Log AWS-related error messages; fix deleteCertificate recursion

Soxasora · Soxasora · commit 82a71f588c7e · 2025-05-08T18:33:22.000-05:00
diff --git a/lib/domain-verification.js b/lib/domain-verification.js
@@ -1,14 +1,14 @@
-import { requestCertificate, getCertificateStatus, describeCertificate } from '@/api/acm'
+import { requestCertificate, getCertificateStatus, describeCertificate, deleteCertificate } from '@/api/acm'
 import { Resolver } from 'node:dns/promises'
 
 // Issue a certificate for a custom domain
 export async function issueDomainCertificate (domainName) {
   try {
     const certificateArn = await requestCertificate(domainName)
-    return certificateArn
+    return { certificateArn, error: null }
   } catch (error) {
     console.error(`Failed to issue certificate for domain ${domainName}:`, error)
-    return null
+    return { certificateArn: null, error: error.message }
   }
 }
 
@@ -17,31 +17,34 @@ export async function checkCertificateStatus (certificateArn) {
   let certStatus
   try {
     certStatus = await getCertificateStatus(certificateArn)
+    return { certStatus, error: null }
   } catch (error) {
     console.error(`Certificate status check failed: ${error.message}`)
-    return 'FAILED'
+    return { certStatus: 'FAILED', error: error.message }
   }
-
-  return certStatus
 }
 
 // Get the details of a certificate for a custom domain
 export async function certDetails (certificateArn) {
   try {
     const certificate = await describeCertificate(certificateArn)
-    return certificate
+    return { certificate, error: null }
   } catch (error) {
     console.error(`Certificate description failed: ${error.message}`)
-    return null
+    return { certificate: null, error: error.message }
   }
 }
 
 // Get the validation values for a certificate for a custom domain
 // TODO: Test with real values, localstack don't have this info until the certificate is issued
 export async function getValidationValues (certificateArn) {
-  const certificate = await certDetails(certificateArn)
+  const { certificate, error } = await certDetails(certificateArn)
+  if (error) {
+    return { cname: null, value: null, error }
+  }
+
   if (!certificate || !certificate.Certificate || !certificate.Certificate.DomainValidationOptions) {
-    return { cname: null, value: null }
+    return { cname: null, value: null, error: 'Certificate not found' }
   }
 
   return {
@@ -93,10 +96,12 @@ export async function verifyDNSRecord (type, recordName, recordValue) {
 }
 
 // Delete a certificate for a custom domain
-export async function deleteCertificate (certificateArn) {
+export async function deleteDomainCertificate (certificateArn) {
   try {
     await deleteCertificate(certificateArn)
+    return { error: null }
   } catch (error) {
     console.error(`Failed to delete certificate: ${error.message}`)
+    return { error: error.message }
   }
 }
diff --git a/worker/domainVerification.js b/worker/domainVerification.js
@@ -1,5 +1,5 @@
 import createPrisma from '@/lib/create-prisma'
-import { verifyDNSRecord, issueDomainCertificate, checkCertificateStatus, getValidationValues, deleteCertificate } from '@/lib/domain-verification'
+import { verifyDNSRecord, issueDomainCertificate, checkCertificateStatus, getValidationValues, deleteDomainCertificate } from '@/lib/domain-verification'
 import { datePivot } from '@/lib/time'
 
 const VERIFICATION_INTERVAL = 60 * 5 // 5 minutes
@@ -81,7 +81,7 @@ async function verifyDomain (domain, models) {
   if (datePivot(new Date(), { days: VERIFICATION_HOLD_THRESHOLD }) > domain.updatedAt) {
     if (domain.certificate) {
       // certificate would expire in 72 hours anyway, it's best to delete it
-      await deleteCertificate(domain.certificate.certificateArn)
+      await deleteDomainCertificate(domain.certificate.certificateArn)
     }
     return { status: 'HOLD', message: `Domain ${domain.domainName} has been put on HOLD because we couldn't verify it in 48 hours` }
   }
@@ -157,22 +157,26 @@ async function requestCertificate (domain, models) {
   let message = null
 
   // ask ACM to request a certificate for the domain
-  const certificateArn = await issueDomainCertificate(domain.domainName)
+  const { certificateArn, error } = await issueDomainCertificate(domain.domainName)
 
   if (certificateArn) {
     // check the status of the just created certificate
-    const certificateStatus = await checkCertificateStatus(certificateArn)
-    // store the certificate in the database with its status
-    await models.domainCertificate.create({
-      data: {
-        domain: { connect: { id: domain.id } },
-        certificateArn,
-        status: certificateStatus
-      }
-    })
-    message = 'An ACM certificate with arn ' + certificateArn + ' has been successfully requested'
+    const { certStatus, error: checkError } = await checkCertificateStatus(certificateArn)
+    if (checkError) {
+      message = 'Could not check certificate status: ' + checkError
+    } else {
+      // store the certificate in the database with its status
+      await models.domainCertificate.create({
+        data: {
+          domain: { connect: { id: domain.id } },
+          certificateArn,
+          status: certStatus
+        }
+      })
+      message = 'An ACM certificate with arn ' + certificateArn + ' has been successfully requested'
+    }
   } else {
-    message = 'Could not request an ACM certificate'
+    message = 'Could not request an ACM certificate: ' + error
   }
 
   const status = certificateArn ? 'PENDING' : 'FAILED'
@@ -184,45 +188,45 @@ async function getACMValidationValues (domain, models, certificateArn) {
   let message = null
 
   // get the validation values for the certificate
-  const validationValues = await getValidationValues(certificateArn)
-  if (validationValues) {
+  const { cname, value, error } = await getValidationValues(certificateArn)
+  if (cname && value) {
     // store the validation values in the database
     await models.domainVerificationRecord.create({
       data: {
         domain: { connect: { id: domain.id } },
         type: 'SSL',
-        recordName: validationValues.cname,
-        recordValue: validationValues.value
+        recordName: cname,
+        recordValue: value
       }
     })
     message = 'Validation values stored'
   } else {
-    message = 'Could not get validation values'
+    message = 'Could not get validation values: ' + error
   }
 
-  const status = validationValues ? 'PENDING' : 'FAILED'
+  const status = cname && value ? 'PENDING' : 'FAILED'
   await logAttempt({ domain, models, stage: 'ACM_REQUEST_VALIDATION_VALUES', status, message })
   return status !== 'FAILED'
 }
 
 async function checkACMValidation (domain, models, record) {
   let message = null
 
-  const certificateStatus = await checkCertificateStatus(domain.certificate.certificateArn)
-  if (certificateStatus) {
-    if (certificateStatus !== domain.certificate.status) {
-      console.log(`certificate status for ${domain.domainName} has changed from ${domain.certificate.status} to ${certificateStatus}`)
+  const { certStatus, error } = await checkCertificateStatus(domain.certificate.certificateArn)
+  if (certStatus) {
+    if (certStatus !== domain.certificate.status) {
+      console.log(`certificate status for ${domain.domainName} has changed from ${domain.certificate.status} to ${certStatus}`)
       await models.domainCertificate.update({
         where: { id: domain.certificate.id },
-        data: { status: certificateStatus }
+        data: { status: certStatus }
       })
     }
-    message = `Certificate status is: ${certificateStatus}`
+    message = `Certificate status is: ${certStatus}`
   } else {
-    message = 'Could not check certificate status'
+    message = 'Could not check certificate status: ' + error
   }
 
-  const status = certificateStatus === 'ISSUED' ? 'VERIFIED' : 'PENDING'
+  const status = certStatus === 'ISSUED' ? 'VERIFIED' : 'PENDING'
   await logAttempt({ domain, models, record, stage: 'ACM_VALIDATION', status, message })
   return status === 'VERIFIED'
 }
diff --git a/worker/territory.js b/worker/territory.js
@@ -1,6 +1,6 @@
 import lnd from '@/api/lnd'
 import performPaidAction from '@/api/paidAction'
-import { deleteCertificate } from '@/lib/domain-verification'
+import { deleteDomainCertificate } from '@/lib/domain-verification'
 import { PAID_ACTION_PAYMENT_METHODS } from '@/lib/constants'
 import { nextBillingWithGrace } from '@/lib/territory'
 import { datePivot } from '@/lib/time'
@@ -18,7 +18,7 @@ export async function territoryBilling ({ data: { subName }, boss, models }) {
 
       // make sure to delete the certificate from ACM if the sub is stopped, if we have it.
       if (nextStatus === 'STOPPED' && sub.domain?.certificate?.certificateArn) {
-        await deleteCertificate(sub.domain.certificate.certificateArn)
+        await deleteDomainCertificate(sub.domain.certificate.certificateArn)
       }
 
       await models.sub.update({
