class Donation(ExportModelOperationsMixin('Donation'), models.Model):
@staticmethod
def _created_default():
return timezone.now()
@staticmethod
def _due_default():
return timezone.now() + timedelta(days=7)
@staticmethod
def _mref_default():
return "ONDON" + str(time.time())
created = models.DateTimeField(default=_created_default.__func__)
name = models.CharField(max_length=255)
iban = models.CharField(max_length=34)
bic = models.CharField(max_length=11, blank=True)
amount = models.DecimalField(max_digits=8, decimal_places=2)
message = models.CharField(max_length=255, blank=True)
due = models.DateTimeField(default=_due_default.__func__)
mref = models.CharField(max_length=32, default=_mref_default.__func__)
email = models.EmailField(max_length=255, blank=True)
class Meta:
managed = False
class AllowedValue(models.Model):
# Currently only works for categorical observations
identifier = models.CharField(max_length=50,
null=True,
blank=False,
db_index=True)
quality = models.CharField(max_length=50,
null=True,
blank=False,
db_index=True,
default="unknown")
name = models.CharField(max_length=100,
null=True,
blank=False,
db_index=True)
description = models.TextField(null=False, blank=False)
property = models.ForeignKey(
ObservableProperty,
on_delete=models.CASCADE,
blank=False,
null=False,
related_name="allowed_values",
)
class Meta:
unique_together = (("identifier", "property"), )
class Token(ExportModelOperationsMixin('Token'),
rest_framework.authtoken.models.Token):
@staticmethod
def _allowed_subnets_default():
return [
ipaddress.IPv4Network('0.0.0.0/0'),
ipaddress.IPv6Network('::/0')
]
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
key = models.CharField("Key", max_length=128, db_index=True, unique=True)
user = models.ForeignKey(User,
related_name='auth_tokens',
on_delete=models.CASCADE,
verbose_name="User")
name = models.CharField('Name', blank=True, max_length=64)
last_used = models.DateTimeField(null=True, blank=True)
perm_manage_tokens = models.BooleanField(default=False)
allowed_subnets = ArrayField(CidrAddressField(),
default=_allowed_subnets_default.__func__)
max_age = models.DurationField(
null=True, default=None, validators=[MinValueValidator(timedelta(0))])
max_unused_period = models.DurationField(
null=True, default=None, validators=[MinValueValidator(timedelta(0))])
plain = None
objects = NetManager()
@property
def is_valid(self):
now = timezone.now()
# Check max age
try:
if self.created + self.max_age < now:
return False
except TypeError:
pass
# Check regular usage requirement
try:
if (self.last_used or self.created) + self.max_unused_period < now:
return False
except TypeError:
pass
return True
def generate_key(self):
self.plain = secrets.token_urlsafe(21)
self.key = Token.make_hash(self.plain)
return self.key
@staticmethod
def make_hash(plain):
return make_password(plain,
salt='static',
hasher='pbkdf2_sha256_iter1')
class RRset(ExportModelOperationsMixin('RRset'), models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(
null=True) # undocumented, used for debugging only
domain = models.ForeignKey(Domain, on_delete=models.CASCADE)
subname = models.CharField(
max_length=178,
blank=True,
validators=[
validate_lower,
RegexValidator(
regex=r'^([*]|(([*][.])?[a-z0-9_.-]*))$',
message=
'Subname can only use (lowercase) a-z, 0-9, ., -, and _, '
'may start with a \'*.\', or just be \'*\'.',
code='invalid_subname')
])
type = models.CharField(
max_length=10,
validators=[
validate_upper,
RegexValidator(
regex=r'^[A-Z][A-Z0-9]*$',
message=
'Type must be uppercase alphanumeric and start with a letter.',
code='invalid_type')
])
ttl = models.PositiveIntegerField()
objects = RRsetManager()
DEAD_TYPES = ('ALIAS', 'DNAME')
RESTRICTED_TYPES = ('SOA', 'RRSIG', 'DNSKEY', 'NSEC3PARAM', 'OPT')
class Meta:
unique_together = (("domain", "subname", "type"), )
@staticmethod
def construct_name(subname, domain_name):
return '.'.join(filter(None, [subname, domain_name])) + '.'
@property
def name(self):
return self.construct_name(self.subname, self.domain.name)
def save(self, *args, **kwargs):
self.updated = timezone.now()
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def __str__(self):
return '<RRSet %s domain=%s type=%s subname=%s>' % (
self.pk, self.domain.name, self.type, self.subname)
class Donation(ExportModelOperationsMixin('Donation'), models.Model):
created = models.DateTimeField(default=get_default_value_created)
name = models.CharField(max_length=255)
iban = models.CharField(max_length=34)
bic = models.CharField(max_length=11, blank=True)
amount = models.DecimalField(max_digits=8, decimal_places=2)
message = models.CharField(max_length=255, blank=True)
due = models.DateTimeField(default=get_default_value_due)
mref = models.CharField(max_length=32, default=get_default_value_mref)
email = models.EmailField(max_length=255, blank=True)
class Meta:
managed = False
class PluralityAuthToken(models.Model):
"""
A token class which can have multiple active tokens per user.
"""
key = models.CharField(max_length=40, primary_key=False, db_index=True)
user = models.ForeignKey(
AUTH_USER_MODEL,
related_name="auth_tokens",
null=False,
on_delete=models.PROTECT,
)
created = models.DateTimeField(auto_now_add=True)
active = models.BooleanField(default=True)
class Meta:
# Work around for a bug in Django:
# https://code.djangoproject.com/ticket/19422
#
# Also see corresponding ticket:
# https://github.com/tomchristie/django-rest-framework/issues/705
abstract = "rest_framework.authtoken" not in settings.INSTALLED_APPS
def save(self, *args, **kwargs):
if not self.key:
self.key = self.generate_key()
return super(PluralityAuthToken, self).save(*args, **kwargs)
def generate_key(self):
return binascii.hexlify(os.urandom(20)).decode()
def __str__(self):
return self.key
class AuthenticatedResetPasswordUserAction(AuthenticatedUserAction):
new_password = models.CharField(max_length=128)
class Meta:
managed = False
def _act(self):
self.user.change_password(self.new_password)
class Donation(models.Model):
created = models.DateTimeField(default=get_default_value_created)
name = models.CharField(max_length=255)
iban = models.CharField(max_length=34)
bic = models.CharField(max_length=11)
amount = models.DecimalField(max_digits=8, decimal_places=2)
message = models.CharField(max_length=255, blank=True)
due = models.DateTimeField(default=get_default_value_due)
mref = models.CharField(max_length=32, default=get_default_value_mref)
email = models.EmailField(max_length=255, blank=True)
def save(self, *args, **kwargs):
self.iban = self.iban[:6] + "xxx" # do NOT save account details
super().save(*args, **kwargs)
class Meta:
ordering = ('created',)
class RR(models.Model):
created = models.DateTimeField(auto_now_add=True)
rrset = models.ForeignKey(RRset, on_delete=models.CASCADE, related_name='records')
# max_length is determined based on the calculation in
# https://lists.isc.org/pipermail/bind-users/2008-April/070148.html
content = models.CharField(max_length=4092)
objects = RRManager()
def __str__(self):
return '<RR %s>' % self.content
class AuthenticatedActivateUserAction(AuthenticatedUserAction):
domain = models.CharField(max_length=191)
class Meta:
managed = False
@property
def _state_fields(self):
return super()._state_fields + [self.domain]
def _act(self):
self.user.activate()
class Token(rest_framework.authtoken.models.Token):
key = models.CharField("Key", max_length=40, db_index=True, unique=True)
# relation to user is a ForeignKey, so each user can have more than one token
user = models.ForeignKey(
User, related_name='auth_tokens',
on_delete=models.CASCADE, verbose_name="User"
)
name = models.CharField("Name", max_length=64, default="")
user_specific_id = models.BigIntegerField("User-Specific ID")
def save(self, *args, **kwargs):
if not self.user_specific_id:
self.user_specific_id = random.randrange(16 ** 8)
super().save(*args, **kwargs) # Call the "real" save() method.
def generate_key(self):
return b64encode(urandom(21)).decode('utf-8').replace('/', '-').replace('=', '_').replace('+', '.')
class Meta:
abstract = False
unique_together = (('user', 'user_specific_id'),)
class Token(ExportModelOperationsMixin('Token'),
rest_framework.authtoken.models.Token):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
key = models.CharField("Key", max_length=128, db_index=True, unique=True)
user = models.ForeignKey(User,
related_name='auth_tokens',
on_delete=models.CASCADE,
verbose_name="User")
name = models.CharField("Name", max_length=64, default="")
plain = None
def generate_key(self):
self.plain = urlsafe_b64encode(urandom(21)).decode()
self.key = Token.make_hash(self.plain)
return self.key
@staticmethod
def make_hash(plain):
return make_password(plain,
salt='static',
hasher='pbkdf2_sha256_iter1')
class Token(models.Model):
# key is no longer primary key, but still indexed and unique
key = models.CharField(_("Key"),
max_length=64,
db_index=True,
unique=True,
default=make_random_key)
created = models.DateTimeField(_("Created"), auto_now_add=True)
# since real user model is abstract, we use username field here
username = models.CharField(max_length=64, db_index=True)
# maintainers 仅用于平台方联系使用方时使用(比如:认证/鉴权体系需要升级)
maintainers = models.CharField(_("Maintainers"),
max_length=256,
help_text="multiple items split with ;")
name = models.CharField(
_("Name"),
max_length=64,
help_text="ex: {project_id}-{cluster_id}-{app_id}-helm-app")
description = models.CharField(_("Description"), max_length=256)
# kind 用于指定应用场景, 不同kind用于处理不同应用场景的鉴权信息
kind = models.CharField(_("Kind"), max_length=32, choices=provider_choice)
# config 配合kind完成鉴权,比如 kind=helm-app-update 类型时,config 会存放 helm app id
config = JSONField(null=True, default={})
objects = TokenManager()
class Meta:
unique_together = (('username', 'name'), )
def validate_request_data(self, request_data):
Token.objects.validate_request_data(token=self,
request_data=request_data)
class User(AbstractBaseUser):
email = models.EmailField(
verbose_name='email address',
max_length=191,
unique=True,
)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
registration_remote_ip = models.CharField(max_length=1024, blank=True)
locked = models.DateTimeField(null=True, blank=True)
created = models.DateTimeField(auto_now_add=True)
limit_domains = models.IntegerField(default=settings.LIMIT_USER_DOMAIN_COUNT_DEFAULT, null=True, blank=True)
dyn = models.BooleanField(default=False)
objects = MyUserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = []
def get_full_name(self):
return self.email
def get_short_name(self):
return self.email
def get_or_create_first_token(self):
try:
token = Token.objects.filter(user=self).earliest('created')
except Token.DoesNotExist:
token = Token.objects.create(user=self)
return token.key
def __str__(self):
return self.email
# noinspection PyMethodMayBeStatic
def has_perm(self, *_):
"""Does the user have a specific permission?"""
# Simplest possible answer: Yes, always
return True
# noinspection PyMethodMayBeStatic
def has_module_perms(self, *_):
"""Does the user have permissions to view the app `app_label`?"""
# Simplest possible answer: Yes, always
return True
@property
def is_staff(self):
"""Is the user a member of staff?"""
# Simplest possible answer: All admins are staff
return self.is_admin
class Domain(models.Model):
created = models.DateTimeField(auto_now_add=True)
name = models.CharField(max_length=191,
unique=True,
validators=[validate_lower,
RegexValidator(regex=r'^[a-z0-9_.-]*[a-z]$',
message='Domain name malformed.',
code='invalid_domain_name')
])
owner = models.ForeignKey(User, on_delete=models.PROTECT, related_name='domains')
published = models.DateTimeField(null=True, blank=True)
minimum_ttl = models.PositiveIntegerField(default=settings.MINIMUM_TTL_DEFAULT)
@property
def keys(self):
return pdns.get_keys(self)
def partition_name(domain):
name = domain.name if isinstance(domain, Domain) else domain
subname, _, parent_name = name.partition('.')
return subname, parent_name or None
def save(self, *args, **kwargs):
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def update_delegation(self, child_domain: Domain):
child_subname, child_domain_name = child_domain.partition_name()
if self.name != child_domain_name:
raise ValueError('Cannot update delegation of %s as it is not an immediate child domain of %s.' %
(child_domain.name, self.name))
if child_domain.pk:
# Domain real: set delegation
child_keys = child_domain.keys
if not child_keys:
raise APIException('Cannot delegate %s, as it currently has no keys.' % child_domain.name)
RRset.objects.create(domain=self, subname=child_subname, type='NS', ttl=3600, contents=settings.DEFAULT_NS)
RRset.objects.create(domain=self, subname=child_subname, type='DS', ttl=300,
contents=[ds for k in child_keys for ds in k['ds']])
else:
# Domain not real: remove delegation
for rrset in self.rrset_set.filter(subname=child_subname, type__in=['NS', 'DS']):
rrset.delete()
def __str__(self):
return self.name
class Meta:
ordering = ('created',)
class ObservableProperty(models.Model):
"""Specifies the detailed interpretation of observations.
Includes the unit of measurement.
Observations can only be made on units which have a service that
is linked to an ObservableProperty. For example, only units which
are ice-skating fields can have observations with the property
"ice condition" or something similar.
"""
# TODO move back to sequential id field
id = models.CharField(max_length=50, primary_key=True)
name = models.CharField(max_length=100,
null=False,
blank=False,
db_index=True)
measurement_unit = models.CharField(max_length=20, null=True, blank=False)
expiration = models.DurationField(blank=True, null=True)
# todo: change to services
services = models.ManyToManyField(services_models.Service,
related_name="observable_properties")
observation_type = models.CharField(max_length=80, null=False, blank=False)
def __str__(self):
return "%s (%s)" % (self.name, self.id)
def get_observation_model(self):
return apps.get_model(self.observation_type)
def get_observation_type(self):
return self.get_observation_model().get_type()
def create_observation(self, **validated_data):
return self.get_observation_model().objects.create(**validated_data)
def get_internal_value(self, value):
return self.get_observation_model().get_internal_value(self, value)
class Token(ExportModelOperationsMixin('Token'),
rest_framework.authtoken.models.Token):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
key = models.CharField("Key", max_length=128, db_index=True, unique=True)
user = models.ForeignKey(User,
related_name='auth_tokens',
on_delete=models.CASCADE,
verbose_name="User")
name = models.CharField('Name', blank=True, max_length=64)
last_used = models.DateTimeField(null=True, blank=True)
perm_manage_tokens = models.BooleanField(default=False)
plain = None
def generate_key(self):
self.plain = secrets.token_urlsafe(21)
self.key = Token.make_hash(self.plain)
return self.key
@staticmethod
def make_hash(plain):
return make_password(plain,
salt='static',
hasher='pbkdf2_sha256_iter1')
class Captcha(ExportModelOperationsMixin('Captcha'), models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
created = models.DateTimeField(auto_now_add=True)
content = models.CharField(
max_length=24,
default=captcha_default_content,
)
def verify(self, solution: str):
age = timezone.now() - self.created
self.delete()
return (str(solution).upper().strip()
== self.content # solution correct
and age <= settings.CAPTCHA_VALIDITY_PERIOD # not expired
)
class Captcha(ExportModelOperationsMixin('Captcha'), models.Model):
class Kind(models.TextChoices):
IMAGE = 'image'
AUDIO = 'audio'
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
created = models.DateTimeField(auto_now_add=True)
content = models.CharField(max_length=24, default="")
kind = models.CharField(choices=Kind.choices,
default=Kind.IMAGE,
max_length=24)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if not self.content:
self.content = captcha_default_content(self.kind)
def verify(self, solution: str):
age = timezone.now() - self.created
self.delete()
return (str(solution).upper().strip()
== self.content # solution correct
and age <= settings.CAPTCHA_VALIDITY_PERIOD # not expired
)
class RR(ExportModelOperationsMixin('RR'), models.Model):
created = models.DateTimeField(auto_now_add=True)
rrset = models.ForeignKey(RRset,
on_delete=models.CASCADE,
related_name='records')
# The pdns lmdb backend used on our slaves does not only store the record contents itself, but other metadata (such
# as type etc.) Both together have to fit into the lmdb backend's current total limit of 512 bytes per RR, see
# https://github.com/PowerDNS/pdns/issues/8012
# I found the additional data to be 12 bytes (by trial and error). I believe these are the 12 bytes mentioned here:
# https://lists.isc.org/pipermail/bind-users/2008-April/070137.html So we can use 500 bytes for the actual content.
# Note: This is a conservative estimate, as record contents may be stored more efficiently depending on their type,
# effectively allowing a longer length in "presentation format". For example, A record contents take up 4 bytes,
# although the presentation format (usual IPv4 representation) takes up to 15 bytes. Similarly, OPENPGPKEY contents
# are base64-decoded before storage in binary format, so a "presentation format" value (which is the value our API
# sees) can have up to 668 bytes. Instead of introducing per-type limits, setting it to 500 should always work.
content = models.CharField(max_length=500) #
objects = RRManager()
def __str__(self):
return '<RR %s %s rr_set=%s>' % (self.pk, self.content, self.rrset.pk)
class RRset(ExportModelOperationsMixin('RRset'), models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
created = models.DateTimeField(auto_now_add=True)
touched = models.DateTimeField(auto_now=True, db_index=True)
domain = models.ForeignKey(Domain, on_delete=models.CASCADE)
subname = models.CharField(
max_length=178,
blank=True,
validators=[
validate_lower,
RegexValidator(
regex=
r'^([*]|(([*][.])?([a-z0-9_-]{1,63}[.])*[a-z0-9_-]{1,63}))$',
message=
'Subname can only use (lowercase) a-z, 0-9, ., -, and _, '
'may start with a \'*.\', or just be \'*\'. Components may not exceed 63 characters.',
code='invalid_subname')
])
type = models.CharField(
max_length=10,
validators=[
validate_upper,
RegexValidator(
regex=r'^[A-Z][A-Z0-9]*$',
message=
'Type must be uppercase alphanumeric and start with a letter.',
code='invalid_type')
])
ttl = models.PositiveIntegerField()
objects = RRsetManager()
class Meta:
constraints = [
ExclusionConstraint(
name='cname_exclusivity',
expressions=[
('domain', RangeOperators.EQUAL),
('subname', RangeOperators.EQUAL),
(RawSQL("int4(type = 'CNAME')",
()), RangeOperators.NOT_EQUAL),
],
),
]
unique_together = (("domain", "subname", "type"), )
@staticmethod
def construct_name(subname, domain_name):
return '.'.join(filter(None, [subname, domain_name])) + '.'
@property
def name(self):
return self.construct_name(self.subname, self.domain.name)
def save(self, *args, **kwargs):
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def clean_records(self, records_presentation_format):
"""
Validates the records belonging to this set. Validation rules follow the DNS specification; some types may
incur additional validation rules.
Raises ValidationError if violation of DNS specification is found.
Returns a set of records in canonical presentation format.
:param records_presentation_format: iterable of records in presentation format
"""
errors = []
if self.type == 'CNAME':
if self.subname == '':
errors.append('CNAME RRset cannot have empty subname.')
if len(records_presentation_format) > 1:
errors.append('CNAME RRset cannot have multiple records.')
def _error_msg(record, detail):
return f'Record content of {self.type} {self.name} invalid: \'{record}\': {detail}'
records_canonical_format = set()
for r in records_presentation_format:
try:
r_canonical_format = RR.canonical_presentation_format(
r, self.type)
except ValueError as ex:
errors.append(_error_msg(r, str(ex)))
else:
if r_canonical_format in records_canonical_format:
errors.append(
_error_msg(
r,
f'Duplicate record content: this is identical to '
f'\'{r_canonical_format}\''))
else:
records_canonical_format.add(r_canonical_format)
if any(errors):
raise ValidationError(errors)
return records_canonical_format
def save_records(self, records):
"""
Updates this RR set's resource records, discarding any old values.
Records are expected in presentation format and are converted to canonical
presentation format (e.g., 127.00.0.1 will be converted to 127.0.0.1).
Raises if a invalid set of records is provided.
This method triggers the following database queries:
- one DELETE query
- one SELECT query for comparison of old with new records
- one INSERT query, if one or more records were added
Changes are saved to the database immediately.
:param records: list of records in presentation format
"""
new_records = self.clean_records(records)
# Delete RRs that are not in the new record list from the DB
self.records.exclude(content__in=new_records).delete() # one DELETE
# Retrieve all remaining RRs from the DB
unchanged_records = set(r.content
for r in self.records.all()) # one SELECT
# Save missing RRs from the new record list to the DB
added_records = new_records - unchanged_records
rrs = [RR(rrset=self, content=content) for content in added_records]
RR.objects.bulk_create(rrs) # One INSERT
def __str__(self):
return '<RRSet %s domain=%s type=%s subname=%s>' % (
self.pk, self.domain.name, self.type, self.subname)
class Domain(ExportModelOperationsMixin('Domain'), models.Model):
class RenewalState(models.IntegerChoices):
IMMORTAL = 0
FRESH = 1
NOTIFIED = 2
WARNED = 3
created = models.DateTimeField(auto_now_add=True)
name = models.CharField(max_length=191,
unique=True,
validators=validate_domain_name)
owner = models.ForeignKey(User,
on_delete=models.PROTECT,
related_name='domains')
published = models.DateTimeField(null=True, blank=True)
minimum_ttl = models.PositiveIntegerField(default=get_minimum_ttl_default)
renewal_state = models.IntegerField(choices=RenewalState.choices,
default=RenewalState.IMMORTAL)
renewal_changed = models.DateTimeField(auto_now_add=True)
_keys = None
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if self.pk is None and kwargs.get(
'renewal_state') is None and self.is_locally_registrable:
self.renewal_state = Domain.RenewalState.FRESH
@cached_property
def public_suffix(self):
try:
public_suffix = psl.get_public_suffix(self.name)
is_public_suffix = psl.is_public_suffix(self.name)
except (Timeout, NoNameservers):
public_suffix = self.name.rpartition('.')[2]
is_public_suffix = ('.'
not in self.name) # TLDs are public suffixes
except psl_dns.exceptions.UnsupportedRule as e:
# It would probably be fine to treat this as a non-public suffix (with the TLD acting as the
# public suffix and setting both public_suffix and is_public_suffix accordingly).
# However, in order to allow to investigate the situation, it's better not catch
# this exception. For web requests, our error handler turns it into a 503 error
# and makes sure admins are notified.
raise e
if is_public_suffix:
return public_suffix
# Take into account that any of the parent domains could be a local public suffix. To that
# end, identify the longest local public suffix that is actually a suffix of domain_name.
for local_public_suffix in settings.LOCAL_PUBLIC_SUFFIXES:
has_local_public_suffix_parent = (
'.' + self.name).endswith('.' + local_public_suffix)
if has_local_public_suffix_parent and len(
local_public_suffix) > len(public_suffix):
public_suffix = local_public_suffix
return public_suffix
def is_covered_by_foreign_zone(self):
# Generate a list of all domains connecting this one and its public suffix.
# If another user owns a zone with one of these names, then the requested
# domain is unavailable because it is part of the other user's zone.
private_components = self.name.rsplit(self.public_suffix,
1)[0].rstrip('.')
private_components = private_components.split(
'.') if private_components else []
private_domains = [
'.'.join(private_components[i:])
for i in range(0, len(private_components))
]
private_domains = [
f'{private_domain}.{self.public_suffix}'
for private_domain in private_domains
]
assert self.name == next(iter(private_domains), self.public_suffix)
# Determine whether domain is covered by other users' zones
return Domain.objects.filter(
Q(name__in=private_domains)
& ~Q(owner=self._owner_or_none)).exists()
def covers_foreign_zone(self):
# Note: This is not completely accurate: Ideally, we should only consider zones with identical public suffix.
# (If a public suffix lies in between, it's ok.) However, as there could be many descendant zones, the accurate
# check is expensive, so currently not implemented (PSL lookups for each of them).
return Domain.objects.filter(
Q(name__endswith=f'.{self.name}')
& ~Q(owner=self._owner_or_none)).exists()
def is_registrable(self):
"""
Returns False if the domain name is reserved, a public suffix, or covered by / covers another user's domain.
Otherwise, True is returned.
"""
self.clean() # ensure .name is a domain name
private_generation = self.name.count('.') - self.public_suffix.count(
'.')
assert private_generation >= 0
# .internal is reserved
if f'.{self.name}'.endswith('.internal'):
return False
# Public suffixes can only be registered if they are local
if private_generation == 0 and self.name not in settings.LOCAL_PUBLIC_SUFFIXES:
return False
# Disallow _acme-challenge.dedyn.io and the like. Rejects reserved direct children of public suffixes.
reserved_prefixes = (
'_',
'autoconfig.',
'autodiscover.',
)
if private_generation == 1 and any(
self.name.startswith(prefix) for prefix in reserved_prefixes):
return False
# Domains covered by another user's zone can't be registered
if self.is_covered_by_foreign_zone():
return False
# Domains that would cover another user's zone can't be registered
if self.covers_foreign_zone():
return False
return True
@property
def keys(self):
if not self._keys:
self._keys = pdns.get_keys(self)
return self._keys
@property
def touched(self):
try:
rrset_touched = max(updated
for updated in self.rrset_set.values_list(
'touched', flat=True))
# If the domain has not been published yet, self.published is None and max() would fail
return rrset_touched if not self.published else max(
rrset_touched, self.published)
except ValueError:
# This can be none if the domain was never published and has no records (but there should be at least NS)
return self.published
@property
def is_locally_registrable(self):
return self.parent_domain_name in settings.LOCAL_PUBLIC_SUFFIXES
@property
def _owner_or_none(self):
try:
return self.owner
except Domain.owner.RelatedObjectDoesNotExist:
return None
@property
def parent_domain_name(self):
return self._partitioned_name[1]
@property
def _partitioned_name(self):
subname, _, parent_name = self.name.partition('.')
return subname, parent_name or None
def save(self, *args, **kwargs):
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def update_delegation(self, child_domain: Domain):
child_subname, child_domain_name = child_domain._partitioned_name
if self.name != child_domain_name:
raise ValueError(
'Cannot update delegation of %s as it is not an immediate child domain of %s.'
% (child_domain.name, self.name))
if child_domain.pk:
# Domain real: set delegation
child_keys = child_domain.keys
if not child_keys:
raise APIException(
'Cannot delegate %s, as it currently has no keys.' %
child_domain.name)
RRset.objects.create(domain=self,
subname=child_subname,
type='NS',
ttl=3600,
contents=settings.DEFAULT_NS)
RRset.objects.create(
domain=self,
subname=child_subname,
type='DS',
ttl=300,
contents=[ds for k in child_keys for ds in k['ds']])
metrics.get('desecapi_autodelegation_created').inc()
else:
# Domain not real: remove delegation
for rrset in self.rrset_set.filter(subname=child_subname,
type__in=['NS', 'DS']):
rrset.delete()
metrics.get('desecapi_autodelegation_deleted').inc()
def delete(self):
ret = super().delete()
logger.warning(f'Domain {self.name} deleted (owner: {self.owner.pk})')
return ret
def __str__(self):
return self.name
class Meta:
ordering = ('created', )
class Domain(ExportModelOperationsMixin('Domain'), models.Model):
created = models.DateTimeField(auto_now_add=True)
name = models.CharField(max_length=191,
unique=True,
validators=validate_domain_name)
owner = models.ForeignKey(User,
on_delete=models.PROTECT,
related_name='domains')
published = models.DateTimeField(null=True, blank=True)
minimum_ttl = models.PositiveIntegerField(default=get_minimum_ttl_default)
_keys = None
@classmethod
def is_registrable(cls, domain_name: str, user: User):
"""
Returns False in any of the following cases:
(a) the domain name is under .internal,
(b) the domain_name appears on the public suffix list,
(c) the domain is descendant to a zone that belongs to any user different from the given one,
unless it's parent is a public suffix, either through the Internet PSL or local settings.
Otherwise, True is returned.
"""
if domain_name != domain_name.lower():
raise ValueError
if f'.{domain_name}'.endswith('.internal'):
return False
try:
public_suffix = psl.get_public_suffix(domain_name)
is_public_suffix = psl.is_public_suffix(domain_name)
except (Timeout, NoNameservers):
public_suffix = domain_name.rpartition('.')[2]
is_public_suffix = ('.'
not in domain_name) # TLDs are public suffixes
except psl_dns.exceptions.UnsupportedRule as e:
# It would probably be fine to treat this as a non-public suffix (with the TLD acting as the
# public suffix and setting both public_suffix and is_public_suffix accordingly).
# However, in order to allow to investigate the situation, it's better not catch
# this exception. For web requests, our error handler turns it into a 503 error
# and makes sure admins are notified.
raise e
if not is_public_suffix:
# Take into account that any of the parent domains could be a local public suffix. To that
# end, identify the longest local public suffix that is actually a suffix of domain_name.
# Then, override the global PSL result.
for local_public_suffix in settings.LOCAL_PUBLIC_SUFFIXES:
has_local_public_suffix_parent = (
'.' + domain_name).endswith('.' + local_public_suffix)
if has_local_public_suffix_parent and len(
local_public_suffix) > len(public_suffix):
public_suffix = local_public_suffix
is_public_suffix = (public_suffix == domain_name)
if is_public_suffix and domain_name not in settings.LOCAL_PUBLIC_SUFFIXES:
return False
# Generate a list of all domains connecting this one and its public suffix.
# If another user owns a zone with one of these names, then the requested
# domain is unavailable because it is part of the other user's zone.
private_components = domain_name.rsplit(public_suffix,
1)[0].rstrip('.')
private_components = private_components.split(
'.') if private_components else []
private_components += [public_suffix]
private_domains = [
'.'.join(private_components[i:])
for i in range(0,
len(private_components) - 1)
]
assert is_public_suffix or domain_name == private_domains[0]
# Deny registration for non-local public suffixes and for domains covered by other users' zones
user = user if not isinstance(user, AnonymousUser) else None
return not cls.objects.filter(
Q(name__in=private_domains) & ~Q(owner=user)).exists()
@property
def keys(self):
if not self._keys:
self._keys = pdns.get_keys(self)
return self._keys
@property
def is_locally_registrable(self):
return self.parent_domain_name in settings.LOCAL_PUBLIC_SUFFIXES
@property
def parent_domain_name(self):
return self._partitioned_name[1]
@property
def _partitioned_name(self):
subname, _, parent_name = self.name.partition('.')
return subname, parent_name or None
def save(self, *args, **kwargs):
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def update_delegation(self, child_domain: Domain):
child_subname, child_domain_name = child_domain._partitioned_name
if self.name != child_domain_name:
raise ValueError(
'Cannot update delegation of %s as it is not an immediate child domain of %s.'
% (child_domain.name, self.name))
if child_domain.pk:
# Domain real: set delegation
child_keys = child_domain.keys
if not child_keys:
raise APIException(
'Cannot delegate %s, as it currently has no keys.' %
child_domain.name)
RRset.objects.create(domain=self,
subname=child_subname,
type='NS',
ttl=3600,
contents=settings.DEFAULT_NS)
RRset.objects.create(
domain=self,
subname=child_subname,
type='DS',
ttl=300,
contents=[ds for k in child_keys for ds in k['ds']])
else:
# Domain not real: remove delegation
for rrset in self.rrset_set.filter(subname=child_subname,
type__in=['NS', 'DS']):
rrset.delete()
def delete(self):
ret = super().delete()
logger.warning(f'Domain {self.name} deleted (owner: {self.owner.pk})')
return ret
def __str__(self):
return self.name
class Meta:
ordering = ('created', )
class RRset(ExportModelOperationsMixin('RRset'), models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
created = models.DateTimeField(auto_now_add=True)
touched = models.DateTimeField(auto_now=True)
domain = models.ForeignKey(Domain, on_delete=models.CASCADE)
subname = models.CharField(
max_length=178,
blank=True,
validators=[
validate_lower,
RegexValidator(
regex=r'^([*]|(([*][.])?([a-z0-9_-]+[.])*[a-z0-9_-]+))$',
message=
'Subname can only use (lowercase) a-z, 0-9, ., -, and _, '
'may start with a \'*.\', or just be \'*\'.',
code='invalid_subname')
])
type = models.CharField(
max_length=10,
validators=[
validate_upper,
RegexValidator(
regex=r'^[A-Z][A-Z0-9]*$',
message=
'Type must be uppercase alphanumeric and start with a letter.',
code='invalid_type')
])
ttl = models.PositiveIntegerField()
objects = RRsetManager()
class Meta:
unique_together = (("domain", "subname", "type"), )
@staticmethod
def construct_name(subname, domain_name):
return '.'.join(filter(None, [subname, domain_name])) + '.'
@property
def name(self):
return self.construct_name(self.subname, self.domain.name)
def save(self, *args, **kwargs):
self.full_clean(validate_unique=False)
super().save(*args, **kwargs)
def clean_records(self, records_presentation_format):
"""
Validates the records belonging to this set. Validation rules follow the DNS specification; some types may
incur additional validation rules.
Raises ValidationError if violation of DNS specification is found.
Returns a set of records in canonical presentation format.
:param records_presentation_format: iterable of records in presentation format
"""
rdtype = rdatatype.from_text(self.type)
errors = []
def _error_msg(record, detail):
return f'Record content of {self.type} {self.name} invalid: \'{record}\': {detail}'
records_canonical_format = set()
for r in records_presentation_format:
try:
r_canonical_format = RR.canonical_presentation_format(
r, rdtype)
except binascii.Error:
# e.g., odd-length string
errors.append(
_error_msg(
r,
'Cannot parse hexadecimal or base64 record contents'))
except dns.exception.SyntaxError as e:
# e.g., A/127.0.0.999
if 'quote' in e.args[0]:
errors.append(
_error_msg(
r,
f'Data for {self.type} records must be given using quotation marks.'
))
else:
errors.append(
_error_msg(
r,
f'Record content malformed: {",".join(e.args)}'))
except dns.name.NeedAbsoluteNameOrOrigin:
errors.append(
_error_msg(
r,
'Hostname must be fully qualified (i.e., end in a dot: "example.com.")'
))
except ValueError:
# e.g., string ("asdf") cannot be parsed into int on base 10
errors.append(_error_msg(r, 'Cannot parse record contents'))
except Exception as e:
# TODO see what exceptions raise here for faulty input
raise e
else:
if r_canonical_format in records_canonical_format:
errors.append(
_error_msg(
r,
f'Duplicate record content: this is identical to '
f'\'{r_canonical_format}\''))
else:
records_canonical_format.add(r_canonical_format)
if any(errors):
raise ValidationError(errors)
return records_canonical_format
def save_records(self, records):
"""
Updates this RR set's resource records, discarding any old values.
Records are expected in presentation format and are converted to canonical
presentation format (e.g., 127.00.0.1 will be converted to 127.0.0.1).
Raises if a invalid set of records is provided.
This method triggers the following database queries:
- one DELETE query
- one SELECT query for comparison of old with new records
- one INSERT query, if one or more records were added
Changes are saved to the database immediately.
:param records: list of records in presentation format
"""
new_records = self.clean_records(records)
# Delete RRs that are not in the new record list from the DB
self.records.exclude(content__in=new_records).delete() # one DELETE
# Retrieve all remaining RRs from the DB
unchanged_records = set(r.content
for r in self.records.all()) # one SELECT
# Save missing RRs from the new record list to the DB
added_records = new_records - unchanged_records
rrs = [RR(rrset=self, content=content) for content in added_records]
RR.objects.bulk_create(rrs) # One INSERT
def __str__(self):
return '<RRSet %s domain=%s type=%s subname=%s>' % (
self.pk, self.domain.name, self.type, self.subname)
