fix: return an error when extracting record name (#1778)

Author: ldez

providers/dns/allinkl/allinkl.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strings"
 	"sync"
 	"time"
 
@@ -114,7 +113,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("allinkl: %w", err)
 	}
 
-	subDomain := dns01.UnFqdn(strings.TrimSuffix(fqdn, authZone))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
+	if err != nil {
+		return fmt.Errorf("allinkl: %w", err)
+	}
 
 	record := internal.DNSRequest{
 		ZoneHost:   authZone,

providers/dns/azure/azure.go

@@ -7,14 +7,12 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/Azure/go-autorest/autorest"
 	aazure "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/go-acme/lego/v4/challenge"
-	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 )
 
@@ -179,11 +177,6 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	return d.provider.CleanUp(domain, token, keyAuth)
 }
 
-// Returns the relative record to the domain.
-func toRelativeRecord(domain, zone string) string {
-	return dns01.UnFqdn(strings.TrimSuffix(domain, zone))
-}
-
 func getAuthorizer(config *Config) (autorest.Authorizer, error) {
 	if config.ClientID != "" && config.ClientSecret != "" && config.TenantID != "" {
 		credentialsConfig := auth.ClientCredentialsConfig{

providers/dns/azure/private.go

@@ -39,10 +39,13 @@ func (d *dnsProviderPrivate) Present(domain, token, keyAuth string) error {
 	rsc := privatedns.NewRecordSetsClientWithBaseURI(d.config.ResourceManagerEndpoint, d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer
 
-	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zone)
+	if err != nil {
+		return fmt.Errorf("azure: %w", err)
+	}
 
 	// Get existing record set
-	rset, err := rsc.Get(ctx, d.config.ResourceGroup, zone, privatedns.TXT, relative)
+	rset, err := rsc.Get(ctx, d.config.ResourceGroup, zone, privatedns.TXT, subDomain)
 	if err != nil {
 		var detailed autorest.DetailedError
 		if !errors.As(err, &detailed) || detailed.StatusCode != http.StatusNotFound {
@@ -68,14 +71,14 @@ func (d *dnsProviderPrivate) Present(domain, token, keyAuth string) error {
 	}
 
 	rec := privatedns.RecordSet{
-		Name: &relative,
+		Name: &subDomain,
 		RecordSetProperties: &privatedns.RecordSetProperties{
 			TTL:        to.Int64Ptr(int64(d.config.TTL)),
 			TxtRecords: &txtRecords,
 		},
 	}
 
-	_, err = rsc.CreateOrUpdate(ctx, d.config.ResourceGroup, zone, privatedns.TXT, relative, rec, "", "")
+	_, err = rsc.CreateOrUpdate(ctx, d.config.ResourceGroup, zone, privatedns.TXT, subDomain, rec, "", "")
 	if err != nil {
 		return fmt.Errorf("azure: %w", err)
 	}
@@ -92,12 +95,15 @@ func (d *dnsProviderPrivate) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("azure: %w", err)
 	}
 
-	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zone)
+	if err != nil {
+		return fmt.Errorf("azure: %w", err)
+	}
 
 	rsc := privatedns.NewRecordSetsClientWithBaseURI(d.config.ResourceManagerEndpoint, d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer
 
-	_, err = rsc.Delete(ctx, d.config.ResourceGroup, zone, privatedns.TXT, relative, "")
+	_, err = rsc.Delete(ctx, d.config.ResourceGroup, zone, privatedns.TXT, subDomain, "")
 	if err != nil {
 		return fmt.Errorf("azure: %w", err)
 	}

providers/dns/azure/public.go

@@ -39,10 +39,13 @@ func (d *dnsProviderPublic) Present(domain, token, keyAuth string) error {
 	rsc := dns.NewRecordSetsClientWithBaseURI(d.config.ResourceManagerEndpoint, d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer
 
-	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zone)
+	if err != nil {
+		return fmt.Errorf("azure: %w", err)
+	}
 
 	// Get existing record set
-	rset, err := rsc.Get(ctx, d.config.ResourceGroup, zone, relative, dns.TXT)
+	rset, err := rsc.Get(ctx, d.config.ResourceGroup, zone, subDomain, dns.TXT)
 	if err != nil {
 		var detailed autorest.DetailedError
 		if !errors.As(err, &detailed) || detailed.StatusCode != http.StatusNotFound {
@@ -68,14 +71,14 @@ func (d *dnsProviderPublic) Present(domain, token, keyAuth string) error {
 	}
 
 	rec := dns.RecordSet{
-		Name: &relative,
+		Name: &subDomain,
 		RecordSetProperties: &dns.RecordSetProperties{
 			TTL:        to.Int64Ptr(int64(d.config.TTL)),
 			TxtRecords: &txtRecords,
 		},
 	}
 
-	_, err = rsc.CreateOrUpdate(ctx, d.config.ResourceGroup, zone, relative, dns.TXT, rec, "", "")
+	_, err = rsc.CreateOrUpdate(ctx, d.config.ResourceGroup, zone, subDomain, dns.TXT, rec, "", "")
 	if err != nil {
 		return fmt.Errorf("azure: %w", err)
 	}
@@ -92,12 +95,15 @@ func (d *dnsProviderPublic) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("azure: %w", err)
 	}
 
-	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zone)
+	if err != nil {
+		return fmt.Errorf("azure: %w", err)
+	}
 
 	rsc := dns.NewRecordSetsClientWithBaseURI(d.config.ResourceManagerEndpoint, d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer
 
-	_, err = rsc.Delete(ctx, d.config.ResourceGroup, zone, relative, dns.TXT, "")
+	_, err = rsc.Delete(ctx, d.config.ResourceGroup, zone, subDomain, dns.TXT, "")
 	if err != nil {
 		return fmt.Errorf("azure: %w", err)
 	}

providers/dns/cloudns/internal/client.go

@@ -9,7 +9,6 @@ import (
 	"net/url"
 	"path"
 	"strconv"
-	"strings"
 
 	"github.com/go-acme/lego/v4/challenge/dns01"
 )
@@ -89,7 +88,10 @@ func (c *Client) GetZone(authFQDN string) (*Zone, error) {
 
 // FindTxtRecord returns the TXT record a zone ID and a FQDN.
 func (c *Client) FindTxtRecord(zoneName, fqdn string) (*TXTRecord, error) {
-	host := dns01.UnFqdn(strings.TrimSuffix(dns01.UnFqdn(fqdn), zoneName))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zoneName)
+	if err != nil {
+		return nil, err
+	}
 
 	reqURL, err := c.BaseURL.Parse(path.Join(c.BaseURL.Path, "records.json"))
 	if err != nil {
@@ -98,7 +100,7 @@ func (c *Client) FindTxtRecord(zoneName, fqdn string) (*TXTRecord, error) {
 
 	q := reqURL.Query()
 	q.Set("domain-name", zoneName)
-	q.Set("host", host)
+	q.Set("host", subDomain)
 	q.Set("type", "TXT")
 	reqURL.RawQuery = q.Encode()
 
@@ -118,7 +120,7 @@ func (c *Client) FindTxtRecord(zoneName, fqdn string) (*TXTRecord, error) {
 	}
 
 	for _, record := range records {
-		if record.Host == host && record.Type == "TXT" {
+		if record.Host == subDomain && record.Type == "TXT" {
 			return &record, nil
 		}
 	}
@@ -128,7 +130,10 @@ func (c *Client) FindTxtRecord(zoneName, fqdn string) (*TXTRecord, error) {
 
 // ListTxtRecords returns the TXT records a zone ID and a FQDN.
 func (c *Client) ListTxtRecords(zoneName, fqdn string) ([]TXTRecord, error) {
-	host := dns01.UnFqdn(strings.TrimSuffix(dns01.UnFqdn(fqdn), zoneName))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zoneName)
+	if err != nil {
+		return nil, err
+	}
 
 	reqURL, err := c.BaseURL.Parse(path.Join(c.BaseURL.Path, "records.json"))
 	if err != nil {
@@ -137,7 +142,7 @@ func (c *Client) ListTxtRecords(zoneName, fqdn string) ([]TXTRecord, error) {
 
 	q := reqURL.Query()
 	q.Set("domain-name", zoneName)
-	q.Set("host", host)
+	q.Set("host", subDomain)
 	q.Set("type", "TXT")
 	reqURL.RawQuery = q.Encode()
 
@@ -158,7 +163,7 @@ func (c *Client) ListTxtRecords(zoneName, fqdn string) ([]TXTRecord, error) {
 
 	var records []TXTRecord
 	for _, record := range raw {
-		if record.Host == host && record.Type == "TXT" {
+		if record.Host == subDomain && record.Type == "TXT" {
 			records = append(records, record)
 		}
 	}
@@ -168,7 +173,10 @@ func (c *Client) ListTxtRecords(zoneName, fqdn string) ([]TXTRecord, error) {
 
 // AddTxtRecord adds a TXT record.
 func (c *Client) AddTxtRecord(zoneName, fqdn, value string, ttl int) error {
-	host := dns01.UnFqdn(strings.TrimSuffix(dns01.UnFqdn(fqdn), zoneName))
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zoneName)
+	if err != nil {
+		return err
+	}
 
 	reqURL, err := c.BaseURL.Parse(path.Join(c.BaseURL.Path, "add-record.json"))
 	if err != nil {
@@ -177,7 +185,7 @@ func (c *Client) AddTxtRecord(zoneName, fqdn, value string, ttl int) error {
 
 	q := reqURL.Query()
 	q.Set("domain-name", zoneName)
-	q.Set("host", host)
+	q.Set("host", subDomain)
 	q.Set("record", value)
 	q.Set("ttl", strconv.Itoa(ttlRounder(ttl)))
 	q.Set("record-type", "TXT")

providers/dns/cloudns/internal/client_test.go

@@ -212,14 +212,14 @@ func TestClient_FindTxtRecord(t *testing.T) {
 		},
 		{
 			desc:        "zero records",
-			authFQDN:    "_acme-challenge.foo.com.",
-			zoneName:    "test-zone",
+			authFQDN:    "_acme-challenge.example.com.",
+			zoneName:    "example.com",
 			apiResponse: `[]`,
 		},
 		{
 			desc:        "invalid json response",
-			authFQDN:    "_acme-challenge.foo.com.",
-			zoneName:    "test-zone",
+			authFQDN:    "_acme-challenge.example.com.",
+			zoneName:    "example.com",
 			apiResponse: `[{}]`,
 			expected: expected{
 				errorMsg: "failed to unmarshall TXT records: json: cannot unmarshal array into Go value of type map[string]internal.TXTRecord: [{}]",
@@ -327,14 +327,14 @@ func TestClient_ListTxtRecord(t *testing.T) {
 		},
 		{
 			desc:        "zero records",
-			authFQDN:    "_acme-challenge.foo.com.",
-			zoneName:    "test-zone",
+			authFQDN:    "_acme-challenge.example.com.",
+			zoneName:    "example.com",
 			apiResponse: `[]`,
 		},
 		{
 			desc:        "invalid json response",
-			authFQDN:    "_acme-challenge.foo.com.",
-			zoneName:    "test-zone",
+			authFQDN:    "_acme-challenge.example.com.",
+			zoneName:    "example.com",
 			apiResponse: `[{}]`,
 			expected: expected{
 				errorMsg: "failed to unmarshall TXT records: json: cannot unmarshal array into Go value of type map[string]internal.TXTRecord: [{}]",

providers/dns/cloudxns/internal/client.go

@@ -10,7 +10,6 @@ import (
 	"io"
 	"net/http"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/go-acme/lego/v4/challenge/dns01"
@@ -127,9 +126,14 @@ func (c *Client) AddTxtRecord(info *Data, fqdn, value string, ttl int) error {
 		return fmt.Errorf("CloudXNS: invalid zone ID: %w", err)
 	}
 
+	subDomain, err := dns01.ExtractSubDomain(fqdn, info.Domain)
+	if err != nil {
+		return fmt.Errorf("CloudXNS: %w", err)
+	}
+
 	payload := TXTRecord{
 		ID:     id,
-		Host:   dns01.UnFqdn(strings.TrimSuffix(fqdn, info.Domain)),
+		Host:   subDomain,
 		Value:  value,
 		Type:   "TXT",
 		LineID: 1,

providers/dns/domeneshop/domeneshop.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/go-acme/lego/v4/challenge/dns01"
@@ -142,8 +141,10 @@ func (d *DNSProvider) splitDomain(fqdn string) (string, string, error) {
 		return "", "", err
 	}
 
-	host := dns01.UnFqdn(strings.TrimSuffix(fqdn, zone))
-	zone = dns01.UnFqdn(zone)
+	subDomain, err := dns01.ExtractSubDomain(fqdn, zone)
+	if err != nil {
+		return "", "", err
+	}
 
-	return zone, host, nil
+	return dns01.UnFqdn(zone), subDomain, nil
 }

providers/dns/dynu/dynu.go

@@ -5,13 +5,11 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"github.com/go-acme/lego/v4/providers/dns/dynu/internal"
-	"github.com/miekg/dns"
 )
 
 // Environment variables names.
@@ -117,11 +115,16 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		}
 	}
 
+	subDomain, err := dns01.ExtractSubDomain(fqdn, domain)
+	if err != nil {
+		return fmt.Errorf("dynu: %w", err)
+	}
+
 	record := internal.DNSRecord{
 		Type:       "TXT",
 		DomainName: rootDomain.DomainName,
 		Hostname:   dns01.UnFqdn(fqdn),
-		NodeName:   dns01.UnFqdn(strings.TrimSuffix(fqdn, dns.Fqdn(domain))),
+		NodeName:   subDomain,
 		TextData:   value,
 		State:      true,
 		TTL:        d.config.TTL,

providers/dns/epik/epik.go

@@ -101,8 +101,13 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("epik: %w", err)
 	}
 
+	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
+	if err != nil {
+		return fmt.Errorf("epik: %w", err)
+	}
+
 	record := internal.RecordRequest{
-		Host: dns01.UnFqdn(strings.TrimSuffix(fqdn, authZone)),
+		Host: subDomain,
 		Type: "TXT",
 		Data: value,
 		TTL:  d.config.TTL,
@@ -127,15 +132,19 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}
 
 	dom := dns01.UnFqdn(authZone)
-	host := dns01.UnFqdn(strings.TrimSuffix(fqdn, authZone))
 
 	records, err := d.client.GetDNSRecords(dom)
 	if err != nil {
 		return fmt.Errorf("epik: %w", err)
 	}
 
+	subDomain, err := dns01.ExtractSubDomain(fqdn, authZone)
+	if err != nil {
+		return fmt.Errorf("epik: %w", err)
+	}
+
 	for _, record := range records {
-		if strings.EqualFold(record.Type, "TXT") && record.Data == value && record.Name == host {
+		if strings.EqualFold(record.Type, "TXT") && record.Data == value && record.Name == subDomain {
 			_, err = d.client.RemoveHostRecord(dom, record.ID)
 			if err != nil {
 				return fmt.Errorf("epik: %w", err)