hatecomputers
/
hatecomputers.club
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

allow user to fuck with <user>.endpoints
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Elizabeth 2024-04-02 14:33:11 -06:00
parent eb1a6069d6
commit 1fb45f8c4a
Signed by: simponic
GPG Key ID: 2909B9A7FF6213EE
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
api/dns.go
View File

@ -2,6 +2,7 @@ package api
import ( import (
"database/sql" "database/sql"
"fmt"
"log" "log"
"net/http" "net/http"
"strconv" "strconv"
@ -20,10 +21,23 @@ type FormError struct {
func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool { func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool {
ownedByUser := (user.ID == record.UserID) ownedByUser := (user.ID == record.UserID)
if !ownedByUser {
return false
}
if !record.Internal { if !record.Internal {
publicallyOwnedByUser := (record.Name == user.Username || strings.HasSuffix(record.Name, "."+user.Username)) userOwnedDomains := []string{
return ownedByUser && publicallyOwnedByUser fmt.Sprintf("%s", user.Username),
fmt.Sprintf("%s.endpoints", user.Username),
}
for _, domain := range userOwnedDomains {
isInSubDomain := strings.HasSuffix(record.Name, "."+domain)
if domain == record.Name || isInSubDomain {
return true
}
}
return false
} }
owner, err := database.FindFirstDomainOwnerId(dbConn, record.Name) owner, err := database.FindFirstDomainOwnerId(dbConn, record.Name)