nekomimi.pet / wisp.place-monorepo
Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
fork atom

update dns to not necessitate cname verifcation in cases of cname flattening

nekomimi.pet f6775a5d ad393298

options
unified split
Changed files
+34 -4
public
editor
editor.tsx
src
lib
dns-verify.ts
+15 -1
public/editor/editor.tsx
··· 661 661 )} 662 662 </CardContent> 663 663 </Card> 664 + 665 + <div className="p-4 bg-muted/30 rounded-lg border-l-4 border-yellow-500/50"> 666 + <div className="flex items-start gap-2"> 667 + <AlertCircle className="w-4 h-4 text-yellow-600 dark:text-yellow-400 mt-0.5 flex-shrink-0" /> 668 + <div className="flex-1 space-y-1"> 669 + <p className="text-xs font-semibold text-yellow-600 dark:text-yellow-400"> 670 + Note about sites.wisp.place URLs 671 + </p> 672 + <p className="text-xs text-muted-foreground"> 673 + Complex sites hosted on <code className="px-1 py-0.5 bg-background rounded text-xs">sites.wisp.place</code> may have broken assets if they use absolute paths (e.g., <code className="px-1 py-0.5 bg-background rounded text-xs">/folder/script.js</code>) in CSS or JavaScript files. While HTML paths are automatically rewritten, CSS and JS files are served as-is. For best results, use a wisp.place subdomain or custom domain, or ensure your site uses relative paths. 674 + </p> 675 + </div> 676 + </div> 677 + </div> 664 678 </TabsContent> 665 679 666 680 {/* Domains Tab */} ··· 1604 1618 </div> 1605 1619 </div> 1606 1620 <p className="text-xs text-muted-foreground mt-2"> 1607 - Some DNS providers may require you to use @ or leave it blank for the root domain 1621 + Note: Some DNS providers (like Cloudflare) flatten CNAMEs to A records - this is fine and won't affect verification. 1608 1622 </p> 1609 1623 </div> 1610 1624 </div>
+19 -3
src/lib/dns-verify.ts
··· 135 135 } 136 136 137 137 /** 138 - * Verify both TXT and CNAME records for a custom domain 138 + * Verify custom domain using TXT record as authoritative proof 139 + * CNAME check is optional/advisory - TXT record is sufficient for verification 140 + * 141 + * This approach works with CNAME flattening (e.g., Cloudflare) where the CNAME 142 + * is resolved to A/AAAA records and won't be visible in DNS queries. 139 143 */ 140 144 export const verifyCustomDomain = async ( 141 145 domain: string, 142 146 expectedDid: string, 143 147 expectedHash: string 144 148 ): Promise<VerificationResult> => { 149 + // TXT record is authoritative - it proves ownership 145 150 const txtResult = await verifyDomainOwnership(domain, expectedDid) 146 151 if (!txtResult.verified) { 147 152 return txtResult 148 153 } 149 154 155 + // CNAME check is advisory only - we still check it for logging/debugging 156 + // but don't fail verification if it's missing (could be flattened) 150 157 const cnameResult = await verifyCNAME(domain, expectedHash) 158 + 159 + // Log CNAME status for debugging, but don't fail on it 151 160 if (!cnameResult.verified) { 152 - return cnameResult 161 + console.log(`[DNS Verify] ⚠️ CNAME verification failed (may be flattened):`, cnameResult.error) 153 162 } 154 163 155 - return { verified: true } 164 + // TXT verification is sufficient 165 + return { 166 + verified: true, 167 + found: { 168 + txt: txtResult.found?.txt, 169 + cname: cnameResult.found?.cname 170 + } 171 + } 156 172 }