feb15365b5
This is a massive commit that restructures the code into modules: db/ All functions related to modifying the Database types/ All type definitions and methods that can be exclusivly used on these types without dependencies policy/ All Policy related code, now without dependencies on the Database. policy/matcher/ Dedicated code to match machines in a list of FilterRules Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
69 lines
1.6 KiB
Go
69 lines
1.6 KiB
Go
package util
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
// value related to RFC 1123 and 952.
|
|
LabelHostnameLength = 63
|
|
)
|
|
|
|
var invalidCharsInUserRegex = regexp.MustCompile("[^a-z0-9-.]+")
|
|
|
|
var ErrInvalidUserName = errors.New("invalid user name")
|
|
|
|
// NormalizeToFQDNRules will replace forbidden chars in user
|
|
// it can also return an error if the user doesn't respect RFC 952 and 1123.
|
|
func NormalizeToFQDNRules(name string, stripEmailDomain bool) (string, error) {
|
|
name = strings.ToLower(name)
|
|
name = strings.ReplaceAll(name, "'", "")
|
|
atIdx := strings.Index(name, "@")
|
|
if stripEmailDomain && atIdx > 0 {
|
|
name = name[:atIdx]
|
|
} else {
|
|
name = strings.ReplaceAll(name, "@", ".")
|
|
}
|
|
name = invalidCharsInUserRegex.ReplaceAllString(name, "-")
|
|
|
|
for _, elt := range strings.Split(name, ".") {
|
|
if len(elt) > LabelHostnameLength {
|
|
return "", fmt.Errorf(
|
|
"label %v is more than 63 chars: %w",
|
|
elt,
|
|
ErrInvalidUserName,
|
|
)
|
|
}
|
|
}
|
|
|
|
return name, nil
|
|
}
|
|
|
|
func CheckForFQDNRules(name string) error {
|
|
if len(name) > LabelHostnameLength {
|
|
return fmt.Errorf(
|
|
"DNS segment must not be over 63 chars. %v doesn't comply with this rule: %w",
|
|
name,
|
|
ErrInvalidUserName,
|
|
)
|
|
}
|
|
if strings.ToLower(name) != name {
|
|
return fmt.Errorf(
|
|
"DNS segment should be lowercase. %v doesn't comply with this rule: %w",
|
|
name,
|
|
ErrInvalidUserName,
|
|
)
|
|
}
|
|
if invalidCharsInUserRegex.MatchString(name) {
|
|
return fmt.Errorf(
|
|
"DNS segment should only be composed of lowercase ASCII letters numbers, hyphen and dots. %v doesn't comply with theses rules: %w",
|
|
name,
|
|
ErrInvalidUserName,
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|