From bb08b7294781b98b10fb6f9657ae51fbccd023fc Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Fri, 11 Nov 2022 12:06:27 -0800 Subject: pds: enforce registration domain --- adenosine-pds/src/lib.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'adenosine-pds') diff --git a/adenosine-pds/src/lib.rs b/adenosine-pds/src/lib.rs index 5794b95..6c6b1c5 100644 --- a/adenosine-pds/src/lib.rs +++ b/adenosine-pds/src/lib.rs @@ -551,8 +551,23 @@ fn xrpc_post_handler( .map_err(|e| XrpcError::BadRequest(format!("failed to parse JSON body: {}", e)))?; // TODO: validate handle, email, recoverykey let mut srv = srv.lock().unwrap(); + if let Some(ref domain) = srv.config.registration_domain { + // TODO: better matching, should not allow arbitrary sub-domains + if !req.handle.ends_with(domain) { + Err(XrpcError::BadRequest(format!( + "handle is not under registration domain ({})", + domain + )))?; + } + } else { + Err(XrpcError::BadRequest( + "account registration is disabled on this PDS".to_string(), + ))?; + }; if srv.config.invite_code.is_some() && srv.config.invite_code != req.inviteCode { - Err(XrpcError::Forbidden("a valid invite code is required".to_string()))?; + Err(XrpcError::Forbidden( + "a valid invite code is required".to_string(), + ))?; }; let sess = create_account(&mut srv, &req, true)?; Ok(json!(sess)) -- cgit v1.2.3