Log AWS-related error messages; fix deleteCertificate recursion

Author: Soxasora

lib/domain-verification.js

@@ -1,14 +1,14 @@
-import { requestCertificate, getCertificateStatus, describeCertificate } from '@/api/acm'
+import { requestCertificate, getCertificateStatus, describeCertificate, deleteCertificate } from '@/api/acm'
 import { Resolver } from 'node:dns/promises'
 
 // Issue a certificate for a custom domain
 export async function issueDomainCertificate (domainName) {
   try {
     const certificateArn = await requestCertificate(domainName)
-    return certificateArn
+    return { certificateArn, error: null }
   } catch (error) {
     console.error(`Failed to issue certificate for domain ${domainName}:`, error)
-    return null
+    return { certificateArn: null, error: error.message }
   }
 }
 
@@ -17,31 +17,34 @@ export async function checkCertificateStatus (certificateArn) {
   let certStatus
   try {
     certStatus = await getCertificateStatus(certificateArn)
+    return { certStatus, error: null }
   } catch (error) {
     console.error(`Certificate status check failed: ${error.message}`)
-    return 'FAILED'
+    return { certStatus: 'FAILED', error: error.message }
   }
-
-  return certStatus
 }
 
 // Get the details of a certificate for a custom domain
 export async function certDetails (certificateArn) {
   try {
     const certificate = await describeCertificate(certificateArn)
-    return certificate
+    return { certificate, error: null }
   } catch (error) {
     console.error(`Certificate description failed: ${error.message}`)
-    return null
+    return { certificate: null, error: error.message }
   }
 }
 
 // Get the validation values for a certificate for a custom domain
 // TODO: Test with real values, localstack don't have this info until the certificate is issued
 export async function getValidationValues (certificateArn) {
-  const certificate = await certDetails(certificateArn)
+  const { certificate, error } = await certDetails(certificateArn)
+  if (error) {
+    return { cname: null, value: null, error }
+  }
+
   if (!certificate || !certificate.Certificate || !certificate.Certificate.DomainValidationOptions) {
-    return { cname: null, value: null }
+    return { cname: null, value: null, error: 'Certificate not found' }
   }
 
   return {
@@ -93,10 +96,12 @@ export async function verifyDNSRecord (type, recordName, recordValue) {
 }
 
 // Delete a certificate for a custom domain
-export async function deleteCertificate (certificateArn) {
+export async function deleteDomainCertificate (certificateArn) {
   try {
     await deleteCertificate(certificateArn)
+    return { error: null }
   } catch (error) {
     console.error(`Failed to delete certificate: ${error.message}`)
+    return { error: error.message }
   }
 }

worker/domainVerification.js

@@ -1,5 +1,5 @@
 import createPrisma from '@/lib/create-prisma'
-import { verifyDNSRecord, issueDomainCertificate, checkCertificateStatus, getValidationValues, deleteCertificate } from '@/lib/domain-verification'
+import { verifyDNSRecord, issueDomainCertificate, checkCertificateStatus, getValidationValues, deleteDomainCertificate } from '@/lib/domain-verification'
 import { datePivot } from '@/lib/time'
 
 const VERIFICATION_INTERVAL = 60 * 5 // 5 minutes
@@ -81,7 +81,7 @@ async function verifyDomain (domain, models) {
   if (datePivot(new Date(), { days: VERIFICATION_HOLD_THRESHOLD }) > domain.updatedAt) {
     if (domain.certificate) {
       // certificate would expire in 72 hours anyway, it's best to delete it
-      await deleteCertificate(domain.certificate.certificateArn)
+      await deleteDomainCertificate(domain.certificate.certificateArn)
     }
     return { status: 'HOLD', message: `Domain ${domain.domainName} has been put on HOLD because we couldn't verify it in 48 hours` }
   }
@@ -157,7 +157,7 @@ async function requestCertificate (domain, models) {
   let message = null
 
   // ask ACM to request a certificate for the domain
-  const certificateArn = await issueDomainCertificate(domain.domainName)
+  const { certificateArn, error } = await issueDomainCertificate(domain.domainName)
 
   if (certificateArn) {
     // check the status of the just created certificate
@@ -172,7 +172,7 @@ async function requestCertificate (domain, models) {
     })
     message = 'An ACM certificate with arn ' + certificateArn + ' has been successfully requested'
   } else {
-    message = 'Could not request an ACM certificate'
+    message = 'Could not request an ACM certificate: ' + error
   }
 
   const status = certificateArn ? 'PENDING' : 'FAILED'
@@ -184,7 +184,7 @@ async function getACMValidationValues (domain, models, certificateArn) {
   let message = null
 
   // get the validation values for the certificate
-  const validationValues = await getValidationValues(certificateArn)
+  const { validationValues, error } = await getValidationValues(certificateArn)
   if (validationValues) {
     // store the validation values in the database
     await models.domainVerificationRecord.create({
@@ -197,7 +197,7 @@ async function getACMValidationValues (domain, models, certificateArn) {
     })
     message = 'Validation values stored'
   } else {
-    message = 'Could not get validation values'
+    message = 'Could not get validation values: ' + error
   }
 
   const status = validationValues ? 'PENDING' : 'FAILED'
@@ -208,7 +208,7 @@ async function getACMValidationValues (domain, models, certificateArn) {
 async function checkACMValidation (domain, models, record) {
   let message = null
 
-  const certificateStatus = await checkCertificateStatus(domain.certificate.certificateArn)
+  const { certificateStatus, error } = await checkCertificateStatus(domain.certificate.certificateArn)
   if (certificateStatus) {
     if (certificateStatus !== domain.certificate.status) {
       console.log(`certificate status for ${domain.domainName} has changed from ${domain.certificate.status} to ${certificateStatus}`)
@@ -219,7 +219,7 @@ async function checkACMValidation (domain, models, record) {
     }
     message = `Certificate status is: ${certificateStatus}`
   } else {
-    message = 'Could not check certificate status'
+    message = 'Could not check certificate status: ' + error
   }
 
   const status = certificateStatus === 'ISSUED' ? 'VERIFIED' : 'PENDING'

worker/territory.js

@@ -1,6 +1,6 @@
 import lnd from '@/api/lnd'
 import performPaidAction from '@/api/paidAction'
-import { deleteCertificate } from '@/lib/domain-verification'
+import { deleteDomainCertificate } from '@/lib/domain-verification'
 import { PAID_ACTION_PAYMENT_METHODS } from '@/lib/constants'
 import { nextBillingWithGrace } from '@/lib/territory'
 import { datePivot } from '@/lib/time'
@@ -18,7 +18,7 @@ export async function territoryBilling ({ data: { subName }, boss, models }) {
 
       // make sure to delete the certificate from ACM if the sub is stopped, if we have it.
       if (nextStatus === 'STOPPED' && sub.domain?.certificate?.certificateArn) {
-        await deleteCertificate(sub.domain.certificate.certificateArn)
+        await deleteDomainCertificate(sub.domain.certificate.certificateArn)
       }
 
       await models.sub.update({