Initial commit: Open sourcing all of the Maple Open Technologies code.

cloud/maplepress-backend/pkg/dns/verifier.go

@@ -0,0 +1,113 @@
+package dns
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	"go.uber.org/zap"
+)
+
+// Verifier handles DNS TXT record verification
+type Verifier struct {
+	resolver *net.Resolver
+	logger   *zap.Logger
+}
+
+// ProvideVerifier creates a new DNS Verifier
+func ProvideVerifier(logger *zap.Logger) *Verifier {
+	return &Verifier{
+		resolver: &net.Resolver{
+			PreferGo: true, // Use Go's DNS resolver
+		},
+		logger: logger.Named("dns-verifier"),
+	}
+}
+
+// VerifyDomainOwnership checks if a domain has the correct TXT record
+// Expected format: "maplepress-verify=TOKEN"
+func (v *Verifier) VerifyDomainOwnership(ctx context.Context, domain string, expectedToken string) (bool, error) {
+	v.logger.Info("verifying domain ownership via DNS",
+		zap.String("domain", domain))
+
+	// Create context with timeout (10 seconds for DNS lookup)
+	lookupCtx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+
+	// Look up TXT records for the domain
+	txtRecords, err := v.resolver.LookupTXT(lookupCtx, domain)
+	if err != nil {
+		// Check if it's a timeout
+		if lookupCtx.Err() == context.DeadlineExceeded {
+			v.logger.Warn("DNS lookup timed out",
+				zap.String("domain", domain))
+			return false, fmt.Errorf("DNS lookup timed out after 10 seconds")
+		}
+
+		// Check if domain doesn't exist
+		if dnsErr, ok := err.(*net.DNSError); ok {
+			if dnsErr.IsNotFound {
+				v.logger.Warn("domain not found",
+					zap.String("domain", domain))
+				return false, fmt.Errorf("domain not found: %s", domain)
+			}
+		}
+
+		v.logger.Error("failed to lookup TXT records",
+			zap.String("domain", domain),
+			zap.Error(err))
+		return false, fmt.Errorf("failed to lookup DNS TXT records: %w", err)
+	}
+
+	// Expected verification record format
+	expectedRecord := fmt.Sprintf("maplepress-verify=%s", expectedToken)
+
+	// Check each TXT record
+	for _, record := range txtRecords {
+		v.logger.Debug("checking TXT record",
+			zap.String("domain", domain),
+			zap.String("record", record))
+
+		// Normalize whitespace and compare
+		normalizedRecord := strings.TrimSpace(record)
+		if normalizedRecord == expectedRecord {
+			v.logger.Info("domain ownership verified",
+				zap.String("domain", domain))
+			return true, nil
+		}
+	}
+
+	v.logger.Warn("verification record not found",
+		zap.String("domain", domain),
+		zap.String("expected", expectedRecord),
+		zap.Int("records_checked", len(txtRecords)))
+
+	return false, nil
+}
+
+// GetVerificationRecord returns the TXT record format for a given token
+func GetVerificationRecord(token string) string {
+	return fmt.Sprintf("maplepress-verify=%s", token)
+}
+
+// GetVerificationInstructions returns user-friendly instructions
+func GetVerificationInstructions(domain string, token string) string {
+	record := GetVerificationRecord(token)
+	return fmt.Sprintf(`To verify ownership of %s, add this DNS TXT record:
+
+Host/Name: %s
+Type: TXT
+Value: %s
+
+Instructions:
+1. Log in to your domain registrar (GoDaddy, Namecheap, Cloudflare, etc.)
+2. Find DNS settings or DNS management
+3. Add a new TXT record with the values above
+4. Wait 5-10 minutes for DNS propagation
+5. Click "Verify Domain" in MaplePress
+
+Note: DNS changes can take up to 48 hours to propagate globally, but usually complete within 10 minutes.`,
+		domain, domain, record)
+}