diff --git a/validation.go b/validation.go index 797e7633..df39e852 100644 --- a/validation.go +++ b/validation.go @@ -5,6 +5,8 @@ import ( "github.com/google/uuid" "golang.org/x/crypto/bcrypt" + + "regexp" ) func getValidUsername(u string) (uuid.UUID, error) { @@ -25,13 +27,12 @@ func validKey(k string) bool { } func validSubdomain(s string) bool { - _, err := uuid.Parse(s) - if err == nil { - return true - } - return false + // URL safe base64 alphabet without padding as defined in ACME + RegExp := regexp.MustCompile("^[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?$") + return RegExp.MatchString(s) } + func validTXT(s string) bool { sn := sanitizeString(s) if utf8.RuneCountInString(s) == 43 && utf8.RuneCountInString(sn) == 43 { diff --git a/validation_test.go b/validation_test.go index 37dd05fc..16dfc04c 100644 --- a/validation_test.go +++ b/validation_test.go @@ -55,7 +55,9 @@ func TestGetValidSubdomain(t *testing.T) { output bool }{ {"a097455b-52cc-4569-90c8-7a4b97c6eba8", true}, - {"a-97455b-52cc-4569-90c8-7a4b97c6eba8", false}, + {"a-97455b-52cc-4569-90c8-7a4b97c6eba8", true}, + {"foo.example.com", false}, + {"foo-example-com", true}, {"", false}, {"&!#!25123!%!'%", false}, } {