feat: initial implementation

.github/workflows/go-check.yml

@@ -0,0 +1,18 @@
+name: Go Checks
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  go-check:
+    uses: ipdxco/unified-github-workflows/.github/workflows/go-check.yml@v1.0

.github/workflows/go-test-config.json

@@ -0,0 +1,3 @@
+{
+    "skip32bit": true
+}

.github/workflows/go-test.yml

@@ -0,0 +1,22 @@
+name: Go Test
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  go-test:
+    uses: ipdxco/unified-github-workflows/.github/workflows/go-test.yml@v1.0
+    with:
+      go-versions: '["this"]'
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/release-check.yml

@@ -0,0 +1,19 @@
+name: Release Checker
+
+on:
+  pull_request_target:
+    paths: [ 'version.json' ]
+    types: [ opened, synchronize, reopened, labeled, unlabeled ]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release-check:
+    uses: ipdxco/unified-github-workflows/.github/workflows/release-check.yml@v1.0

.github/workflows/releaser.yml

@@ -0,0 +1,17 @@
+name: Releaser
+
+on:
+  push:
+    paths: [ 'version.json' ]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  releaser:
+    uses: ipdxco/unified-github-workflows/.github/workflows/releaser.yml@v1.0

.github/workflows/tagpush.yml

@@ -0,0 +1,18 @@
+name: Tag Push Checker
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: read
+  issues: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  releaser:
+    uses: ipdxco/unified-github-workflows/.github/workflows/tagpush.yml@v1.0

README.md

@@ -1,3 +1,123 @@
 # p2p-forge
 
 > An Authoritative DNS server for distributing DNS subdomains to libp2p peers
+
+## Build
+
+`go build` will build the binary in your local directory
+
+## Install
+
+```console
+$ go install github.com/ipshipyard/p2p-forge@latest
+```
+
+Will download using go mod, build and install the binary in your global Go binary directory (e.g. `~/go/bin`)
+
+### From source
+`go install` will build and install the binary in your global Go binary directory (e.g. `~/go/bin`)
+
+## Usage
+
+### Configuration
+
+This binary is based on [CoreDNS](https://github.com/coredns/coredns) which is itself based on Caddy.
+To run the binary create a file `Corefile` following the syntax listed in the CoreDNS documentation.
+
+This binary introduces two additional plugins:
+- `ipparser` which handles returning A and AAAA records for domains like `<encoded-ip-address>.<peerID>.libp2p.direct`
+- `acme` which handles reading and writing DNS acme challenges for domains like `_acme-challenge.<peerID>.libp2p.direct`
+
+#### ipparser Syntax
+
+~~~
+ipparser FORGE_DOMAIN
+~~~
+
+**FORGE_DOMAIN** the domain of the forge (e.g. libp2p.direct)
+
+#### acme Syntax
+
+~~~
+acme FORGE_DOMAIN {
+	[registration-domain REGISTRATION_DOMAIN [listen-address=ADDRESS] [external-tls=true|false]
+	[database-type DB_TYPE [...DB_ARGS]]
+}
+~~~
+
+- **FORGE_DOMAIN** the domain of the forge (e.g. libp2p.direct)
+- **REGISTRATION_DOMAIN** the domain used by clients to send requests for setting ACME challenges (e.g. registration.libp2p.direct)
+   - **ADDRESS** is the address and port for the internal HTTP server to listen on (e.g. :1234), defaults to `:443`.
+   - external-tls should be set to true if the TLS termination (and validation of the registration domain name) will happen externally or should be handled locally, defaults to false
+- **DB_TYPE** is the type of the backing database used for storing the ACME challenges. Options include:
+    - dynamo TABLE_NAME (where all credentials are set via AWS' standard environment variables)
+    - badger DB_PATH
+
+### Example
+
+Below is a basic example of starting a DNS server that handles the IP based domain names as well as ACME challenges.
+It does the following:
+- Handles IP-based names and ACME challenges for the libp2p.direct forge
+- Sets up a standard HTTPS listener for registration.libp2p.direct to handle setting ACME challenges
+- Uses dynamo as a backend for ACME challenges
+
+``` corefile
+. {
+    log
+	ipparser libp2p.direct
+    acme libp2p.direct {
+        registration-domain registration.libp2p.direct listen-address=:443 external-tls=false
+        database-type dynamo mytable
+    }
+}
+```
+
+### Handled DNS records
+
+There are 3 types of records handled for a given peer and forge (e.g. `<peerID>.libp2p.direct`):
+- ACME Challenges for a given peerID `_acme-challenge.<peerID>.libp2p.direct`
+- A records for an IPv4 prefixed subdomain like `1-2-3-4.<peerID>.libp2p.direct`
+- AAAA records for an IPv6 prefixed subdomain like `2001-db8--.<peerID>.libp2p.direct`
+
+#### IPv4 subdomain handling
+
+IPv4 handling is fairly straightforward, for a given IPv4 address `1.2.3.4` convert the `.`s into `-`s and the result
+will be valid.
+
+#### IPv6 subdomain handling
+
+Due to the length of IPv6 addresses there are a number of different formats for describing IPv6 addresses.
+
+The addresses handled here are:
+- For an address `A:B:C:D:1:2:3:4` convert the `:`s into `-`s and the result will be valid.
+- Addresses of the form `A::C:D` can be converted either into their expanded form or into a condensed form by replacing
+the `:`s with `-`s, like `A--C-D`
+- When there is a `:` as the first or last character it must be converted to a 0 to comply with [rfc1123](https://datatracker.ietf.org/doc/html/rfc1123#section-2)
+, so `::B:C:D` would become `0--B-C-D` and `1::` would become `1--0`
+
+Other address formats (e.g. the dual IPv6/IPv4 format) are not supported
+
+### Submitting Challenge Records
+
+To claim a domain name like `<peerID>.libp2p.direct` requires:
+1. The private key corresponding to the given peerID
+2. A publicly reachable libp2p endpoint with 
+   - one of the following libp2p transport configurations:
+     - QUIC-v1
+     - TCP or WS or WSS, Yamux, TLS or Noise
+     - WebTransport
+     - Other transports are under consideration (e.g. HTTP), if they are of interest please file an issue
+   - the [Identify protocol](https://github.com/libp2p/specs/tree/master/identify) (`/ipfs/id/1.0.0`)
+
+To set an ACME challenge send an HTTP request to the server (for libp2p.direct this is registration.libp2p.direct)
+```shell
+curl -X POST "https://registration.libp2p.direct/v1/<peerID>/_acme-challenge" \
+-H "Authorization: libp2p-PeerID bearer=\"<base64-encoded-opaque-blob>\""
+-H "Content-Type: application/json" \
+-d '{
+  "value": "your_acme_challenge_token",
+  "addresses": "[your_multiaddrs, comma_separated]"
+}'
+```
+
+Where the bearer token is derived via the [libp2p HTTP PeerID Auth Specification](https://github.com/libp2p/specs/pull/564).

acme/reader.go

@@ -0,0 +1,82 @@
+package acme
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/coredns/coredns/plugin"
+	"github.com/ipfs/go-datastore"
+	"github.com/libp2p/go-libp2p/core/peer"
+	"github.com/miekg/dns"
+)
+
+type acmeReader struct {
+	Next        plugin.Handler
+	ForgeDomain string
+	Datastore   datastore.Datastore
+}
+
+const ttl = 1 * time.Hour
+
+// ServeDNS implements the plugin.Handler interface.
+func (p acmeReader) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
+	var answers []dns.RR
+	for _, q := range r.Question {
+		if q.Qtype != dns.TypeTXT && q.Qtype != dns.TypeANY {
+			continue
+		}
+
+		subdomain := strings.TrimSuffix(q.Name, "."+p.ForgeDomain+".")
+		if len(subdomain) == len(q.Name) || len(subdomain) == 0 {
+			continue
+		}
+
+		domainSegments := strings.Split(subdomain, ".")
+		if len(domainSegments) != 2 {
+			continue
+		}
+
+		peerIDStr := domainSegments[1]
+		peerID, err := peer.Decode(peerIDStr)
+		if err != nil {
+			continue
+		}
+
+		const acmeSubdomain = "_acme-challenge"
+		prefix := domainSegments[0]
+		if prefix != acmeSubdomain {
+			continue
+		}
+
+		val, err := p.Datastore.Get(ctx, datastore.NewKey(peerID.String()))
+		if err != nil {
+			continue
+		}
+
+		answers = append(answers, &dns.TXT{
+			Hdr: dns.RR_Header{
+				Name:   dns.Fqdn(q.Name),
+				Rrtype: dns.TypeTXT,
+				Class:  dns.ClassINET,
+				Ttl:    uint32(ttl.Seconds()),
+			},
+			Txt: []string{string(val)},
+		})
+	}
+
+	if len(answers) > 0 {
+		var m dns.Msg
+		m.SetReply(r)
+		m.Authoritative = true
+		m.Answer = answers
+		w.WriteMsg(&m)
+		return dns.RcodeSuccess, nil
+	}
+
+	// Call next plugin (if any).
+	return plugin.NextOrFailure(p.Name(), p.Next, ctx, w, r)
+}
+
+// Name implements the Handler interface.
+func (p acmeReader) Name() string { return pluginName }