From cca12a2237da480c8419197a2b280f5394972b25 Mon Sep 17 00:00:00 2001 From: Yarmo Mackenbach Date: Tue, 4 May 2021 11:51:59 +0200 Subject: [PATCH] Add simple WKD validation --- server/keys.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/keys.js b/server/keys.js index 699600e..6f13a51 100644 --- a/server/keys.js +++ b/server/keys.js @@ -39,7 +39,14 @@ const fetchWKD = (id) => { fetchURL: null } + if (!id.includes('@')) { + reject(new Error(`The WKD identifier "${id}" is invalid`)); + } + const [, localPart, domain] = /([^\@]*)@(.*)/.exec(id) + if (!localPart || !domain) { + reject(new Error(`The WKD identifier "${id}" is invalid`)); + } const localEncoded = await utils.computeWKDLocalPart(localPart) const urlAdvanced = `https://openpgpkey.${domain}/.well-known/openpgpkey/${domain}/hu/${localEncoded}` const urlDirect = `https://${domain}/.well-known/openpgpkey/hu/${localEncoded}`