alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a57927419c6470d8c1f9de80b9508faa10a1b84
tiny-forge/plans/cloudflare-dns-management/phase-1-settings-model.md
T
alexei.dolgolyov c730cfaa45 feat: Cloudflare DNS management with automatic record sync 
Add flexible DNS management to Docker Watcher. By default, wildcard DNS
is assumed (current behavior). When disabled, users can configure a
Cloudflare DNS provider with API token and zone selection. DNS A records
are automatically created/updated/deleted in sync with proxy consumers
(deployed instances and standalone proxies).

- Settings: wildcard_dns toggle, dns_provider, cloudflare credentials
- Cloudflare client: Provider interface with EnsureRecord/DeleteRecord/ListRecords
- DNS lifecycle hooks in deployer and proxy manager (best-effort)
- Settings UI: DNS config section with provider picker, zone selector, test button
- DNS Records page at /dns with filtering, sync status, reconciliation
- Records visible in both wildcard and managed modes
- Cleanup on provider change: removes old records when switching modes
2026-04-02 14:49:21 +03:00

2.4 KiB
Raw Blame History

Phase 1: Settings Model & API

Status: Not Started Parent plan: PLAN.md Domain: backend

Objective

Extend the Settings model and API to support DNS provider configuration.

Tasks

  • Task 1: Add new fields to Settings struct in internal/store/models.go
    • WildcardDNS (bool, default true)
    • DNSProvider (string, default "")
    • CloudflareAPIToken (string, encrypted)
    • CloudflareZoneID (string)
  • Task 2: Add migration columns in internal/store/store.go
    • wildcard_dns INTEGER DEFAULT 1
    • dns_provider TEXT DEFAULT ''
    • cloudflare_api_token TEXT DEFAULT ''
    • cloudflare_zone_id TEXT DEFAULT ''
  • Task 3: Update GetSettings() and UpdateSettings() in internal/store/settings.go
    • Read/write new fields
    • Encrypt/decrypt cloudflare_api_token
  • Task 4: Update GET /api/settings handler to include new fields (mask token)
  • Task 5: Update PUT /api/settings handler to accept new fields
  • Task 6: Add POST /api/settings/dns/test endpoint — validate Cloudflare token + zone
  • Task 7: Add GET /api/settings/dns/zones endpoint — list Cloudflare zones for picker
  • Task 8: Register new routes in internal/api/router.go

Files to Modify/Create

  • internal/store/models.go — add fields to Settings struct
  • internal/store/store.go — add migration columns
  • internal/store/settings.go — update read/write queries
  • internal/api/settings.go — update handlers, add new endpoints
  • internal/api/router.go — register new routes

Acceptance Criteria

  • New settings fields are persisted and retrievable
  • Cloudflare API token is encrypted at rest
  • GET /api/settings returns new fields (token masked)
  • PUT /api/settings accepts and stores new fields
  • DNS test and zones endpoints registered (can return placeholder until Phase 2)

Notes

  • Token encryption uses existing crypto.Encrypt/Decrypt
  • has_cloudflare_api_token bool in GET response (same pattern as npm_password)
  • DNS test/zones endpoints will make real Cloudflare API calls — Phase 2 client needed for full implementation, but can use inline HTTP calls for these two endpoints

Review Checklist

  • All tasks completed
  • Code follows project conventions
  • No unintended side effects
  • Build passes
  • Tests pass (new + existing)

Handoff to Next Phase

Reference in New Issue View Git Blame Copy Permalink