mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:27:31 +00:00
feat: add domain verification (#560)
* feat: add domain verification * add checks * add and fix tests * fix go.mod * regenerate proto
This commit is contained in:
Livio Amstutz
83
internal/api/http/domain_check.go
Normal file
83
internal/api/http/domain_check.go
Normal file
@@ -0,0 +1,83 @@
|
||||
package http
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
)
|
||||
|
||||
type CheckType int
|
||||
|
||||
const (
|
||||
CheckTypeHTTP CheckType = iota
|
||||
CheckTypeDNS
|
||||
|
||||
HTTPPattern = "https://%s/.well-known/zitadel-challenge/%s"
|
||||
DNSPattern = "_zitadel-challenge.%s"
|
||||
)
|
||||
|
||||
func ValidateDomain(domain, token, verifier string, checkType CheckType) error {
|
||||
switch checkType {
|
||||
case CheckTypeHTTP:
|
||||
return ValidateDomainHTTP(domain, token, verifier)
|
||||
case CheckTypeDNS:
|
||||
return ValidateDomainDNS(domain, verifier)
|
||||
default:
|
||||
return errors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "Errors.Internal")
|
||||
}
|
||||
}
|
||||
|
||||
func ValidateDomainHTTP(domain, token, verifier string) error {
|
||||
resp, err := http.Get(tokenUrlHTTP(domain, token))
|
||||
if err != nil {
|
||||
return errors.ThrowInternal(err, "HTTP-BH42h", "Errors.Internal")
|
||||
}
|
||||
if resp.StatusCode != 200 {
|
||||
return errors.ThrowInternal(err, "HTTP-G2zsw", "Errors.Internal")
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return errors.ThrowInternal(err, "HTTP-HB432", "Errors.Internal")
|
||||
}
|
||||
if string(body) == verifier {
|
||||
return nil
|
||||
}
|
||||
return errors.ThrowInvalidArgument(err, "HTTP-GH422", "Errors.Internal")
|
||||
}
|
||||
|
||||
func ValidateDomainDNS(domain, verifier string) error {
|
||||
txtRecords, err := net.LookupTXT(tokenUrlDNS(domain))
|
||||
if err != nil {
|
||||
return errors.ThrowInternal(err, "HTTP-Hwsw2", "Errors.Internal")
|
||||
}
|
||||
|
||||
for _, record := range txtRecords {
|
||||
if record == verifier {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return errors.ThrowInvalidArgument(err, "HTTP-G241f", "Errors.Internal")
|
||||
}
|
||||
|
||||
func TokenUrl(domain, token string, checkType CheckType) (string, error) {
|
||||
switch checkType {
|
||||
case CheckTypeHTTP:
|
||||
return tokenUrlHTTP(domain, token), nil
|
||||
case CheckTypeDNS:
|
||||
return tokenUrlDNS(domain), nil
|
||||
default:
|
||||
return "", errors.ThrowInvalidArgument(nil, "HTTP-Iqd11", "")
|
||||
}
|
||||
}
|
||||
|
||||
func tokenUrlHTTP(domain, token string) string {
|
||||
return fmt.Sprintf(HTTPPattern, domain, token)
|
||||
}
|
||||
|
||||
func tokenUrlDNS(domain string) string {
|
||||
return fmt.Sprintf(DNSPattern, domain)
|
||||
}
|
||||
Reference in New Issue
Block a user