diff --git a/quovadis/quovadis.php b/quovadis/quovadis.php index edbd28e9941d2774991d6ad4a437f37d71b12a7e..ecfe215c69843fd6919a216fe79faea4cfa52dee 100644 --- a/quovadis/quovadis.php +++ b/quovadis/quovadis.php @@ -15,6 +15,14 @@ function check_username($username) { return is_array(posix_getpwnam($username)); } +/* from https://stackoverflow.com/questions/1755144/how-to-validate-domain-name-in-php/48801316 */ + +function is_valid_domain_name($domain_name) +{ + return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name) //valid chars check + && preg_match("/^.{1,253}$/", $domain_name) //overall length check + && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) ); //length of each label +} /** * Remove the first and last quote from a quoted string of text @@ -270,18 +278,38 @@ $leaf->post('/update-challenge', function () use($leaf) { // // to the contents of Challenge TXT // + $config=get_config(); + $username = $leaf->request->get('username'); $api_key = $leaf->request->get('api_key'); $challenge = $leaf->request->get('challenge'); $value = $leaf->request->get('value'); // Check username is valid - + if ( !check_username($username) ) { + $leaf->response->json(["message" => $username." not valid"],200); + return; + } + // Check API key - + if ( !check_api_key($config, $username, $api_key) ) { + $leaf->response->json(["message" => "API key for " .$username." not valid"],200); + return; + } + // Sanity check challenge text - + // + $handle = $username . "-" . $challenge; + if ( !is_valid_domain_name($handle) ) { + $leaf->response->json(["message" => "Handle " .$handle." not valid"],200); + return; + } + // Stick challenge value prefixed by username into DNS + $u = update_desec_txt($config, $handle, $value); + + $leaf->response->json(["message" => $handle." has been updated"],200); + }); $leaf->run();