diff --git a/server/keys.js b/server/keys.js index 699600e..6f13a51 100644 --- a/server/keys.js +++ b/server/keys.js @@ -39,7 +39,14 @@ const fetchWKD = (id) => { fetchURL: null } + if (!id.includes('@')) { + reject(new Error(`The WKD identifier "${id}" is invalid`)); + } + const [, localPart, domain] = /([^\@]*)@(.*)/.exec(id) + if (!localPart || !domain) { + reject(new Error(`The WKD identifier "${id}" is invalid`)); + } const localEncoded = await utils.computeWKDLocalPart(localPart) const urlAdvanced = `https://openpgpkey.${domain}/.well-known/openpgpkey/${domain}/hu/${localEncoded}` const urlDirect = `https://${domain}/.well-known/openpgpkey/hu/${localEncoded}`