTACK_ENDPOINT=http://localhost:4566
 
 # tor proxy
 TOR_PROXY=http://tor:7050/

api/acm/index.js

@@ -1,10 +1,22 @@
-import { ACM } from 'aws-sdk'
-// TODO: skeleton
+import AWS from 'aws-sdk'
+// TODO: boilerplate
 
-const region = 'us-east-1' // cloudfront ACM is in us-east-1
-const acm = new ACM({ region })
+AWS.config.update({
+  region: 'us-east-1'
+})
+
+const config = {
+  s3ForcePathStyle: process.env.NODE_ENV === 'development'
+}
 
 export async function requestCertificate (domain) {
+  // for local development, we use the LOCALSTACK_ENDPOINT which
+  // is reachable from the host machine
+  if (process.env.NODE_ENV === 'development') {
+    config.endpoint = process.env.LOCALSTACK_ENDPOINT
+  }
+
+  const acm = new AWS.ACM(config)
   const params = {
     DomainName: domain,
     ValidationMethod: 'DNS',
@@ -20,7 +32,18 @@ export async function requestCertificate (domain) {
   return certificate.CertificateArn
 }
 
-export async function getCertificateStatus (certificateArn) {
+export async function describeCertificate (certificateArn) {
+  // for local development, we use the LOCALSTACK_ENDPOINT which
+  // is reachable from the host machine
+  if (process.env.NODE_ENV === 'development') {
+    config.endpoint = process.env.LOCALSTACK_ENDPOINT
+  }
+  const acm = new AWS.ACM(config)
   const certificate = await acm.describeCertificate({ CertificateArn: certificateArn }).promise()
+  return certificate
+}
+
+export async function getCertificateStatus (certificateArn) {
+  const certificate = await describeCertificate(certificateArn)
   return certificate.Certificate.Status
 }

api/resolvers/sub.js

@@ -312,7 +312,6 @@ export default {
             data: {
               domain,
               dnsState: 'PENDING',
-              cname: 'todo', // TODO: explore other options
               verificationTxt: randomBytes(32).toString('base64'), // TODO: explore other options
               sub: {
                 connect: { name: subName }

api/typeDefs/sub.js

@@ -18,7 +18,8 @@ export default gql`
     sslState: String
     certificateArn: String
     lastVerifiedAt: Date
-    cname: String
+    verificationCname: String
+    verificationCnameValue: String
     verificationTxt: String
   }
 

components/territory-domains.js

@@ -1,7 +1,6 @@
 import { Badge } from 'react-bootstrap'
 import { Form, Input, SubmitButton } from './form'
 import { gql, useMutation } from '@apollo/client'
-import Info from './info'
 import { customDomainSchema } from '@/lib/validate'
 import ActionTooltip from './action-tooltip'
 import { useToast } from '@/components/toast'
@@ -77,23 +76,6 @@ export default function CustomDomainForm ({ sub }) {
                       {getStatusBadge(sub.customDomain.dnsState)}
                     </ActionTooltip>
                     {getSSLStatusBadge(sub.customDomain.sslState)}
-                    {sub.customDomain.dnsState === 'PENDING' && (
-                      <Info>
-                        <h6>Verify your domain</h6>
-                        <p>Add the following DNS records to verify ownership of your domain:</p>
-                        <pre>
-                          CNAME record:
-                          Host: @
-                          Value: stacker.news
-                        </pre>
-                      </Info>
-                    )}
-                    {sub.customDomain.sslState === 'PENDING' && (
-                      <Info>
-                        <h6>SSL certificate pending</h6>
-                        <p>Our system will issue an SSL certificate for your domain.</p>
-                      </Info>
-                    )}
                   </div>
                 </>
               )}
@@ -105,6 +87,38 @@ export default function CustomDomainForm ({ sub }) {
         {/* TODO: toaster */}
         <SubmitButton variant='primary' className='mt-3'>save</SubmitButton>
       </div>
+      {(sub.customDomain.dnsState === 'PENDING' || sub.customDomain.dnsState === 'FAILED') && (
+        <>
+          <h6>Verify your domain</h6>
+          <p>Add the following DNS records to verify ownership of your domain:</p>
+          <pre>
+            CNAME:
+            Host: @
+            Value: stacker.news
+          </pre>
+          <pre>
+            TXT:
+            Host: @
+            Value: ${sub.customDomain.verificationTxt}
+          </pre>
+        </>
+      )}
+      {sub.customDomain.sslState === 'PENDING' && (
+        <>
+          <h6>SSL verification pending</h6>
+          <p>We issued an SSL certificate for your domain.</p>
+          <pre>
+            CNAME:
+            Host: ${sub.customDomain.verificationCname}
+            Value: ${sub.customDomain.verificationCnameValue}
+          </pre>
+          <pre>
+            TXT:
+            Host: @
+            Value: ${sub.customDomain.verificationTxt}
+          </pre>
+        </>
+      )}
     </Form>
   )
 }

docker-compose.yml

@@ -136,9 +136,9 @@ services:
     labels:
       - "CONNECT=localhost:3001"
     cpu_shares: "${CPU_SHARES_LOW}"
-  s3:
-    container_name: s3
-    image: localstack/localstack:s3-latest
+  aws:
+    container_name: aws
+    image: localstack/localstack:latest
     # healthcheck:
     #   test: ["CMD-SHELL", "awslocal", "s3", "ls", "s3://uploads"]
     #   interval: 10s
@@ -156,9 +156,9 @@ services:
     expose:
       - "4566"
     volumes:
-      - 's3:/var/lib/localstack'
-      - './docker/s3/init-s3.sh:/etc/localstack/init/ready.d/init-s3.sh'
-      - './docker/s3/cors.json:/etc/localstack/init/ready.d/cors.json'
+      - 'aws:/var/lib/localstack'
+      - './docker/aws/s3/init-s3.sh:/etc/localstack/init/ready.d/init-s3.sh'
+      - './docker/aws/s3/cors.json:/etc/localstack/init/ready.d/cors.json'
     labels:
       - "CONNECT=localhost:4566"
     cpu_shares: "${CPU_SHARES_LOW}"
@@ -829,7 +829,7 @@ volumes:
   lnd:
   cln:
   router_lnd:
-  s3:
+  aws:
   nwc_send:
   nwc_recv:
   tordata:

docker/s3/cors.json renamed to docker/aws/s3/cors.json

@@ -44,7 +44,8 @@ export const SUB_FIELDS = gql`
       sslState
       certificateArn
       lastVerifiedAt
-      cname
+      verificationCname
+      verificationCnameValue
       verificationTxt
     }
   }`

docker/s3/init-s3.sh renamed to docker/aws/s3/init-s3.sh

@@ -1,4 +1,4 @@
-import { requestCertificate, getCertificateStatus } from '@/api/acm'
+import { requestCertificate, getCertificateStatus, describeCertificate } from '@/api/acm'
 import { promises as dnsPromises } from 'node:dns'
 
 // TODO: skeleton
@@ -25,7 +25,7 @@ export async function checkCertificateStatus (certificateArn) {
   // map ACM statuses
   switch (certStatus) {
     case 'ISSUED':
-      return 'ISSUED'
+      return 'VERIFIED'
     case 'PENDING_VALIDATION':
       return 'PENDING'
     case 'VALIDATION_TIMED_OUT':
@@ -36,7 +36,26 @@ export async function checkCertificateStatus (certificateArn) {
   }
 }
 
-export async function verifyDomainDNS (domainName, verificationTxt, cname) {
+export async function certDetails (certificateArn) {
+  try {
+    const certificate = await describeCertificate(certificateArn)
+    return certificate
+  } catch (error) {
+    console.error(`Certificate description failed: ${error.message}`)
+    return null
+  }
+}
+
+export async function getValidationValues (certificateArn) {
+  const certificate = await certDetails(certificateArn)
+  console.log(certificate.DomainValidationOptions)
+  return {
+    cname: certificate.DomainValidationOptions[0].ResourceRecord.Name,
+    value: certificate.DomainValidationOptions[0].ResourceRecord.Value
+  }
+}
+
+export async function verifyDomainDNS (domainName, verificationTxt, cname = 'parallel.soxa.dev') {
   const result = {
     txtValid: false,
     cnameValid: false,