diff options
| author | Bryan Newbold <bnewbold@robocracy.org> | 2022-11-11 12:06:27 -0800 | 
|---|---|---|
| committer | Bryan Newbold <bnewbold@robocracy.org> | 2022-11-11 12:06:27 -0800 | 
| commit | bb08b7294781b98b10fb6f9657ae51fbccd023fc (patch) | |
| tree | 93d24e47341f1cf17cfcce89c0ec6e4492306141 /adenosine-pds | |
| parent | f1533bb3ec5bc7134f92f9cea73b1f6129519667 (diff) | |
| download | adenosine-bb08b7294781b98b10fb6f9657ae51fbccd023fc.tar.gz adenosine-bb08b7294781b98b10fb6f9657ae51fbccd023fc.zip | |
pds: enforce registration domain
Diffstat (limited to 'adenosine-pds')
| -rw-r--r-- | adenosine-pds/src/lib.rs | 17 | 
1 files changed, 16 insertions, 1 deletions
| diff --git a/adenosine-pds/src/lib.rs b/adenosine-pds/src/lib.rs index 5794b95..6c6b1c5 100644 --- a/adenosine-pds/src/lib.rs +++ b/adenosine-pds/src/lib.rs @@ -551,8 +551,23 @@ fn xrpc_post_handler(                  .map_err(|e| XrpcError::BadRequest(format!("failed to parse JSON body: {}", e)))?;              // TODO: validate handle, email, recoverykey              let mut srv = srv.lock().unwrap(); +            if let Some(ref domain) = srv.config.registration_domain { +                // TODO: better matching, should not allow arbitrary sub-domains +                if !req.handle.ends_with(domain) { +                    Err(XrpcError::BadRequest(format!( +                        "handle is not under registration domain ({})", +                        domain +                    )))?; +                } +            } else { +                Err(XrpcError::BadRequest( +                    "account registration is disabled on this PDS".to_string(), +                ))?; +            };              if srv.config.invite_code.is_some() && srv.config.invite_code != req.inviteCode { -                Err(XrpcError::Forbidden("a valid invite code is required".to_string()))?; +                Err(XrpcError::Forbidden( +                    "a valid invite code is required".to_string(), +                ))?;              };              let sess = create_account(&mut srv, &req, true)?;              Ok(json!(sess)) | 
