Skip to content

Commit

Permalink
identity: enforce disallowed TLDs
Browse files Browse the repository at this point in the history
  • Loading branch information
bnewbold committed Oct 6, 2023
1 parent aa95123 commit 56e82da
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions atproto/identity/handle.go
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,10 @@ func (d *BaseDirectory) ResolveHandle(ctx context.Context, handle syntax.Handle)
var dnsErr error
var did syntax.DID

if !handle.AllowedTLD() {
return "", ErrHandleReservedTLD
}

tryDNS := true
for _, suffix := range d.SkipDNSDomainSuffixes {
if strings.HasSuffix(handle.String(), suffix) {
Expand Down
3 changes: 3 additions & 0 deletions atproto/identity/identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ var ErrHandleNotFound = errors.New("handle not found")
// Indicates that handle and DID resolved, but handle points to a DID with a different handle. This is only returned when looking up a handle, not when looking up a DID.
var ErrHandleNotValid = errors.New("handle resolves to DID with different handle")

// Handle top-level domain (TLD) is one of the special "Reserved" suffixes, and not allowed for atproto use
var ErrHandleReservedTLD = errors.New("handle top-level domain is disallowed")

// Indicates that resolution process completed successfully, but the DID does not exist.
var ErrDIDNotFound = errors.New("DID not found")

Expand Down

0 comments on commit 56e82da

Please sign in to comment.