dyndnsd: handle potential nil cases detected by sorbet

- including review suggestions from @jgraichen

.gitignore

@@ -1,3 +1,4 @@
 .DS_Store
 *.lock
 pkg/*
+sorbet/rbi/hidden-definitions/errors.txt

.rubocop.yml

@@ -0,0 +1,87 @@
+AllCops:
+  TargetRubyVersion: '2.3'
+
+Gemspec/OrderedDependencies:
+  Enabled: false
+
+Layout/EmptyLineAfterGuardClause:
+  Enabled: false
+
+# allows nicer usage of private_class_method
+Layout/EmptyLinesAroundArguments:
+  Enabled: false
+
+Layout/HashAlignment:
+  Enabled: false
+
+Layout/LeadingEmptyLines:
+  Enabled: false
+
+Layout/LineLength:
+  Max: 200
+
+Layout/SpaceInsideHashLiteralBraces:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+Naming/MethodParameterName:
+  Enabled: false
+
+Naming/MemoizedInstanceVariableName:
+  Enabled: false
+
+Style/ConditionalAssignment:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/FormatStringToken:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
+Style/IdenticalConditionalBranches:
+  Enabled: false
+
+Style/InverseMethods:
+  Enabled: false
+
+Style/NegatedIf:
+  Enabled: false
+
+Style/RescueModifier:
+  Enabled: false
+
+Style/SymbolArray:
+  Enabled: false

.travis.yml

@@ -1,9 +1,9 @@
+---
+os: linux
 language: ruby
-
 rvm:
-  - 2.0.0
+- 2.7
-  - 1.9.3
+- 2.6
-  - 1.8.7
+- 2.5
-
+- 2.4
-gemfile:
+- 2.3
-  - Gemfile

CHANGELOG.md

@@ -0,0 +1,86 @@
+# Changelog
+
+## 2.1.0
+
+IMPROVEMENTS:
+
+- Add Ruby 2.7 support
+- Add experimental [Sorbet](https://sorbet.org) support to development tools, fix surfaced problems
+
+## 2.0.0 (January 25, 2019)
+
+IMPROVEMENTS:
+
+- Drop Ruby 2.2 and lower support
+- Better protocol compliance by returning `badauth` in response body on HTTP 401 errors
+- Better code maintainability by refactorings
+- Update dependencies, mainly `rack` to new major version 2
+- Add Ruby 2.5 and Ruby 2.6 support
+- Add experimental [OpenTracing](http://opentracing.io/) support with [CNCF Jaeger](https://github.com/jaegertracing/jaeger)
+- Support host offlining by deleting the associated DNS records
+- Add textfile reporter to write Graphite-style metrics (also compatible with [Prometheus](https://prometheus.io/)) into a file
+
+## 1.6.1 (October 31, 2017)
+
+IMPROVEMENTS:
+
+- Fix broken password check affecting all previous releases
+
+## 1.6.0 (December 7, 2016)
+
+IMPROVEMENTS:
+
+- Support providing an IPv6 address in addition to a IPv4 for the same hostname
+
+## 1.5.0 (November 30, 2016)
+
+IMPROVEMENTS:
+
+- Drop Ruby 1.8.7 support
+- Pin `json` gem to allow supporting Ruby 1.9.3
+- Support determining effective client IP address also from `X-Real-IP` header
+
+## 1.4.0 (November 27, 2016)
+
+IMPROVEMENTS:
+
+- Pin `rack` gem to allow supporting Ruby versions < 2.2.2
+- Support IPv6 addresses
+
+## 1.3.0 (October 8, 2013)
+
+IMPROVEMENTS:
+
+- Handle `SIGTERM` \*nix signal properly and shutdown the daemon
+
+## 1.2.2 (June 8, 2013)
+
+IMPROVEMENTS:
+
+- Add proper logging to the provided init script for dyndnsd.rb
+
+## 1.2.1 (June 5, 2013)
+
+IMPROVEMENTS:
+
+- Fix bug in previous release related to metrics preventing startup
+
+## 1.2.0 (May 29, 2013)
+
+IMPROVEMENTS:
+
+- Support sending metrics to graphite via undocumented `graphite:` section in configuration file
+
+## 1.1.0 (April 30, 2013)
+
+IMPROVEMENTS:
+
+- Support dropping priviliges on startup, also affects external commands run
+- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
+- Detach from child processes running external commands to avoid zombie processes
+
+## 1.0.0 (April 28, 2013)
+
+NEW FEATURES:
+
+- Initial 1.0 release

README.md

@@ -1,14 +1,18 @@
 # dyndnsd.rb
 
-[![Build Status](https://travis-ci.org/cmur2/dyndnsd.png)](https://travis-ci.org/cmur2/dyndnsd)
+[![Build Status](https://travis-ci.org/cmur2/dyndnsd.svg?branch=master)](https://travis-ci.org/cmur2/dyndnsd) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
 
 A small, lightweight and extensible DynDNS server written with Ruby and Rack.
 
 ## Description
 
-dyndnsd.rb is aimed to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
+dyndnsd.rb aims to implement a small [DynDNS-compliant](https://help.dyn.com/remote-access-api/) server in Ruby supporting IPv4 and IPv6 addresses. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke a so-called *updater*, a small Ruby module that takes care of supplying the current hostname => ip mapping to a DNS server.
 
-The is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
+There is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers, too) to reload it's zone configuration.
+
+Because of the mechanisms used, dyndnsd.rb is known to work only on \*nix systems.
+
+See the [changelog](CHANGELOG.md) before upgrading. The older version 1.x of dyndnsd.rb is still available on [branch dyndnsd-1.x](https://github.com/cmur2/dyndnsd/tree/dyndnsd-1.x).
 
 ## General Usage
 
@@ -16,14 +20,15 @@ Install the gem:
 
 	gem install dyndnsd
 
-(Optionally install the `json` gem too if you're on Ruby 1.8.)
-
 Create a configuration file in YAML format somewhere:
 
 ```yaml
 # listen address and port
 host: "0.0.0.0"
 port: "80"
+# optional: drop priviliges in case you want to but you may need sudo for external commands
+user: "nobody"
+group: "nogroup"
 # logfile is optional, logs to STDOUT else
 logfile: "dyndnsd.log"
 # interal database file
@@ -98,7 +103,7 @@ Please provide ideas if you are using dyndnsd.rb with other DNS servers :)
 
 The update URL you want to tell your clients (humans or scripts ^^) consists of the following
 
-	http[s]://[USER]:[PASSWORD]@[DOMAIN]:[PORT]/nic/update?hostname=[HOSTNAMES]&myip=[MYIP]
+	http[s]://[USER]:[PASSWORD]@[DOMAIN]:[PORT]/nic/update?hostname=[HOSTNAMES]&myip=[MYIP]&myip6=[MYIP6]
 
 where:
 
@@ -107,7 +112,18 @@ where:
 * DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
 * PORT depends on your (webserver/proxy) settings
 * HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
-* MYIP is optional and the HTTP client's address will be used if missing
+* MYIP is optional and the HTTP client's IP address will be used if missing
+* MYIP6 is optional but if present also requires presence of MYIP
+
+### IP address determination
+
+The following rules apply:
+
+* use any IP address provided via the myip parameter when present, or
+* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
+* use any IP address used by the connecting HTTP client
+
+If you want to provide an additional IPv6 address as myip6 parameter the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
 
 ### SSL, multiple listen ports
 
@@ -115,7 +131,84 @@ Use a webserver as a proxy to handle SSL and/or multiple listen addresses and po
 
 ### Init scripts
 
-The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml.
+The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
+
+### Monitoring
+
+For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
+
+```yaml
+host: "0.0.0.0"
+port: "8245" # the DynDNS.com alternative HTTP port
+db: "/opt/dyndnsd/db.json"
+domain: "dyn.example.org"
+# configure the Graphite backend to be used instead of proctitle
+graphite:
+  host: localhost # defaults for host and port of a carbon server
+  port: 2003
+  prefix: "my.graphite.metrics.naming.structure.dyndnsd"
+# OR configure the textfile reporter instead of Graphite/proctitle
+textfile:
+  file: /path/to/file.prom
+  prefix: "my.graphite.metrics.naming.structure.dyndnsd"
+# configure the updater, here we use command_with_bind_zone, params are updater-specific
+updater:
+  name: "command_with_bind_zone"
+  params:
+    zone_file: "dyn.zone"
+    command: "echo 'Hello'"
+    ttl: "5m"
+    dns: "dns.example.org."
+    email_addr: "admin.example.org."
+# user database with hostnames a user is allowed to update
+users:
+  # 'foo' is username, 'secret' the password
+  foo:
+    password: "secret"
+    hosts:
+      - foo.example.org
+      - bar.example.org
+  test:
+    password: "ihavenohosts"
+```
+
+### Tracing (experimental)
+
+For tracing dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
+Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
+
+```yaml
+host: "0.0.0.0"
+port: "8245" # the DynDNS.com alternative HTTP port
+db: "/opt/dyndnsd/db.json"
+domain: "dyn.example.org"
+# enable and configure tracing using the (currently only) tracer jaeger
+tracing:
+  trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
+  jaeger:
+    host: 127.0.0.1 # defaults for host and port of local jaeger-agent
+    port: 6831
+    service_name: "my.dyndnsd.identifier"
+# configure the updater, here we use command_with_bind_zone, params are updater-specific
+updater:
+  name: "command_with_bind_zone"
+  params:
+    zone_file: "dyn.zone"
+    command: "echo 'Hello'"
+    ttl: "5m"
+    dns: "dns.example.org."
+    email_addr: "admin.example.org."
+# user database with hostnames a user is allowed to update
+users:
+  # 'foo' is username, 'secret' the password
+  foo:
+    password: "secret"
+    hosts:
+      - foo.example.org
+      - bar.example.org
+  test:
+    password: "ihavenohosts"
+```
 
 ## License
 

Rakefile

@@ -1,6 +1,14 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'bundler/audit/task'
 
 RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
+Bundler::Audit::Task.new
 
-task :default => :spec
+task :sorbet do
+  sh 'srb typecheck'
+end
+
+task default: [:rubocop, :sorbet, :spec, 'bundle:audit']

dyndnsd.gemspec

@@ -1,5 +1,5 @@
 
-$:.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path('lib', __dir__)
 
 require 'dyndnsd/version'
 
@@ -10,21 +10,29 @@ Gem::Specification.new do |s|
   s.description = 'A small, lightweight and extensible DynDNS server written with Ruby and Rack.'
   s.author = 'Christian Nicolai'
   s.email = 'chrnicolai@gmail.com'
-  s.license = 'Apache License Version 2.0'
   s.homepage = 'https://github.com/cmur2/dyndnsd'
+  s.license = 'Apache-2.0'
 
-  s.files = `git ls-files`.split($/)
+  s.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   s.test_files = s.files.grep(%r{^(test|spec|features)/})
-
   s.require_paths = ['lib']
-
   s.executables = ['dyndnsd']
 
-  s.add_runtime_dependency 'rack'
+  s.required_ruby_version = '>= 2.3'
-  s.add_runtime_dependency 'json'
 
-  s.add_development_dependency 'bundler', '~> 1.3'
+  s.add_runtime_dependency 'rack', '~> 2.0'
+  s.add_runtime_dependency 'json'
+  s.add_runtime_dependency 'metriks'
+  s.add_runtime_dependency 'opentracing', '~> 0.5.0'
+  s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
+  s.add_runtime_dependency 'jaeger-client', '~> 0.10.0'
+  s.add_runtime_dependency 'sorbet-runtime', '~> 0.5.0'
+
+  s.add_development_dependency 'bundler'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
   s.add_development_dependency 'rack-test'
+  s.add_development_dependency 'rubocop', '~> 0.80.0'
+  s.add_development_dependency 'bundler-audit', '~> 0.6.0'
+  s.add_development_dependency 'sorbet', '~> 0.5.0'
 end

init.d/debian-6-dyndnsd

@@ -23,18 +23,21 @@ case "$1" in
   start)
     log_daemon_msg "Starting dyndnsd.rb" "dyndnsd"
     start-stop-daemon --start --quiet --oknodo --make-pidfile --pidfile "/var/run/dyndnsd.pid" --background --exec $DAEMON -- $DAEMON_OPTS
+    log_end_msg $?
     ;;
   stop)
     log_daemon_msg "Stopping dyndnsd.rb" "dyndnsd"
     start-stop-daemon --stop --quiet --oknodo --pidfile "/var/run/dyndnsd.pid"
+    log_end_msg $?
     ;;
   restart|force-reload)
     log_daemon_msg "Restarting dyndnsd.rb" "dyndnsd"
     start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile "/var/run/dyndsd.pid"
     start-stop-daemon --start --quiet --oknodo --make-pidfile --pidfile "/var/run/dyndnsd.pid" --background --exec $DAEMON -- $DAEMON_OPTS
+    log_end_msg $?
     ;;
   *)
-    echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+    log_action_msg "Usage: $0 {start|stop|restart|force-reload}"
-    exit 1
+    exit 2
     ;;
 esac

lib/dyndnsd.rb

@@ -1,16 +1,24 @@
 #!/usr/bin/env ruby
+# typed: true
 
+require 'etc'
 require 'logger'
 require 'ipaddr'
 require 'json'
 require 'yaml'
 require 'rack'
+require 'metriks'
+require 'metriks/reporter/graphite'
+require 'opentracing'
+require 'rack/tracer'
 
 require 'dyndnsd/generator/bind'
 require 'dyndnsd/updater/command_with_bind_zone'
 require 'dyndnsd/responder/dyndns_style'
 require 'dyndnsd/responder/rest_style'
 require 'dyndnsd/database'
+require 'dyndnsd/helper'
+require 'dyndnsd/textfile_reporter'
 require 'dyndnsd/version'
 
 module Dyndnsd
@@ -23,140 +31,268 @@ module Dyndnsd
   end
 
   class LogFormatter
-    def call(lvl, time, progname, msg)
+    def call(lvl, _time, _progname, msg)
-      "[%s] %-5s %s\n" % [Time.now.strftime('%Y-%m-%d %H:%M:%S'), lvl, msg.to_s]
+      format("[%s] %-5s %s\n", Time.now.strftime('%Y-%m-%d %H:%M:%S'), lvl, msg.to_s)
     end
   end
 
   class Daemon
-    def initialize(config, db, updater, responder)
+    def initialize(config, db, updater)
       @users = config['users']
       @domain = config['domain']
       @db = db
       @updater = updater
-      @responder = responder
 
       @db.load
       @db['serial'] ||= 1
       @db['hosts'] ||= {}
-      (@db.save; update) if @db.changed?
+      if @db.changed?
-    end
+        @db.save
-    
-    def update
         @updater.update(@db)
       end
+    end
 
-    def is_fqdn_valid?(hostname)
+    def authorized?(username, password)
-      return false if hostname.length < @domain.length + 2
+      Helper.span('check_authorized') do |span|
-      return false if not hostname.end_with?(@domain)
+        span.set_tag('dyndnsd.user', username)
-      name = hostname.chomp(@domain)
+
-      return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
+        allow = Helper.user_allowed?(username, password, @users)
-      true
+        if !allow
+          Dyndnsd.logger.warn "Login failed for #{username}"
+          Metriks.meter('requests.auth_failed').mark
+        end
+        allow
+      end
     end
 
     def call(env)
-      return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
+      return [422, {'X-DynDNS-Response' => 'method_forbidden'}, []] if env['REQUEST_METHOD'] != 'GET'
-      return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update"
+      return [422, {'X-DynDNS-Response' => 'not_found'}, []] if env['PATH_INFO'] != '/nic/update'
 
-      params = Rack::Utils.parse_query(env["QUERY_STRING"])
+      handle_dyndns_request(env)
-      
-      return @responder.response_for_error(:hostname_missing) if not params["hostname"]
-      
-      hostnames = params["hostname"].split(',')
-      
-      # Check if hostname match rules
-      hostnames.each do |hostname|
-        return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname)
-      end
-      
-      user = env["REMOTE_USER"]
-      
-      hostnames.each do |hostname|
-        return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname
-      end
-      
-      # no myip?
-      if not params["myip"]
-        params["myip"] = env["REMOTE_ADDR"]
-      end
-      
-      # malformed myip?
-      begin
-        IPAddr.new(params["myip"], Socket::AF_INET)
-      rescue ArgumentError
-        params["myip"] = env["REMOTE_ADDR"]
-      end
-      
-      myip = params["myip"]
-      
-      Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}"
-      
-      changes = []
-      hostnames.each do |hostname|
-        if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip)
-          changes << :good
-          @db['hosts'][hostname] = myip
-        else
-          changes << :nochg
-        end
-      end
-      
-      if @db.changed?
-        @db['serial'] += 1
-        Dyndnsd.logger.info "Committing update ##{@db['serial']}"
-        @db.save
-        update
-      end
-      
-      @responder.response_for_changes(changes, myip)
     end
 
     def self.run!
       if ARGV.length != 1
-        puts "Usage: dyndnsd config_file"
+        puts 'Usage: dyndnsd config_file'
         exit 1
       end
 
       config_file = ARGV[0]
 
-      if not File.file?(config_file)
+      if !File.file?(config_file)
-        puts "Config file not found!"
+        puts 'Config file not found!'
         exit 1
       end
 
       puts "DynDNSd version #{Dyndnsd::VERSION}"
       puts "Using config file #{config_file}"
 
-      config = YAML::load(File.open(config_file, 'r') { |f| f.read })
+      config = YAML.safe_load(File.open(config_file, 'r', &:read))
 
+      setup_logger(config)
+
+      Dyndnsd.logger.info 'Starting...'
+
+      # drop priviliges as soon as possible
+      # NOTE: first change group than user
+      if config['group']
+        group = Etc.getgrnam(config['group'])
+        Process::Sys.setgid(group.gid) if group
+      end
+      if config['user']
+        user = Etc.getpwnam(config['user'])
+        Process::Sys.setuid(user.uid) if user
+      end
+
+      setup_traps
+
+      setup_monitoring(config)
+
+      setup_tracing(config)
+
+      setup_rack(config)
+    end
+
+    private
+
+    def extract_v4_and_v6_address(params)
+      return [] if !(params['myip'])
+      begin
+        IPAddr.new(params['myip'], Socket::AF_INET)
+        IPAddr.new(params['myip6'], Socket::AF_INET6)
+        [params['myip'], params['myip6']]
+      rescue ArgumentError
+        []
+      end
+    end
+
+    def extract_myips(env, params)
+      # require presence of myip parameter as valid IPAddr (v4) and valid myip6
+      return extract_v4_and_v6_address(params) if params.key?('myip6')
+
+      # check whether myip parameter has valid IPAddr
+      return [params['myip']] if params.key?('myip') && Helper.ip_valid?(params['myip'])
+
+      # check whether X-Real-IP header has valid IPAddr
+      return [env['HTTP_X_REAL_IP']] if env.key?('HTTP_X_REAL_IP') && Helper.ip_valid?(env['HTTP_X_REAL_IP'])
+
+      # fallback value, always present
+      [env['REMOTE_ADDR']]
+    end
+
+    def process_changes(hostnames, myips)
+      changes = []
+      Helper.span('process_changes') do |span|
+        span.set_tag('dyndnsd.hostnames', hostnames.join(','))
+
+        hostnames.each do |hostname|
+          # myips order is always deterministic
+          if myips.empty? && @db['hosts'].include?(hostname)
+            @db['hosts'].delete(hostname)
+            changes << :good
+            Metriks.meter('requests.good').mark
+          elsif Helper.changed?(hostname, myips, @db['hosts'])
+            @db['hosts'][hostname] = myips
+            changes << :good
+            Metriks.meter('requests.good').mark
+          else
+            changes << :nochg
+            Metriks.meter('requests.nochg').mark
+          end
+        end
+      end
+      changes
+    end
+
+    def update_db
+      @db['serial'] += 1
+      Dyndnsd.logger.info "Committing update ##{@db['serial']}"
+      @db.save
+      @updater.update(@db)
+      Metriks.meter('updates.committed').mark
+    end
+
+    def handle_dyndns_request(env)
+      params = Rack::Utils.parse_query(env['QUERY_STRING'])
+
+      # require hostname parameter
+      return [422, {'X-DynDNS-Response' => 'hostname_missing'}, []] if !(params['hostname'])
+
+      hostnames = params['hostname'].split(',')
+
+      # check for invalid hostnames
+      invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
+      return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
+
+      user = env['REMOTE_USER']
+
+      # check for hostnames that the user does not own
+      forbidden_hostnames = hostnames - @users[user]['hosts']
+      return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
+
+      if params['offline'] == 'YES'
+        myips = []
+      else
+        myips = extract_myips(env, params)
+        # require at least one IP to update
+        return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if myips.empty?
+      end
+
+      Metriks.meter('requests.valid').mark
+      Dyndnsd.logger.info "Request to update #{hostnames} to #{myips} for user #{user}"
+
+      changes = process_changes(hostnames, myips)
+
+      update_db if @db.changed?
+
+      [200, {'X-DynDNS-Response' => 'success'}, [changes, myips]]
+    end
+
+    # SETUP
+
+    private_class_method def self.setup_logger(config)
       if config['logfile']
         Dyndnsd.logger = Logger.new(config['logfile'])
       else
         Dyndnsd.logger = Logger.new(STDOUT)
       end
 
-      Dyndnsd.logger.progname = "dyndnsd"
+      Dyndnsd.logger.progname = 'dyndnsd'
       Dyndnsd.logger.formatter = LogFormatter.new
-
-      Dyndnsd.logger.info "Starting..."
-
-      db = Database.new(config['db'])
-      updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
-      responder = Responder::DynDNSStyle.new
-      
-      app = Daemon.new(config, db, updater, responder)
-      app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
-        allow = (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
-        Dyndnsd.logger.warn "Login failed for #{user}" if not allow
-        allow
     end
 
+    private_class_method def self.setup_traps
       Signal.trap('INT') do
-        Dyndnsd.logger.info "Quitting..."
+        Dyndnsd.logger.info 'Quitting...'
         Rack::Handler::WEBrick.shutdown
       end
+      Signal.trap('TERM') do
+        Dyndnsd.logger.info 'Quitting...'
+        Rack::Handler::WEBrick.shutdown
+      end
+    end
 
-      Rack::Handler::WEBrick.run app, :Host => config['host'], :Port => config['port']
+    private_class_method def self.setup_monitoring(config)
+      # configure metriks
+      if config['graphite']
+        host = config['graphite']['host'] || 'localhost'
+        port = config['graphite']['port'] || 2003
+        options = {}
+        options[:prefix] = config['graphite']['prefix'] if config['graphite']['prefix']
+        reporter = Metriks::Reporter::Graphite.new(host, port, options)
+        reporter.start
+      elsif config['textfile']
+        file = config['textfile']['file'] || '/tmp/dyndnsd-metrics.prom'
+        options = {}
+        options[:prefix] = config['textfile']['prefix'] if config['textfile']['prefix']
+        reporter = Dyndnsd::TextfileReporter.new(file, options)
+        reporter.start
+      else
+        reporter = Metriks::Reporter::ProcTitle.new
+        reporter.add 'good', 'sec' do
+          Metriks.meter('requests.good').mean_rate
+        end
+        reporter.add 'nochg', 'sec' do
+          Metriks.meter('requests.nochg').mean_rate
+        end
+        reporter.start
+      end
+    end
+
+    private_class_method def self.setup_tracing(config)
+      # configure OpenTracing
+      if config.dig('tracing', 'jaeger')
+        require 'jaeger/client'
+
+        host = config['tracing']['jaeger']['host'] || '127.0.0.1'
+        port = config['tracing']['jaeger']['port'] || 6831
+        service_name = config['tracing']['jaeger']['service_name'] || 'dyndnsd'
+        OpenTracing.global_tracer = Jaeger::Client.build(
+          host: host, port: port, service_name: service_name, flush_interval: 1
+        )
+      end
+    end
+
+    private_class_method def self.setup_rack(config)
+      # configure daemon
+      db = Database.new(config['db'])
+      updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
+      daemon = Daemon.new(config, db, updater)
+
+      # configure rack
+      app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
+
+      if config['responder'] == 'RestStyle'
+        app = Responder::RestStyle.new(app)
+      else
+        app = Responder::DynDNSStyle.new(app)
+      end
+
+      trust_incoming_span = config.dig('tracing', 'trust_incoming_span') || false
+      app = Rack::Tracer.new(app, trust_incoming_span: trust_incoming_span)
+
+      Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
     end
   end
 end

lib/dyndnsd/database.rb

@@ -1,3 +1,4 @@
+# typed: true
 
 require 'forwardable'
 
@@ -13,7 +14,7 @@ module Dyndnsd
 
     def load
       if File.file?(@db_file)
-        @db = JSON.load(File.open(@db_file, 'r') { |f| f.read })
+        @db = JSON.parse(File.read(@db_file, mode: 'r'))
       else
         @db = {}
       end
@@ -21,9 +22,11 @@ module Dyndnsd
     end
 
     def save
+      Helper.span('database_save') do |_span|
         File.open(@db_file, 'w') { |f| JSON.dump(@db, f) }
         @db_hash = @db.hash
       end
+    end
 
     def changed?
       @db_hash != @db.hash

lib/dyndnsd/generator/bind.rb

@@ -1,3 +1,4 @@
+# typed: true
 
 module Dyndnsd
   module Generator
@@ -10,21 +11,25 @@ module Dyndnsd
         @additional_zone_content = config['additional_zone_content']
       end
 
-      def generate(zone)
+      def generate(db)
         out = []
         out << "$TTL #{@ttl}"
         out << "$ORIGIN #{@domain}."
-        out << ""
+        out << ''
-        out << "@ IN SOA #{@dns} #{@email_addr} ( #{zone['serial']} 3h 5m 1w 1h )"
+        out << "@ IN SOA #{@dns} #{@email_addr} ( #{db['serial']} 3h 5m 1w 1h )"
         out << "@ IN NS #{@dns}"
-        out << ""
+        out << ''
-        zone['hosts'].each do |hostname,ip|
+        db['hosts'].each do |hostname, ips|
+          ips.each do |ip|
+            ip = IPAddr.new(ip).native
+            type = ip.ipv6? ? 'AAAA' : 'A'
             name = hostname.chomp('.' + @domain)
-          out << "#{name} IN A #{ip}"
+            out << "#{name} IN #{type} #{ip}"
           end
-        out << ""
+        end
+        out << ''
         out << @additional_zone_content
-        out << ""
+        out << ''
         out.join("\n")
       end
     end

lib/dyndnsd/helper.rb

@@ -0,0 +1,53 @@
+# typed: true
+
+require 'ipaddr'
+
+module Dyndnsd
+  class Helper
+    def self.fqdn_valid?(hostname, domain)
+      return false if hostname.length < domain.length + 2
+      return false if !hostname.end_with?(domain)
+      name = hostname.chomp(domain)
+      return false if !name.match(/^[a-zA-Z0-9_-]+\.$/)
+      true
+    end
+
+    def self.ip_valid?(ip)
+      IPAddr.new(ip)
+      true
+    rescue ArgumentError
+      false
+    end
+
+    def self.user_allowed?(username, password, users)
+      (users.key? username) && (users[username]['password'] == password)
+    end
+
+    def self.changed?(hostname, myips, hosts)
+      # myips order is always deterministic
+      ((!hosts.include? hostname) || (hosts[hostname] != myips)) && !myips.empty?
+    end
+
+    def self.span(operation, &block)
+      scope = OpenTracing.start_active_span(operation)
+      span = scope.span
+      span.set_tag('component', 'dyndnsd')
+      span.set_tag('span.kind', 'server')
+      begin
+        block.call(span)
+      rescue StandardError => e
+        span.set_tag('error', true)
+        span.log_kv(
+          event: 'error',
+          'error.kind': e.class.to_s,
+          'error.object': e,
+          message: e.message,
+          stack: e.backtrace&.join("\n") || ''
+        )
+        raise
+      ensure
+        scope.close
+      end
+    end
+  end
+end

lib/dyndnsd/responder/dyndns_style.rb

@@ -1,20 +1,54 @@
+# typed: true
 
 module Dyndnsd
   module Responder
     class DynDNSStyle
-      def response_for_error(state)
+      def initialize(app)
-        # general http errors
+        @app = app
-        return [405, {"Content-Type" => "text/plain"}, ["Method Not Allowed"]] if state == :method_forbidden
-        return [404, {"Content-Type" => "text/plain"}, ["Not Found"]] if state == :not_found
-        # specific errors
-        return [200, {"Content-Type" => "text/plain"}, ["notfqdn"]] if state == :hostname_missing
-        return [200, {"Content-Type" => "text/plain"}, ["nohost"]] if state == :host_forbidden
-        return [200, {"Content-Type" => "text/plain"}, ["notfqdn"]] if state == :hostname_malformed
       end
 
-      def response_for_changes(states, ip)
+      def call(env)
-        body = states.map { |state| "#{state} #{ip}" }.join("\n")
+        @app.call(env).tap do |status_code, headers, body|
-        return [200, {"Content-Type" => "text/plain"}, [body]]
+          if headers.key?('X-DynDNS-Response')
+            return decorate_dyndnsd_response(status_code, headers, body)
+          else
+            return decorate_other_response(status_code, headers, body)
+          end
+        end
+      end
+
+      private
+
+      def decorate_dyndnsd_response(status_code, headers, body)
+        if status_code == 200
+          [200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
+        elsif status_code == 422
+          error_response_map[headers['X-DynDNS-Response']]
+        end
+      end
+
+      def decorate_other_response(status_code, headers, _body)
+        if status_code == 400
+          [status_code, headers, ['Bad Request']]
+        elsif status_code == 401
+          [status_code, headers, ['badauth']]
+        end
+      end
+
+      def get_success_body(changes, myips)
+        changes.map { |change| "#{change} #{myips.join(' ')}" }.join("\n")
+      end
+
+      def error_response_map
+        {
+          # general http errors
+          'method_forbidden'   => [405, {'Content-Type' => 'text/plain'}, ['Method Not Allowed']],
+          'not_found'          => [404, {'Content-Type' => 'text/plain'}, ['Not Found']],
+          # specific errors
+          'hostname_missing'   => [200, {'Content-Type' => 'text/plain'}, ['notfqdn']],
+          'hostname_malformed' => [200, {'Content-Type' => 'text/plain'}, ['notfqdn']],
+          'host_forbidden'     => [200, {'Content-Type' => 'text/plain'}, ['nohost']]
+        }
       end
     end
   end

lib/dyndnsd/responder/rest_style.rb

@@ -1,20 +1,54 @@
+# typed: true
 
 module Dyndnsd
   module Responder
     class RestStyle
-      def response_for_error(state)
+      def initialize(app)
-        # general http errors
+        @app = app
-        return [405, {"Content-Type" => "text/plain"}, ["Method Not Allowed"]] if state == :method_forbidden
-        return [404, {"Content-Type" => "text/plain"}, ["Not Found"]] if state == :not_found
-        # specific errors
-        return [422, {"Content-Type" => "text/plain"}, ["Hostname missing"]] if state == :hostname_missing
-        return [403, {"Content-Type" => "text/plain"}, ["Forbidden"]] if state == :host_forbidden
-        return [422, {"Content-Type" => "text/plain"}, ["Hostname malformed"]] if state == :hostname_malformed
       end
 
-      def response_for_changes(states, ip)
+      def call(env)
-        body = states.map { |state| state == :good ? "Changed to #{ip}" : "No change needed for #{ip}" }.join("\n")
+        @app.call(env).tap do |status_code, headers, body|
-        return [200, {"Content-Type" => "text/plain"}, [body]]
+          if headers.key?('X-DynDNS-Response')
+            return decorate_dyndnsd_response(status_code, headers, body)
+          else
+            return decorate_other_response(status_code, headers, body)
+          end
+        end
+      end
+
+      private
+
+      def decorate_dyndnsd_response(status_code, headers, body)
+        if status_code == 200
+          [200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
+        elsif status_code == 422
+          error_response_map[headers['X-DynDNS-Response']]
+        end
+      end
+
+      def decorate_other_response(status_code, headers, _body)
+        if status_code == 400
+          [status_code, headers, ['Bad Request']]
+        elsif status_code == 401
+          [status_code, headers, ['Unauthorized']]
+        end
+      end
+
+      def get_success_body(changes, myips)
+        changes.map { |change| change == :good ? "Changed to #{myips.join(' ')}" : "No change needed for #{myips.join(' ')}" }.join("\n")
+      end
+
+      def error_response_map
+        {
+          # general http errors
+          'method_forbidden'   => [405, {'Content-Type' => 'text/plain'}, ['Method Not Allowed']],
+          'not_found'          => [404, {'Content-Type' => 'text/plain'}, ['Not Found']],
+          # specific errors
+          'hostname_missing'   => [422, {'Content-Type' => 'text/plain'}, ['Hostname missing']],
+          'hostname_malformed' => [422, {'Content-Type' => 'text/plain'}, ['Hostname malformed']],
+          'host_forbidden'     => [403, {'Content-Type' => 'text/plain'}, ['Forbidden']]
+        }
       end
     end
   end

lib/dyndnsd/textfile_reporter.rb

@@ -0,0 +1,111 @@
+# typed: true
+
+# Adapted from https://github.com/eric/metriks-graphite/blob/master/lib/metriks/reporter/graphite.rb
+
+require 'metriks'
+
+module Dyndnsd
+  class TextfileReporter
+    attr_reader :file
+
+    def initialize(file, options = {})
+      @file = file
+
+      @prefix = options[:prefix]
+
+      @registry  = options[:registry] || Metriks::Registry.default
+      @interval  = options[:interval] || 60
+      @on_error  = options[:on_error] || proc { |ex| }
+    end
+
+    def start
+      @thread ||= Thread.new do
+        loop do
+          sleep @interval
+
+          Thread.new do
+            begin
+              write
+            rescue StandardError => e
+              @on_error[e] rescue nil
+            end
+          end
+        end
+      end
+    end
+
+    def stop
+      @thread&.kill
+      @thread = nil
+    end
+
+    def restart
+      stop
+      start
+    end
+
+    def write
+      File.open(@file, 'w') do |f|
+        @registry.each do |name, metric|
+          case metric
+          when Metriks::Meter
+            write_metric f, name, metric, [
+              :count, :one_minute_rate, :five_minute_rate,
+              :fifteen_minute_rate, :mean_rate
+            ]
+          when Metriks::Counter
+            write_metric f, name, metric, [
+              :count
+            ]
+          when Metriks::UtilizationTimer
+            write_metric f, name, metric, [
+              :count, :one_minute_rate, :five_minute_rate,
+              :fifteen_minute_rate, :mean_rate,
+              :min, :max, :mean, :stddev,
+              :one_minute_utilization, :five_minute_utilization,
+              :fifteen_minute_utilization, :mean_utilization
+            ], [
+              :median, :get_95th_percentile
+            ]
+          when Metriks::Timer
+            write_metric f, name, metric, [
+              :count, :one_minute_rate, :five_minute_rate,
+              :fifteen_minute_rate, :mean_rate,
+              :min, :max, :mean, :stddev
+            ], [
+              :median, :get_95th_percentile
+            ]
+          when Metriks::Histogram
+            write_metric f, name, metric, [
+              :count, :min, :max, :mean, :stddev
+            ], [
+              :median, :get_95th_percentile
+            ]
+          end
+        end
+      end
+    end
+
+    def write_metric(file, base_name, metric, keys, snapshot_keys = [])
+      time = Time.now.to_i
+
+      base_name = base_name.to_s.gsub(/ +/, '_')
+      base_name = "#{@prefix}.#{base_name}" if @prefix
+
+      keys.flatten.each do |key|
+        name = key.to_s.gsub(/^get_/, '')
+        value = metric.send(key)
+        file.write("#{base_name}.#{name} #{value} #{time}\n")
+      end
+
+      unless snapshot_keys.empty?
+        snapshot = metric.snapshot
+        snapshot_keys.flatten.each do |key|
+          name = key.to_s.gsub(/^get_/, '')
+          value = snapshot.send(key)
+          file.write("#{base_name}.#{name} #{value} #{time}\n")
+        end
+      end
+    end
+  end
+end

lib/dyndnsd/updater/command_with_bind_zone.rb

@@ -1,3 +1,4 @@
+# typed: true
 
 module Dyndnsd
   module Updater
@@ -8,13 +9,20 @@ module Dyndnsd
         @generator = Generator::Bind.new(domain, config)
       end
 
-      def update(zone)
+      def update(db)
+        Helper.span('updater_update') do |span|
+          span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
+
           # write zone file in bind syntax
-        File.open(@zone_file, 'w') { |f| f.write(@generator.generate(zone)) }
+          File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }
           # call user-defined command
           pid = fork do
             exec @command
           end
+
+          # detach so children don't become zombies
+          Process.detach(pid) if pid
+        end
       end
     end
   end

lib/dyndnsd/version.rb

@@ -1,4 +1,5 @@
+# typed: true
 
 module Dyndnsd
-  VERSION = "1.0.0"
+  VERSION = '2.0.0'.freeze
 end

sorbet/config

@@ -0,0 +1,2 @@
+--dir
+.

sorbet/rbi/jaeger-client.rbi

@@ -0,0 +1,5 @@
+# typed: strong
+
+module Jaeger::Client
+    def self.build(*args); end
+end

sorbet/rbi/rack.rbi

@@ -0,0 +1,5 @@
+# typed: strong
+
+class Rack::Auth::Basic
+    def initialize(app, *args); end
+end

sorbet/rbi/sorbet-typed/lib/rainbow/all/rainbow.rbi

@@ -0,0 +1,276 @@
+# This file is autogenerated. Do not edit it by hand. Regenerate it with:
+#   srb rbi sorbet-typed
+#
+# If you would like to make changes to this file, great! Please upstream any changes you make here:
+#
+#   https://github.com/sorbet/sorbet-typed/edit/master/lib/rainbow/all/rainbow.rbi
+#
+# typed: strong
+
+module Rainbow
+  sig { returns(T::Boolean) }
+  attr_accessor :enabled
+
+  class Color
+    sig { returns(Symbol) }
+    attr_reader :ground
+
+    sig do
+      params(
+        ground: Symbol,
+        values: T.any([Integer], [Integer, Integer, Integer])
+      ).returns(Color)
+    end
+    def self.build(ground, values); end
+
+    sig { params(hex: String).returns([Integer, Integer, Integer]) }
+    def self.parse_hex_color(hex); end
+
+    class Indexed < Color
+      sig { returns(Integer) }
+      attr_reader :num
+
+      sig { params(ground: Symbol, num: Integer).returns(Indexed) }
+      def initialize(ground, num); end
+
+      sig { returns(T::Array[Integer]) }
+      def codes; end
+    end
+
+    class Named < Indexed
+      NAMES = T.let(nil, T::Hash[Symbol, Integer])
+
+      sig { returns(T::Array[Symbol]) }
+      def self.color_names; end
+
+      sig { returns(String) }
+      def self.valid_names; end
+
+      sig { params(ground: Symbol, name: Symbol).returns(Named) }
+      def initialize(ground, name); end
+    end
+
+    class RGB < Indexed
+      sig { returns(Integer) }
+      attr_accessor :r, :g, :b
+
+      sig { params(value: Numeric).returns(Integer) }
+      def to_ansi_domain(value); end
+
+      sig { params(ground: Symbol, values: Integer).returns(RGB) }
+      def initialize(ground, *values); end
+
+      sig { returns(T::Array[Integer]) }
+      def codes; end
+    end
+
+    class X11Named < RGB
+      include X11ColorNames
+
+      sig { returns(T::Array[Symbol]) }
+      def self.color_names; end
+
+      sig { returns(String) }
+      def self.valid_names; end
+
+      sig { params(ground: Symbol, name: Symbol).returns(X11Named) }
+      def initialize(ground, name); end
+    end
+  end
+
+  sig { returns(Wrapper) }
+  def self.global; end
+
+  sig { returns(T::Boolean) }
+  def self.enabled; end
+
+  sig { params(value: T::Boolean).returns(T::Boolean) }
+  def self.enabled=(value); end
+
+  sig { params(string: String).returns(String) }
+  def self.uncolor(string); end
+
+  class NullPresenter < String
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(NullPresenter) }
+    def color(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(NullPresenter) }
+    def foreground(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(NullPresenter) }
+    def fg(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(NullPresenter) }
+    def background(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(NullPresenter) }
+    def bg(*values); end
+
+    sig { returns(NullPresenter) }
+    def reset; end
+
+    sig { returns(NullPresenter) }
+    def bright; end
+
+    sig { returns(NullPresenter) }
+    def faint; end
+
+    sig { returns(NullPresenter) }
+    def italic; end
+
+    sig { returns(NullPresenter) }
+    def underline; end
+
+    sig { returns(NullPresenter) }
+    def blink; end
+
+    sig { returns(NullPresenter) }
+    def inverse; end
+
+    sig { returns(NullPresenter) }
+    def hide; end
+
+    sig { returns(NullPresenter) }
+    def cross_out; end
+
+    sig { returns(NullPresenter) }
+    def black; end
+
+    sig { returns(NullPresenter) }
+    def red; end
+
+    sig { returns(NullPresenter) }
+    def green; end
+
+    sig { returns(NullPresenter) }
+    def yellow; end
+
+    sig { returns(NullPresenter) }
+    def blue; end
+
+    sig { returns(NullPresenter) }
+    def magenta; end
+
+    sig { returns(NullPresenter) }
+    def cyan; end
+
+    sig { returns(NullPresenter) }
+    def white; end
+
+    sig { returns(NullPresenter) }
+    def bold; end
+
+    sig { returns(NullPresenter) }
+    def dark; end
+
+    sig { returns(NullPresenter) }
+    def strike; end
+  end
+
+  class Presenter < String
+    TERM_EFFECTS = T.let(nil, T::Hash[Symbol, Integer])
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(Presenter) }
+    def color(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(Presenter) }
+    def foreground(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(Presenter) }
+    def fg(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(Presenter) }
+    def background(*values); end
+
+    sig { params(values: T.any([Integer], [Integer, Integer, Integer])).returns(Presenter) }
+    def bg(*values); end
+
+    sig { returns(Presenter) }
+    def reset; end
+
+    sig { returns(Presenter) }
+    def bright; end
+
+    sig { returns(Presenter) }
+    def faint; end
+
+    sig { returns(Presenter) }
+    def italic; end
+
+    sig { returns(Presenter) }
+    def underline; end
+
+    sig { returns(Presenter) }
+    def blink; end
+
+    sig { returns(Presenter) }
+    def inverse; end
+
+    sig { returns(Presenter) }
+    def hide; end
+
+    sig { returns(Presenter) }
+    def cross_out; end
+
+    sig { returns(Presenter) }
+    def black; end
+
+    sig { returns(Presenter) }
+    def red; end
+
+    sig { returns(Presenter) }
+    def green; end
+
+    sig { returns(Presenter) }
+    def yellow; end
+
+    sig { returns(Presenter) }
+    def blue; end
+
+    sig { returns(Presenter) }
+    def magenta; end
+
+    sig { returns(Presenter) }
+    def cyan; end
+
+    sig { returns(Presenter) }
+    def white; end
+
+    sig { returns(Presenter) }
+    def bold; end
+
+    sig { returns(Presenter) }
+    def dark; end
+
+    sig { returns(Presenter) }
+    def strike; end
+  end
+
+  class StringUtils
+    sig { params(string: String, codes: T::Array[Integer]).returns(String) }
+    def self.wrap_with_sgr(string, codes); end
+
+    sig { params(string: String).returns(String) }
+    def uncolor(string); end
+  end
+
+  VERSION = T.let(nil, String)
+
+  class Wrapper
+    sig { returns(T::Boolean) }
+    attr_accessor :enabled
+
+    sig { params(enabled: T::Boolean).returns(Wrapper) }
+    def initialize(enabled = true); end
+
+    sig { params(string: String).returns(T.any(Rainbow::Presenter, Rainbow::NullPresenter)) }
+    def wrap(string); end
+  end
+
+  module X11ColorNames
+    NAMES = T.let(nil, T::Hash[Symbol, [Integer, Integer, Integer]])
+  end
+end
+
+sig { params(string: String).returns(Rainbow::Presenter) }
+def Rainbow(string); end

sorbet/rbi/sorbet-typed/lib/ruby/all/open3.rbi

@@ -0,0 +1,111 @@
+# This file is autogenerated. Do not edit it by hand. Regenerate it with:
+#   srb rbi sorbet-typed
+#
+# If you would like to make changes to this file, great! Please upstream any changes you make here:
+#
+#   https://github.com/sorbet/sorbet-typed/edit/master/lib/ruby/all/open3.rbi
+#
+# typed: strong
+
+module Open3
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(stdin: IO, stdout: IO, stderr: IO, wait_thr: Process::Waiter).void)
+    ).returns([IO, IO, IO, Process::Waiter])
+  end
+  def self.popen3(*cmd, **opts, &block); end
+
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(stdin: IO, stdout: IO, wait_thr: Process::Waiter).void)
+    ).returns([IO, IO, Process::Waiter])
+  end
+  def self.popen2(*cmd, **opts, &block); end
+
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(stdin: IO, stdout_and_stderr: IO, wait_thr: Process::Waiter).void)
+    ).returns([IO, IO, Process::Waiter])
+  end
+  def self.popen2e(*cmd, **opts, &block); end
+
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      stdin_data: T.nilable(String),
+      binmode: T.any(FalseClass, TrueClass),
+      opts: T::Hash[Symbol, T.untyped]
+    ).returns([String, String, Process::Status])
+  end
+  def self.capture3(*cmd, stdin_data: '', binmode: false, **opts); end
+
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      stdin_data: T.nilable(String),
+      binmode: T.any(FalseClass, TrueClass),
+      opts: T::Hash[Symbol, T.untyped]
+    ).returns([String, Process::Status])
+  end
+  def self.capture2(*cmd, stdin_data: nil, binmode: false, **opts); end
+
+  sig do
+    params(
+      cmd: T.any(String, T::Array[String]),
+      stdin_data: T.nilable(String),
+      binmode: T.any(FalseClass, TrueClass),
+      opts: T::Hash[Symbol, T.untyped]
+    ).returns([String, Process::Status])
+  end
+  def self.capture2e(*cmd, stdin_data: nil, binmode: false, **opts); end
+
+  sig do
+    params(
+      cmds: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(first_stdin: IO, last_stdout: IO, wait_threads: T::Array[Process::Waiter]).void)
+    ).returns([IO, IO, T::Array[Process::Waiter]])
+  end
+  def self.pipeline_rw(*cmds, **opts, &block); end
+
+  sig do
+    params(
+      cmds: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(last_stdout: IO, wait_threads: T::Array[Process::Waiter]).void)
+    ).returns([IO, T::Array[Process::Waiter]])
+  end
+  def self.pipeline_r(*cmds, **opts, &block); end
+
+  sig do
+    params(
+      cmds: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(first_stdin: IO, wait_threads: T::Array[Process::Waiter]).void)
+    ).returns([IO, T::Array[Process::Waiter]])
+  end
+  def self.pipeline_w(*cmds, **opts, &block); end
+
+  sig do
+    params(
+      cmds: T.any(String, T::Array[String]),
+      opts: T.untyped,
+      block: T.nilable(T.proc.params(wait_threads: T::Array[Process::Waiter]).void)
+    ).returns(T::Array[Process::Waiter])
+  end
+  def self.pipeline_start(*cmds, **opts, &block); end
+
+  sig do
+    params(
+      cmds: T.any(String, T::Array[String]),
+      opts: T.untyped
+    ).returns(T::Array[Process::Status])
+  end
+  def self.pipeline(*cmds, **opts); end
+end

sorbet/rbi/sorbet-typed/lib/ruby/all/resolv.rbi

@@ -0,0 +1,543 @@
+# This file is autogenerated. Do not edit it by hand. Regenerate it with:
+#   srb rbi sorbet-typed
+#
+# If you would like to make changes to this file, great! Please upstream any changes you make here:
+#
+#   https://github.com/sorbet/sorbet-typed/edit/master/lib/ruby/all/resolv.rbi
+#
+# typed: strong
+
+class Resolv
+  sig { params(name: String).returns(String) }
+  def self.getaddress(name); end
+
+  sig { params(name: String).returns(T::Array[String]) }
+  def self.getaddresses(name); end
+
+  sig { params(name: String, block: T.proc.params(address: String).void).void }
+  def self.each_address(name, &block); end
+
+  sig { params(address: String).returns(String) }
+  def self.getname(address); end
+
+  sig { params(address: String).returns(T::Array[String]) }
+  def self.getnames(address); end
+
+  sig { params(address: String, proc: T.proc.params(name: String).void).void }
+  def self.each_name(address, &proc); end
+
+  sig { params(resolvers: [Hosts, DNS]).void }
+  def initialize(resolvers=[Hosts.new, DNS.new]); end
+
+  sig { params(name: String).returns(String) }
+  def getaddress(name); end
+
+  sig { params(name: String).returns(T::Array[String]) }
+  def getaddresses(name); end
+
+  sig { params(name: String, block: T.proc.params(address: String).void).void }
+  def each_address(name, &block); end
+
+  sig { params(address: String).returns(String) }
+  def getname(address); end
+
+  sig { params(address: String).returns(T::Array[String]) }
+  def getnames(address); end
+
+  sig { params(address: String, proc: T.proc.params(name: String).void).void }
+  def each_name(address, &proc); end
+
+  class ResolvError < StandardError; end
+  class ResolvTimeout < Timeout::Error; end
+
+  class Hosts
+    DefaultFileName = T.let(T.unsafe(nil), String)
+
+    sig { params(filename: String).void }
+    def initialize(filename = DefaultFileName); end
+
+    sig { params(name: String).returns(String) }
+    def getaddress(name); end
+
+    sig { params(name: String).returns(T::Array[String]) }
+    def getaddresses(name); end
+
+    sig { params(name: String, block: T.proc.params(address: String).void).void }
+    def each_address(name, &block); end
+
+    sig { params(address: String).returns(String) }
+    def getname(address); end
+
+    sig { params(address: String).returns(T::Array[String]) }
+    def getnames(address); end
+
+    sig { params(address: String, proc: T.proc.params(name: String).void).void }
+    def each_name(address, &proc); end
+  end
+
+  class DNS
+    Port = T.let(T.unsafe(nil), Integer)
+
+    UDPSize = T.let(T.unsafe(nil), Integer)
+
+    sig do
+      params(
+        config_info: T.any(
+          NilClass,
+          String,
+          { nameserver: T.any(String, T::Array[String]), search: T::Array[String], ndots: Integer },
+          { nameserver_port: T::Array[[String, Integer]], search: T::Array[String], ndots: Integer }
+        )
+      ).returns(Resolv::DNS)
+    end
+    def self.open(config_info = nil); end
+
+    sig do
+      params(
+        config_info: T.any(
+          NilClass,
+          String,
+          { nameserver: T.any(String, T::Array[String]), search: T::Array[String], ndots: Integer },
+          { nameserver_port: T::Array[[String, Integer]], search: T::Array[String], ndots: Integer }
+        )
+      ).void
+    end
+    def initialize(config_info = nil); end
+
+    sig { params(values: T.any(NilClass, Integer, T::Array[Integer])).void }
+    def timeouts=(values); end
+
+    sig { void }
+    def close; end
+
+    sig { params(name: String).returns(String) }
+    def getaddress(name); end
+
+    sig { params(name: String).returns(T::Array[String]) }
+    def getaddresses(name); end
+
+    sig { params(name: String, block: T.proc.params(address: String).void).void }
+    def each_address(name, &block); end
+
+    sig { params(address: String).returns(String) }
+    def getname(address); end
+
+    sig { params(address: String).returns(T::Array[String]) }
+    def getnames(address); end
+
+    sig { params(address: String, proc: T.proc.params(name: String).void).void }
+    def each_name(address, &proc); end
+
+    sig do
+      params(
+        name: T.any(String, Resolv::DNS::Name),
+        typeclass: T.class_of(Resolv::DNS::Resource)
+      ).returns(Resolv::DNS::Resource)
+    end
+    def getresource(name, typeclass); end
+
+    sig do
+      params(
+        name: T.any(String, Resolv::DNS::Name),
+        typeclass: T.class_of(Resolv::DNS::Resource)
+      ).returns(T::Array[Resolv::DNS::Resource])
+    end
+    def getresources(name, typeclass); end
+
+    sig do
+      params(
+        name: T.any(String, Resolv::DNS::Name),
+        typeclass: T.class_of(Resolv::DNS::Resource),
+        proc: T.proc.params(resource: Resolv::DNS::Resource).void
+      ).void
+    end
+    def each_resource(name, typeclass, &proc); end
+
+    class DecodeError < StandardError; end
+    class EncodeError < StandardError; end
+
+    class Name
+      sig { params(arg: T.any(String, Resolv::DNS::Name)).returns(Resolv::DNS::Name) }
+      def self.create(arg); end
+
+      sig { params(labels: T::Array[String], absolute: T.any(FalseClass, TrueClass)).void }
+      def initialize(labels, absolute=true); end
+
+      sig { returns(T.any(FalseClass, TrueClass)) }
+      def absolute?; end
+
+      sig { params(other: Resolv::DNS::Name).returns(T.any(FalseClass, TrueClass)) }
+      def subdomain_of?(other); end
+    end
+
+    class Query; end
+
+    class Resource < Query
+      sig { returns(T.nilable(Integer)) }
+      attr_reader :ttl
+
+      sig { void }
+      def initialize
+        @ttl = T.let(T.unsafe(nil), T.nilable(Integer))
+      end
+
+      class Generic < Resource
+        sig { params(data: T.untyped).void }
+        def initialize(data)
+          @data = T.let(T.unsafe(nil), T.untyped)
+        end
+
+        sig { returns(T.untyped) }
+        attr_reader :data
+      end
+
+      class DomainName < Resource
+        sig { params(name: String).void }
+        def initialize(name)
+          @name = T.let(T.unsafe(nil), String)
+        end
+
+        sig { returns(String) }
+        attr_reader :name
+      end
+
+      class NS < DomainName; end
+
+      class CNAME < DomainName; end
+
+      class SOA < Resource
+        sig do
+          params(
+            mname: String,
+            rname: String,
+            serial: Integer,
+            refresh: Integer,
+            retry_: Integer,
+            expire: Integer,
+            minimum: Integer
+          ).void
+        end
+        def initialize(mname, rname, serial, refresh, retry_, expire, minimum)
+          @mname = T.let(T.unsafe(nil), String)
+          @rname = T.let(T.unsafe(nil), String)
+          @serial = T.let(T.unsafe(nil), Integer)
+          @refresh = T.let(T.unsafe(nil), Integer)
+          @retry = T.let(T.unsafe(nil), Integer)
+          @expire = T.let(T.unsafe(nil), Integer)
+          @minimum = T.let(T.unsafe(nil), Integer)
+        end
+
+        sig { returns(String) }
+        attr_reader :mname
+
+        sig { returns(String) }
+        attr_reader :rname
+
+        sig { returns(Integer) }
+        attr_reader :serial
+
+        sig { returns(Integer) }
+        attr_reader :refresh
+
+        sig { returns(Integer) }
+        attr_reader :retry
+
+        sig { returns(Integer) }
+        attr_reader :expire
+
+        sig { returns(Integer) }
+        attr_reader :minimum
+      end
+
+      class PTR < DomainName; end
+
+      class HINFO < Resource
+        sig { params(cpu: String, os: String).void }
+        def initialize(cpu, os)
+          @cpu = T.let(T.unsafe(nil), String)
+          @os = T.let(T.unsafe(nil), String)
+        end
+
+        sig { returns(String) }
+        attr_reader :cpu
+
+        sig { returns(String) }
+        attr_reader :os
+      end
+
+      class MINFO < Resource
+        sig { params(rmailbx: String, emailbx: String).void }
+        def initialize(rmailbx, emailbx)
+          @rmailbx = T.let(T.unsafe(nil), String)
+          @emailbx = T.let(T.unsafe(nil), String)
+        end
+
+        sig { returns(String) }
+        attr_reader :rmailbx
+
+        sig { returns(String) }
+        attr_reader :emailbx
+      end
+
+      class MX < Resource
+        sig { params(preference: Integer, exchange: String).void }
+        def initialize(preference, exchange)
+          @preference = T.let(T.unsafe(nil), Integer)
+          @exchange = T.let(T.unsafe(nil), String)
+        end
+
+        sig { returns(Integer) }
+        attr_reader :preference
+
+        sig { returns(String) }
+        attr_reader :exchange
+      end
+
+      class TXT < Resource
+        sig { params(first_string: String, rest_strings: String).void }
+        def initialize(first_string, *rest_strings)
+          @strings = T.let(T.unsafe(nil), T::Array[String])
+        end
+
+        sig { returns(T::Array[String]) }
+        attr_reader :strings
+
+        sig { returns(String) }
+        def data; end
+      end
+
+      class LOC < Resource
+        sig do
+          params(
+            version: String,
+            ssize: T.any(String, Resolv::LOC::Size),
+            hprecision: T.any(String, Resolv::LOC::Size),
+            vprecision: T.any(String, Resolv::LOC::Size),
+            latitude: T.any(String, Resolv::LOC::Coord),
+            longitude: T.any(String, Resolv::LOC::Coord),
+            altitude: T.any(String, Resolv::LOC::Alt)
+          ).void
+        end
+        def initialize(version, ssize, hprecision, vprecision, latitude, longitude, altitude)
+          @version = T.let(T.unsafe(nil), String)
+          @ssize = T.let(T.unsafe(nil), Resolv::LOC::Size)
+          @hprecision = T.let(T.unsafe(nil), Resolv::LOC::Size)
+          @vprecision = T.let(T.unsafe(nil), Resolv::LOC::Size)
+          @latitude = T.let(T.unsafe(nil), Resolv::LOC::Coord)
+          @longitude = T.let(T.unsafe(nil), Resolv::LOC::Coord)
+          @altitude = T.let(T.unsafe(nil), Resolv::LOC::Alt)
+        end
+
+        sig { returns(String) }
+        attr_reader :version
+
+        sig { returns(Resolv::LOC::Size) }
+        attr_reader :ssize
+
+        sig { returns(Resolv::LOC::Size) }
+        attr_reader :hprecision
+
+        sig { returns(Resolv::LOC::Size) }
+        attr_reader :vprecision
+
+        sig { returns(Resolv::LOC::Coord) }
+        attr_reader :latitude
+
+        sig { returns(Resolv::LOC::Coord) }
+        attr_reader :longitude
+
+        sig { returns(Resolv::LOC::Alt) }
+        attr_reader :altitude
+      end
+
+      class ANY < Query; end
+
+      module IN
+        class A < Resource
+          sig { params(address: String).void }
+          def initialize(address)
+            @address = T.let(T.unsafe(nil), Resolv::IPv4)
+          end
+
+          sig { returns(Resolv::IPv4) }
+          attr_reader :address
+        end
+
+        class WKS < Resource
+          sig { params(address: String, protocol: Integer, bitmap: String).void }
+          def initialize(address, protocol, bitmap)
+            @address = T.let(T.unsafe(nil), Resolv::IPv4)
+            @protocol = T.let(T.unsafe(nil), Integer)
+            @bitmap = T.let(T.unsafe(nil), String)
+          end
+
+          sig { returns(Resolv::IPv4) }
+          attr_reader :address
+
+          sig { returns(Integer) }
+          attr_reader :protocol
+
+          sig { returns(String) }
+          attr_reader :bitmap
+        end
+
+        class AAAA < Resource
+          sig { params(address: String).void }
+          def initialize(address)
+            @address = T.let(T.unsafe(nil), Resolv::IPv6)
+          end
+
+          sig { returns(Resolv::IPv6) }
+          attr_reader :address
+        end
+
+        class SRV < Resource
+          # Create a SRV resource record.
+          #
+          # See the documentation for #priority, #weight, #port and #target
+          # for +priority+, +weight+, +port and +target+ respectively.
+
+          sig do
+            params(
+              priority: T.any(Integer, String),
+              weight: T.any(Integer, String),
+              port: T.any(Integer, String),
+              target: T.any(String, Resolv::DNS::Name)
+            ).void
+          end
+          def initialize(priority, weight, port, target)
+            @priority = T.let(T.unsafe(nil), Integer)
+            @weight = T.let(T.unsafe(nil), Integer)
+            @port = T.let(T.unsafe(nil), Integer)
+            @target = T.let(T.unsafe(nil), Resolv::DNS::Name)
+          end
+
+          sig { returns(Integer) }
+          attr_reader :priority
+
+          sig { returns(Integer) }
+          attr_reader :weight
+
+          sig { returns(Integer) }
+          attr_reader :port
+
+          sig { returns(Resolv::DNS::Name) }
+          attr_reader :target
+        end
+      end
+    end
+  end
+
+  class IPv4
+    Regex256 = T.let(T.unsafe(nil), Regexp)
+    Regex = T.let(T.unsafe(nil), Regexp)
+
+    sig { params(arg: T.any(String, Resolv::IPv4)).returns(Resolv::IPv4) }
+    def self.create(arg); end
+
+    sig { params(address: String).void }
+    def initialize(address)
+      @address = T.let(T.unsafe(nil), String)
+    end
+
+    sig { returns(String) }
+    attr_reader :address
+
+    sig { returns(DNS::Name) }
+    def to_name; end
+  end
+
+  class IPv6
+    Regex_8Hex = T.let(T.unsafe(nil), Regexp)
+    Regex_CompressedHex = T.let(T.unsafe(nil), Regexp)
+    Regex_6Hex4Dec = T.let(T.unsafe(nil), Regexp)
+    Regex_CompressedHex4Dec = T.let(T.unsafe(nil), Regexp)
+    Regex = T.let(T.unsafe(nil), Regexp)
+
+    sig { params(arg: T.any(String, Resolv::IPv6)).returns(Resolv::IPv6) }
+    def self.create(arg); end
+
+    sig { params(address: String).void }
+    def initialize(address)
+      @address = T.let(T.unsafe(nil), String)
+    end
+
+    sig { returns(String) }
+    attr_reader :address
+
+    sig { returns(DNS::Name) }
+    def to_name; end
+  end
+
+  class MDNS < DNS
+    Port = T.let(T.unsafe(nil), Integer)
+    AddressV4 = T.let(T.unsafe(nil), String)
+    AddressV6 = T.let(T.unsafe(nil), String)
+    Addresses = T.let(T.unsafe(nil), [[String, Integer], [String, Integer]])
+
+    sig do
+      params(
+        config_info: T.any(
+          NilClass,
+          { nameserver: T.any(String, T::Array[String]), search: T::Array[String], ndots: Integer },
+          { nameserver_port: T::Array[[String, Integer]], search: T::Array[String], ndots: Integer }
+        )
+      ).void
+    end
+    def initialize(config_info = nil); end
+  end
+
+  module LOC
+    class Size
+      Regex = T.let(T.unsafe(nil), Regexp)
+
+      sig { params(arg: T.any(String, Resolv::LOC::Size)).returns(Resolv::LOC::Size) }
+      def self.create(arg); end
+
+      sig { params(scalar: String).void }
+      def initialize(scalar)
+        @scalar = T.let(T.unsafe(nil), String)
+      end
+
+      sig { returns(String) }
+      attr_reader :scalar
+    end
+
+    class Coord
+      Regex = T.let(T.unsafe(nil), Regexp)
+
+      sig { params(arg: T.any(String, Resolv::LOC::Coord)).returns(Resolv::LOC::Coord) }
+      def self.create(arg); end
+
+      sig { params(coordinates: String, orientation: T.enum(%w[lat lon])).void }
+      def initialize(coordinates, orientation)
+        @coordinates = T.let(T.unsafe(nil), String)
+        @orientation = T.let(T.unsafe(nil), T.enum(%w[lat lon]))
+      end
+
+      sig { returns(String) }
+      attr_reader :coordinates
+
+      sig { returns(T.enum(%w[lat lon])) }
+      attr_reader :orientation
+    end
+
+    class Alt
+      Regex = T.let(T.unsafe(nil), Regexp)
+
+      sig { params(arg: T.any(String, Resolv::LOC::Alt)).returns(Resolv::LOC::Alt) }
+      def self.create(arg); end
+
+      sig { params(altitude: String).void }
+      def initialize(altitude)
+        @altitude = T.let(T.unsafe(nil), String)
+      end
+
+      sig { returns(String) }
+      attr_reader :altitude
+    end
+  end
+
+  DefaultResolver = T.let(T.unsafe(nil), Resolv)
+  AddressRegex = T.let(T.unsafe(nil), Regexp)
+end

spec/daemon_spec.rb

@@ -1,3 +1,4 @@
+# typed: false
 require 'spec_helper'
 
 describe Dyndnsd::Daemon do
@@ -18,125 +19,223 @@ describe Dyndnsd::Daemon do
     }
     db = Dyndnsd::DummyDatabase.new({})
     updater = Dyndnsd::Updater::Dummy.new
-    responder = Dyndnsd::Responder::DynDNSStyle.new
+    daemon = Dyndnsd::Daemon.new(config, db, updater)
-    app = Dyndnsd::Daemon.new(config, db, updater, responder)
 
-    Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
+    app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
-      (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
+
-    end
+    app = Dyndnsd::Responder::DynDNSStyle.new(app)
+
+    Rack::Tracer.new(app, trust_incoming_span: false)
   end
 
   it 'requires authentication' do
     get '/'
-    last_response.status.should == 401
+    expect(last_response.status).to eq(401)
+    expect(last_response.body).to eq('badauth')
+  end
 
-    pending 'Need to find a way to add custom body on 401 responses'
+  it 'requires configured correct credentials' do
-    last_response.should be_ok 'badauth'
+    authorize 'test', 'wrongsecret'
+    get '/'
+    expect(last_response.status).to eq(401)
+    expect(last_response.body).to eq('badauth')
   end
 
   it 'only supports GET requests' do
     authorize 'test', 'secret'
     post '/nic/update'
-    last_response.status.should == 405
+    expect(last_response.status).to eq(405)
   end
 
-  it 'provides only the /nic/update' do
+  it 'provides only the /nic/update URL' do
     authorize 'test', 'secret'
     get '/other/url'
-    last_response.status.should == 404
+    expect(last_response.status).to eq(404)
   end
 
   it 'requires the hostname query parameter' do
     authorize 'test', 'secret'
     get '/nic/update'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
   end
 
   it 'supports multiple hostnames in request' do
     authorize 'test', 'secret'
+
     get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == "good 1.2.3.4\ngood 1.2.3.4"
+    expect(last_response.body).to eq("good 1.2.3.4\ngood 1.2.3.4")
+
+    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("good 2001:db8::1\ngood 2001:db8::1")
   end
 
   it 'rejects request if one hostname is invalid' do
     authorize 'test', 'secret'
 
     get '/nic/update?hostname=test'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
 
     get '/nic/update?hostname=test.example.com'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
 
     get '/nic/update?hostname=test.example.org.me'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
 
     get '/nic/update?hostname=foo.test.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
 
     get '/nic/update?hostname=in%20valid.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
 
     get '/nic/update?hostname=valid.example.org,in.valid.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response.body).to eq('notfqdn')
   end
 
   it 'rejects request if user does not own one hostname' do
     authorize 'test', 'secret'
+
     get '/nic/update?hostname=notmyhost.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'nohost'
+    expect(last_response.body).to eq('nohost')
 
     get '/nic/update?hostname=foo.example.org,notmyhost.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'nohost'
+    expect(last_response.body).to eq('nohost')
   end
 
-  it 'updates a host on change' do
+  it 'updates a host on IP change' do
     authorize 'test', 'secret'
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'good 1.2.3.40'
+    expect(last_response.body).to eq('good 1.2.3.40')
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::10'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::10')
   end
 
-  it 'returns no change' do
+  it 'returns IP no change' do
     authorize 'test', 'secret'
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'nochg 1.2.3.4'
+    expect(last_response.body).to eq('nochg 1.2.3.4')
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nochg 2001:db8::1')
   end
 
-  it 'outputs status per hostname' do
+  it 'outputs IP status per hostname' do
     authorize 'test', 'secret'
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'good 1.2.3.4'
+    expect(last_response.body).to eq('good 1.2.3.4')
 
     get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == "nochg 1.2.3.4\ngood 1.2.3.4"
+    expect(last_response.body).to eq("nochg 1.2.3.4\ngood 1.2.3.4")
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::1')
+
+    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("nochg 2001:db8::1\ngood 2001:db8::1")
   end
 
-  it 'uses clients remote address if myip not specified' do
+  it 'offlines a host' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.4')
+
+    get '/nic/update?hostname=foo.example.org&offline=YES'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good ')
+
+    get '/nic/update?hostname=foo.example.org&offline=YES'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nochg ')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.4')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&offline=YES'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good ')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&offline=YES'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nochg ')
+  end
+
+  it 'uses clients remote IP address if myip not specified' do
     authorize 'test', 'secret'
     get '/nic/update?hostname=foo.example.org'
-    last_response.should be_ok
+    expect(last_response).to be_ok
-    last_response.body.should == 'good 127.0.0.1'
+    expect(last_response.body).to eq('good 127.0.0.1')
+  end
+
+  it 'uses clients remote IP address from X-Real-IP header if behind proxy' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '10.0.0.1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 10.0.0.1')
+
+    get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::1')
+  end
+
+  it 'supports an IPv4 and an IPv6 address in one request' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.4 2001:db8::1')
+
+    get '/nic/update?hostname=foo.example.org&myip=BROKENIP&myip6=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=BROKENIP'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip6=2001:db8::10'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.40')
   end
 end

spec/spec_helper.rb

@@ -1,3 +1,4 @@
+# typed: strong
 
 require 'rubygems'
 require 'bundler/setup'

spec/support/dummy_database.rb

@@ -1,3 +1,4 @@
+# typed: true
 
 require 'forwardable'
 
@@ -25,5 +26,3 @@ module Dyndnsd
     end
   end
 end
-
-      

spec/support/dummy_updater.rb

@@ -1,3 +1,4 @@
+# typed: true
 
 module Dyndnsd
   module Updater