Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom Domains for Territories #1958

Draft
wants to merge 25 commits into
base: master
Choose a base branch
from
Draft

Custom Domains for Territories #1958

wants to merge 25 commits into from
+959 −34

Conversation

Soxasora
Copy link
Member

@Soxasora Soxasora commented Mar 9, 2025
edited
Loading

Description

Tracks the work and strategies for #1942
Adds custom domains for territories with automatic and one-click sign-in.
TBD

Screenshots

tbd

Additional Context

Subject to updates

WIP: Shared Authentication

Login is based on referer, signup redirects to stacker.news

WIP: Login

  1. User goes directly to forum.pizza.com (no referer)
    -- One-click sign in: Redirect to api/auth/sync on main domain, if there's a session redirect back with a verification token to use for log-in

  2. User visits forum.pizza.com from stacker.news (referer)
    -- Like one-click but automatically

TODO: Signup

The user gets redirected to stacker.news to signup and gets redirected back with the token

WIP: Middleware

cachedFetcher will fetch and cache for 5 minutes the list of domains that are VERIFIED on DNS and SSL
If a domain is trying to access stacker news but it's not VERIFIED then it will redirect to stacker.news.

It redirects to /~territory and rewrites it to /

TODO: Serve subdomains for CNAMEs

We can create record on-demand via Route 53 APIs, though this needs to be researched more.

WIP: Check for correct DNS records

node:dns library allows for DNS checking, if CNAME and TXT records are set correctly, it will update the custom domain's dnsState field as VERIFIED

WIP: Automatic issuing and validation of SSL certificates

Using ACM (AWS Certificate Manager) we can both issue and validate a certificate

WIP: Integrations

DNS Validation

  1. User sets a custom domain
  2. We ask the user to create a CNAME record pointing to stacker.news and a randomly generated TXT record for validation
  3. worker will scan every X minutes the PENDING domains

If DNS validation is successful:
SSL Validation

  1. ACM will issue a certificate that will have PENDING as status
  2. We ask the user to create another CNAME record with ACM's validation domain
  3. ACM will then validate via DNS and issue the certificate.

If SSL validation is successful:
???
Profit

TODO: DNS guide on FAQ

FAQ to most populars domain providers. The territory owner will have to set a CNAME and that's it.
A TXT record can be used to validate domain ownership

Checklist

Are your changes backwards compatible? Please answer below:
tbd

On a scale of 1-10 how well and how have you QA'd this change and any features it might affect? Please answer below:
tbd

For frontend changes: Tested on mobile, light and dark mode? Please answer below:
tbd

Did you introduce any new environment variables? If so, call them out explicitly here:
DNS_RESOLVER -> with a fallback to 1.1.1.1 in worker/domainVerification.js

Progress

Subject to updates

More

  • Consider push notifications being possibly duplicated
  • Consider hiding Footer for custom domains or redirect them to main domain
  • customizable branding, color scheme
  • Strip customDomain queries, mutations from Sub
  • Total cleanup

APIs

  • LocalStack ACM (issue certificates for custom domains)
  • LocalStack ELBv2 (Load Balancer)
  • LocalStack CloudFront (CDN)

SSL

  • Show validation CNAME to the user
  • Issue SSL certificates via ACM API

DNS

  • DNS guide on FAQ
  • every 5 minutes DNS/SSL verification and validation via node:dns and worker

Territory Edit

  • Poll every 30 seconds for validation status
  • Info with SSL validation CNAME to be set // depends on ACM
  • Info with TXT records to be set
  • Popover respectively for DNS and SSL lastVerified
  • WIP save custom domain in DB via Territory Edit // wip UI
  • show values from customDomain

Domains

  • delete domain after X failed verifications
  • dnsState and sslState to track domain's functionality
  • cached API endpoint for custom domains map
  • custom domain table

Navigation and UI

  • fix layout shifts
  • better isCustomDomain conditional UI
  • fix sorts not being highlighted due to non-expected url // not clean

Middleware

  • consider Referral Cookies, do we want them? // not clean
  • better management of territory paths
  • don't redirect to SN if not strictly necessary // WIP, searching for paths to be redirected
  • WIP redirect and rewrite of territories

Wallet Sync

  • Autosync?
  • Device Sync as a placeholder

Auth Sync

  • MultiAuth handling
  • WIP one click login if visiting a custom domain // todo: give an appropriate location for verification
  • switch to verification request
  • redirect to custom domain with main domain's cookies and save them
  • sync auth only if coming from main domain

Take care of

  • CORS
  • check cookies validity across domains
  • check security risks in auth sync
  • take action for custom domains SEO
  • check for expired or transferred domains
  • test unusual DNS propagation times
  • check payments
  • prevent abuse on setCustomDomain
  • change page title

@Soxasora Soxasora added feature new product features that weren't there before territories labels Mar 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature new product features that weren't there before territories
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Soxasora