acmex 0.8.0

AcmeX: High-performance, extensible ACME v2 (RFC 8555) client and server in Rust, supporting multiple DNS providers, storage backends, and crypto libraries.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

/// CloudFlare DNS provider implementation.
/// This provider uses the CloudFlare Client API v4 to manage DNS records.
use async_trait::async_trait;
use serde::{Deserialize, Serialize};

use crate::challenge::DnsProvider;
use crate::error::{AcmeError, Result};

/// Configuration for the CloudFlare DNS provider.
#[derive(Debug, Clone)]
pub struct CloudFlareConfig {
    /// API token with DNS:Edit permissions.
    pub api_token: String,
    /// The Zone ID of the domain being validated.
    pub zone_id: String,
}

/// CloudFlare DNS provider for handling DNS-01 challenges.
pub struct CloudFlareDnsProvider {
    /// Provider configuration.
    config: CloudFlareConfig,
    /// Internal HTTP client.
    http_client: reqwest::Client,
}

impl CloudFlareDnsProvider {
    /// Creates a new `CloudFlareDnsProvider` with the given configuration.
    pub fn new(config: CloudFlareConfig) -> Self {
        tracing::debug!(
            "Initializing CloudFlareDnsProvider for Zone: {}",
            config.zone_id
        );
        Self {
            config,
            http_client: reqwest::Client::new(),
        }
    }
}

/// Request structure for creating a DNS record in CloudFlare.
#[derive(Debug, Serialize)]
struct CloudFlareRecordCreateRequest<'a> {
    /// Record type (e.g., "TXT").
    r#type: &'a str,
    /// Record name (e.g., "_acme-challenge.example.com").
    name: &'a str,
    /// Record content (the challenge value).
    content: &'a str,
    /// Time to Live (TTL) in seconds.
    ttl: u32,
}

/// Response structure from CloudFlare API.
#[derive(Debug, Deserialize)]
struct CloudFlareRecordResponse {
    /// The result object containing the record details.
    result: CloudFlareRecordResult,
}

/// Details of the created DNS record.
#[derive(Debug, Deserialize)]
struct CloudFlareRecordResult {
    /// The unique ID of the DNS record.
    id: String,
}

#[async_trait]
impl DnsProvider for CloudFlareDnsProvider {
    /// Creates a TXT record for the DNS-01 challenge.
    async fn create_txt_record(&self, domain: &str, value: &str) -> Result<String> {
        tracing::info!("Creating CloudFlare TXT record for domain: {}", domain);
        let url = format!(
            "https://api.cloudflare.com/client/v4/zones/{}/dns_records",
            self.config.zone_id
        );

        let payload = CloudFlareRecordCreateRequest {
            r#type: "TXT",
            name: domain,
            content: value,
            ttl: 60, // Short TTL for faster validation
        };

        let response = self
            .http_client
            .post(url)
            .bearer_auth(&self.config.api_token)
            .json(&payload)
            .send()
            .await
            .map_err(|e| {
                tracing::error!("Network error while creating CloudFlare record: {}", e);
                AcmeError::transport(format!("CloudFlare create record failed: {}", e))
            })?;

        if !response.status().is_success() {
            let status = response.status();
            let text = response.text().await.unwrap_or_default();
            tracing::error!("CloudFlare API error ({}): {}", status, text);
            return Err(AcmeError::storage(format!(
                "CloudFlare create record failed: {}",
                text
            )));
        }

        let body: CloudFlareRecordResponse = response.json().await.map_err(|e| {
            tracing::error!("Failed to parse CloudFlare response: {}", e);
            AcmeError::storage(format!("CloudFlare parse response failed: {}", e))
        })?;

        tracing::info!(
            "Successfully created CloudFlare TXT record with ID: {}",
            body.result.id
        );
        Ok(body.result.id)
    }

    /// Deletes the TXT record after validation is complete.
    async fn delete_txt_record(&self, _domain: &str, record_id: &str) -> Result<()> {
        tracing::info!("Deleting CloudFlare TXT record ID: {}", record_id);
        let url = format!(
            "https://api.cloudflare.com/client/v4/zones/{}/dns_records/{}",
            self.config.zone_id, record_id
        );

        let response = self
            .http_client
            .delete(url)
            .bearer_auth(&self.config.api_token)
            .send()
            .await
            .map_err(|e| {
                tracing::error!("Network error while deleting CloudFlare record: {}", e);
                AcmeError::transport(format!("CloudFlare delete record failed: {}", e))
            })?;

        if !response.status().is_success() {
            let status = response.status();
            let text = response.text().await.unwrap_or_default();
            tracing::error!(
                "CloudFlare API error during deletion ({}): {}",
                status,
                text
            );
            return Err(AcmeError::storage(format!(
                "CloudFlare delete record failed: {}",
                text
            )));
        }

        tracing::info!("Successfully deleted CloudFlare TXT record: {}", record_id);
        Ok(())
    }

    /// Verifies that the TXT record is correctly propagated in CloudFlare's systems.
    async fn verify_record(&self, domain: &str, value: &str) -> Result<bool> {
        tracing::debug!("Verifying CloudFlare TXT record for domain: {}", domain);
        let url = format!(
            "https://api.cloudflare.com/client/v4/zones/{}/dns_records?type=TXT&name={}",
            self.config.zone_id, domain
        );

        let response = self
            .http_client
            .get(url)
            .bearer_auth(&self.config.api_token)
            .send()
            .await
            .map_err(|e| {
                tracing::error!("Network error while verifying CloudFlare record: {}", e);
                AcmeError::transport(format!("CloudFlare verify record failed: {}", e))
            })?;

        if !response.status().is_success() {
            tracing::warn!(
                "CloudFlare record verification returned status: {}",
                response.status()
            );
            return Ok(false);
        }

        let text = response.text().await.unwrap_or_default();
        let verified = text.contains(value);
        if verified {
            tracing::debug!("CloudFlare record verification successful");
        } else {
            tracing::warn!("CloudFlare record verification failed: value not found in response");
        }
        Ok(verified)
    }
}