summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2022-11-11 12:06:27 -0800
committerBryan Newbold <bnewbold@robocracy.org>2022-11-11 12:06:27 -0800
commitbb08b7294781b98b10fb6f9657ae51fbccd023fc (patch)
tree93d24e47341f1cf17cfcce89c0ec6e4492306141
parentf1533bb3ec5bc7134f92f9cea73b1f6129519667 (diff)
downloadadenosine-bb08b7294781b98b10fb6f9657ae51fbccd023fc.tar.gz
adenosine-bb08b7294781b98b10fb6f9657ae51fbccd023fc.zip
pds: enforce registration domain
-rw-r--r--adenosine-pds/src/lib.rs17
1 files changed, 16 insertions, 1 deletions
diff --git a/adenosine-pds/src/lib.rs b/adenosine-pds/src/lib.rs
index 5794b95..6c6b1c5 100644
--- a/adenosine-pds/src/lib.rs
+++ b/adenosine-pds/src/lib.rs
@@ -551,8 +551,23 @@ fn xrpc_post_handler(
.map_err(|e| XrpcError::BadRequest(format!("failed to parse JSON body: {}", e)))?;
// TODO: validate handle, email, recoverykey
let mut srv = srv.lock().unwrap();
+ if let Some(ref domain) = srv.config.registration_domain {
+ // TODO: better matching, should not allow arbitrary sub-domains
+ if !req.handle.ends_with(domain) {
+ Err(XrpcError::BadRequest(format!(
+ "handle is not under registration domain ({})",
+ domain
+ )))?;
+ }
+ } else {
+ Err(XrpcError::BadRequest(
+ "account registration is disabled on this PDS".to_string(),
+ ))?;
+ };
if srv.config.invite_code.is_some() && srv.config.invite_code != req.inviteCode {
- Err(XrpcError::Forbidden("a valid invite code is required".to_string()))?;
+ Err(XrpcError::Forbidden(
+ "a valid invite code is required".to_string(),
+ ))?;
};
let sess = create_account(&mut srv, &req, true)?;
Ok(json!(sess))