admin
8b8c04a487
Concurrency fixes: - Deep-copy stacks in GetStack/GetStacks to prevent shared state mutation (C04) - Add per-state mutex to watchdog pathProbeState (C05) - Guard MetricsCollector.Start() with sync.Once against double-start (C06) - Hold diskJobMu across entire raw mount operation (C07) - Add mutex to SetEncryptionKey (C08), MigrateEncryption write lock (H03) - Use sync.Once for sync.Stop() channel close (H08) - Set syncing=true before releasing lock in TriggerSync (H09) - Deep-copy lastDBDump/lastBackup in GetFullStatus (H11) - Add WaitGroup for stderr goroutine in MigrateDrive (H19) - Add mutex to SetBackupRunningCheck (M18) Security fixes: - Validate Bearer token against Hub API key in CSRF middleware (H16) - Validate backup paths start with expected prefix in RemoveStack (M12) - Guard uuid[:8] slice with length check (H20) - Parse fstab fields exactly for mount target matching (H21) Bug fixes: - Use decrypted env vars for compose deploy (C01) - Log decrypt failures in DecryptMap instead of swallowing (C02) - Move Deployed=false inside lock in runComposeDeploy (C03) - Fix activeDrives() to skip disconnected drives (H02) - Fix Snapshot() stderr extraction from exec.ExitError (H01) - Check unlockCmd.Run() error in restic (H01) - Buffer template rendering via bytes.Buffer (H07) - Thread context.Context through cloudflare client (H10) - Fix leaf-name collision detection in cross-drive backup (H15) - Add nil check for crossDriveRunner (H17) - Use strings.TrimSpace instead of slice on command output (H18) - Make SaveAppConfig atomic with write-to-tmp+rename (H04) - Pass encKey on deploy failure SaveAppConfig (H05) - Fix IPv6 address format in TCP health probe Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
68 lines
1.5 KiB
Go
68 lines
1.5 KiB
Go
package cloudflare
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/url"
|
|
)
|
|
|
|
// zone represents a Cloudflare zone (minimal fields).
|
|
type zone struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
// GetZoneID resolves the Cloudflare zone ID for a domain.
|
|
// It tries the exact domain first, then strips subdomains progressively.
|
|
func (c *Client) GetZoneID(ctx context.Context, domain string) (string, error) {
|
|
// Try exact domain first (e.g., "demo-felhom.eu")
|
|
id, err := c.lookupZone(ctx, domain)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if id != "" {
|
|
return id, nil
|
|
}
|
|
|
|
// Try parent domains (e.g., "felhom.eu" from "demo.felhom.eu")
|
|
for i := 0; i < len(domain); i++ {
|
|
if domain[i] == '.' {
|
|
parent := domain[i+1:]
|
|
if parent == "" {
|
|
break
|
|
}
|
|
id, err = c.lookupZone(ctx, parent)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if id != "" {
|
|
return id, nil
|
|
}
|
|
}
|
|
}
|
|
|
|
return "", fmt.Errorf("no Cloudflare zone found for domain %q", domain)
|
|
}
|
|
|
|
// lookupZone queries the CF API for a zone by name.
|
|
func (c *Client) lookupZone(ctx context.Context, name string) (string, error) {
|
|
path := "/zones?name=" + url.QueryEscape(name) + "&status=active"
|
|
resp, err := c.do(ctx, "GET", path, nil)
|
|
if err != nil {
|
|
return "", fmt.Errorf("lookup zone %q: %w", name, err)
|
|
}
|
|
|
|
var zones []zone
|
|
if err := json.Unmarshal(resp.Result, &zones); err != nil {
|
|
return "", fmt.Errorf("decode zones: %w", err)
|
|
}
|
|
|
|
if len(zones) == 0 {
|
|
return "", nil
|
|
}
|
|
|
|
c.logger.Printf("[CF] Resolved zone %q → %s", name, zones[0].ID)
|
|
return zones[0].ID, nil
|
|
}
|