gnunet-gns-registrar

GNU Name System registrar
Log | Files | Refs | README
commit f6cdd0fbb64d6837c460602be475d84a2459c3b8
parent e9d7d4624d47c8c2b708985f6382df6a88042361
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Wed, 13 Dec 2023 21:30:40 +0100

Add label policy check mechanisms

Diffstat:

Mcmd/gns-registrar/main.go | 1-


Mpkg/rest/gnsregistrar.go | 46++++++++++++++++++++++++++++++++++++++++++----


Mweb/templates/landing.html | 2+-


3 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/cmd/gns-registrar/main.go b/cmd/gns-registrar/main.go
@@ -29,7 +29,6 @@ import (
 var t gnsregistrar.Registrar
 
 func handleRequests(r *gnsregistrar.Registrar) {
-	log.Println(r.Cfg.Section("gns-registrar"))
 	log.Fatal(http.ListenAndServe(r.Cfg.Section("gns-registrar").Key("bind_to").MustString("localhost:11000"), r.Router))
 }
 
diff --git a/pkg/rest/gnsregistrar.go b/pkg/rest/gnsregistrar.go
@@ -28,8 +28,10 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"os/exec"
 	"strings"
 	"time"
+	"regexp"
 
 	"github.com/gorilla/mux"
 	"github.com/skip2/go-qrcode"
@@ -141,6 +143,12 @@ type Registrar struct {
 	// The template to use for the summary string
 	SummaryTemplateString string
 
+	// Valid label regex
+	ValidLabelRegex string
+
+	// Valid label script
+	ValidLabelScript string
+
 	// Cost for a registration
 	RegistrationCost *talerutil.Amount
 
@@ -180,7 +188,37 @@ func (t *Registrar) landingPage(w http.ResponseWriter, r *http.Request) {
 
 func (t *Registrar) searchPage(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	http.Redirect(w, r, "/name/"+r.URL.Query().Get("label"), http.StatusSeeOther)	
+	label := r.URL.Query().Get("label")
+	if ("@" == label) {
+		http.Redirect(w, r, fmt.Sprintf("/?error=Label '%s' invalid: '@' not allowed", label), http.StatusSeeOther)
+		return
+	}
+	if (strings.Contains(label, ".")) {
+		http.Redirect(w, r, fmt.Sprintf("/?error=Label '%s' invalid: '.' not allowed", label), http.StatusSeeOther)
+		return
+	}
+	if t.ValidLabelRegex != "" {
+		matched, _ := regexp.MatchString(t.ValidLabelRegex, label)
+		if !matched {
+			http.Redirect(w, r, fmt.Sprintf("/?error=Label '%s' not allowed by policy", label), http.StatusSeeOther)
+			return
+		}
+	}
+	if t.ValidLabelScript != "" {
+		path, err := exec.LookPath(t.ValidLabelScript)
+		if err != nil {
+			fmt.Println(err)
+			http.Redirect(w, r, fmt.Sprintf("/?error=Internal error", label), http.StatusSeeOther)
+			return
+		}
+		out, err := exec.Command(path, label).Output()
+		if err != nil {
+			fmt.Printf("%s, %w", out, err)
+			http.Redirect(w, r, fmt.Sprintf("/?error=Label '%s' not allowed by policy", label), http.StatusSeeOther)
+			return
+		}
+	}
+	http.Redirect(w, r, "/name/" + label, http.StatusSeeOther)	
 	return
 }
 
@@ -765,8 +803,6 @@ func (t *Registrar) Initialize(cfgfile string) {
 	t.RelativeRegistrationExpiration, _ = time.ParseDuration(fmt.Sprintf("%dh", t.RegistrationExpirationDaysCount * 24))
 	t.RelativeDelegationExpiration, _ = time.ParseDuration(recordExp)
 	t.PaymentExpiration, _ = time.ParseDuration(paymentExp)
-	fmt.Println(t.RelativeDelegationExpiration)
-	fmt.Println(t.RelativeRegistrationExpiration)
 	costStr := t.Cfg.Section("gns-registrar").Key("registration_cost").MustString("KUDOS:0.3")
 	t.RegistrationCost, err = talerutil.ParseAmount(costStr)
 	t.BaseUrl = t.Cfg.Section("gns-registrar").Key("base_url").MustString("http://localhost:11000")
@@ -777,6 +813,8 @@ func (t *Registrar) Initialize(cfgfile string) {
 	t.GnunetBasicAuthEnabled = t.Cfg.Section("gns-registrar").Key("basic_auth_gnunet_enabled").MustBool(true)
 	t.GnunetUsername = t.Cfg.Section("gns-registrar").Key("basic_auth_gnunet_username").MustString("jdoe")
 	t.GnunetPassword = t.Cfg.Section("gns-registrar").Key("basic_auth_gnunet_password").MustString("secret")
+	t.ValidLabelRegex = t.Cfg.Section("gns-registrar").Key("valid_label_regex").MustString("")
+	t.ValidLabelScript = t.Cfg.Section("gns-registrar").Key("valid_label_script").MustString("")
 	client := &http.Client{}
 	req, _ := http.NewRequest(http.MethodGet,t.GnunetUrl + "/identity/name/" + t.RootZoneName, nil)
 	if t.GnunetBasicAuthEnabled {	
@@ -784,7 +822,7 @@ func (t *Registrar) Initialize(cfgfile string) {
 	}
 	resp, err := client.Do(req)
 	if err != nil {
-		fmt.Println("Failed to get zone key")
+		fmt.Println("Failed to get zone key. Is gnunet running?")
 		os.Exit(1)
 		return
 	}
diff --git a/web/templates/landing.html b/web/templates/landing.html
@@ -15,7 +15,7 @@
         {{if .error}}
         <div class="container pt-5">
           <div class="alert alert-danger" role="alert">
-            <h4 class="alert-heading">Oh no!</h4>
+            <h4 class="alert-heading">An error occured!</h4>
             <hr>
             <p class="mb-0">{{.error}}.</p>
           </div>