From 274ac5771394ba4aec10dd768851ad76cd2ac429 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Tue, 17 Oct 2023 00:05:39 +0300 Subject: [PATCH] feat: check that domains are only ascii letters and numbers --- internal/handlers/domains.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/internal/handlers/domains.go b/internal/handlers/domains.go index e3d049c..821b7b1 100644 --- a/internal/handlers/domains.go +++ b/internal/handlers/domains.go @@ -10,6 +10,7 @@ import ( "log" "net" "net/http" + "regexp" "strings" "git.src.quest/~skye/felu-ddns/internal/db" @@ -40,6 +41,12 @@ func PostDomain() gin.HandlerFunc { c.Abort() return } + // NOTE: I doubt doing a little regex here will matter, just the easiest for now. + if !regexp.MustCompile(`^[A-Za-z0-9]*$`).MatchString(data.Domain) { + c.String(http.StatusBadRequest, "Domain contains invalid chars") + c.Abort() + return + } if net.ParseIP(data.ARecord).To4() == nil { c.String(http.StatusBadRequest, "The A record is invalid") c.Abort() -- 2.44.1