From 3302daa7b3ef575e6a8cef019d3b24abec735c10 Mon Sep 17 00:00:00 2001 From: cainnusti Date: Fri, 20 Dec 2024 21:57:48 +1100 Subject: [PATCH] feat(SPV-1242) add domain check for paymail entry feat(paymail) add checkPaymailDomain function for domain validation feat(error) add error definition to engine code for invalid domain chore(paymailCreateAddress) add logic for domain validation check --- actions/admin/paymail_addresses.go | 19 +++++++++++++++++++ actions/admin/paymail_addresses_old.go | 10 ++++++++++ engine/spverrors/definitions.go | 3 +++ 3 files changed, 32 insertions(+) diff --git a/actions/admin/paymail_addresses.go b/actions/admin/paymail_addresses.go index 591a6b52..73cc4faa 100644 --- a/actions/admin/paymail_addresses.go +++ b/actions/admin/paymail_addresses.go @@ -3,6 +3,7 @@ package admin import ( "net/http" + "github.com/bitcoin-sv/go-paymail" "github.com/bitcoin-sv/spv-wallet/actions/common" "github.com/bitcoin-sv/spv-wallet/engine" "github.com/bitcoin-sv/spv-wallet/engine/spverrors" @@ -130,6 +131,15 @@ func paymailCreateAddress(c *gin.Context, _ *reqctx.AdminContext) { opts = append(opts, engine.WithMetadatas(requestBody.Metadata)) } + config := reqctx.AppConfig(c) + if config.Paymail.DomainValidationEnabled { + _, actualDomain, _ := paymail.SanitizePaymail(requestBody.Address) + if !checkPaymailDomain(actualDomain, config.Paymail.Domains) { + spverrors.ErrorResponse(c, spverrors.ErrInvalidDomain, logger) + return + } + } + var paymailAddress *engine.PaymailAddress paymailAddress, err := reqctx.Engine(c).NewPaymailAddress( c.Request.Context(), requestBody.Key, requestBody.Address, requestBody.PublicName, requestBody.Avatar, opts...) @@ -143,6 +153,15 @@ func paymailCreateAddress(c *gin.Context, _ *reqctx.AdminContext) { c.JSON(http.StatusCreated, paymailAddressContract) } +func checkPaymailDomain(domain string, domains []string) bool { + for _, d := range domains { + if d == domain { + return true + } + } + return false +} + // paymailDeleteAddress will delete a paymail address // Delete Paymail godoc // @Summary Delete paymail diff --git a/actions/admin/paymail_addresses_old.go b/actions/admin/paymail_addresses_old.go index 0861ea6f..14296c5f 100644 --- a/actions/admin/paymail_addresses_old.go +++ b/actions/admin/paymail_addresses_old.go @@ -3,6 +3,7 @@ package admin import ( "net/http" + "github.com/bitcoin-sv/go-paymail" "github.com/bitcoin-sv/spv-wallet/engine" "github.com/bitcoin-sv/spv-wallet/engine/spverrors" "github.com/bitcoin-sv/spv-wallet/mappings" @@ -163,6 +164,15 @@ func paymailCreateAddressOld(c *gin.Context, _ *reqctx.AdminContext) { opts = append(opts, engine.WithMetadatas(requestBody.Metadata)) } + config := reqctx.AppConfig(c) + if config.Paymail.DomainValidationEnabled { + _, actualDomain, _ := paymail.SanitizePaymail(requestBody.Address) + if !checkPaymailDomain(actualDomain, config.Paymail.Domains) { + spverrors.ErrorResponse(c, spverrors.ErrInvalidDomain, logger) + return + } + } + var paymailAddress *engine.PaymailAddress paymailAddress, err := reqctx.Engine(c).NewPaymailAddress( c.Request.Context(), requestBody.Key, requestBody.Address, requestBody.PublicName, requestBody.Avatar, opts...) diff --git a/engine/spverrors/definitions.go b/engine/spverrors/definitions.go index 200aced4..70f52b66 100644 --- a/engine/spverrors/definitions.go +++ b/engine/spverrors/definitions.go @@ -386,6 +386,9 @@ var ErrMissingAddress = models.SPVError{Message: "missing required field: addres // ErrMissingFieldScriptPubKey is when the field is required but missing var ErrMissingFieldScriptPubKey = models.SPVError{Message: "missing required field: script_pub_key", StatusCode: 400, Code: "error-missing-field-script-pub-key"} +// ErrInvalidDomain is when the domain is wrong +var ErrInvalidDomain = models.SPVError{Message: "invalid domain", StatusCode: 400, Code: "error-invalid-domain"} + // ErrMissingFieldSatoshis is when the field satoshis is required but missing var ErrMissingFieldSatoshis = models.SPVError{Message: "missing required field: satoshis", StatusCode: 400, Code: "error-missing-field-satoshis"}