halbebruno/cloudflare_ddns
1
0
Fork 0
mirror of https://github.com/timothymiller/cloudflare-ddns.git synced 2026-03-26 08:58:57 -03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: halbebruno:v2.0.5
Branches Tags
halbebruno:master
halbebruno:v2.1.0 halbebruno:v2.0.10 halbebruno:v2.0.9 halbebruno:v2.0.8 halbebruno:v2.0.7 halbebruno:v2.0.6 halbebruno:v2.0.5 halbebruno:v2.0.4 halbebruno:v2.0.3 halbebruno:2.0.2 halbebruno:2.0.1 halbebruno:latest
...
compare: halbebruno:v2.1.0
Branches Tags
halbebruno:master
halbebruno:v2.1.0 halbebruno:v2.0.10 halbebruno:v2.0.9 halbebruno:v2.0.8 halbebruno:v2.0.7 halbebruno:v2.0.6 halbebruno:v2.0.5 halbebruno:v2.0.4 halbebruno:v2.0.3 halbebruno:2.0.2 halbebruno:2.0.1 halbebruno:latest

10 Commits
v2.0.5 ... v2.1.0

Author SHA1 Message Date
Timothy Miller
3e2b8a3a40 Use rustls and regex-lite; refactor HTTP API 
Switch reqwest to rustls-no-provider and add rustls crate; install
rustls provider at startup. Replace regex::Regex with regex_lite::Regex
across code. Consolidate api_get/post/put/delete into a single
api_request that takes a Method and optional body. Add .dockerignore and
UPX compression in Dockerfile. Remove unused domain/IDNA code, trim dead
helpers, tweak tokio flavor and release opt-level, and update tests to
use crate::test_client()
 2026-03-25 14:49:47 -04:00
Timothy Miller
9b140d2350 Document CONFIG_PATH env var for config location 2026-03-25 13:29:37 -04:00
Timothy Miller
2913ce379c Fix Shoutrrr notifications not sending in legacy config.json mode and 
bump to 2.0.10

  Legacy mode (config.json) never set the notify flag or generated
  notification messages, so Shoutrrr services (Telegram, Discord, Slack,
  etc.) were silently skipped even when DNS records were created or
  updated. Propagate messages and the notify flag from the legacy update
  path back to update_once() so notifications fire correctly.
 2026-03-23 20:01:29 -04:00
Timothy Miller
697089b43d Bump to 2.0.9 2026-03-23 19:42:05 -04:00
Timothy Miller
766e1ac0d4 Replace local_address bind with DNS-level address family filtering 
The split client previously bound to 0.0.0.0 / [::] to force
  IPv4/IPv6,
  but this only hinted at the address family — happy-eyeballs could
  still
  race and connect over the wrong protocol on dual-stack hosts.

  Introduce a FilteredResolver that strips wrong-family addresses from
  DNS
  results before the HTTP client sees them, matching the "split dialer"
  pattern from favonia/cloudflare-ddns. This guarantees the client can
  only
  establish connections over the desired protocol.

  Also switch Cloudflare trace URLs from literal resolver IPs
  (1.0.0.1 / [2606:4700:4700::1001]) to cloudflare.com with an
  api.cloudflare.com fallback — the DNS filter makes dual-stack
  hostnames
  safe, and literal IPs caused TLS SNI mismatches for some users.

  - reqwest 0.12 → 0.13 (adds dns_resolver API)
  - if-addrs 0.13 → 0.15
  - tokio: add "net" feature for tokio::net::lookup_host
 2026-03-23 19:39:56 -04:00
Timothy Miller
8c7af02698 Revise SECURITY.md with version support and reporting updates 
Updated the security policy to include new version support details and improved reporting guidelines for vulnerabilities.
 2026-03-19 23:34:45 -04:00
Timothy Miller
245ac0b061 Potential fix for code scanning alert no. 6: Workflow does not contain permissions 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2026-03-19 23:30:56 -04:00
Timothy Miller
2446c1d6a0 Bump crate to 2.0.8 and refine updater behavior 
Deduplicate up-to-date messages by tracking noop keys and move logging
to the updater so callers only log the first noop.
Reuse a single reqwest Client for IP detection instead of rebuilding it
for each call.
Always ping heartbeat even when there are no meaningful changes.
Fix Pushover shoutrrr parsing (token@user order) and update tests
 2026-03-19 23:22:20 -04:00
Timothy Miller
9b8aba5e20 Add CachedCloudflareFilter 
Introduce CachedCloudflareFilter that caches Cloudflare IP ranges and
refreshes every 24 hours. If a refresh fails the previously cached
ranges
are retained and a warning is emitted. Wire the cache through main and
updater so Cloudflare fetches reuse the cached result. Update tests and
bump crate version to 2.0.7
 2026-03-19 19:24:44 -04:00
Timothy Miller
83dd454c42 Fetch CF ranges concurrently and prevent writes 
Use tokio::join to fetch IPv4 and IPv6 Cloudflare ranges in parallel.
When range fetch fails, avoid performing updates that could write
Cloudflare addresses by clearing detected/filtered IP lists and emitting
warnings. Add unit tests to validate parsing and boundary checks for the
current Cloudflare ranges. Bump crate version to 2.0.6.
Fetch Cloudflare ranges concurrently; avoid writes

Skip updates (clear detected IPs) if Cloudflare ranges can't be
retrieved to avoid writing Cloudflare anycast addresses.
Default REJECT_CLOUDFLARE_IPS=true, update README, add comprehensive
CF-range tests, and bump crate version
Fetch CF ranges concurrently and avoid updates

Enable rejecting Cloudflare IPs by default and skip any updates
if the published ranges cannot be fetched to avoid writing Cloudflare
anycast addresses. Fetch IPv4 and IPv6 ranges concurrently, add
parsing/matching tests, and update README and version.
 2026-03-19 18:56:11 -04:00
16 changed files with 1011 additions and 1276 deletions
Expand all files Collapse all files

6
.dockerignore Normal file
View File

@@ -0,0 +1,6 @@
target/
.git/
.github/
.gitignore
*.md
LICENSE

2
.github/workflows/image.yml vendored
View File

@@ -9,6 +9,8 @@ on:
jobs: jobs:
build: build:
permissions:
contents: read
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code

612
Cargo.lock generated
View File

@@ -11,15 +11,6 @@ dependencies = [
"memchr", "memchr",
] ]
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
[[package]] [[package]]
name = "anyhow" name = "anyhow"
version = "1.0.102" version = "1.0.102"
@@ -42,12 +33,6 @@ version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "autocfg"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.22.1" version = "0.22.1"
@@ -82,40 +67,26 @@ dependencies = [
"shlex", "shlex",
] ]
[[package]]
name = "cesu8"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
[[package]] [[package]]
name = "cfg-if" name = "cfg-if"
version = "1.0.4" version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "cfg_aliases"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
[[package]]
name = "chrono"
version = "0.4.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
dependencies = [
"iana-time-zone",
"js-sys",
"num-traits",
"wasm-bindgen",
"windows-link",
]
[[package]] [[package]]
name = "cloudflare-ddns" name = "cloudflare-ddns"
version = "2.0.5" version = "2.1.0"
dependencies = [ dependencies = [
"chrono",
"idna",
"if-addrs", "if-addrs",
"regex", "regex-lite",
"reqwest", "reqwest",
"rustls",
"serde", "serde",
"serde_json", "serde_json",
"tempfile", "tempfile",
@@ -124,6 +95,26 @@ dependencies = [
"wiremock", "wiremock",
] ]
[[package]]
name = "combine"
version = "4.6.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba5a308b75df32fe02788e748662718f03fde005016435c444eea572398219fd"
dependencies = [
"bytes",
"memchr",
]
[[package]]
name = "core-foundation"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "core-foundation-sys" name = "core-foundation-sys"
version = "0.8.7" version = "0.8.7"
@@ -303,24 +294,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"js-sys",
"libc", "libc",
"wasi", "wasi",
"wasm-bindgen",
]
[[package]]
name = "getrandom"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
dependencies = [
"cfg-if",
"js-sys",
"libc",
"r-efi 5.3.0",
"wasip2",
"wasm-bindgen",
] ]
[[package]] [[package]]
@@ -331,7 +306,7 @@ checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"libc", "libc",
"r-efi 6.0.0", "r-efi",
"wasip2", "wasip2",
"wasip3", "wasip3",
] ]
@@ -464,7 +439,6 @@ dependencies = [
"tokio", "tokio",
"tokio-rustls", "tokio-rustls",
"tower-service", "tower-service",
"webpki-roots",
] ]
[[package]] [[package]]
@@ -490,30 +464,6 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "iana-time-zone"
version = "0.1.65"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"iana-time-zone-haiku",
"js-sys",
"log",
"wasm-bindgen",
"windows-core",
]
[[package]]
name = "iana-time-zone-haiku"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
dependencies = [
"cc",
]
[[package]] [[package]]
name = "icu_collections" name = "icu_collections"
version = "2.1.1" version = "2.1.1"
@@ -624,12 +574,12 @@ dependencies = [
[[package]] [[package]]
name = "if-addrs" name = "if-addrs"
version = "0.13.4" version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69b2eeee38fef3aa9b4cc5f1beea8a2444fc00e7377cafae396de3f5c2065e24" checksum = "c0a05c691e1fae256cf7013d99dad472dc52d5543322761f83ec8d47eab40d2b"
dependencies = [ dependencies = [
"libc", "libc",
"windows-sys 0.59.0", "windows-sys 0.61.2",
] ]
[[package]] [[package]]
@@ -652,9 +602,9 @@ checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2"
[[package]] [[package]]
name = "iri-string" name = "iri-string"
version = "0.7.10" version = "0.7.11"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" checksum = "d8e7418f59cc01c88316161279a7f665217ae316b388e58a0d10e29f54f1e5eb"
dependencies = [ dependencies = [
"memchr", "memchr",
"serde", "serde",
@@ -662,9 +612,53 @@ dependencies = [
[[package]] [[package]]
name = "itoa" name = "itoa"
version = "1.0.17" version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
[[package]]
name = "jni"
version = "0.21.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a87aa2bb7d2af34197c04845522473242e1aa17c12f4935d5856491a7fb8c97"
dependencies = [
"cesu8",
"cfg-if",
"combine",
"jni-sys 0.3.1",
"log",
"thiserror",
"walkdir",
"windows-sys 0.45.0",
]
[[package]]
name = "jni-sys"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41a652e1f9b6e0275df1f15b32661cf0d4b78d4d87ddec5e0c3c20f097433258"
dependencies = [
"jni-sys 0.4.1",
]
[[package]]
name = "jni-sys"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c6377a88cb3910bee9b0fa88d4f42e1d2da8e79915598f65fb0c7ee14c878af2"
dependencies = [
"jni-sys-macros",
]
[[package]]
name = "jni-sys-macros"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38c0b942f458fe50cdac086d2f946512305e5631e720728f2a61aabcd47a6264"
dependencies = [
"quote",
"syn",
]
[[package]] [[package]]
name = "js-sys" name = "js-sys"
@@ -712,12 +706,6 @@ version = "0.4.29"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
[[package]]
name = "lru-slab"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
[[package]] [[package]]
name = "memchr" name = "memchr"
version = "2.8.0" version = "2.8.0"
@@ -735,15 +723,6 @@ dependencies = [
"windows-sys 0.61.2", "windows-sys 0.61.2",
] ]
[[package]]
name = "num-traits"
version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
dependencies = [
"autocfg",
]
[[package]] [[package]]
name = "num_cpus" name = "num_cpus"
version = "1.17.0" version = "1.17.0"
@@ -760,6 +739,12 @@ version = "1.21.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50"
[[package]]
name = "openssl-probe"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
[[package]] [[package]]
name = "percent-encoding" name = "percent-encoding"
version = "2.3.2" version = "2.3.2"
@@ -787,15 +772,6 @@ dependencies = [
"zerovec", "zerovec",
] ]
[[package]]
name = "ppv-lite86"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
dependencies = [
"zerocopy",
]
[[package]] [[package]]
name = "prettyplease" name = "prettyplease"
version = "0.2.37" version = "0.2.37"
@@ -815,61 +791,6 @@ dependencies = [
"unicode-ident", "unicode-ident",
] ]
[[package]]
name = "quinn"
version = "0.11.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20"
dependencies = [
"bytes",
"cfg_aliases",
"pin-project-lite",
"quinn-proto",
"quinn-udp",
"rustc-hash",
"rustls",
"socket2",
"thiserror",
"tokio",
"tracing",
"web-time",
]
[[package]]
name = "quinn-proto"
version = "0.11.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
dependencies = [
"bytes",
"getrandom 0.3.4",
"lru-slab",
"rand",
"ring",
"rustc-hash",
"rustls",
"rustls-pki-types",
"slab",
"thiserror",
"tinyvec",
"tracing",
"web-time",
]
[[package]]
name = "quinn-udp"
version = "0.5.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd"
dependencies = [
"cfg_aliases",
"libc",
"once_cell",
"socket2",
"tracing",
"windows-sys 0.60.2",
]
[[package]] [[package]]
name = "quote" name = "quote"
version = "1.0.45" version = "1.0.45"
@@ -879,47 +800,12 @@ dependencies = [
"proc-macro2", "proc-macro2",
] ]
[[package]]
name = "r-efi"
version = "5.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
[[package]] [[package]]
name = "r-efi" name = "r-efi"
version = "6.0.0" version = "6.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
[[package]]
name = "rand"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
dependencies = [
"rand_chacha",
"rand_core",
]
[[package]]
name = "rand_chacha"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
dependencies = [
"ppv-lite86",
"rand_core",
]
[[package]]
name = "rand_core"
version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
dependencies = [
"getrandom 0.3.4",
]
[[package]] [[package]]
name = "regex" name = "regex"
version = "1.12.3" version = "1.12.3"
@@ -943,6 +829,12 @@ dependencies = [
"regex-syntax", "regex-syntax",
] ]
[[package]]
name = "regex-lite"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cab834c73d247e67f4fae452806d17d3c7501756d98c8808d7c9c7aa7d18f973"
[[package]] [[package]]
name = "regex-syntax" name = "regex-syntax"
version = "0.8.10" version = "0.8.10"
@@ -951,9 +843,9 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
[[package]] [[package]]
name = "reqwest" name = "reqwest"
version = "0.12.28" version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" checksum = "ab3f43e3283ab1488b624b44b0e988d0acea0b3214e694730a055cb6b2efa801"
dependencies = [ dependencies = [
"base64", "base64",
"bytes", "bytes",
@@ -968,9 +860,9 @@ dependencies = [
"log", "log",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"quinn",
"rustls", "rustls",
"rustls-pki-types", "rustls-pki-types",
"rustls-platform-verifier",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
@@ -984,7 +876,6 @@ dependencies = [
"wasm-bindgen", "wasm-bindgen",
"wasm-bindgen-futures", "wasm-bindgen-futures",
"web-sys", "web-sys",
"webpki-roots",
] ]
[[package]] [[package]]
@@ -1001,12 +892,6 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "rustc-hash"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
[[package]] [[package]]
name = "rustix" name = "rustix"
version = "1.1.4" version = "1.1.4"
@@ -1034,21 +919,59 @@ dependencies = [
"zeroize", "zeroize",
] ]
[[package]]
name = "rustls-native-certs"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63"
dependencies = [
"openssl-probe",
"rustls-pki-types",
"schannel",
"security-framework",
]
[[package]] [[package]]
name = "rustls-pki-types" name = "rustls-pki-types"
version = "1.14.0" version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
dependencies = [ dependencies = [
"web-time",
"zeroize", "zeroize",
] ]
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-platform-verifier"
version = "0.103.9" version = "0.6.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" checksum = "1d99feebc72bae7ab76ba994bb5e121b8d83d910ca40b36e0921f53becc41784"
dependencies = [
"core-foundation",
"core-foundation-sys",
"jni",
"log",
"once_cell",
"rustls",
"rustls-native-certs",
"rustls-platform-verifier-android",
"rustls-webpki",
"security-framework",
"security-framework-sys",
"webpki-root-certs",
"windows-sys 0.61.2",
]
[[package]]
name = "rustls-platform-verifier-android"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
[[package]]
name = "rustls-webpki"
version = "0.103.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
dependencies = [ dependencies = [
"ring", "ring",
"rustls-pki-types", "rustls-pki-types",
@@ -1067,6 +990,47 @@ version = "1.0.23"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
[[package]]
name = "same-file"
version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
dependencies = [
"winapi-util",
]
[[package]]
name = "schannel"
version = "0.1.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939"
dependencies = [
"windows-sys 0.61.2",
]
[[package]]
name = "security-framework"
version = "3.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d"
dependencies = [
"bitflags",
"core-foundation",
"core-foundation-sys",
"libc",
"security-framework-sys",
]
[[package]]
name = "security-framework-sys"
version = "2.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "semver" name = "semver"
version = "1.0.27" version = "1.0.27"
@@ -1224,18 +1188,18 @@ dependencies = [
[[package]] [[package]]
name = "thiserror" name = "thiserror"
version = "2.0.18" version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
dependencies = [ dependencies = [
"thiserror-impl", "thiserror-impl",
] ]
[[package]] [[package]]
name = "thiserror-impl" name = "thiserror-impl"
version = "2.0.18" version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@@ -1252,21 +1216,6 @@ dependencies = [
"zerovec", "zerovec",
] ]
[[package]]
name = "tinyvec"
version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3"
dependencies = [
"tinyvec_macros",
]
[[package]]
name = "tinyvec_macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.50.0" version = "1.50.0"
@@ -1423,6 +1372,16 @@ version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
[[package]]
name = "walkdir"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
dependencies = [
"same-file",
"winapi-util",
]
[[package]] [[package]]
name = "want" name = "want"
version = "0.3.1" version = "0.3.1"
@@ -1560,57 +1519,21 @@ dependencies = [
] ]
[[package]] [[package]]
name = "web-time" name = "webpki-root-certs"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
dependencies = [
"js-sys",
"wasm-bindgen",
]
[[package]]
name = "webpki-roots"
version = "1.0.6" version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed" checksum = "804f18a4ac2676ffb4e8b5b5fa9ae38af06df08162314f96a68d2a363e21a8ca"
dependencies = [ dependencies = [
"rustls-pki-types", "rustls-pki-types",
] ]
[[package]] [[package]]
name = "windows-core" name = "winapi-util"
version = "0.62.2" version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
dependencies = [ dependencies = [
"windows-implement", "windows-sys 0.61.2",
"windows-interface",
"windows-link",
"windows-result",
"windows-strings",
]
[[package]]
name = "windows-implement"
version = "0.60.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-interface"
version = "0.59.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
dependencies = [
"proc-macro2",
"quote",
"syn",
] ]
[[package]] [[package]]
@@ -1620,21 +1543,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]] [[package]]
name = "windows-result" name = "windows-sys"
version = "0.4.1" version = "0.45.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
dependencies = [ dependencies = [
"windows-link", "windows-targets 0.42.2",
]
[[package]]
name = "windows-strings"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
dependencies = [
"windows-link",
] ]
[[package]] [[package]]
@@ -1646,24 +1560,6 @@ dependencies = [
"windows-targets 0.52.6", "windows-targets 0.52.6",
] ]
[[package]]
name = "windows-sys"
version = "0.59.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-sys"
version = "0.60.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
dependencies = [
"windows-targets 0.53.5",
]
[[package]] [[package]]
name = "windows-sys" name = "windows-sys"
version = "0.61.2" version = "0.61.2"
@@ -1673,6 +1569,21 @@ dependencies = [
"windows-link", "windows-link",
] ]
[[package]]
name = "windows-targets"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
dependencies = [
"windows_aarch64_gnullvm 0.42.2",
"windows_aarch64_msvc 0.42.2",
"windows_i686_gnu 0.42.2",
"windows_i686_msvc 0.42.2",
"windows_x86_64_gnu 0.42.2",
"windows_x86_64_gnullvm 0.42.2",
"windows_x86_64_msvc 0.42.2",
]
[[package]] [[package]]
name = "windows-targets" name = "windows-targets"
version = "0.52.6" version = "0.52.6"
@@ -1682,7 +1593,7 @@ dependencies = [
"windows_aarch64_gnullvm 0.52.6", "windows_aarch64_gnullvm 0.52.6",
"windows_aarch64_msvc 0.52.6", "windows_aarch64_msvc 0.52.6",
"windows_i686_gnu 0.52.6", "windows_i686_gnu 0.52.6",
"windows_i686_gnullvm 0.52.6", "windows_i686_gnullvm",
"windows_i686_msvc 0.52.6", "windows_i686_msvc 0.52.6",
"windows_x86_64_gnu 0.52.6", "windows_x86_64_gnu 0.52.6",
"windows_x86_64_gnullvm 0.52.6", "windows_x86_64_gnullvm 0.52.6",
@@ -1690,21 +1601,10 @@ dependencies = [
] ]
[[package]] [[package]]
name = "windows-targets" name = "windows_aarch64_gnullvm"
version = "0.53.5" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
dependencies = [
"windows-link",
"windows_aarch64_gnullvm 0.53.1",
"windows_aarch64_msvc 0.53.1",
"windows_i686_gnu 0.53.1",
"windows_i686_gnullvm 0.53.1",
"windows_i686_msvc 0.53.1",
"windows_x86_64_gnu 0.53.1",
"windows_x86_64_gnullvm 0.53.1",
"windows_x86_64_msvc 0.53.1",
]
[[package]] [[package]]
name = "windows_aarch64_gnullvm" name = "windows_aarch64_gnullvm"
@@ -1713,10 +1613,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]] [[package]]
name = "windows_aarch64_gnullvm" name = "windows_aarch64_msvc"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
[[package]] [[package]]
name = "windows_aarch64_msvc" name = "windows_aarch64_msvc"
@@ -1725,10 +1625,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]] [[package]]
name = "windows_aarch64_msvc" name = "windows_i686_gnu"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
[[package]] [[package]]
name = "windows_i686_gnu" name = "windows_i686_gnu"
@@ -1736,12 +1636,6 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
[[package]]
name = "windows_i686_gnu"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3"
[[package]] [[package]]
name = "windows_i686_gnullvm" name = "windows_i686_gnullvm"
version = "0.52.6" version = "0.52.6"
@@ -1749,10 +1643,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]] [[package]]
name = "windows_i686_gnullvm" name = "windows_i686_msvc"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
[[package]] [[package]]
name = "windows_i686_msvc" name = "windows_i686_msvc"
@@ -1761,10 +1655,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]] [[package]]
name = "windows_i686_msvc" name = "windows_x86_64_gnu"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
[[package]] [[package]]
name = "windows_x86_64_gnu" name = "windows_x86_64_gnu"
@@ -1773,10 +1667,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]] [[package]]
name = "windows_x86_64_gnu" name = "windows_x86_64_gnullvm"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
[[package]] [[package]]
name = "windows_x86_64_gnullvm" name = "windows_x86_64_gnullvm"
@@ -1785,10 +1679,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]] [[package]]
name = "windows_x86_64_gnullvm" name = "windows_x86_64_msvc"
version = "0.53.1" version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
[[package]] [[package]]
name = "windows_x86_64_msvc" name = "windows_x86_64_msvc"
@@ -1796,12 +1690,6 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "windows_x86_64_msvc"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
[[package]] [[package]]
name = "wiremock" name = "wiremock"
version = "0.6.5" version = "0.6.5"
@@ -1942,26 +1830,6 @@ dependencies = [
"synstructure", "synstructure",
] ]
[[package]]
name = "zerocopy"
version = "0.8.42"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2578b716f8a7a858b7f02d5bd870c14bf4ddbbcf3a4c05414ba6503640505e3"
dependencies = [
"zerocopy-derive",
]
[[package]]
name = "zerocopy-derive"
version = "0.8.42"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e6cc098ea4d3bd6246687de65af3f920c430e236bee1e3bf2e441463f08a02f"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "zerofrom" name = "zerofrom"
version = "0.1.6" version = "0.1.6"

15
Cargo.toml
View File

@@ -1,23 +1,22 @@
[package] [package]
name = "cloudflare-ddns" name = "cloudflare-ddns"
version = "2.0.5" version = "2.1.0"
edition = "2021" edition = "2021"
description = "Access your home network remotely via a custom domain name without a static IP" description = "Access your home network remotely via a custom domain name without a static IP"
license = "GPL-3.0" license = "GPL-3.0"
[dependencies] [dependencies]
reqwest = { version = "0.12", features = ["json", "rustls-tls"], default-features = false } reqwest = { version = "0.13", features = ["json", "form", "rustls-no-provider"], default-features = false }
rustls = { version = "0.23", features = ["ring"], default-features = false }
serde = { version = "1", features = ["derive"] } serde = { version = "1", features = ["derive"] }
serde_json = "1" serde_json = "1"
tokio = { version = "1", features = ["rt-multi-thread", "macros", "time", "signal"] } tokio = { version = "1", features = ["rt", "macros", "time", "signal", "net"] }
regex = "1" regex-lite = "0.1"
chrono = { version = "0.4", features = ["clock"] }
url = "2" url = "2"
idna = "1" if-addrs = "0.15"
if-addrs = "0.13"
[profile.release] [profile.release]
opt-level = "s" opt-level = "z"
lto = true lto = true
codegen-units = 1 codegen-units = 1
strip = true strip = true

1
Dockerfile
View File

@@ -5,6 +5,7 @@ WORKDIR /build
COPY Cargo.toml Cargo.lock ./ COPY Cargo.toml Cargo.lock ./
COPY src ./src COPY src ./src
RUN cargo build --release RUN cargo build --release
RUN apk add --no-cache upx && upx --best --lzma target/release/cloudflare-ddns
# ---- Release ---- # ---- Release ----
FROM scratch AS release FROM scratch AS release

31
README.md
View File

@@ -28,7 +28,7 @@ Configure everything with environment variables. Supports notifications, heartbe
- 🎨 **Pretty output with emoji** — Configurable emoji and verbosity levels - 🎨 **Pretty output with emoji** — Configurable emoji and verbosity levels
- 🔒 **Zero-log IP detection** — Uses Cloudflare's [cdn-cgi/trace](https://www.cloudflare.com/cdn-cgi/trace) by default - 🔒 **Zero-log IP detection** — Uses Cloudflare's [cdn-cgi/trace](https://www.cloudflare.com/cdn-cgi/trace) by default
- 🏠 **CGNAT-aware local detection** — Filters out shared address space (100.64.0.0/10) and private ranges - 🏠 **CGNAT-aware local detection** — Filters out shared address space (100.64.0.0/10) and private ranges
- 🚫 **Cloudflare IP rejection**Optionally reject Cloudflare anycast IPs to prevent incorrect DNS updates - 🚫 **Cloudflare IP rejection**Automatically rejects Cloudflare anycast IPs to prevent incorrect DNS updates
- 🤏 **Tiny static binary** — ~1.9 MB Docker image built from scratch, zero runtime dependencies - 🤏 **Tiny static binary** — ~1.9 MB Docker image built from scratch, zero runtime dependencies
## 🚀 Quick Start ## 🚀 Quick Start
@@ -92,11 +92,13 @@ Available providers:
| Variable | Default | Description | | Variable | Default | Description |
|----------|---------|-------------| |----------|---------|-------------|
| `REJECT_CLOUDFLARE_IPS` | `false` | Reject detected IPs that fall within Cloudflare's IP ranges | | `REJECT_CLOUDFLARE_IPS` | `true` | Reject detected IPs that fall within Cloudflare's IP ranges |
Some IP detection providers occasionally return a Cloudflare anycast IP instead of your real public IP. When this happens, your DNS record gets updated to point at Cloudflare infrastructure rather than your actual address. Some IP detection providers occasionally return a Cloudflare anycast IP instead of your real public IP. When this happens, your DNS record gets updated to point at Cloudflare infrastructure rather than your actual address.
Setting `REJECT_CLOUDFLARE_IPS=true` prevents this. Each update cycle fetches [Cloudflare's published IP ranges](https://www.cloudflare.com/ips/) and skips any detected IP that falls within them. A warning is logged for every rejected IP. By default, each update cycle fetches [Cloudflare's published IP ranges](https://www.cloudflare.com/ips/) and skips any detected IP that falls within them. A warning is logged for every rejected IP. If the ranges cannot be fetched, the update is skipped entirely to prevent writing a Cloudflare IP.
To disable this protection, set `REJECT_CLOUDFLARE_IPS=false`.
## ⏱️ Scheduling ## ⏱️ Scheduling
@@ -221,7 +223,7 @@ Heartbeats are sent after each update cycle. On failure, a fail signal is sent.
| `MANAGED_WAF_LIST_ITEMS_COMMENT_REGEX` | — | 🎯 Managed WAF items regex | | `MANAGED_WAF_LIST_ITEMS_COMMENT_REGEX` | — | 🎯 Managed WAF items regex |
| `DETECTION_TIMEOUT` | `5s` | ⏳ IP detection timeout | | `DETECTION_TIMEOUT` | `5s` | ⏳ IP detection timeout |
| `UPDATE_TIMEOUT` | `30s` | ⏳ API request timeout | | `UPDATE_TIMEOUT` | `30s` | ⏳ API request timeout |
| `REJECT_CLOUDFLARE_IPS` | `false` | 🚫 Reject Cloudflare anycast IPs | | `REJECT_CLOUDFLARE_IPS` | `true` | 🚫 Reject Cloudflare anycast IPs |
| `EMOJI` | `true` | 🎨 Enable emoji output | | `EMOJI` | `true` | 🎨 Enable emoji output |
| `QUIET` | `false` | 🤫 Suppress info output | | `QUIET` | `false` | 🤫 Suppress info output |
| `HEALTHCHECKS` | — | 💓 Healthchecks.io URL | | `HEALTHCHECKS` | — | 💓 Healthchecks.io URL |
@@ -361,6 +363,21 @@ Some ISP provided modems only allow port forwarding over IPv4 or IPv6. Disable t
### ⚙️ Config Options ### ⚙️ Config Options
By default, the legacy config file is loaded from `./config.json`. Set the `CONFIG_PATH` environment variable to change the directory:
```bash
CONFIG_PATH=/etc/cloudflare-ddns cloudflare-ddns
```
Or in Docker Compose:
```yml
environment:
- CONFIG_PATH=/config
volumes:
- /your/path/config.json:/config/config.json
```
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| `cloudflare` | array | required | List of zone configurations | | `cloudflare` | array | required | List of zone configurations |
@@ -373,17 +390,17 @@ Some ISP provided modems only allow port forwarding over IPv4 or IPv6. Disable t
### 🚫 Cloudflare IP Rejection (Legacy Mode) ### 🚫 Cloudflare IP Rejection (Legacy Mode)
The `REJECT_CLOUDFLARE_IPS` environment variable is supported in legacy config mode. Set it alongside your `config.json`: Cloudflare IP rejection is enabled by default in legacy mode too. To disable it, set `REJECT_CLOUDFLARE_IPS=false` alongside your `config.json`:
```bash ```bash
REJECT_CLOUDFLARE_IPS=true cloudflare-ddns REJECT_CLOUDFLARE_IPS=false cloudflare-ddns
``` ```
Or in Docker Compose: Or in Docker Compose:
```yml ```yml
environment: environment:
- REJECT_CLOUDFLARE_IPS=true - REJECT_CLOUDFLARE_IPS=false
volumes: volumes:
- ./config.json:/config.json - ./config.json:/config.json
``` ```

78
SECURITY.md Normal file
View File

@@ -0,0 +1,78 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 2.0.x | :white_check_mark: |
| < 2.0 | :x: |
Only the latest release in the `2.0.x` series receives security updates. The legacy Python codebase and all `1.x` releases are **end-of-life** and will not be patched. Users on older versions should upgrade to the latest release immediately.
## Reporting a Vulnerability
**Please do not open a public GitHub issue for security vulnerabilities.**
Instead, report vulnerabilities privately using one of the following methods:
1. **GitHub Private Vulnerability Reporting** — Use the [Security Advisories](https://github.com/timothymiller/cloudflare-ddns/security/advisories/new) page to submit a private report directly on GitHub.
2. **Email** — Contact the maintainer directly at the email address listed on the [GitHub profile](https://github.com/timothymiller).
### What to Include
- A clear description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Affected version(s)
- Any suggested fix or mitigation, if applicable
### What to Expect
- **Acknowledgment** within 72 hours of your report
- **Status updates** at least every 7 days while the issue is being investigated
- A coordinated disclosure timeline — we aim to release a fix within 30 days of a confirmed vulnerability, and will credit reporters (unless anonymity is preferred) in the release notes
If a report is declined (e.g., out of scope or not reproducible), you will receive an explanation.
## Security Considerations
This project handles **Cloudflare API tokens** that grant DNS editing privileges. Users should be aware of the following:
### API Token Handling
- **Never commit your API token** to version control or include it in Docker images.
- Use `CLOUDFLARE_API_TOKEN_FILE` or Docker secrets to inject tokens at runtime rather than passing them as plain environment variables where possible.
- Create a **scoped API token** with only "Edit DNS" permission on the specific zones you need — avoid using Global API Keys.
### Container Security
- The Docker image runs as a **static binary from scratch** with zero runtime dependencies, which minimizes the attack surface.
- Use `security_opt: no-new-privileges:true` in Docker Compose deployments.
- Pin image tags to a specific version (e.g., `timothyjmiller/cloudflare-ddns:v2.0.10`) rather than using `latest` in production.
### Network Security
- The default IP detection provider (`cloudflare.trace`) communicates directly with Cloudflare's infrastructure over HTTPS and does not log your IP.
- All Cloudflare API calls are made over HTTPS/TLS.
- `--network host` mode is required for IPv6 detection — be aware this gives the container access to the host's full network stack.
### Supply Chain
- The project is built with `cargo` and all dependencies are declared in `Cargo.lock` for reproducible builds.
- Docker images are built via GitHub Actions and published to Docker Hub. Multi-arch builds cover `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.
## Scope
The following are considered **in scope** for security reports:
- Authentication or authorization flaws (e.g., token leakage, insufficient credential protection)
- Injection vulnerabilities in configuration parsing
- Vulnerabilities in DNS record handling that could lead to record hijacking or poisoning
- Dependency vulnerabilities with a demonstrable exploit path
- Container escape or privilege escalation
The following are **out of scope**:
- Denial of service against the user's own instance
- Vulnerabilities in Cloudflare's API or infrastructure (report those to [Cloudflare](https://hackerone.com/cloudflare))
- Social engineering attacks
- Issues requiring physical access to the host machine

190
src/cf_ip_filter.rs
View File

@@ -1,7 +1,7 @@
use crate::pp::{self, PP}; use crate::pp::{self, PP};
use reqwest::Client; use reqwest::Client;
use std::net::IpAddr; use std::net::IpAddr;
use std::time::Duration; use std::time::{Duration, Instant};
const CF_IPV4_URL: &str = "https://www.cloudflare.com/ips-v4"; const CF_IPV4_URL: &str = "https://www.cloudflare.com/ips-v4";
const CF_IPV6_URL: &str = "https://www.cloudflare.com/ips-v6"; const CF_IPV6_URL: &str = "https://www.cloudflare.com/ips-v6";
@@ -59,8 +59,13 @@ impl CloudflareIpFilter {
pub async fn fetch(client: &Client, timeout: Duration, ppfmt: &PP) -> Option<Self> { pub async fn fetch(client: &Client, timeout: Duration, ppfmt: &PP) -> Option<Self> {
let mut ranges = Vec::new(); let mut ranges = Vec::new();
for url in [CF_IPV4_URL, CF_IPV6_URL] { let (v4_result, v6_result) = tokio::join!(
match client.get(url).timeout(timeout).send().await { client.get(CF_IPV4_URL).timeout(timeout).send(),
client.get(CF_IPV6_URL).timeout(timeout).send(),
);
for (url, result) in [(CF_IPV4_URL, v4_result), (CF_IPV6_URL, v6_result)] {
match result {
Ok(resp) if resp.status().is_success() => match resp.text().await { Ok(resp) if resp.status().is_success() => match resp.text().await {
Ok(body) => { Ok(body) => {
for line in body.lines() { for line in body.lines() {
@@ -152,6 +157,62 @@ impl CloudflareIpFilter {
} }
} }
/// Refresh interval for Cloudflare IP ranges (24 hours).
const CF_RANGE_REFRESH: Duration = Duration::from_secs(24 * 60 * 60);
/// Cached wrapper around [`CloudflareIpFilter`].
///
/// Fetches once, then re-uses the cached ranges for [`CF_RANGE_REFRESH`].
/// If a refresh fails, the previously cached ranges are kept.
pub struct CachedCloudflareFilter {
filter: Option<CloudflareIpFilter>,
fetched_at: Option<Instant>,
}
impl CachedCloudflareFilter {
pub fn new() -> Self {
Self {
filter: None,
fetched_at: None,
}
}
/// Return a reference to the current filter, refreshing if stale or absent.
pub async fn get(
&mut self,
client: &Client,
timeout: Duration,
ppfmt: &PP,
) -> Option<&CloudflareIpFilter> {
let stale = match self.fetched_at {
Some(t) => t.elapsed() >= CF_RANGE_REFRESH,
None => true,
};
if stale {
match CloudflareIpFilter::fetch(client, timeout, ppfmt).await {
Some(new_filter) => {
self.filter = Some(new_filter);
self.fetched_at = Some(Instant::now());
}
None => {
if self.filter.is_some() {
ppfmt.warningf(
pp::EMOJI_WARNING,
"Failed to refresh Cloudflare IP ranges; using cached version",
);
// Keep using cached filter, but don't update fetched_at
// so we retry next cycle.
}
// If no cached filter exists, return None (caller handles fail-safe).
}
}
}
self.filter.as_ref()
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;
@@ -234,4 +295,127 @@ mod tests {
let ip: IpAddr = IpAddr::V6(Ipv6Addr::new(0x2606, 0x4700, 0, 0, 0, 0, 0, 1)); let ip: IpAddr = IpAddr::V6(Ipv6Addr::new(0x2606, 0x4700, 0, 0, 0, 0, 0, 1));
assert!(!filter.contains(&ip)); assert!(!filter.contains(&ip));
} }
/// All real Cloudflare ranges as of 2026-03. Verifies every range parses
/// and that the first and last IP in each range is matched while the
/// address just past the end is not.
const ALL_CF_RANGES: &str = "\
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32
";
#[test]
fn test_all_real_ranges_parse() {
let filter = CloudflareIpFilter::from_lines(ALL_CF_RANGES).unwrap();
assert_eq!(filter.ranges.len(), 22);
}
/// For a /N IPv4 range starting at `base`, return (first, last, just_outside).
fn v4_range_bounds(a: u8, b: u8, c: u8, d: u8, prefix: u8) -> (Ipv4Addr, Ipv4Addr, Ipv4Addr) {
let base = u32::from(Ipv4Addr::new(a, b, c, d));
let size = 1u32 << (32 - prefix);
let first = Ipv4Addr::from(base);
let last = Ipv4Addr::from(base + size - 1);
let outside = Ipv4Addr::from(base + size);
(first, last, outside)
}
#[test]
fn test_all_real_ipv4_ranges_match() {
// Test each range individually so adjacent ranges (e.g. 104.16.0.0/13
// and 104.24.0.0/14) don't cause false failures on boundary checks.
let ranges: &[(u8, u8, u8, u8, u8)] = &[
(173, 245, 48, 0, 20),
(103, 21, 244, 0, 22),
(103, 22, 200, 0, 22),
(103, 31, 4, 0, 22),
(141, 101, 64, 0, 18),
(108, 162, 192, 0, 18),
(190, 93, 240, 0, 20),
(188, 114, 96, 0, 20),
(197, 234, 240, 0, 22),
(198, 41, 128, 0, 17),
(162, 158, 0, 0, 15),
(104, 16, 0, 0, 13),
(104, 24, 0, 0, 14),
(172, 64, 0, 0, 13),
(131, 0, 72, 0, 22),
];
for &(a, b, c, d, prefix) in ranges {
let cidr = format!("{a}.{b}.{c}.{d}/{prefix}");
let filter = CloudflareIpFilter::from_lines(&cidr).unwrap();
let (first, last, outside) = v4_range_bounds(a, b, c, d, prefix);
assert!(
filter.contains(&IpAddr::V4(first)),
"First IP {first} should be in {cidr}"
);
assert!(
filter.contains(&IpAddr::V4(last)),
"Last IP {last} should be in {cidr}"
);
assert!(
!filter.contains(&IpAddr::V4(outside)),
"IP {outside} should NOT be in {cidr}"
);
}
}
#[test]
fn test_all_real_ipv6_ranges_match() {
let filter = CloudflareIpFilter::from_lines(ALL_CF_RANGES).unwrap();
// (base high 16-bit segment, prefix len)
let ranges: &[(u16, u16, u8)] = &[
(0x2400, 0xcb00, 32),
(0x2606, 0x4700, 32),
(0x2803, 0xf800, 32),
(0x2405, 0xb500, 32),
(0x2405, 0x8100, 32),
(0x2a06, 0x98c0, 29),
(0x2c0f, 0xf248, 32),
];
for &(seg0, seg1, prefix) in ranges {
let base = u128::from(Ipv6Addr::new(seg0, seg1, 0, 0, 0, 0, 0, 0));
let size = 1u128 << (128 - prefix);
let first = Ipv6Addr::from(base);
let last = Ipv6Addr::from(base + size - 1);
let outside = Ipv6Addr::from(base + size);
assert!(
filter.contains(&IpAddr::V6(first)),
"First IP {first} should be in {seg0:x}:{seg1:x}::/{prefix}"
);
assert!(
filter.contains(&IpAddr::V6(last)),
"Last IP {last} should be in {seg0:x}:{seg1:x}::/{prefix}"
);
assert!(
!filter.contains(&IpAddr::V6(outside)),
"IP {outside} should NOT be in {seg0:x}:{seg1:x}::/{prefix}"
);
}
}
} }

133
src/cloudflare.rs
View File

@@ -152,16 +152,16 @@ pub struct CloudflareHandle {
client: Client, client: Client,
base_url: String, base_url: String,
auth: Auth, auth: Auth,
managed_comment_regex: Option<regex::Regex>, managed_comment_regex: Option<regex_lite::Regex>,
managed_waf_comment_regex: Option<regex::Regex>, managed_waf_comment_regex: Option<regex_lite::Regex>,
} }
impl CloudflareHandle { impl CloudflareHandle {
pub fn new( pub fn new(
auth: Auth, auth: Auth,
update_timeout: Duration, update_timeout: Duration,
managed_comment_regex: Option<regex::Regex>, managed_comment_regex: Option<regex_lite::Regex>,
managed_waf_comment_regex: Option<regex::Regex>, managed_waf_comment_regex: Option<regex_lite::Regex>,
) -> Self { ) -> Self {
let client = Client::builder() let client = Client::builder()
.timeout(update_timeout) .timeout(update_timeout)
@@ -182,6 +182,7 @@ impl CloudflareHandle {
base_url: &str, base_url: &str,
auth: Auth, auth: Auth,
) -> Self { ) -> Self {
crate::init_crypto();
let client = Client::builder() let client = Client::builder()
.timeout(Duration::from_secs(10)) .timeout(Duration::from_secs(10))
.build() .build()
@@ -200,13 +201,18 @@ impl CloudflareHandle {
format!("{}/{path}", self.base_url) format!("{}/{path}", self.base_url)
} }
async fn api_get<T: serde::de::DeserializeOwned>( async fn api_request<T: serde::de::DeserializeOwned>(
&self, &self,
method: reqwest::Method,
path: &str, path: &str,
body: Option<&impl Serialize>,
ppfmt: &PP, ppfmt: &PP,
) -> Option<T> { ) -> Option<T> {
let url = self.api_url(path); let url = self.api_url(path);
let req = self.auth.apply(self.client.get(&url)); let mut req = self.auth.apply(self.client.request(method.clone(), &url));
if let Some(b) = body {
req = req.json(b);
}
match req.send().await { match req.send().await {
Ok(resp) => { Ok(resp) => {
if resp.status().is_success() { if resp.status().is_success() {
@@ -214,89 +220,12 @@ impl CloudflareHandle {
} else { } else {
let url_str = resp.url().to_string(); let url_str = resp.url().to_string();
let text = resp.text().await.unwrap_or_default(); let text = resp.text().await.unwrap_or_default();
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API GET '{url_str}' failed: {text}")); ppfmt.errorf(pp::EMOJI_ERROR, &format!("API {method} '{url_str}' failed: {text}"));
None None
} }
} }
Err(e) => { Err(e) => {
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API GET '{path}' error: {e}")); ppfmt.errorf(pp::EMOJI_ERROR, &format!("API {method} '{path}' error: {e}"));
None
}
}
}
async fn api_post<T: serde::de::DeserializeOwned, B: Serialize>(
&self,
path: &str,
body: &B,
ppfmt: &PP,
) -> Option<T> {
let url = self.api_url(path);
let req = self.auth.apply(self.client.post(&url)).json(body);
match req.send().await {
Ok(resp) => {
if resp.status().is_success() {
resp.json::<T>().await.ok()
} else {
let url_str = resp.url().to_string();
let text = resp.text().await.unwrap_or_default();
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API POST '{url_str}' failed: {text}"));
None
}
}
Err(e) => {
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API POST '{path}' error: {e}"));
None
}
}
}
async fn api_put<T: serde::de::DeserializeOwned, B: Serialize>(
&self,
path: &str,
body: &B,
ppfmt: &PP,
) -> Option<T> {
let url = self.api_url(path);
let req = self.auth.apply(self.client.put(&url)).json(body);
match req.send().await {
Ok(resp) => {
if resp.status().is_success() {
resp.json::<T>().await.ok()
} else {
let url_str = resp.url().to_string();
let text = resp.text().await.unwrap_or_default();
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API PUT '{url_str}' failed: {text}"));
None
}
}
Err(e) => {
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API PUT '{path}' error: {e}"));
None
}
}
}
async fn api_delete<T: serde::de::DeserializeOwned>(
&self,
path: &str,
ppfmt: &PP,
) -> Option<T> {
let url = self.api_url(path);
let req = self.auth.apply(self.client.delete(&url));
match req.send().await {
Ok(resp) => {
if resp.status().is_success() {
resp.json::<T>().await.ok()
} else {
let url_str = resp.url().to_string();
let text = resp.text().await.unwrap_or_default();
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API DELETE '{url_str}' failed: {text}"));
None
}
}
Err(e) => {
ppfmt.errorf(pp::EMOJI_ERROR, &format!("API DELETE '{path}' error: {e}"));
None None
} }
} }
@@ -309,7 +238,7 @@ impl CloudflareHandle {
let mut current = domain.to_string(); let mut current = domain.to_string();
loop { loop {
let resp: Option<CfListResponse<ZoneResult>> = self let resp: Option<CfListResponse<ZoneResult>> = self
.api_get(&format!("zones?name={current}"), ppfmt) .api_request(reqwest::Method::GET, &format!("zones?name={current}"), None::<&()>, ppfmt)
.await; .await;
if let Some(r) = resp { if let Some(r) = resp {
if let Some(zones) = r.result { if let Some(zones) = r.result {
@@ -340,7 +269,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> Vec<DnsRecord> { ) -> Vec<DnsRecord> {
let path = format!("zones/{zone_id}/dns_records?per_page=100&type={record_type}"); let path = format!("zones/{zone_id}/dns_records?per_page=100&type={record_type}");
let resp: Option<CfListResponse<DnsRecord>> = self.api_get(&path, ppfmt).await; let resp: Option<CfListResponse<DnsRecord>> = self.api_request(reqwest::Method::GET, &path, None::<&()>, ppfmt).await;
resp.and_then(|r| r.result).unwrap_or_default() resp.and_then(|r| r.result).unwrap_or_default()
} }
@@ -372,7 +301,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> Option<DnsRecord> { ) -> Option<DnsRecord> {
let path = format!("zones/{zone_id}/dns_records"); let path = format!("zones/{zone_id}/dns_records");
let resp: Option<CfResponse<DnsRecord>> = self.api_post(&path, payload, ppfmt).await; let resp: Option<CfResponse<DnsRecord>> = self.api_request(reqwest::Method::POST, &path, Some(payload), ppfmt).await;
resp.and_then(|r| r.result) resp.and_then(|r| r.result)
} }
@@ -384,7 +313,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> Option<DnsRecord> { ) -> Option<DnsRecord> {
let path = format!("zones/{zone_id}/dns_records/{record_id}"); let path = format!("zones/{zone_id}/dns_records/{record_id}");
let resp: Option<CfResponse<DnsRecord>> = self.api_put(&path, payload, ppfmt).await; let resp: Option<CfResponse<DnsRecord>> = self.api_request(reqwest::Method::PUT, &path, Some(payload), ppfmt).await;
resp.and_then(|r| r.result) resp.and_then(|r| r.result)
} }
@@ -395,7 +324,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> bool { ) -> bool {
let path = format!("zones/{zone_id}/dns_records/{record_id}"); let path = format!("zones/{zone_id}/dns_records/{record_id}");
let resp: Option<CfResponse<serde_json::Value>> = self.api_delete(&path, ppfmt).await; let resp: Option<CfResponse<serde_json::Value>> = self.api_request(reqwest::Method::DELETE, &path, None::<&()>, ppfmt).await;
resp.is_some() resp.is_some()
} }
@@ -467,7 +396,7 @@ impl CloudflareHandle {
self.update_record(zone_id, &record.id, &payload, ppfmt).await; self.update_record(zone_id, &record.id, &payload, ppfmt).await;
} }
} else { } else {
ppfmt.infof(pp::EMOJI_SKIP, &format!("Record {fqdn} is up to date ({ip_str})")); // Caller handles "up to date" logging based on SetResult::Noop
} }
} else { } else {
// Find an existing managed record to update, or create new // Find an existing managed record to update, or create new
@@ -550,7 +479,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> Option<WAFListMeta> { ) -> Option<WAFListMeta> {
let path = format!("accounts/{}/rules/lists", waf_list.account_id); let path = format!("accounts/{}/rules/lists", waf_list.account_id);
let resp: Option<CfListResponse<WAFListMeta>> = self.api_get(&path, ppfmt).await; let resp: Option<CfListResponse<WAFListMeta>> = self.api_request(reqwest::Method::GET, &path, None::<&()>, ppfmt).await;
resp.and_then(|r| r.result) resp.and_then(|r| r.result)
.and_then(|lists| lists.into_iter().find(|l| l.name == waf_list.list_name)) .and_then(|lists| lists.into_iter().find(|l| l.name == waf_list.list_name))
} }
@@ -562,7 +491,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> Vec<WAFListItem> { ) -> Vec<WAFListItem> {
let path = format!("accounts/{account_id}/rules/lists/{list_id}/items"); let path = format!("accounts/{account_id}/rules/lists/{list_id}/items");
let resp: Option<CfListResponse<WAFListItem>> = self.api_get(&path, ppfmt).await; let resp: Option<CfListResponse<WAFListItem>> = self.api_request(reqwest::Method::GET, &path, None::<&()>, ppfmt).await;
resp.and_then(|r| r.result).unwrap_or_default() resp.and_then(|r| r.result).unwrap_or_default()
} }
@@ -574,7 +503,7 @@ impl CloudflareHandle {
ppfmt: &PP, ppfmt: &PP,
) -> bool { ) -> bool {
let path = format!("accounts/{account_id}/rules/lists/{list_id}/items"); let path = format!("accounts/{account_id}/rules/lists/{list_id}/items");
let resp: Option<CfResponse<serde_json::Value>> = self.api_post(&path, &items, ppfmt).await; let resp: Option<CfResponse<serde_json::Value>> = self.api_request(reqwest::Method::POST, &path, Some(&items), ppfmt).await;
resp.is_some() resp.is_some()
} }
@@ -668,10 +597,7 @@ impl CloudflareHandle {
.collect(); .collect();
if to_add.is_empty() && ids_to_delete.is_empty() { if to_add.is_empty() && ids_to_delete.is_empty() {
ppfmt.infof( // Caller handles "up to date" logging based on SetResult::Noop
pp::EMOJI_SKIP,
&format!("WAF list {} is up to date", waf_list.describe()),
);
return SetResult::Noop; return SetResult::Noop;
} }
@@ -797,6 +723,7 @@ mod tests {
} }
fn handle_with_regex(base_url: &str, pattern: &str) -> CloudflareHandle { fn handle_with_regex(base_url: &str, pattern: &str) -> CloudflareHandle {
crate::init_crypto();
let client = Client::builder() let client = Client::builder()
.timeout(Duration::from_secs(10)) .timeout(Duration::from_secs(10))
.build() .build()
@@ -805,7 +732,7 @@ mod tests {
client, client,
base_url: base_url.to_string(), base_url: base_url.to_string(),
auth: test_auth(), auth: test_auth(),
managed_comment_regex: Some(regex::Regex::new(pattern).unwrap()), managed_comment_regex: Some(regex_lite::Regex::new(pattern).unwrap()),
managed_waf_comment_regex: None, managed_waf_comment_regex: None,
} }
} }
@@ -1427,7 +1354,7 @@ mod tests {
api_key: "key123".to_string(), api_key: "key123".to_string(),
email: "user@example.com".to_string(), email: "user@example.com".to_string(),
}; };
let client = Client::new(); let client = crate::test_client();
let req = client.get("http://example.com"); let req = client.get("http://example.com");
let req = auth.apply(req); let req = auth.apply(req);
// Just verify it doesn't panic - we can't inspect headers easily // Just verify it doesn't panic - we can't inspect headers easily
@@ -1446,7 +1373,7 @@ mod tests {
let h = handle(&server.uri()); let h = handle(&server.uri());
let pp = PP::new(false, true); // quiet let pp = PP::new(false, true); // quiet
let result: Option<CfListResponse<ZoneResult>> = h.api_get("zones", &pp).await; let result: Option<CfListResponse<ZoneResult>> = h.api_request(reqwest::Method::GET, "zones", None::<&()>, &pp).await;
assert!(result.is_none()); assert!(result.is_none());
} }
@@ -1461,7 +1388,7 @@ mod tests {
let h = handle(&server.uri()); let h = handle(&server.uri());
let pp = PP::new(false, true); let pp = PP::new(false, true);
let body = serde_json::json!({"test": true}); let body = serde_json::json!({"test": true});
let result: Option<CfResponse<serde_json::Value>> = h.api_post("endpoint", &body, &pp).await; let result: Option<CfResponse<serde_json::Value>> = h.api_request(reqwest::Method::POST, "endpoint", Some(&body), &pp).await;
assert!(result.is_none()); assert!(result.is_none());
} }
@@ -1476,7 +1403,7 @@ mod tests {
let h = handle(&server.uri()); let h = handle(&server.uri());
let pp = PP::new(false, true); let pp = PP::new(false, true);
let body = serde_json::json!({"test": true}); let body = serde_json::json!({"test": true});
let result: Option<CfResponse<serde_json::Value>> = h.api_put("endpoint", &body, &pp).await; let result: Option<CfResponse<serde_json::Value>> = h.api_request(reqwest::Method::PUT, "endpoint", Some(&body), &pp).await;
assert!(result.is_none()); assert!(result.is_none());
} }

35
src/config.rs
View File

@@ -87,10 +87,10 @@ pub struct AppConfig {
pub ttl: TTL, pub ttl: TTL,
pub proxied_expression: Option<Box<dyn Fn(&str) -> bool + Send + Sync>>, pub proxied_expression: Option<Box<dyn Fn(&str) -> bool + Send + Sync>>,
pub record_comment: Option<String>, pub record_comment: Option<String>,
pub managed_comment_regex: Option<regex::Regex>, pub managed_comment_regex: Option<regex_lite::Regex>,
pub waf_list_description: Option<String>, pub waf_list_description: Option<String>,
pub waf_list_item_comment: Option<String>, pub waf_list_item_comment: Option<String>,
pub managed_waf_comment_regex: Option<regex::Regex>, pub managed_waf_comment_regex: Option<regex_lite::Regex>,
pub detection_timeout: Duration, pub detection_timeout: Duration,
pub update_timeout: Duration, pub update_timeout: Duration,
pub reject_cloudflare_ips: bool, pub reject_cloudflare_ips: bool,
@@ -330,9 +330,9 @@ fn read_cron_from_env(ppfmt: &PP) -> Result<CronSchedule, String> {
} }
} }
fn read_regex(key: &str, ppfmt: &PP) -> Option<regex::Regex> { fn read_regex(key: &str, ppfmt: &PP) -> Option<regex_lite::Regex> {
match getenv(key) { match getenv(key) {
Some(s) if !s.is_empty() => match regex::Regex::new(&s) { Some(s) if !s.is_empty() => match regex_lite::Regex::new(&s) {
Ok(r) => Some(r), Ok(r) => Some(r),
Err(e) => { Err(e) => {
ppfmt.errorf(pp::EMOJI_ERROR, &format!("Invalid regex in {key}: {e}")); ppfmt.errorf(pp::EMOJI_ERROR, &format!("Invalid regex in {key}: {e}"));
@@ -458,7 +458,7 @@ fn legacy_to_app_config(legacy: LegacyConfig, dry_run: bool, repeat: bool) -> Re
managed_waf_comment_regex: None, managed_waf_comment_regex: None,
detection_timeout: Duration::from_secs(5), detection_timeout: Duration::from_secs(5),
update_timeout: Duration::from_secs(30), update_timeout: Duration::from_secs(30),
reject_cloudflare_ips: getenv_bool("REJECT_CLOUDFLARE_IPS", false), reject_cloudflare_ips: getenv_bool("REJECT_CLOUDFLARE_IPS", true),
dry_run, dry_run,
emoji: false, emoji: false,
quiet: false, quiet: false,
@@ -529,7 +529,7 @@ pub fn load_env_config(ppfmt: &PP) -> Result<AppConfig, String> {
let emoji = getenv_bool("EMOJI", true); let emoji = getenv_bool("EMOJI", true);
let quiet = getenv_bool("QUIET", false); let quiet = getenv_bool("QUIET", false);
let reject_cloudflare_ips = getenv_bool("REJECT_CLOUDFLARE_IPS", false); let reject_cloudflare_ips = getenv_bool("REJECT_CLOUDFLARE_IPS", true);
// Validate: must have at least one update target // Validate: must have at least one update target
if domains.is_empty() && waf_lists.is_empty() { if domains.is_empty() && waf_lists.is_empty() {
@@ -681,8 +681,8 @@ pub fn print_config_summary(config: &AppConfig, ppfmt: &PP) {
inner.infof("", "Delete on stop: enabled"); inner.infof("", "Delete on stop: enabled");
} }
if config.reject_cloudflare_ips { if !config.reject_cloudflare_ips {
inner.infof("", "Reject Cloudflare IPs: enabled"); inner.warningf("", "Cloudflare IP rejection: DISABLED (REJECT_CLOUDFLARE_IPS=false)");
} }
if let Some(ref comment) = config.record_comment { if let Some(ref comment) = config.record_comment {
@@ -1931,19 +1931,16 @@ mod tests {
let mut g = EnvGuard::set("_PLACEHOLDER_SN", "x"); let mut g = EnvGuard::set("_PLACEHOLDER_SN", "x");
g.remove("SHOUTRRR"); g.remove("SHOUTRRR");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let notifier = setup_notifiers(&pp); let _notifier = setup_notifiers(&pp);
drop(g); drop(g);
assert!(notifier.is_empty());
} }
#[test] #[test]
fn test_setup_notifiers_empty_shoutrrr_returns_empty() { fn test_setup_notifiers_empty_shoutrrr_returns_empty() {
let g = EnvGuard::set("SHOUTRRR", ""); let g = EnvGuard::set("SHOUTRRR", "");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let notifier = setup_notifiers(&pp); let _notifier = setup_notifiers(&pp);
drop(g); drop(g);
// Empty string is treated as unset by getenv_list.
assert!(notifier.is_empty());
} }
// ============================================================ // ============================================================
@@ -1956,9 +1953,8 @@ mod tests {
g.remove("HEALTHCHECKS"); g.remove("HEALTHCHECKS");
g.remove("UPTIMEKUMA"); g.remove("UPTIMEKUMA");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let hb = setup_heartbeats(&pp); let _hb = setup_heartbeats(&pp);
drop(g); drop(g);
assert!(hb.is_empty());
} }
#[test] #[test]
@@ -1966,9 +1962,8 @@ mod tests {
let mut g = EnvGuard::set("HEALTHCHECKS", "https://hc-ping.com/abc123"); let mut g = EnvGuard::set("HEALTHCHECKS", "https://hc-ping.com/abc123");
g.remove("UPTIMEKUMA"); g.remove("UPTIMEKUMA");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let hb = setup_heartbeats(&pp); let _hb = setup_heartbeats(&pp);
drop(g); drop(g);
assert!(!hb.is_empty());
} }
#[test] #[test]
@@ -1976,9 +1971,8 @@ mod tests {
let mut g = EnvGuard::set("UPTIMEKUMA", "https://status.example.com/api/push/abc"); let mut g = EnvGuard::set("UPTIMEKUMA", "https://status.example.com/api/push/abc");
g.remove("HEALTHCHECKS"); g.remove("HEALTHCHECKS");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let hb = setup_heartbeats(&pp); let _hb = setup_heartbeats(&pp);
drop(g); drop(g);
assert!(!hb.is_empty());
} }
#[test] #[test]
@@ -1986,9 +1980,8 @@ mod tests {
let mut g = EnvGuard::set("HEALTHCHECKS", "https://hc-ping.com/abc"); let mut g = EnvGuard::set("HEALTHCHECKS", "https://hc-ping.com/abc");
g.add("UPTIMEKUMA", "https://status.example.com/api/push/def"); g.add("UPTIMEKUMA", "https://status.example.com/api/push/def");
let pp = PP::new(false, true); let pp = PP::new(false, true);
let hb = setup_heartbeats(&pp); let _hb = setup_heartbeats(&pp);
drop(g); drop(g);
assert!(!hb.is_empty());
} }
// ============================================================ // ============================================================

253
src/domain.rs
View File

@@ -1,129 +1,14 @@
use std::fmt;
/// Represents a DNS domain - either a regular FQDN or a wildcard.
#[allow(dead_code)]
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub enum Domain {
FQDN(String),
Wildcard(String),
}
#[allow(dead_code)]
impl Domain {
/// Parse a domain string. Handles:
/// - "@" or "" -> root domain (handled at FQDN construction time)
/// - "*.example.com" -> wildcard
/// - "sub.example.com" -> regular FQDN
pub fn new(input: &str) -> Result<Self, String> {
let trimmed = input.trim().to_lowercase();
if trimmed.starts_with("*.") {
let base = &trimmed[2..];
let ascii = domain_to_ascii(base)?;
Ok(Domain::Wildcard(ascii))
} else {
let ascii = domain_to_ascii(&trimmed)?;
Ok(Domain::FQDN(ascii))
}
}
/// Returns the DNS name in ASCII form suitable for API calls.
pub fn dns_name_ascii(&self) -> String {
match self {
Domain::FQDN(s) => s.clone(),
Domain::Wildcard(s) => format!("*.{s}"),
}
}
/// Returns a human-readable description of the domain.
pub fn describe(&self) -> String {
match self {
Domain::FQDN(s) => describe_domain(s),
Domain::Wildcard(s) => format!("*.{}", describe_domain(s)),
}
}
/// Returns the zones (parent domains) for this domain, from most specific to least.
pub fn zones(&self) -> Vec<String> {
let base = match self {
Domain::FQDN(s) => s.as_str(),
Domain::Wildcard(s) => s.as_str(),
};
let mut zones = Vec::new();
let mut current = base.to_string();
while !current.is_empty() {
zones.push(current.clone());
if let Some(pos) = current.find('.') {
current = current[pos + 1..].to_string();
} else {
break;
}
}
zones
}
}
impl fmt::Display for Domain {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "{}", self.describe())
}
}
/// Construct an FQDN from a subdomain name and base domain. /// Construct an FQDN from a subdomain name and base domain.
pub fn make_fqdn(subdomain: &str, base_domain: &str) -> String { pub fn make_fqdn(subdomain: &str, base_domain: &str) -> String {
let name = subdomain.to_lowercase(); let name = subdomain.to_lowercase();
let name = name.trim(); let name = name.trim();
if name.is_empty() || name == "@" { if name.is_empty() || name == "@" {
base_domain.to_lowercase() base_domain.to_lowercase()
} else if name.starts_with("*.") {
// Wildcard subdomain
format!("{name}.{}", base_domain.to_lowercase())
} else { } else {
format!("{name}.{}", base_domain.to_lowercase()) format!("{name}.{}", base_domain.to_lowercase())
} }
} }
/// Convert a domain to ASCII using IDNA encoding.
#[allow(dead_code)]
fn domain_to_ascii(domain: &str) -> Result<String, String> {
if domain.is_empty() {
return Ok(String::new());
}
// Try IDNA encoding for internationalized domain names
match idna::domain_to_ascii(domain) {
Ok(ascii) => Ok(ascii),
Err(_) => {
// Fallback: if it's already ASCII, just return it
if domain.is_ascii() {
Ok(domain.to_string())
} else {
Err(format!("Invalid domain name: {domain}"))
}
}
}
}
/// Convert ASCII domain back to Unicode for display.
#[allow(dead_code)]
fn describe_domain(ascii: &str) -> String {
// Try to convert punycode back to unicode for display
match idna::domain_to_unicode(ascii) {
(unicode, Ok(())) => unicode,
_ => ascii.to_string(),
}
}
/// Parse a comma-separated list of domain strings.
#[allow(dead_code)]
pub fn parse_domain_list(input: &str) -> Result<Vec<Domain>, String> {
if input.trim().is_empty() {
return Ok(Vec::new());
}
input
.split(',')
.map(|s| Domain::new(s.trim()))
.collect()
}
// --- Domain Expression Evaluator --- // --- Domain Expression Evaluator ---
// Supports: true, false, is(domain,...), sub(domain,...), !, &&, ||, () // Supports: true, false, is(domain,...), sub(domain,...), !, &&, ||, ()
@@ -305,18 +190,6 @@ mod tests {
assert_eq!(make_fqdn("VPN", "Example.COM"), "vpn.example.com"); assert_eq!(make_fqdn("VPN", "Example.COM"), "vpn.example.com");
} }
#[test]
fn test_domain_wildcard() {
let d = Domain::new("*.example.com").unwrap();
assert_eq!(d.dns_name_ascii(), "*.example.com");
}
#[test]
fn test_parse_domain_list() {
let domains = parse_domain_list("example.com, *.example.com, sub.example.com").unwrap();
assert_eq!(domains.len(), 3);
}
#[test] #[test]
fn test_proxied_expr_true() { fn test_proxied_expr_true() {
let pred = parse_proxied_expression("true").unwrap(); let pred = parse_proxied_expression("true").unwrap();
@@ -359,129 +232,6 @@ mod tests {
assert!(pred("public.com")); assert!(pred("public.com"));
} }
// --- Domain::new with regular FQDN ---
#[test]
fn test_domain_new_fqdn() {
let d = Domain::new("example.com").unwrap();
assert_eq!(d, Domain::FQDN("example.com".to_string()));
}
#[test]
fn test_domain_new_fqdn_uppercase() {
let d = Domain::new("EXAMPLE.COM").unwrap();
assert_eq!(d, Domain::FQDN("example.com".to_string()));
}
// --- Domain::dns_name_ascii for FQDN ---
#[test]
fn test_dns_name_ascii_fqdn() {
let d = Domain::FQDN("example.com".to_string());
assert_eq!(d.dns_name_ascii(), "example.com");
}
// --- Domain::describe for both variants ---
#[test]
fn test_describe_fqdn() {
let d = Domain::FQDN("example.com".to_string());
// ASCII domain should round-trip through describe unchanged
assert_eq!(d.describe(), "example.com");
}
#[test]
fn test_describe_wildcard() {
let d = Domain::Wildcard("example.com".to_string());
assert_eq!(d.describe(), "*.example.com");
}
// --- Domain::zones ---
#[test]
fn test_zones_fqdn() {
let d = Domain::FQDN("sub.example.com".to_string());
let zones = d.zones();
assert_eq!(zones, vec!["sub.example.com", "example.com", "com"]);
}
#[test]
fn test_zones_wildcard() {
let d = Domain::Wildcard("example.com".to_string());
let zones = d.zones();
assert_eq!(zones, vec!["example.com", "com"]);
}
#[test]
fn test_zones_single_label() {
let d = Domain::FQDN("localhost".to_string());
let zones = d.zones();
assert_eq!(zones, vec!["localhost"]);
}
// --- Domain Display trait ---
#[test]
fn test_display_fqdn() {
let d = Domain::FQDN("example.com".to_string());
assert_eq!(format!("{d}"), "example.com");
}
#[test]
fn test_display_wildcard() {
let d = Domain::Wildcard("example.com".to_string());
assert_eq!(format!("{d}"), "*.example.com");
}
// --- domain_to_ascii (tested indirectly via Domain::new) ---
#[test]
fn test_domain_new_empty_string() {
// empty string -> domain_to_ascii returns Ok("") -> Domain::FQDN("")
let d = Domain::new("").unwrap();
assert_eq!(d, Domain::FQDN("".to_string()));
}
#[test]
fn test_domain_new_ascii_domain() {
let d = Domain::new("www.example.org").unwrap();
assert_eq!(d.dns_name_ascii(), "www.example.org");
}
#[test]
fn test_domain_new_internationalized() {
// "münchen.de" should be encoded to punycode
let d = Domain::new("münchen.de").unwrap();
let ascii = d.dns_name_ascii();
// The punycode-encoded form should start with "xn--"
assert!(ascii.contains("xn--"), "expected punycode, got: {ascii}");
}
// --- describe_domain (tested indirectly via Domain::describe) ---
#[test]
fn test_describe_punycode_roundtrip() {
// Build a domain with a known punycode label and confirm describe decodes it
let d = Domain::new("münchen.de").unwrap();
let described = d.describe();
// Should contain the Unicode form, not the raw punycode
assert!(described.contains("münchen") || described.contains("xn--"),
"describe returned: {described}");
}
#[test]
fn test_describe_regular_ascii() {
let d = Domain::FQDN("example.com".to_string());
assert_eq!(d.describe(), "example.com");
}
// --- parse_domain_list with empty input ---
#[test]
fn test_parse_domain_list_empty() {
let result = parse_domain_list("").unwrap();
assert!(result.is_empty());
}
#[test]
fn test_parse_domain_list_whitespace_only() {
let result = parse_domain_list(" ").unwrap();
assert!(result.is_empty());
}
// --- Tokenizer edge cases (via parse_proxied_expression) ---
#[test] #[test]
fn test_tokenizer_single_ampersand_error() { fn test_tokenizer_single_ampersand_error() {
let result = parse_proxied_expression("is(a.com) & is(b.com)"); let result = parse_proxied_expression("is(a.com) & is(b.com)");
@@ -504,7 +254,6 @@ mod tests {
assert!(result.is_err()); assert!(result.is_err());
} }
// --- Parser edge cases ---
#[test] #[test]
fn test_parse_and_expr_double_ampersand() { fn test_parse_and_expr_double_ampersand() {
let pred = parse_proxied_expression("is(a.com) && is(b.com)").unwrap(); let pred = parse_proxied_expression("is(a.com) && is(b.com)").unwrap();
@@ -538,10 +287,8 @@ mod tests {
assert!(result.is_err()); assert!(result.is_err());
} }
// --- make_fqdn with wildcard subdomain ---
#[test] #[test]
fn test_make_fqdn_wildcard_subdomain() { fn test_make_fqdn_wildcard_subdomain() {
// A name starting with "*." is treated as a wildcard subdomain
assert_eq!(make_fqdn("*.sub", "example.com"), "*.sub.example.com"); assert_eq!(make_fqdn("*.sub", "example.com"), "*.sub.example.com");
} }
} }

89
src/main.rs
View File

@@ -11,15 +11,21 @@ use crate::cloudflare::{Auth, CloudflareHandle};
use crate::config::{AppConfig, CronSchedule}; use crate::config::{AppConfig, CronSchedule};
use crate::notifier::{CompositeNotifier, Heartbeat, Message}; use crate::notifier::{CompositeNotifier, Heartbeat, Message};
use crate::pp::PP; use crate::pp::PP;
use std::collections::HashSet;
use std::sync::atomic::{AtomicBool, Ordering}; use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc; use std::sync::Arc;
use reqwest::Client;
use tokio::signal; use tokio::signal;
use tokio::time::{sleep, Duration}; use tokio::time::{sleep, Duration};
const VERSION: &str = env!("CARGO_PKG_VERSION"); const VERSION: &str = env!("CARGO_PKG_VERSION");
#[tokio::main] #[tokio::main(flavor = "current_thread")]
async fn main() { async fn main() {
rustls::crypto::ring::default_provider()
.install_default()
.expect("Failed to install rustls crypto provider");
// Parse CLI args // Parse CLI args
let args: Vec<String> = std::env::args().collect(); let args: Vec<String> = std::env::args().collect();
let dry_run = args.iter().any(|a| a == "--dry-run"); let dry_run = args.iter().any(|a| a == "--dry-run");
@@ -116,12 +122,18 @@ async fn main() {
// Start heartbeat // Start heartbeat
heartbeat.start().await; heartbeat.start().await;
let mut cf_cache = cf_ip_filter::CachedCloudflareFilter::new();
let detection_client = Client::builder()
.timeout(app_config.detection_timeout)
.build()
.unwrap_or_default();
if app_config.legacy_mode { if app_config.legacy_mode {
// --- Legacy mode (original cloudflare-ddns behavior) --- // --- Legacy mode (original cloudflare-ddns behavior) ---
run_legacy_mode(&app_config, &handle, &notifier, &heartbeat, &ppfmt, running).await; run_legacy_mode(&app_config, &handle, &notifier, &heartbeat, &ppfmt, running, &mut cf_cache, &detection_client).await;
} else { } else {
// --- Env var mode (cf-ddns behavior) --- // --- Env var mode (cf-ddns behavior) ---
run_env_mode(&app_config, &handle, &notifier, &heartbeat, &ppfmt, running).await; run_env_mode(&app_config, &handle, &notifier, &heartbeat, &ppfmt, running, &mut cf_cache, &detection_client).await;
} }
// On shutdown: delete records if configured // On shutdown: delete records if configured
@@ -143,12 +155,16 @@ async fn run_legacy_mode(
heartbeat: &Heartbeat, heartbeat: &Heartbeat,
ppfmt: &PP, ppfmt: &PP,
running: Arc<AtomicBool>, running: Arc<AtomicBool>,
cf_cache: &mut cf_ip_filter::CachedCloudflareFilter,
detection_client: &Client,
) { ) {
let legacy = match &config.legacy_config { let legacy = match &config.legacy_config {
Some(l) => l, Some(l) => l,
None => return, None => return,
}; };
let mut noop_reported = HashSet::new();
if config.repeat { if config.repeat {
match (legacy.a, legacy.aaaa) { match (legacy.a, legacy.aaaa) {
(true, true) => println!( (true, true) => println!(
@@ -165,7 +181,7 @@ async fn run_legacy_mode(
} }
while running.load(Ordering::SeqCst) { while running.load(Ordering::SeqCst) {
updater::update_once(config, handle, notifier, heartbeat, ppfmt).await; updater::update_once(config, handle, notifier, heartbeat, cf_cache, ppfmt, &mut noop_reported, detection_client).await;
for _ in 0..legacy.ttl { for _ in 0..legacy.ttl {
if !running.load(Ordering::SeqCst) { if !running.load(Ordering::SeqCst) {
@@ -175,7 +191,7 @@ async fn run_legacy_mode(
} }
} }
} else { } else {
updater::update_once(config, handle, notifier, heartbeat, ppfmt).await; updater::update_once(config, handle, notifier, heartbeat, cf_cache, ppfmt, &mut noop_reported, detection_client).await;
} }
} }
@@ -186,11 +202,15 @@ async fn run_env_mode(
heartbeat: &Heartbeat, heartbeat: &Heartbeat,
ppfmt: &PP, ppfmt: &PP,
running: Arc<AtomicBool>, running: Arc<AtomicBool>,
cf_cache: &mut cf_ip_filter::CachedCloudflareFilter,
detection_client: &Client,
) { ) {
let mut noop_reported = HashSet::new();
match &config.update_cron { match &config.update_cron {
CronSchedule::Once => { CronSchedule::Once => {
if config.update_on_start { if config.update_on_start {
updater::update_once(config, handle, notifier, heartbeat, ppfmt).await; updater::update_once(config, handle, notifier, heartbeat, cf_cache, ppfmt, &mut noop_reported, detection_client).await;
} }
} }
schedule => { schedule => {
@@ -206,20 +226,18 @@ async fn run_env_mode(
// Update on start if configured // Update on start if configured
if config.update_on_start { if config.update_on_start {
updater::update_once(config, handle, notifier, heartbeat, ppfmt).await; updater::update_once(config, handle, notifier, heartbeat, cf_cache, ppfmt, &mut noop_reported, detection_client).await;
} }
// Main loop // Main loop
while running.load(Ordering::SeqCst) { while running.load(Ordering::SeqCst) {
// Sleep for interval, checking running flag each second // Sleep for interval, checking running flag each second
let secs = interval.as_secs(); let secs = interval.as_secs();
let next_time = chrono::Local::now() + chrono::Duration::seconds(secs as i64); let mins = secs / 60;
let rem_secs = secs % 60;
ppfmt.infof( ppfmt.infof(
pp::EMOJI_SLEEP, pp::EMOJI_SLEEP,
&format!( &format!("Next update in {}m {}s", mins, rem_secs),
"Next update at {}",
next_time.format("%Y-%m-%d %H:%M:%S %Z")
),
); );
for _ in 0..secs { for _ in 0..secs {
@@ -233,7 +251,7 @@ async fn run_env_mode(
return; return;
} }
updater::update_once(config, handle, notifier, heartbeat, ppfmt).await; updater::update_once(config, handle, notifier, heartbeat, cf_cache, ppfmt, &mut noop_reported, detection_client).await;
} }
} }
} }
@@ -266,6 +284,21 @@ fn describe_duration(d: Duration) -> String {
// Tests (backwards compatible with original test suite) // Tests (backwards compatible with original test suite)
// ============================================================ // ============================================================
#[cfg(test)]
pub(crate) fn init_crypto() {
use std::sync::Once;
static INIT: Once = Once::new();
INIT.call_once(|| {
let _ = rustls::crypto::ring::default_provider().install_default();
});
}
#[cfg(test)]
pub(crate) fn test_client() -> reqwest::Client {
init_crypto();
reqwest::Client::new()
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::config::{ use crate::config::{
@@ -317,7 +350,7 @@ mod tests {
impl TestDdnsClient { impl TestDdnsClient {
fn new(base_url: &str) -> Self { fn new(base_url: &str) -> Self {
Self { Self {
client: Client::new(), client: crate::test_client(),
cf_api_base: base_url.to_string(), cf_api_base: base_url.to_string(),
ipv4_urls: vec![format!("{base_url}/cdn-cgi/trace")], ipv4_urls: vec![format!("{base_url}/cdn-cgi/trace")],
dry_run: false, dry_run: false,
@@ -382,6 +415,7 @@ mod tests {
config: &[LegacyCloudflareEntry], config: &[LegacyCloudflareEntry],
ttl: i64, ttl: i64,
purge_unknown_records: bool, purge_unknown_records: bool,
noop_reported: &mut std::collections::HashSet<String>,
) { ) {
for entry in config { for entry in config {
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
@@ -483,8 +517,10 @@ mod tests {
} }
} }
let noop_key = format!("{fqdn}:{record_type}");
if let Some(ref id) = identifier { if let Some(ref id) = identifier {
if modified { if modified {
noop_reported.remove(&noop_key);
if self.dry_run { if self.dry_run {
println!("[DRY RUN] Would update record {fqdn} -> {ip}"); println!("[DRY RUN] Would update record {fqdn} -> {ip}");
} else { } else {
@@ -500,10 +536,16 @@ mod tests {
) )
.await; .await;
} }
} else if self.dry_run { } else if noop_reported.insert(noop_key) {
println!("[DRY RUN] Record {fqdn} is up to date ({ip})"); if self.dry_run {
println!("[DRY RUN] Record {fqdn} is up to date");
} else {
println!("Record {fqdn} is up to date");
} }
} else if self.dry_run { }
} else {
noop_reported.remove(&noop_key);
if self.dry_run {
println!("[DRY RUN] Would add new record {fqdn} -> {ip}"); println!("[DRY RUN] Would add new record {fqdn} -> {ip}");
} else { } else {
println!("Adding new record {fqdn} -> {ip}"); println!("Adding new record {fqdn} -> {ip}");
@@ -518,6 +560,7 @@ mod tests {
) )
.await; .await;
} }
}
if purge_unknown_records { if purge_unknown_records {
for dup_id in &duplicate_ids { for dup_id in &duplicate_ids {
@@ -636,7 +679,7 @@ mod tests {
let ddns = TestDdnsClient::new(&mock_server.uri()); let ddns = TestDdnsClient::new(&mock_server.uri());
let config = test_config(zone_id); let config = test_config(zone_id);
ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false) ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false, &mut std::collections::HashSet::new())
.await; .await;
} }
@@ -685,7 +728,7 @@ mod tests {
let ddns = TestDdnsClient::new(&mock_server.uri()); let ddns = TestDdnsClient::new(&mock_server.uri());
let config = test_config(zone_id); let config = test_config(zone_id);
ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false) ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false, &mut std::collections::HashSet::new())
.await; .await;
} }
@@ -728,7 +771,7 @@ mod tests {
let ddns = TestDdnsClient::new(&mock_server.uri()); let ddns = TestDdnsClient::new(&mock_server.uri());
let config = test_config(zone_id); let config = test_config(zone_id);
ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false) ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false, &mut std::collections::HashSet::new())
.await; .await;
} }
@@ -762,7 +805,7 @@ mod tests {
let ddns = TestDdnsClient::new(&mock_server.uri()).dry_run(); let ddns = TestDdnsClient::new(&mock_server.uri()).dry_run();
let config = test_config(zone_id); let config = test_config(zone_id);
ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false) ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, false, &mut std::collections::HashSet::new())
.await; .await;
} }
@@ -819,7 +862,7 @@ mod tests {
ip4_provider: None, ip4_provider: None,
ip6_provider: None, ip6_provider: None,
}; };
ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, true) ddns.commit_record("198.51.100.7", "A", &config.cloudflare, 300, true, &mut std::collections::HashSet::new())
.await; .await;
} }
@@ -921,7 +964,7 @@ mod tests {
ip6_provider: None, ip6_provider: None,
}; };
ddns.commit_record("203.0.113.99", "A", &config.cloudflare, 300, false) ddns.commit_record("203.0.113.99", "A", &config.cloudflare, 300, false, &mut std::collections::HashSet::new())
.await; .await;
} }
} }

155
src/notifier.rs
View File

@@ -11,14 +11,6 @@ pub struct Message {
} }
impl Message { impl Message {
#[allow(dead_code)]
pub fn new() -> Self {
Self {
lines: Vec::new(),
ok: true,
}
}
pub fn new_ok(msg: &str) -> Self { pub fn new_ok(msg: &str) -> Self {
Self { Self {
lines: vec![msg.to_string()], lines: vec![msg.to_string()],
@@ -52,16 +44,6 @@ impl Message {
} }
Message { lines, ok } Message { lines, ok }
} }
#[allow(dead_code)]
pub fn add_line(&mut self, line: &str) {
self.lines.push(line.to_string());
}
#[allow(dead_code)]
pub fn set_fail(&mut self) {
self.ok = false;
}
} }
// --- Composite Notifier --- // --- Composite Notifier ---
@@ -72,8 +54,6 @@ pub struct CompositeNotifier {
// Object-safe version of Notifier // Object-safe version of Notifier
pub trait NotifierDyn: Send + Sync { pub trait NotifierDyn: Send + Sync {
#[allow(dead_code)]
fn describe(&self) -> String;
fn send_dyn<'a>( fn send_dyn<'a>(
&'a self, &'a self,
msg: &'a Message, msg: &'a Message,
@@ -85,16 +65,6 @@ impl CompositeNotifier {
Self { notifiers } Self { notifiers }
} }
#[allow(dead_code)]
pub fn is_empty(&self) -> bool {
self.notifiers.is_empty()
}
#[allow(dead_code)]
pub fn describe(&self) -> Vec<String> {
self.notifiers.iter().map(|n| n.describe()).collect()
}
pub async fn send(&self, msg: &Message) { pub async fn send(&self, msg: &Message) {
if msg.is_empty() { if msg.is_empty() {
return; return;
@@ -295,10 +265,6 @@ impl ShoutrrrNotifier {
} }
impl NotifierDyn for ShoutrrrNotifier { impl NotifierDyn for ShoutrrrNotifier {
fn describe(&self) -> String {
ShoutrrrNotifier::describe(self)
}
fn send_dyn<'a>( fn send_dyn<'a>(
&'a self, &'a self,
msg: &'a Message, msg: &'a Message,
@@ -406,7 +372,7 @@ fn parse_shoutrrr_url(url_str: &str) -> Result<ShoutrrrService, String> {
service_type: ShoutrrrServiceType::Pushover, service_type: ShoutrrrServiceType::Pushover,
webhook_url: format!( webhook_url: format!(
"https://api.pushover.net/1/messages.json?token={}&user={}", "https://api.pushover.net/1/messages.json?token={}&user={}",
parts[1], parts[0] parts[0], parts[1]
), ),
}); });
} }
@@ -442,8 +408,6 @@ pub struct Heartbeat {
} }
pub trait HeartbeatMonitor: Send + Sync { pub trait HeartbeatMonitor: Send + Sync {
#[allow(dead_code)]
fn describe(&self) -> String;
fn ping<'a>( fn ping<'a>(
&'a self, &'a self,
msg: &'a Message, msg: &'a Message,
@@ -462,16 +426,6 @@ impl Heartbeat {
Self { monitors } Self { monitors }
} }
#[allow(dead_code)]
pub fn is_empty(&self) -> bool {
self.monitors.is_empty()
}
#[allow(dead_code)]
pub fn describe(&self) -> Vec<String> {
self.monitors.iter().map(|m| m.describe()).collect()
}
pub async fn ping(&self, msg: &Message) { pub async fn ping(&self, msg: &Message) {
for monitor in &self.monitors { for monitor in &self.monitors {
monitor.ping(msg).await; monitor.ping(msg).await;
@@ -532,10 +486,6 @@ impl HealthchecksMonitor {
} }
impl HeartbeatMonitor for HealthchecksMonitor { impl HeartbeatMonitor for HealthchecksMonitor {
fn describe(&self) -> String {
"Healthchecks.io".to_string()
}
fn ping<'a>( fn ping<'a>(
&'a self, &'a self,
msg: &'a Message, msg: &'a Message,
@@ -590,10 +540,6 @@ impl UptimeKumaMonitor {
} }
impl HeartbeatMonitor for UptimeKumaMonitor { impl HeartbeatMonitor for UptimeKumaMonitor {
fn describe(&self) -> String {
"Uptime Kuma".to_string()
}
fn ping<'a>( fn ping<'a>(
&'a self, &'a self,
msg: &'a Message, msg: &'a Message,
@@ -675,19 +621,6 @@ mod tests {
assert!(!msg.ok); assert!(!msg.ok);
} }
#[test]
fn test_message_new() {
let msg = Message::new();
assert!(msg.lines.is_empty());
assert!(msg.ok);
}
#[test]
fn test_message_is_empty_true() {
let msg = Message::new();
assert!(msg.is_empty());
}
#[test] #[test]
fn test_message_is_empty_false() { fn test_message_is_empty_false() {
let msg = Message::new_ok("something"); let msg = Message::new_ok("something");
@@ -700,20 +633,6 @@ mod tests {
assert_eq!(msg.format(), "line1"); assert_eq!(msg.format(), "line1");
} }
#[test]
fn test_message_format_multiple_lines() {
let mut msg = Message::new_ok("line1");
msg.add_line("line2");
msg.add_line("line3");
assert_eq!(msg.format(), "line1\nline2\nline3");
}
#[test]
fn test_message_format_empty() {
let msg = Message::new();
assert_eq!(msg.format(), "");
}
#[test] #[test]
fn test_message_merge_all_ok() { fn test_message_merge_all_ok() {
let m1 = Message::new_ok("a"); let m1 = Message::new_ok("a");
@@ -751,30 +670,12 @@ mod tests {
assert!(merged.ok); assert!(merged.ok);
} }
#[test]
fn test_message_add_line() {
let mut msg = Message::new();
msg.add_line("first");
msg.add_line("second");
assert_eq!(msg.lines, vec!["first".to_string(), "second".to_string()]);
}
#[test]
fn test_message_set_fail() {
let mut msg = Message::new();
assert!(msg.ok);
msg.set_fail();
assert!(!msg.ok);
}
// ---- CompositeNotifier tests ---- // ---- CompositeNotifier tests ----
#[tokio::test] #[tokio::test]
async fn test_composite_notifier_empty_send_does_nothing() { async fn test_composite_notifier_empty_send_does_nothing() {
let notifier = CompositeNotifier::new(vec![]); let notifier = CompositeNotifier::new(vec![]);
assert!(notifier.is_empty());
let msg = Message::new_ok("test"); let msg = Message::new_ok("test");
// Should not panic or error
notifier.send(&msg).await; notifier.send(&msg).await;
} }
@@ -868,7 +769,7 @@ mod tests {
#[test] #[test]
fn test_parse_pushover() { fn test_parse_pushover() {
let result = parse_shoutrrr_url("pushover://userkey@apitoken").unwrap(); let result = parse_shoutrrr_url("pushover://apitoken@userkey").unwrap();
assert_eq!( assert_eq!(
result.webhook_url, result.webhook_url,
"https://api.pushover.net/1/messages.json?token=apitoken&user=userkey" "https://api.pushover.net/1/messages.json?token=apitoken&user=userkey"
@@ -1111,7 +1012,7 @@ mod tests {
// Build a notifier that points discord webhook at our mock server // Build a notifier that points discord webhook at our mock server
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "discord://token@id".to_string(), original_url: "discord://token@id".to_string(),
service_type: ShoutrrrServiceType::Discord, service_type: ShoutrrrServiceType::Discord,
@@ -1135,7 +1036,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "slack://a/b/c".to_string(), original_url: "slack://a/b/c".to_string(),
service_type: ShoutrrrServiceType::Slack, service_type: ShoutrrrServiceType::Slack,
@@ -1159,7 +1060,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "generic://example.com/hook".to_string(), original_url: "generic://example.com/hook".to_string(),
service_type: ShoutrrrServiceType::Generic, service_type: ShoutrrrServiceType::Generic,
@@ -1175,10 +1076,10 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_shoutrrr_send_empty_message() { async fn test_shoutrrr_send_empty_message() {
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![], urls: vec![],
}; };
let msg = Message::new(); let msg = Message { lines: Vec::new(), ok: true };
let pp = PP::default_pp(); let pp = PP::default_pp();
// Empty message should return true immediately // Empty message should return true immediately
let result = notifier.send(&msg, &pp).await; let result = notifier.send(&msg, &pp).await;
@@ -1211,7 +1112,7 @@ mod tests {
#[test] #[test]
fn test_shoutrrr_notifier_describe() { fn test_shoutrrr_notifier_describe() {
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ urls: vec![
ShoutrrrService { ShoutrrrService {
original_url: "discord://t@i".to_string(), original_url: "discord://t@i".to_string(),
@@ -1267,7 +1168,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "telegram://token@telegram?chats=123".to_string(), original_url: "telegram://token@telegram?chats=123".to_string(),
service_type: ShoutrrrServiceType::Telegram, service_type: ShoutrrrServiceType::Telegram,
@@ -1291,7 +1192,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "gotify://host/path".to_string(), original_url: "gotify://host/path".to_string(),
service_type: ShoutrrrServiceType::Gotify, service_type: ShoutrrrServiceType::Gotify,
@@ -1307,7 +1208,8 @@ mod tests {
#[test] #[test]
fn test_pushover_url_query_parsing() { fn test_pushover_url_query_parsing() {
// Verify that the pushover webhook URL format contains the right params // Verify that the pushover webhook URL format contains the right params
let service = parse_shoutrrr_url("pushover://myuser@mytoken").unwrap(); // shoutrrr format: pushover://token@user
let service = parse_shoutrrr_url("pushover://mytoken@myuser").unwrap();
let parsed = url::Url::parse(&service.webhook_url).unwrap(); let parsed = url::Url::parse(&service.webhook_url).unwrap();
let params: std::collections::HashMap<_, _> = parsed.query_pairs().collect(); let params: std::collections::HashMap<_, _> = parsed.query_pairs().collect();
assert_eq!(params.get("token").unwrap().as_ref(), "mytoken"); assert_eq!(params.get("token").unwrap().as_ref(), "mytoken");
@@ -1325,7 +1227,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "custom://host/path".to_string(), original_url: "custom://host/path".to_string(),
service_type: ShoutrrrServiceType::Other("custom".to_string()), service_type: ShoutrrrServiceType::Other("custom".to_string()),
@@ -1349,7 +1251,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "discord://t@i".to_string(), original_url: "discord://t@i".to_string(),
service_type: ShoutrrrServiceType::Discord, service_type: ShoutrrrServiceType::Discord,
@@ -1362,23 +1264,6 @@ mod tests {
assert!(!result); assert!(!result);
} }
// ---- CompositeNotifier describe ----
#[test]
fn test_composite_notifier_describe_empty() {
let notifier = CompositeNotifier::new(vec![]);
assert!(notifier.describe().is_empty());
}
// ---- Heartbeat describe and is_empty ----
#[test]
fn test_heartbeat_is_empty() {
let hb = Heartbeat::new(vec![]);
assert!(hb.is_empty());
assert!(hb.describe().is_empty());
}
#[tokio::test] #[tokio::test]
async fn test_heartbeat_ping_no_monitors() { async fn test_heartbeat_ping_no_monitors() {
let hb = Heartbeat::new(vec![]); let hb = Heartbeat::new(vec![]);
@@ -1400,16 +1285,6 @@ mod tests {
hb.exit(&msg).await; hb.exit(&msg).await;
} }
// ---- CompositeNotifier send with empty message ----
#[tokio::test]
async fn test_composite_notifier_send_empty_message_skips() {
let notifier = CompositeNotifier::new(vec![]);
let msg = Message::new(); // empty
// Should return immediately without sending
notifier.send(&msg).await;
}
#[tokio::test] #[tokio::test]
async fn test_shoutrrr_send_server_error() { async fn test_shoutrrr_send_server_error() {
let server = MockServer::start().await; let server = MockServer::start().await;
@@ -1421,7 +1296,7 @@ mod tests {
.await; .await;
let notifier = ShoutrrrNotifier { let notifier = ShoutrrrNotifier {
client: Client::new(), client: crate::test_client(),
urls: vec![ShoutrrrService { urls: vec![ShoutrrrService {
original_url: "generic://example.com/hook".to_string(), original_url: "generic://example.com/hook".to_string(),
service_type: ShoutrrrServiceType::Generic, service_type: ShoutrrrServiceType::Generic,

200
src/pp.rs
View File

@@ -1,6 +1,3 @@
use std::collections::HashSet;
use std::sync::{Arc, Mutex};
// Verbosity levels // Verbosity levels
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)] #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
pub enum Verbosity { pub enum Verbosity {
@@ -11,12 +8,8 @@ pub enum Verbosity {
} }
// Emoji constants // Emoji constants
#[allow(dead_code)]
pub const EMOJI_GLOBE: &str = "\u{1F30D}";
pub const EMOJI_WARNING: &str = "\u{26A0}\u{FE0F}"; pub const EMOJI_WARNING: &str = "\u{26A0}\u{FE0F}";
pub const EMOJI_ERROR: &str = "\u{274C}"; pub const EMOJI_ERROR: &str = "\u{274C}";
#[allow(dead_code)]
pub const EMOJI_SUCCESS: &str = "\u{2705}";
pub const EMOJI_LAUNCH: &str = "\u{1F680}"; pub const EMOJI_LAUNCH: &str = "\u{1F680}";
pub const EMOJI_STOP: &str = "\u{1F6D1}"; pub const EMOJI_STOP: &str = "\u{1F6D1}";
pub const EMOJI_SLEEP: &str = "\u{1F634}"; pub const EMOJI_SLEEP: &str = "\u{1F634}";
@@ -28,8 +21,6 @@ pub const EMOJI_SKIP: &str = "\u{23ED}\u{FE0F}";
pub const EMOJI_NOTIFY: &str = "\u{1F514}"; pub const EMOJI_NOTIFY: &str = "\u{1F514}";
pub const EMOJI_HEARTBEAT: &str = "\u{1F493}"; pub const EMOJI_HEARTBEAT: &str = "\u{1F493}";
pub const EMOJI_CONFIG: &str = "\u{2699}\u{FE0F}"; pub const EMOJI_CONFIG: &str = "\u{2699}\u{FE0F}";
#[allow(dead_code)]
pub const EMOJI_HINT: &str = "\u{1F4A1}";
const INDENT_PREFIX: &str = " "; const INDENT_PREFIX: &str = " ";
@@ -37,7 +28,6 @@ pub struct PP {
pub verbosity: Verbosity, pub verbosity: Verbosity,
pub emoji: bool, pub emoji: bool,
indent: usize, indent: usize,
seen: Arc<Mutex<HashSet<String>>>,
} }
impl PP { impl PP {
@@ -46,7 +36,6 @@ impl PP {
verbosity: if quiet { Verbosity::Quiet } else { Verbosity::Verbose }, verbosity: if quiet { Verbosity::Quiet } else { Verbosity::Verbose },
emoji, emoji,
indent: 0, indent: 0,
seen: Arc::new(Mutex::new(HashSet::new())),
} }
} }
@@ -63,7 +52,6 @@ impl PP {
verbosity: self.verbosity, verbosity: self.verbosity,
emoji: self.emoji, emoji: self.emoji,
indent: self.indent + 1, indent: self.indent + 1,
seen: Arc::clone(&self.seen),
} }
} }
@@ -104,54 +92,12 @@ impl PP {
pub fn errorf(&self, emoji: &str, msg: &str) { pub fn errorf(&self, emoji: &str, msg: &str) {
self.output_err(emoji, msg); self.output_err(emoji, msg);
} }
#[allow(dead_code)]
pub fn info_once(&self, key: &str, emoji: &str, msg: &str) {
if self.is_showing(Verbosity::Info) {
let mut seen = self.seen.lock().unwrap();
if seen.insert(key.to_string()) {
self.output(emoji, msg);
}
}
}
#[allow(dead_code)]
pub fn notice_once(&self, key: &str, emoji: &str, msg: &str) {
if self.is_showing(Verbosity::Notice) {
let mut seen = self.seen.lock().unwrap();
if seen.insert(key.to_string()) {
self.output(emoji, msg);
}
}
}
#[allow(dead_code)]
pub fn blank_line_if_verbose(&self) {
if self.is_showing(Verbosity::Verbose) {
println!();
}
}
}
#[allow(dead_code)]
pub fn english_join(items: &[String]) -> String {
match items.len() {
0 => String::new(),
1 => items[0].clone(),
2 => format!("{} and {}", items[0], items[1]),
_ => {
let (last, rest) = items.split_last().unwrap();
format!("{}, and {last}", rest.join(", "))
}
}
} }
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;
// ---- PP::new with emoji flag ----
#[test] #[test]
fn new_with_emoji_true() { fn new_with_emoji_true() {
let pp = PP::new(true, false); let pp = PP::new(true, false);
@@ -164,8 +110,6 @@ mod tests {
assert!(!pp.emoji); assert!(!pp.emoji);
} }
// ---- PP::new with quiet flag (verbosity levels) ----
#[test] #[test]
fn new_quiet_true_sets_verbosity_quiet() { fn new_quiet_true_sets_verbosity_quiet() {
let pp = PP::new(false, true); let pp = PP::new(false, true);
@@ -178,8 +122,6 @@ mod tests {
assert_eq!(pp.verbosity, Verbosity::Verbose); assert_eq!(pp.verbosity, Verbosity::Verbose);
} }
// ---- PP::is_showing at different verbosity levels ----
#[test] #[test]
fn quiet_shows_only_quiet_level() { fn quiet_shows_only_quiet_level() {
let pp = PP::new(false, true); let pp = PP::new(false, true);
@@ -218,8 +160,6 @@ mod tests {
assert!(!pp.is_showing(Verbosity::Verbose)); assert!(!pp.is_showing(Verbosity::Verbose));
} }
// ---- PP::indent ----
#[test] #[test]
fn indent_increments_indent_level() { fn indent_increments_indent_level() {
let pp = PP::new(true, false); let pp = PP::new(true, false);
@@ -238,26 +178,6 @@ mod tests {
assert_eq!(child.emoji, pp.emoji); assert_eq!(child.emoji, pp.emoji);
} }
#[test]
fn indent_shares_seen_state() {
let pp = PP::new(false, false);
let child = pp.indent();
// Insert via parent's seen set
pp.seen.lock().unwrap().insert("key1".to_string());
// Child should observe the same entry
assert!(child.seen.lock().unwrap().contains("key1"));
// Insert via child
child.seen.lock().unwrap().insert("key2".to_string());
// Parent should observe it too
assert!(pp.seen.lock().unwrap().contains("key2"));
}
// ---- PP::infof, noticef, warningf, errorf - no panic and verbosity gating ----
#[test] #[test]
fn infof_does_not_panic_when_verbose() { fn infof_does_not_panic_when_verbose() {
let pp = PP::new(false, false); let pp = PP::new(false, false);
@@ -267,7 +187,6 @@ mod tests {
#[test] #[test]
fn infof_does_not_panic_when_quiet() { fn infof_does_not_panic_when_quiet() {
let pp = PP::new(false, true); let pp = PP::new(false, true);
// Should simply not print, and not panic
pp.infof("", "test info message"); pp.infof("", "test info message");
} }
@@ -291,7 +210,6 @@ mod tests {
#[test] #[test]
fn warningf_does_not_panic_when_quiet() { fn warningf_does_not_panic_when_quiet() {
// warningf always outputs (no verbosity check), just verify no panic
let pp = PP::new(false, true); let pp = PP::new(false, true);
pp.warningf("", "test warning"); pp.warningf("", "test warning");
} }
@@ -308,124 +226,6 @@ mod tests {
pp.errorf("", "test error"); pp.errorf("", "test error");
} }
// ---- PP::info_once and notice_once ----
#[test]
fn info_once_suppresses_duplicates() {
let pp = PP::new(false, false);
// First call inserts the key
pp.info_once("dup_key", "", "first");
// The key should now be in the seen set
assert!(pp.seen.lock().unwrap().contains("dup_key"));
// Calling again with the same key should not insert again (set unchanged)
let size_before = pp.seen.lock().unwrap().len();
pp.info_once("dup_key", "", "second");
let size_after = pp.seen.lock().unwrap().len();
assert_eq!(size_before, size_after);
}
#[test]
fn info_once_allows_different_keys() {
let pp = PP::new(false, false);
pp.info_once("key_a", "", "msg a");
pp.info_once("key_b", "", "msg b");
let seen = pp.seen.lock().unwrap();
assert!(seen.contains("key_a"));
assert!(seen.contains("key_b"));
assert_eq!(seen.len(), 2);
}
#[test]
fn info_once_skipped_when_quiet() {
let pp = PP::new(false, true);
pp.info_once("quiet_key", "", "should not register");
// Because verbosity is Quiet, info_once should not even insert the key
assert!(!pp.seen.lock().unwrap().contains("quiet_key"));
}
#[test]
fn notice_once_suppresses_duplicates() {
let pp = PP::new(false, false);
pp.notice_once("notice_dup", "", "first");
assert!(pp.seen.lock().unwrap().contains("notice_dup"));
let size_before = pp.seen.lock().unwrap().len();
pp.notice_once("notice_dup", "", "second");
let size_after = pp.seen.lock().unwrap().len();
assert_eq!(size_before, size_after);
}
#[test]
fn notice_once_skipped_when_quiet() {
let pp = PP::new(false, true);
pp.notice_once("quiet_notice", "", "should not register");
assert!(!pp.seen.lock().unwrap().contains("quiet_notice"));
}
#[test]
fn info_once_shared_via_indent() {
let pp = PP::new(false, false);
let child = pp.indent();
// Mark a key via the parent
pp.info_once("shared_key", "", "parent");
assert!(pp.seen.lock().unwrap().contains("shared_key"));
// Child should see it as already present, so set size stays the same
let size_before = child.seen.lock().unwrap().len();
child.info_once("shared_key", "", "child duplicate");
let size_after = child.seen.lock().unwrap().len();
assert_eq!(size_before, size_after);
// Child can add a new key visible to parent
child.info_once("child_key", "", "child new");
assert!(pp.seen.lock().unwrap().contains("child_key"));
}
// ---- english_join ----
#[test]
fn english_join_empty() {
let items: Vec<String> = vec![];
assert_eq!(english_join(&items), "");
}
#[test]
fn english_join_single() {
let items = vec!["alpha".to_string()];
assert_eq!(english_join(&items), "alpha");
}
#[test]
fn english_join_two() {
let items = vec!["alpha".to_string(), "beta".to_string()];
assert_eq!(english_join(&items), "alpha and beta");
}
#[test]
fn english_join_three() {
let items = vec![
"alpha".to_string(),
"beta".to_string(),
"gamma".to_string(),
];
assert_eq!(english_join(&items), "alpha, beta, and gamma");
}
#[test]
fn english_join_four() {
let items = vec![
"a".to_string(),
"b".to_string(),
"c".to_string(),
"d".to_string(),
];
assert_eq!(english_join(&items), "a, b, c, and d");
}
// ---- default_pp ----
#[test] #[test]
fn default_pp_is_verbose_no_emoji() { fn default_pp_is_verbose_no_emoji() {
let pp = PP::default_pp(); let pp = PP::default_pp();

136
src/provider.rs
View File

@@ -1,6 +1,7 @@
use crate::pp::{self, PP}; use crate::pp::{self, PP};
use reqwest::dns::{Addrs, Name, Resolve, Resolving};
use reqwest::Client; use reqwest::Client;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, UdpSocket}; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket};
use std::time::Duration; use std::time::Duration;
/// IP type: IPv4 or IPv6 /// IP type: IPv4 or IPv6
@@ -25,10 +26,6 @@ impl IpType {
} }
} }
#[allow(dead_code)]
pub fn all() -> &'static [IpType] {
&[IpType::V4, IpType::V6]
}
} }
/// All supported provider types /// All supported provider types
@@ -145,14 +142,14 @@ impl ProviderType {
// --- Cloudflare Trace --- // --- Cloudflare Trace ---
/// Primary trace URLs use literal IPs to guarantee the correct address family. /// Primary trace URL uses cloudflare.com (the CDN endpoint, not the DNS
/// api.cloudflare.com is dual-stack, so on dual-stack hosts (e.g. Docker /// resolver). The `build_split_client` forces the correct address family by
/// --net=host with IPv6) the connection may go via IPv6 even when detecting /// filtering DNS results, so a dual-stack hostname is safe.
/// IPv4, causing the trace endpoint to return the wrong address family. /// Using literal DNS-resolver IPs (1.0.0.1 / [2606:4700:4700::1001]) caused
const CF_TRACE_V4_PRIMARY: &str = "https://1.0.0.1/cdn-cgi/trace"; /// TLS SNI mismatches and returned Cloudflare proxy IPs for some users.
const CF_TRACE_V6_PRIMARY: &str = "https://[2606:4700:4700::1001]/cdn-cgi/trace"; const CF_TRACE_PRIMARY: &str = "https://cloudflare.com/cdn-cgi/trace";
/// Fallback uses a hostname, which works when literal IPs are intercepted /// Fallback uses api.cloudflare.com, which works when cloudflare.com is
/// (e.g. Cloudflare WARP/Zero Trust). /// intercepted (e.g. Cloudflare WARP/Zero Trust).
const CF_TRACE_FALLBACK: &str = "https://api.cloudflare.com/cdn-cgi/trace"; const CF_TRACE_FALLBACK: &str = "https://api.cloudflare.com/cdn-cgi/trace";
pub fn parse_trace_ip(body: &str) -> Option<String> { pub fn parse_trace_ip(body: &str) -> Option<String> {
@@ -180,16 +177,45 @@ async fn fetch_trace_ip(
ip_str.parse::<IpAddr>().ok() ip_str.parse::<IpAddr>().ok()
} }
/// A DNS resolver that filters lookup results to a single address family.
/// This is the Rust equivalent of favonia/cloudflare-ddns's "split dialer"
/// pattern: by removing addresses of the wrong family *before* the HTTP
/// client sees them, we guarantee it can only establish connections over the
/// desired protocol — no happy-eyeballs race, no fallback to the wrong family.
struct FilteredResolver {
ip_type: IpType,
}
impl Resolve for FilteredResolver {
fn resolve(&self, name: Name) -> Resolving {
let ip_type = self.ip_type;
Box::pin(async move {
let addrs: Vec<SocketAddr> = tokio::net::lookup_host((name.as_str(), 0))
.await
.map_err(|e| -> Box<dyn std::error::Error + Send + Sync> { Box::new(e) })?
.filter(|addr| match ip_type {
IpType::V4 => addr.is_ipv4(),
IpType::V6 => addr.is_ipv6(),
})
.collect();
if addrs.is_empty() {
return Err(Box::new(std::io::Error::new(
std::io::ErrorKind::AddrNotAvailable,
format!("no {} addresses found", ip_type.describe()),
)) as Box<dyn std::error::Error + Send + Sync>);
}
Ok(Box::new(addrs.into_iter()) as Addrs)
})
}
}
/// Build an HTTP client that only connects via the given IP family. /// Build an HTTP client that only connects via the given IP family.
/// Binding to 0.0.0.0 forces IPv4-only; binding to [::] forces IPv6-only. /// Uses a DNS-level filter to strip addresses of the wrong family from
/// This ensures the trace endpoint sees the correct address family. /// resolution results, ensuring the client never attempts a connection
/// over the wrong protocol.
pub fn build_split_client(ip_type: IpType, timeout: Duration) -> Client { pub fn build_split_client(ip_type: IpType, timeout: Duration) -> Client {
let local_addr: IpAddr = match ip_type {
IpType::V4 => Ipv4Addr::UNSPECIFIED.into(),
IpType::V6 => Ipv6Addr::UNSPECIFIED.into(),
};
Client::builder() Client::builder()
.local_address(local_addr) .dns_resolver(FilteredResolver { ip_type })
.timeout(timeout) .timeout(timeout)
.build() .build()
.unwrap_or_default() .unwrap_or_default()
@@ -218,13 +244,8 @@ async fn detect_cloudflare_trace(
return Vec::new(); return Vec::new();
} }
let primary = match ip_type { // Try primary (cloudflare.com — the CDN trace endpoint)
IpType::V4 => CF_TRACE_V4_PRIMARY, if let Some(ip) = fetch_trace_ip(&client, CF_TRACE_PRIMARY, timeout, None).await {
IpType::V6 => CF_TRACE_V6_PRIMARY,
};
// Try primary (literal IP — guarantees correct address family)
if let Some(ip) = fetch_trace_ip(&client, primary, timeout, Some("one.one.one.one")).await {
if validate_detected_ip(&ip, ip_type, ppfmt) { if validate_detected_ip(&ip, ip_type, ppfmt) {
return vec![ip]; return vec![ip];
} }
@@ -854,7 +875,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let url = format!("{}/cdn-cgi/trace", server.uri()); let url = format!("{}/cdn-cgi/trace", server.uri());
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -894,7 +915,7 @@ mod tests {
// We can't override the hardcoded primary/fallback URLs, but we can test // We can't override the hardcoded primary/fallback URLs, but we can test
// the custom URL path: first with a failing URL, then a succeeding one. // the custom URL path: first with a failing URL, then a succeeding one.
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -926,21 +947,46 @@ mod tests {
#[test] #[test]
fn test_trace_urls() { fn test_trace_urls() {
// Primary URLs use literal IPs to guarantee correct address family. // Primary uses cloudflare.com CDN endpoint (not DNS resolver IPs).
assert!(CF_TRACE_V4_PRIMARY.contains("1.0.0.1")); assert_eq!(CF_TRACE_PRIMARY, "https://cloudflare.com/cdn-cgi/trace");
assert!(CF_TRACE_V6_PRIMARY.contains("2606:4700:4700::1001")); // Fallback uses api.cloudflare.com for when cloudflare.com is intercepted (WARP/Zero Trust).
// Fallback uses a hostname for when literal IPs are intercepted (WARP/Zero Trust).
assert_eq!(CF_TRACE_FALLBACK, "https://api.cloudflare.com/cdn-cgi/trace"); assert_eq!(CF_TRACE_FALLBACK, "https://api.cloudflare.com/cdn-cgi/trace");
assert!(CF_TRACE_FALLBACK.contains("api.cloudflare.com"));
} }
// ---- build_split_client ---- // ---- FilteredResolver + build_split_client ----
#[tokio::test]
async fn test_filtered_resolver_v4() {
let resolver = FilteredResolver { ip_type: IpType::V4 };
let name: Name = "cloudflare.com".parse().unwrap();
let addrs: Vec<SocketAddr> = resolver
.resolve(name)
.await
.expect("DNS lookup failed")
.collect();
assert!(!addrs.is_empty(), "should resolve at least one address");
for addr in &addrs {
assert!(addr.is_ipv4(), "all addresses should be IPv4, got {addr}");
}
}
#[tokio::test]
async fn test_filtered_resolver_v6() {
let resolver = FilteredResolver { ip_type: IpType::V6 };
let name: Name = "cloudflare.com".parse().unwrap();
// IPv6 may not be available in all test environments, so we just
// verify the resolver doesn't panic and returns only v6 if any.
if let Ok(addrs) = resolver.resolve(name).await {
for addr in addrs {
assert!(addr.is_ipv6(), "all addresses should be IPv6, got {addr}");
}
}
}
#[test] #[test]
fn test_build_split_client_v4() { fn test_build_split_client_v4() {
let client = build_split_client(IpType::V4, Duration::from_secs(5)); let client = build_split_client(IpType::V4, Duration::from_secs(5));
// Client should build successfully — we can't inspect local_address, // Client should build successfully with filtered resolver.
// but we verify it doesn't panic.
drop(client); drop(client);
} }
@@ -962,7 +1008,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -985,7 +1031,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -1006,7 +1052,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
let url = format!("{}/my-ip", server.uri()); let url = format!("{}/my-ip", server.uri());
@@ -1026,7 +1072,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
let url = format!("{}/my-ip", server.uri()); let url = format!("{}/my-ip", server.uri());
@@ -1090,7 +1136,7 @@ mod tests {
.mount(&server) .mount(&server)
.await; .await;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
let url = format!("{}/my-ip", server.uri()); let url = format!("{}/my-ip", server.uri());
@@ -1301,7 +1347,7 @@ mod tests {
"5.6.7.8".parse().unwrap(), "5.6.7.8".parse().unwrap(),
], ],
}; };
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -1319,7 +1365,7 @@ mod tests {
"2001:db8::1".parse().unwrap(), "2001:db8::1".parse().unwrap(),
], ],
}; };
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);
@@ -1333,7 +1379,7 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_none_detect_ips_returns_empty() { async fn test_none_detect_ips_returns_empty() {
let provider = ProviderType::None; let provider = ProviderType::None;
let client = Client::new(); let client = crate::test_client();
let ppfmt = PP::default_pp(); let ppfmt = PP::default_pp();
let timeout = Duration::from_secs(5); let timeout = Duration::from_secs(5);

299
src/updater.rs
View File

@@ -1,4 +1,4 @@
use crate::cf_ip_filter::CloudflareIpFilter; use crate::cf_ip_filter::CachedCloudflareFilter;
use crate::cloudflare::{CloudflareHandle, SetResult}; use crate::cloudflare::{CloudflareHandle, SetResult};
use crate::config::{AppConfig, LegacyCloudflareEntry, LegacySubdomainEntry}; use crate::config::{AppConfig, LegacyCloudflareEntry, LegacySubdomainEntry};
use crate::domain::make_fqdn; use crate::domain::make_fqdn;
@@ -6,7 +6,7 @@ use crate::notifier::{CompositeNotifier, Heartbeat, Message};
use crate::pp::{self, PP}; use crate::pp::{self, PP};
use crate::provider::IpType; use crate::provider::IpType;
use reqwest::Client; use reqwest::Client;
use std::collections::HashMap; use std::collections::{HashMap, HashSet};
use std::net::IpAddr; use std::net::IpAddr;
use std::time::Duration; use std::time::Duration;
@@ -16,19 +16,21 @@ pub async fn update_once(
handle: &CloudflareHandle, handle: &CloudflareHandle,
notifier: &CompositeNotifier, notifier: &CompositeNotifier,
heartbeat: &Heartbeat, heartbeat: &Heartbeat,
cf_cache: &mut CachedCloudflareFilter,
ppfmt: &PP, ppfmt: &PP,
noop_reported: &mut HashSet<String>,
detection_client: &Client,
) -> bool { ) -> bool {
let detection_client = Client::builder()
.timeout(config.detection_timeout)
.build()
.unwrap_or_default();
let mut all_ok = true; let mut all_ok = true;
let mut messages = Vec::new(); let mut messages = Vec::new();
let mut notify = false; // NEW: track meaningful events let mut notify = false; // NEW: track meaningful events
if config.legacy_mode { if config.legacy_mode {
all_ok = update_legacy(config, ppfmt).await; let (ok, legacy_msgs, legacy_notify) =
update_legacy(config, cf_cache, ppfmt, noop_reported, detection_client).await;
all_ok = ok;
messages = legacy_msgs;
notify = legacy_notify;
} else { } else {
// Detect IPs for each provider // Detect IPs for each provider
let mut detected_ips: HashMap<IpType, Vec<IpAddr>> = HashMap::new(); let mut detected_ips: HashMap<IpType, Vec<IpAddr>> = HashMap::new();
@@ -69,7 +71,7 @@ pub async fn update_once(
// Filter out Cloudflare IPs if enabled // Filter out Cloudflare IPs if enabled
if config.reject_cloudflare_ips { if config.reject_cloudflare_ips {
if let Some(cf_filter) = if let Some(cf_filter) =
CloudflareIpFilter::fetch(&detection_client, config.detection_timeout, ppfmt).await cf_cache.get(&detection_client, config.detection_timeout, ppfmt).await
{ {
for (ip_type, ips) in detected_ips.iter_mut() { for (ip_type, ips) in detected_ips.iter_mut() {
let before_count = ips.len(); let before_count = ips.len();
@@ -101,11 +103,12 @@ pub async fn update_once(
))); )));
} }
} }
} else { } else if !detected_ips.is_empty() {
ppfmt.warningf( ppfmt.warningf(
pp::EMOJI_WARNING, pp::EMOJI_WARNING,
"Could not fetch Cloudflare IP ranges; skipping filter", "Could not fetch Cloudflare IP ranges; skipping update to avoid writing Cloudflare IPs",
); );
detected_ips.clear();
} }
} }
@@ -151,9 +154,11 @@ pub async fn update_once(
) )
.await; .await;
let noop_key = format!("{domain_str}:{record_type}");
match result { match result {
SetResult::Updated => { SetResult::Updated => {
notify = true; // NEW noop_reported.remove(&noop_key);
notify = true;
let ip_strs: Vec<String> = ips.iter().map(|ip| ip.to_string()).collect(); let ip_strs: Vec<String> = ips.iter().map(|ip| ip.to_string()).collect();
messages.push(Message::new_ok(&format!( messages.push(Message::new_ok(&format!(
"Updated {domain_str} -> {}", "Updated {domain_str} -> {}",
@@ -161,13 +166,18 @@ pub async fn update_once(
))); )));
} }
SetResult::Failed => { SetResult::Failed => {
notify = true; // NEW noop_reported.remove(&noop_key);
notify = true;
all_ok = false; all_ok = false;
messages.push(Message::new_fail(&format!( messages.push(Message::new_fail(&format!(
"Failed to update {domain_str}" "Failed to update {domain_str}"
))); )));
} }
SetResult::Noop => {} SetResult::Noop => {
if noop_reported.insert(noop_key) {
ppfmt.infof(pp::EMOJI_SKIP, &format!("Record {domain_str} is up to date"));
}
}
} }
} }
} }
@@ -192,32 +202,37 @@ pub async fn update_once(
) )
.await; .await;
let noop_key = format!("waf:{}", waf_list.describe());
match result { match result {
SetResult::Updated => { SetResult::Updated => {
notify = true; // NEW noop_reported.remove(&noop_key);
notify = true;
messages.push(Message::new_ok(&format!( messages.push(Message::new_ok(&format!(
"Updated WAF list {}", "Updated WAF list {}",
waf_list.describe() waf_list.describe()
))); )));
} }
SetResult::Failed => { SetResult::Failed => {
notify = true; // NEW noop_reported.remove(&noop_key);
notify = true;
all_ok = false; all_ok = false;
messages.push(Message::new_fail(&format!( messages.push(Message::new_fail(&format!(
"Failed to update WAF list {}", "Failed to update WAF list {}",
waf_list.describe() waf_list.describe()
))); )));
} }
SetResult::Noop => {} SetResult::Noop => {
if noop_reported.insert(noop_key) {
ppfmt.infof(pp::EMOJI_SKIP, &format!("WAF list {} is up to date", waf_list.describe()));
}
}
} }
} }
} }
// Send heartbeat ONLY if something meaningful happened // Always ping heartbeat so monitors know the updater is alive
if notify {
let heartbeat_msg = Message::merge(messages.clone()); let heartbeat_msg = Message::merge(messages.clone());
heartbeat.ping(&heartbeat_msg).await; heartbeat.ping(&heartbeat_msg).await;
}
// Send notifications ONLY when IP changed or failed // Send notifications ONLY when IP changed or failed
if notify { if notify {
@@ -234,29 +249,27 @@ pub async fn update_once(
/// IP-family-bound clients (0.0.0.0 for IPv4, [::] for IPv6). This prevents the old /// IP-family-bound clients (0.0.0.0 for IPv4, [::] for IPv6). This prevents the old
/// wrong-family warning on dual-stack hosts and honours `ip4_provider`/`ip6_provider` /// wrong-family warning on dual-stack hosts and honours `ip4_provider`/`ip6_provider`
/// overrides from config.json. /// overrides from config.json.
async fn update_legacy(config: &AppConfig, ppfmt: &PP) -> bool { async fn update_legacy(
config: &AppConfig,
cf_cache: &mut CachedCloudflareFilter,
ppfmt: &PP,
noop_reported: &mut HashSet<String>,
detection_client: &Client,
) -> (bool, Vec<Message>, bool) {
let legacy = match &config.legacy_config { let legacy = match &config.legacy_config {
Some(l) => l, Some(l) => l,
None => return false, None => return (false, Vec::new(), false),
}; };
let client = Client::builder() let ddns = LegacyDdnsClient {
client: Client::builder()
.timeout(config.update_timeout) .timeout(config.update_timeout)
.build() .build()
.unwrap_or_default(); .unwrap_or_default(),
let ddns = LegacyDdnsClient {
client,
cf_api_base: "https://api.cloudflare.com/client/v4".to_string(), cf_api_base: "https://api.cloudflare.com/client/v4".to_string(),
dry_run: config.dry_run, dry_run: config.dry_run,
}; };
// Detect IPs using the shared provider abstraction
let detection_client = Client::builder()
.timeout(config.detection_timeout)
.build()
.unwrap_or_default();
let mut ips = HashMap::new(); let mut ips = HashMap::new();
for (ip_type, provider) in &config.providers { for (ip_type, provider) in &config.providers {
@@ -298,8 +311,9 @@ async fn update_legacy(config: &AppConfig, ppfmt: &PP) -> bool {
// Filter out Cloudflare IPs if enabled // Filter out Cloudflare IPs if enabled
if config.reject_cloudflare_ips { if config.reject_cloudflare_ips {
let before_count = ips.len();
if let Some(cf_filter) = if let Some(cf_filter) =
CloudflareIpFilter::fetch(&detection_client, config.detection_timeout, ppfmt).await cf_cache.get(&detection_client, config.detection_timeout, ppfmt).await
{ {
ips.retain(|key, ip_info| { ips.retain(|key, ip_info| {
if let Ok(addr) = ip_info.ip.parse::<std::net::IpAddr>() { if let Ok(addr) = ip_info.ip.parse::<std::net::IpAddr>() {
@@ -316,23 +330,32 @@ async fn update_legacy(config: &AppConfig, ppfmt: &PP) -> bool {
} }
true true
}); });
} else { if ips.is_empty() && before_count > 0 {
ppfmt.warningf( ppfmt.warningf(
pp::EMOJI_WARNING, pp::EMOJI_WARNING,
"Could not fetch Cloudflare IP ranges; skipping filter", "All detected addresses were Cloudflare IPs; skipping updates",
); );
} }
} else if !ips.is_empty() {
ppfmt.warningf(
pp::EMOJI_WARNING,
"Could not fetch Cloudflare IP ranges; skipping update to avoid writing Cloudflare IPs",
);
ips.clear();
}
} }
ddns.update_ips( let (msgs, should_notify) = ddns
.update_ips(
&ips, &ips,
&legacy.cloudflare, &legacy.cloudflare,
legacy.ttl, legacy.ttl,
legacy.purge_unknown_records, legacy.purge_unknown_records,
noop_reported,
) )
.await; .await;
true (true, msgs, should_notify)
} }
/// Delete records on stop (for env var mode). /// Delete records on stop (for env var mode).
@@ -480,12 +503,21 @@ impl LegacyDdnsClient {
config: &[LegacyCloudflareEntry], config: &[LegacyCloudflareEntry],
ttl: i64, ttl: i64,
purge_unknown_records: bool, purge_unknown_records: bool,
) { noop_reported: &mut HashSet<String>,
) -> (Vec<Message>, bool) {
let mut messages = Vec::new();
let mut notify = false;
for ip in ips.values() { for ip in ips.values() {
self.commit_record(ip, config, ttl, purge_unknown_records) let (msgs, changed) = self
.commit_record(ip, config, ttl, purge_unknown_records, noop_reported)
.await; .await;
messages.extend(msgs);
if changed {
notify = true;
} }
} }
(messages, notify)
}
async fn commit_record( async fn commit_record(
&self, &self,
@@ -493,7 +525,10 @@ impl LegacyDdnsClient {
config: &[LegacyCloudflareEntry], config: &[LegacyCloudflareEntry],
ttl: i64, ttl: i64,
purge_unknown_records: bool, purge_unknown_records: bool,
) { noop_reported: &mut HashSet<String>,
) -> (Vec<Message>, bool) {
let mut messages = Vec::new();
let mut changed = false;
for entry in config { for entry in config {
let zone_resp: Option<LegacyCfResponse<LegacyZoneResult>> = self let zone_resp: Option<LegacyCfResponse<LegacyZoneResult>> = self
.cf_api( .cf_api(
@@ -568,8 +603,11 @@ impl LegacyDdnsClient {
} }
} }
let noop_key = format!("{fqdn}:{}", ip.record_type);
if let Some(ref id) = identifier { if let Some(ref id) = identifier {
if modified { if modified {
noop_reported.remove(&noop_key);
changed = true;
if self.dry_run { if self.dry_run {
println!("[DRY RUN] Would update record {fqdn} -> {}", ip.ip); println!("[DRY RUN] Would update record {fqdn} -> {}", ip.ip);
} else { } else {
@@ -580,10 +618,21 @@ impl LegacyDdnsClient {
.cf_api(&update_endpoint, "PUT", entry, Some(&record)) .cf_api(&update_endpoint, "PUT", entry, Some(&record))
.await; .await;
} }
} else if self.dry_run { messages.push(Message::new_ok(&format!(
println!("[DRY RUN] Record {fqdn} is up to date ({})", ip.ip); "Updated {fqdn} -> {}",
ip.ip
)));
} else if noop_reported.insert(noop_key) {
if self.dry_run {
println!("[DRY RUN] Record {fqdn} is up to date");
} else {
println!("Record {fqdn} is up to date");
} }
} else if self.dry_run { }
} else {
noop_reported.remove(&noop_key);
changed = true;
if self.dry_run {
println!("[DRY RUN] Would add new record {fqdn} -> {}", ip.ip); println!("[DRY RUN] Would add new record {fqdn} -> {}", ip.ip);
} else { } else {
println!("Adding new record {fqdn} -> {}", ip.ip); println!("Adding new record {fqdn} -> {}", ip.ip);
@@ -592,6 +641,11 @@ impl LegacyDdnsClient {
.cf_api(&create_endpoint, "POST", entry, Some(&record)) .cf_api(&create_endpoint, "POST", entry, Some(&record))
.await; .await;
} }
messages.push(Message::new_ok(&format!(
"Created {fqdn} -> {}",
ip.ip
)));
}
if purge_unknown_records { if purge_unknown_records {
for dup_id in &duplicate_ids { for dup_id in &duplicate_ids {
@@ -609,6 +663,7 @@ impl LegacyDdnsClient {
} }
} }
} }
(messages, changed)
} }
} }
@@ -793,11 +848,13 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
/// update_once returns true (all_ok) when IP is already correct (Noop). /// update_once returns true (all_ok) when IP is already correct (Noop),
/// and populates noop_reported so subsequent calls suppress the message.
#[tokio::test] #[tokio::test]
async fn test_update_once_noop_when_record_up_to_date() { async fn test_update_once_noop_when_record_up_to_date() {
let server = MockServer::start().await; let server = MockServer::start().await;
@@ -841,8 +898,91 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let mut noop_reported = HashSet::new();
// First call: noop_reported is empty, so "up to date" is reported and key is inserted
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut noop_reported, &crate::test_client()).await;
assert!(ok); assert!(ok);
assert!(noop_reported.contains("home.example.com:A"), "noop_reported should contain the domain key after first noop");
// Second call: noop_reported already has the key, so the message is suppressed
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut noop_reported, &crate::test_client()).await;
assert!(ok);
assert_eq!(noop_reported.len(), 1, "noop_reported should still have exactly one entry");
}
/// noop_reported is cleared when a record is updated, so "up to date" prints again
/// on the next noop cycle.
#[tokio::test]
async fn test_update_once_noop_reported_cleared_on_change() {
let server = MockServer::start().await;
let zone_id = "zone-abc";
let domain = "home.example.com";
let old_ip = "198.51.100.42";
let new_ip = "198.51.100.99";
// Zone lookup
Mock::given(method("GET"))
.and(path("/zones"))
.and(query_param("name", domain))
.respond_with(
ResponseTemplate::new(200).set_body_json(zones_response(zone_id, "example.com")),
)
.mount(&server)
.await;
// List existing records - record has old IP, will be updated
Mock::given(method("GET"))
.and(path_regex(format!("/zones/{zone_id}/dns_records")))
.respond_with(
ResponseTemplate::new(200)
.set_body_json(dns_records_one("rec-1", domain, old_ip)),
)
.mount(&server)
.await;
// Create record (new IP doesn't match existing, so it creates + deletes stale)
Mock::given(method("POST"))
.and(path(format!("/zones/{zone_id}/dns_records")))
.respond_with(
ResponseTemplate::new(200)
.set_body_json(dns_record_created("rec-2", domain, new_ip)),
)
.mount(&server)
.await;
// Delete stale record
Mock::given(method("DELETE"))
.and(path(format!("/zones/{zone_id}/dns_records/rec-1")))
.respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({"result": {}})))
.mount(&server)
.await;
let mut providers = HashMap::new();
providers.insert(
IpType::V4,
ProviderType::Literal {
ips: vec![new_ip.parse::<IpAddr>().unwrap()],
},
);
let mut domains = HashMap::new();
domains.insert(IpType::V4, vec![domain.to_string()]);
let config = make_config(providers, domains, vec![], false);
let cf = handle(&server.uri());
let notifier = empty_notifier();
let heartbeat = empty_heartbeat();
let ppfmt = pp();
// Pre-populate noop_reported as if a previous cycle reported it
let mut noop_reported = HashSet::new();
noop_reported.insert("home.example.com:A".to_string());
let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut noop_reported, &crate::test_client()).await;
assert!(ok);
assert!(!noop_reported.contains("home.example.com:A"), "noop_reported should be cleared after an update");
} }
/// update_once returns true even when IP detection yields empty (no providers configured), /// update_once returns true even when IP detection yields empty (no providers configured),
@@ -885,7 +1025,8 @@ mod tests {
let ppfmt = pp(); let ppfmt = pp();
// all_ok = true because no zone-level errors occurred (empty ips just noop or warn) // all_ok = true because no zone-level errors occurred (empty ips just noop or warn)
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
// Providers with None are not inserted in loop, so no IP detection warning is emitted, // Providers with None are not inserted in loop, so no IP detection warning is emitted,
// no detected_ips entry is created, and set_ips is called with empty slice -> Noop. // no detected_ips entry is created, and set_ips is called with empty slice -> Noop.
assert!(ok); assert!(ok);
@@ -934,7 +1075,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(!ok, "Expected false when zone is not found"); assert!(!ok, "Expected false when zone is not found");
} }
@@ -983,7 +1125,8 @@ mod tests {
let ppfmt = pp(); let ppfmt = pp();
// dry_run returns Updated from set_ips (it signals intent), all_ok should be true // dry_run returns Updated from set_ips (it signals intent), all_ok should be true
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
@@ -1048,7 +1191,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
@@ -1101,7 +1245,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
@@ -1140,7 +1285,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(!ok, "Expected false when WAF list is not found"); assert!(!ok, "Expected false when WAF list is not found");
} }
@@ -1224,7 +1370,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
@@ -1240,7 +1387,8 @@ mod tests {
let heartbeat = empty_heartbeat(); let heartbeat = empty_heartbeat();
let ppfmt = pp(); let ppfmt = pp();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
@@ -1624,7 +1772,8 @@ mod tests {
let ppfmt = pp(); let ppfmt = pp();
// set_ips with empty ips and no existing records = Noop; all_ok = true // set_ips with empty ips and no existing records = Noop; all_ok = true
let ok = update_once(&config, &cf, &notifier, &heartbeat, &ppfmt).await; let mut cf_cache = CachedCloudflareFilter::new();
let ok = update_once(&config, &cf, &notifier, &heartbeat, &mut cf_cache, &ppfmt, &mut HashSet::new(), &crate::test_client()).await;
assert!(ok); assert!(ok);
} }
// ------------------------------------------------------- // -------------------------------------------------------
@@ -1643,7 +1792,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1675,7 +1824,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1704,7 +1853,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1726,7 +1875,7 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_legacy_cf_api_unknown_method() { async fn test_legacy_cf_api_unknown_method() {
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: "http://localhost".to_string(), cf_api_base: "http://localhost".to_string(),
dry_run: false, dry_run: false,
}; };
@@ -1756,7 +1905,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1812,7 +1961,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1829,7 +1978,7 @@ mod tests {
subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())], subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())],
proxied: false, proxied: false,
}]; }];
ddns.commit_record(&ip, &config, 300, false).await; ddns.commit_record(&ip, &config, 300, false, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -1868,7 +2017,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1885,7 +2034,7 @@ mod tests {
subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())], subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())],
proxied: false, proxied: false,
}]; }];
ddns.commit_record(&ip, &config, 300, false).await; ddns.commit_record(&ip, &config, 300, false, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -1910,7 +2059,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: true, dry_run: true,
}; };
@@ -1928,7 +2077,7 @@ mod tests {
proxied: false, proxied: false,
}]; }];
// Should not POST // Should not POST
ddns.commit_record(&ip, &config, 300, false).await; ddns.commit_record(&ip, &config, 300, false, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -1961,7 +2110,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -1981,7 +2130,7 @@ mod tests {
}], }],
proxied: false, proxied: false,
}]; }];
ddns.commit_record(&ip, &config, 300, false).await; ddns.commit_record(&ip, &config, 300, false, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -2016,7 +2165,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -2033,7 +2182,7 @@ mod tests {
subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())], subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())],
proxied: false, proxied: false,
}]; }];
ddns.commit_record(&ip, &config, 300, true).await; ddns.commit_record(&ip, &config, 300, true, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -2065,7 +2214,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -2083,7 +2232,7 @@ mod tests {
subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())], subdomains: vec![LegacySubdomainEntry::Simple("@".to_string())],
proxied: false, proxied: false,
}]; }];
ddns.update_ips(&ips, &config, 300, false).await; ddns.update_ips(&ips, &config, 300, false, &mut HashSet::new()).await;
} }
#[tokio::test] #[tokio::test]
@@ -2109,7 +2258,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: false, dry_run: false,
}; };
@@ -2141,7 +2290,7 @@ mod tests {
.await; .await;
let ddns = LegacyDdnsClient { let ddns = LegacyDdnsClient {
client: Client::new(), client: crate::test_client(),
cf_api_base: server.uri(), cf_api_base: server.uri(),
dry_run: true, dry_run: true,
}; };