authoritative zone config

2024-11-23 22:11:10 +01:00 · 2024-07-14 22:00:26 +02:00 · 2024-07-14 22:00:26 +02:00 · d8f88dcac5
commit d8f88dcac5
parent 32f36e895d
3 changed files with 14 additions and 4 deletions
--- a/src/config.rs
+++ b/src/config.rs
@ -7,6 +7,7 @@ static CONFIG: OnceLock<Config> = OnceLock::new();
 pub struct Config {
    pub zauth_url: String,
    pub db_uri: String,
+    pub authoritative_zone: Vec<String>,
 }

 impl Config {
@ -22,6 +23,11 @@ impl Config {
            Config {
                db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
                zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
+                authoritative_zone: env::var("ZONE")
+                    .expect("ZONE must be set")
+                    .split(".")
+                    .map(str::to_string)
+                    .collect(),
            }
        })
    }
--- a/src/handlers/update/authenticate.rs
+++ b/src/handlers/update/authenticate.rs
@ -17,10 +17,11 @@ pub async fn authenticate(
    zone: &Vec<String>,
    connection: &mut PgConnection,
 ) -> Result<bool, ZNSError> {
-    if zone.len() >= 4 {
-        let username = &zone[zone.len() - 4]; // Should match: username.users.zeus.gent
+    if zone.len() >= Config::get().authoritative_zone.len() {
+        let username = &zone[zone.len() - Config::get().authoritative_zone.len() - 1];
+
+        let ssh_verified = validate_ssh(username, sig).await.is_ok_and(|b| b);

-        let ssh_verified = validate_ssh(username, sig).await?;

        if ssh_verified {
            Ok(true)
--- a/src/handlers/update/mod.rs
+++ b/src/handlers/update/mod.rs
@ -1,6 +1,7 @@
 use diesel::PgConnection;

 use crate::{
+    config::Config,
    db::models::{delete_from_database, insert_into_database},
    errors::ZNSError,
    structs::{Class, Message, RRClass, RRType, Type},
@ -37,7 +38,9 @@ impl ResponseHandler for UpdateHandler {
        // Check Zone authority
        let zone = &message.question[0];
        let zlen = zone.qname.len();
-        if !(zlen >= 2 && zone.qname[zlen - 1] == "gent" && zone.qname[zlen - 2] == "zeus") {
+        let auth_zone = &Config::get().authoritative_zone;
+        if !(zlen >= auth_zone.len() && vec_equal(&zone.qname[zlen - auth_zone.len()..], auth_zone))
+        {
            return Err(ZNSError::Formerr {
                message: "Invalid zone".to_string(),
            });