Add ACMEv2 endpoints

The ACMEv2 endpoints are easier to use for clients running the Golang
acme.autocert.Manager. They require no tracking of state and also handle
DNS propagation checking so the client can remain simple.

Once the legacy REST client for the v1 endpoints is gone those old
endpoints can be removed.

1 files changed, 90 insertions, 0 deletions

diff --git a/web/controllers/acmev2.go b/web/controllers/acmev2.go
new file mode 100644
index 0000000..a2fadf5
--- /dev/null
+++ b/web/controllers/acmev2.go
@@ -0,0 +1,90 @@
+package controllers
+
+import (
+        "fmt"
+        "log"
+        "net/http"
+
+        "code.crute.me/mcrute/go_ddns_manager/dns"
+        "code.crute.me/mcrute/go_ddns_manager/web/middleware"
+        "github.com/gin-gonic/gin"
+)
+
+func CreateAcmeChallengeV2(c *gin.Context) {
+        cfg := middleware.GetServerConfig(c)
+
+        var ch AcmeChallenge
+        if err := c.ShouldBindJSON(&ch); err != nil {
+                jsonError(c, http.StatusBadRequest, err)
+                return
+        }
+
+        zone, prefix := cfg.BindConfig.FindClosestZone(ch.Zone, cfg.AcmeView)
+        if zone == nil {
+                jsonError(c, http.StatusNotFound, "Zone not found")
+                return
+        }
+
+        if !cfg.IsAcmeClientAllowed(middleware.GetAcmeAuthContext(c), zone.Name) {
+                jsonError(c, http.StatusForbidden, "Zone update not allowed")
+                return
+        }
+
+        txn := cfg.DNSClient.StartUpdate(zone).Upsert(&dns.TXT{
+                Name: joinDomainParts("_acme-challenge", prefix),
+                Ttl:  5,
+                Txt:  []string{ch.Challenge},
+        })
+
+        if err := cfg.DNSClient.SendUpdate(txn); err != nil {
+                log.Printf("error Insert: %s", err)
+                jsonError(c, http.StatusInternalServerError, err)
+                return
+        }
+
+        if err := cfg.DNSClient.WaitForDNSPropagation(
+                c.Request.Context(),
+                fmt.Sprintf("_acme-challenge.%s.", prefix),
+                ch.Challenge,
+        ); err != nil {
+                jsonError(c, http.StatusInternalServerError, fmt.Errorf("Error polling for DNS propagation: %w", err))
+                return
+        }
+
+        c.JSON(http.StatusCreated, "")
+}
+
+func DeleteAcmeChallengeV2(c *gin.Context) {
+        cfg := middleware.GetServerConfig(c)
+
+        var ch AcmeChallenge
+        if err := c.ShouldBindJSON(&ch); err != nil {
+                jsonError(c, http.StatusBadRequest, err)
+                return
+        }
+
+        zone, prefix := cfg.BindConfig.FindClosestZone(ch.Zone, cfg.AcmeView)
+        if zone == nil {
+                jsonError(c, http.StatusNotFound, "Zone not found")
+                return
+        }
+
+        if !cfg.IsAcmeClientAllowed(middleware.GetAcmeAuthContext(c), zone.Name) {
+                jsonError(c, http.StatusForbidden, "Zone update not allowed")
+                return
+        }
+
+        txn := cfg.DNSClient.StartUpdate(zone).Remove(&dns.TXT{
+                Name: joinDomainParts("_acme-challenge", prefix),
+                Ttl:  5,
+                Txt:  []string{ch.Challenge},
+        })
+
+        if err := cfg.DNSClient.SendUpdate(txn); err != nil {
+                log.Printf("error Remove: %s", err)
+                jsonError(c, http.StatusInternalServerError, err)
+                return
+        }
+
+        c.String(http.StatusNoContent, "")
+}