Skip to content

Support custom domain verification #7

New issue
New issue
Open
Open
Support custom domain verification#7
@kiootic

Description

@kiootic
kiootic
opened on Dec 4, 2023

ref #5

Currently custom domain function is assuming a cooperative model, where domain ownership is not verified. In a more strict environment, we may want to require apps to prove ownership of the custom domain before serving the content.

Expected user flow:

  1. A custom domain is added to the app by updating config.
  2. User is prompted to add DNS record on the custom domain to prove ownership of domain.
  3. User added DNS record to domain.
  4. User run command to request server to check domain.
  5. Server fetch DNS record and check against the expected ownership record.
  6. Server mark the custom domain as verified if check passed.

Some implementation details:

  • Custom domain verification should be opt-in via a server config flag.
  • Current domain_association table stores the active custom domain records, so another table would be used to store domain verification related data.
  • Two apps can request the same domain, but only one of the app should pass.
    • The DNS record should be a TXT record with a server-specific prefix, e.g. abcdef._pageship.example.com "123456", where abcdef is a server-specific random string, and 123456 is an app-specific random string.
  • If TXT record is no longer present, the domain association should be invalidated soon.
  • Verification should be performed as a background job.
    • Let verification record has 4 possible state: 'inactive', 'pending', 'active'
    • When an app added a custom domain, create the corresponding verification record with initial state 'inactive'.
    • When an app requested verification, mark the corresponding verification record as 'pending'.
    • Every minute, fetch at most one 'pending' record and at most one 'active' record, that is least recently checked.
    • Check the DNS record for the fetched records.
      • If passed and state is not 'active', set it as 'active' and update domain association
      • If failed: set it as 'inactive' and update domain association if needed
  • Commands should be updated to show verification related info.
  • For custom domain association without corresponding verification record, they would be ignored for verification purpose and remain active, until another app attempts to verify the same domain.
    • If the verification passed, it is replaced by the app.
    • If the verification failed, it remains unchanged and active.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions