calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-18 14:55:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add the right pending record

Browse Source
This commit is contained in:
Owen
2026-04-24 16:07:44 -07:00
parent 15f02cf79a
commit 29f26021df
1 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
server/private/routers/certificates/createCertificate.ts
View File

@@ -37,18 +37,25 @@ export async function createCertificate(
} }
let existing: Certificate[] = []; let existing: Certificate[] = [];
if (domainRecord.type == "ns") { if (domainRecord.type == "ns" || domainRecord.type == "wildcard") {
const domainLevelDown = domain.split(".").slice(1).join("."); const domainLevelDown = domain.split(".").slice(1).join(".");
const wildcardPrefixed = `*.${domainLevelDown}`;
existing = await trx existing = await trx
.select() .select()
.from(certificates) .from(certificates)
.where( .where(
and( and(
eq(certificates.domainId, domainId), eq(certificates.domainId, domainId),
eq(certificates.wildcard, true), // only NS domains can have wildcard certs
or( or(
eq(certificates.domain, domain), eq(certificates.domain, domain),
eq(certificates.domain, domainLevelDown) and(
eq(certificates.wildcard, true),
or(
eq(certificates.domain, domainLevelDown),
eq(certificates.domain, wildcardPrefixed)
)
)
) )
) )
); );
@@ -70,11 +77,28 @@ export async function createCertificate(
return; return;
} }
let domainToWrite = domain;
if (
domainRecord.type == "wildcard" &&
domainRecord.preferWildcardCert &&
!domain.startsWith("*.")
) {
// in this case traefik is going to generate a domain one level down so we need to store it that way
const parts = domain.split(".");
if (parts.length > 2) {
domainToWrite = parts.slice(1).join(".");
domainToWrite = `*.${domainToWrite}`;
}
}
// No cert found, create a new one in pending state // No cert found, create a new one in pending state
await trx.insert(certificates).values({ await trx.insert(certificates).values({
domain, domain: domainToWrite,
domainId, domainId,
wildcard: domainRecord.type == "ns", // we can only create wildcard certs for NS domains wildcard:
domainRecord.type == "ns" ||
(domainRecord.type == "wildcard" &&
domainRecord.preferWildcardCert), // we can only create wildcard certs for NS domains
status: "pending", status: "pending",
updatedAt: Math.floor(Date.now() / 1000), updatedAt: Math.floor(Date.now() / 1000),
createdAt: Math.floor(Date.now() / 1000) createdAt: Math.floor(Date.now() / 1000)