Merge remote-tracking branch 'origin' into actions_linter

README.md

@@ -206,7 +206,7 @@ You may want to test that acme-dns is working before using it for real queries.
 
 2) Call the `/register` API endpoint to register a test domain:
 ```
-$ curl -X POST http://auth.example.org/register
+$ curl -X POST https://auth.example.org/register
 {"username":"eabcdb41-d89f-4580-826f-3e62e9755ef2","password":"pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0","fulldomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.org","subdomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf","allowfrom":[]}
 ```
 
@@ -216,7 +216,7 @@ $ curl -X POST \
   -H "X-Api-User: eabcdb41-d89f-4580-826f-3e62e9755ef2" \
   -H "X-Api-Key: pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0" \
   -d '{"subdomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf", "txt": "___validation_token_received_from_the_ca___"}' \
-  http://auth.example.org/update
+  https://auth.example.org/update
 ```
 
 Note: The `txt` field must be exactly 43 characters long, otherwise acme-dns will reject it

validation.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"unicode/utf8"
+	"regexp"
 
 	"github.com/google/uuid"
 	"golang.org/x/crypto/bcrypt"
@@ -25,8 +26,9 @@ func validKey(k string) bool {
 }
 
 func validSubdomain(s string) bool {
-	_, err := uuid.Parse(s)
-	return err == nil
+	// URL safe base64 alphabet without padding as defined in ACME
+	RegExp := regexp.MustCompile("^[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?$")
+	return RegExp.MatchString(s)
 }
 
 func validTXT(s string) bool {

validation_test.go

@@ -55,7 +55,9 @@ func TestGetValidSubdomain(t *testing.T) {
 		output    bool
 	}{
 		{"a097455b-52cc-4569-90c8-7a4b97c6eba8", true},
-		{"a-97455b-52cc-4569-90c8-7a4b97c6eba8", false},
+		{"a-97455b-52cc-4569-90c8-7a4b97c6eba8", true},
+		{"foo.example.com", false},
+		{"foo-example-com", true},
 		{"", false},
 		{"&!#!25123!%!'%", false},
 	} {