nekomimi.pet / wisp.place-monorepo
Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
fork atom

update dns to not necessitate cname verifcation in cases of cname flattening

nekomimi.pet f6775a5d ad393298

options
unified split
Changed files
+34 -4
public
editor
editor.tsx
src
lib
dns-verify.ts
+15 -1
public/editor/editor.tsx
··· 661 )} 662 </CardContent> 663 </Card> 664 </TabsContent> 665 666 {/* Domains Tab */} ··· 1604 </div> 1605 </div> 1606 <p className="text-xs text-muted-foreground mt-2"> 1607 - Some DNS providers may require you to use @ or leave it blank for the root domain 1608 </p> 1609 </div> 1610 </div>
··· 661 )} 662 </CardContent> 663 </Card> 664 + 665 + <div className="p-4 bg-muted/30 rounded-lg border-l-4 border-yellow-500/50"> 666 + <div className="flex items-start gap-2"> 667 + <AlertCircle className="w-4 h-4 text-yellow-600 dark:text-yellow-400 mt-0.5 flex-shrink-0" /> 668 + <div className="flex-1 space-y-1"> 669 + <p className="text-xs font-semibold text-yellow-600 dark:text-yellow-400"> 670 + Note about sites.wisp.place URLs 671 + </p> 672 + <p className="text-xs text-muted-foreground"> 673 + Complex sites hosted on <code className="px-1 py-0.5 bg-background rounded text-xs">sites.wisp.place</code> may have broken assets if they use absolute paths (e.g., <code className="px-1 py-0.5 bg-background rounded text-xs">/folder/script.js</code>) in CSS or JavaScript files. While HTML paths are automatically rewritten, CSS and JS files are served as-is. For best results, use a wisp.place subdomain or custom domain, or ensure your site uses relative paths. 674 + </p> 675 + </div> 676 + </div> 677 + </div> 678 </TabsContent> 679 680 {/* Domains Tab */} ··· 1618 </div> 1619 </div> 1620 <p className="text-xs text-muted-foreground mt-2"> 1621 + Note: Some DNS providers (like Cloudflare) flatten CNAMEs to A records - this is fine and won't affect verification. 1622 </p> 1623 </div> 1624 </div>
+19 -3
src/lib/dns-verify.ts
··· 135 } 136 137 /** 138 - * Verify both TXT and CNAME records for a custom domain 139 */ 140 export const verifyCustomDomain = async ( 141 domain: string, 142 expectedDid: string, 143 expectedHash: string 144 ): Promise<VerificationResult> => { 145 const txtResult = await verifyDomainOwnership(domain, expectedDid) 146 if (!txtResult.verified) { 147 return txtResult 148 } 149 150 const cnameResult = await verifyCNAME(domain, expectedHash) 151 if (!cnameResult.verified) { 152 - return cnameResult 153 } 154 155 - return { verified: true } 156 }
··· 135 } 136 137 /** 138 + * Verify custom domain using TXT record as authoritative proof 139 + * CNAME check is optional/advisory - TXT record is sufficient for verification 140 + * 141 + * This approach works with CNAME flattening (e.g., Cloudflare) where the CNAME 142 + * is resolved to A/AAAA records and won't be visible in DNS queries. 143 */ 144 export const verifyCustomDomain = async ( 145 domain: string, 146 expectedDid: string, 147 expectedHash: string 148 ): Promise<VerificationResult> => { 149 + // TXT record is authoritative - it proves ownership 150 const txtResult = await verifyDomainOwnership(domain, expectedDid) 151 if (!txtResult.verified) { 152 return txtResult 153 } 154 155 + // CNAME check is advisory only - we still check it for logging/debugging 156 + // but don't fail verification if it's missing (could be flattened) 157 const cnameResult = await verifyCNAME(domain, expectedHash) 158 + 159 + // Log CNAME status for debugging, but don't fail on it 160 if (!cnameResult.verified) { 161 + console.log(`[DNS Verify] ⚠️ CNAME verification failed (may be flattened):`, cnameResult.error) 162 } 163 164 + // TXT verification is sufficient 165 + return { 166 + verified: true, 167 + found: { 168 + txt: txtResult.found?.txt, 169 + cname: cnameResult.found?.cname 170 + } 171 + } 172 }