allow user to fuck with <user>.endpoints

author: Elizabeth <elizabeth@simponic.xyz> 2024-04-02 14:33:11 -0600
committer: Elizabeth <elizabeth@simponic.xyz> 2024-04-02 14:33:11 -0600
commit: 1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18 (patch)
tree: 8cd19b06225216c9b912a29232d0ac90ff8ce339 /api
parent: eb1a6069d65ffc84c12759902ba909c11ea8a0b4 (diff)
download: hatecomputers.club-1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18.tar.gz
hatecomputers.club-1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18.zip
1 files changed, 16 insertions, 2 deletions
diff --git a/api/dns.go b/api/dns.go
index a1739d3..ad41103 100644
--- a/api/dns.go
+++ b/api/dns.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"database/sql"
+	"fmt"
 	"log"
 	"net/http"
 	"strconv"
@@ -20,10 +21,23 @@ type FormError struct {
 
 func userCanFuckWithDNSRecord(dbConn *sql.DB, user *database.User, record *database.DNSRecord) bool {
 	ownedByUser := (user.ID == record.UserID)
+	if !ownedByUser {
+		return false
+	}
 
 	if !record.Internal {
-		publicallyOwnedByUser := (record.Name == user.Username || strings.HasSuffix(record.Name, "."+user.Username))
-		return ownedByUser && publicallyOwnedByUser
+		userOwnedDomains := []string{
+			fmt.Sprintf("%s", user.Username),
+			fmt.Sprintf("%s.endpoints", user.Username),
+		}
+
+		for _, domain := range userOwnedDomains {
+			isInSubDomain := strings.HasSuffix(record.Name, "."+domain)
+			if domain == record.Name || isInSubDomain {
+				return true
+			}
+		}
+		return false
 	}
 
 	owner, err := database.FindFirstDomainOwnerId(dbConn, record.Name)
author	Elizabeth <elizabeth@simponic.xyz>	2024-04-02 14:33:11 -0600
committer	Elizabeth <elizabeth@simponic.xyz>	2024-04-02 14:33:11 -0600
commit	1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18 (patch)
tree	8cd19b06225216c9b912a29232d0ac90ff8ce339 /api
parent	eb1a6069d65ffc84c12759902ba909c11ea8a0b4 (diff)
download	hatecomputers.club-1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18.tar.gz hatecomputers.club-1fb45f8c4aca0d0d61b017d4b7afe24d0157fd18.zip