fix: address code review findings for DNS management

- CRITICAL: Change DNS zones endpoint from GET to POST to avoid leaking API token in URL query parameters - HIGH: Add sync.RWMutex to protect dnsProvider field in Server, Deployer, and proxy Manager against concurrent read/write races - HIGH: Capture old DNS provider reference synchronously before launching background cleanup goroutine - HIGH: Use getDNS()/getDNSProviderLocked() accessors instead of direct field reads in all DNS operations
2026-04-02 14:54:15 +03:00
parent c730cfaa45
commit 670948f113
243 changed files with 15971 additions and 535 deletions
@@ -208,8 +208,8 @@ func (s *Server) buildConsumerNameMap() map[string]string {

 // getOrCreateDNSProvider returns the server's DNS provider, or creates a temporary one from settings.
 func (s *Server) getOrCreateDNSProvider(settings store.Settings) dns.Provider {
-	if s.dnsProvider != nil {
-		return s.dnsProvider
+	if p := s.getDNSProviderLocked(); p != nil {
+		return p
 	}

 	if settings.WildcardDNS || settings.DNSProvider == "" || settings.CloudflareAPIToken == "" {