mirror of
https://github.com/ZeusWPI/ZNS.git
synced 2024-10-29 21:14:27 +01:00
authoritative zone config
This commit is contained in:
parent
32f36e895d
commit
d8f88dcac5
3 changed files with 14 additions and 4 deletions
|
@ -7,6 +7,7 @@ static CONFIG: OnceLock<Config> = OnceLock::new();
|
|||
pub struct Config {
|
||||
pub zauth_url: String,
|
||||
pub db_uri: String,
|
||||
pub authoritative_zone: Vec<String>,
|
||||
}
|
||||
|
||||
impl Config {
|
||||
|
@ -22,6 +23,11 @@ impl Config {
|
|||
Config {
|
||||
db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
|
||||
zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
|
||||
authoritative_zone: env::var("ZONE")
|
||||
.expect("ZONE must be set")
|
||||
.split(".")
|
||||
.map(str::to_string)
|
||||
.collect(),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -17,10 +17,11 @@ pub async fn authenticate(
|
|||
zone: &Vec<String>,
|
||||
connection: &mut PgConnection,
|
||||
) -> Result<bool, ZNSError> {
|
||||
if zone.len() >= 4 {
|
||||
let username = &zone[zone.len() - 4]; // Should match: username.users.zeus.gent
|
||||
if zone.len() >= Config::get().authoritative_zone.len() {
|
||||
let username = &zone[zone.len() - Config::get().authoritative_zone.len() - 1];
|
||||
|
||||
let ssh_verified = validate_ssh(username, sig).await.is_ok_and(|b| b);
|
||||
|
||||
let ssh_verified = validate_ssh(username, sig).await?;
|
||||
|
||||
if ssh_verified {
|
||||
Ok(true)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
use diesel::PgConnection;
|
||||
|
||||
use crate::{
|
||||
config::Config,
|
||||
db::models::{delete_from_database, insert_into_database},
|
||||
errors::ZNSError,
|
||||
structs::{Class, Message, RRClass, RRType, Type},
|
||||
|
@ -37,7 +38,9 @@ impl ResponseHandler for UpdateHandler {
|
|||
// Check Zone authority
|
||||
let zone = &message.question[0];
|
||||
let zlen = zone.qname.len();
|
||||
if !(zlen >= 2 && zone.qname[zlen - 1] == "gent" && zone.qname[zlen - 2] == "zeus") {
|
||||
let auth_zone = &Config::get().authoritative_zone;
|
||||
if !(zlen >= auth_zone.len() && vec_equal(&zone.qname[zlen - auth_zone.len()..], auth_zone))
|
||||
{
|
||||
return Err(ZNSError::Formerr {
|
||||
message: "Invalid zone".to_string(),
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue