[server] Support for idn domain

2025-09-10 04:40:27 +05:30
parent 9b05cc8c23
commit 270cee8b09
3 changed files with 18 additions and 3 deletions
--- a/server/ente/remotestore.go
+++ b/server/ente/remotestore.go
@@ -3,6 +3,7 @@ package ente
 import (
 	"fmt"
 	"github.com/ente-io/stacktrace"
+	"golang.org/x/net/idna"
 	"regexp"
 	"strings"
 )
@@ -139,8 +140,17 @@ func isValidDomainWithoutScheme(input string) error {
 	if strings.Contains(trimmed, "://") {
 		return NewBadRequestWithMessage("domain should not contain scheme (e.g., http:// or https://)")
 	}
-	if !domainRegex.MatchString(trimmed) {
+
+	// Convert IDN to ASCII (Punycode) for validation
+	asciiDomain, err := idna.ToASCII(trimmed)
+	if err != nil {
 		return NewBadRequestWithMessage(fmt.Sprintf("invalid domain format: %s", trimmed))
 	}
+
+	// Validate the ASCII version
+	if !domainRegex.MatchString(asciiDomain) {
+		return NewBadRequestWithMessage(fmt.Sprintf("invalid domain format: %s", trimmed))
+	}
+
 	return nil
 }
--- a/server/ente/remotestore_test.go
+++ b/server/ente/remotestore_test.go
@@ -11,7 +11,9 @@ func TestIsValidDomainWithoutScheme(t *testing.T) {
 		// ✅ Valid cases
 		{"simple domain", "google.com", false},
 		{"multi-level domain", "sub.example.co.in", false},
+		{"multi-level domain", "photos.ä.com", false},
 		{"numeric in label", "a1b2c3.com", false},
+		{"idn", "テスト.jp", false},
 		{"long but valid label", "my-very-long-subdomain-name.example.com", false},

 		// ❌ Leading/trailing spaces
--- a/server/pkg/middleware/collection_link.go
+++ b/server/pkg/middleware/collection_link.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"fmt"
+	"golang.org/x/net/idna"
 	"net/http"
 	"net/url"
 	"strings"
@@ -220,8 +221,10 @@ func (m *CollectionLinkMiddleware) validateOrigin(c *gin.Context, ownerID int64)
 		m.DiscordController.NotifyPotentialAbuse(alertMessage + " - originParseFailed")
 		return nil
 	}
-	if !strings.Contains(strings.ToLower(parse.Host), strings.ToLower(*domain)) {
-		logger.Warnf("domainMismatch for owner %d, origin %s, domain %s host %s", ownerID, origin, *domain, parse.Host)
+
+	unicodeDomain, _ := idna.ToUnicode(*domain)
+	if !strings.Contains(strings.ToLower(parse.Host), strings.ToLower(*domain)) && !strings.Contains(strings.ToLower(parse.Host), strings.ToLower(unicodeDomain)) {
+		logger.Warnf("domainMismatch for owner  domain %s (unicode %s) vs host %s", *domain, unicodeDomain, parse.Host)
 		m.DiscordController.NotifyPotentialAbuse(alertMessage + " - domainMismatch")
 		return ente.NewPermissionDeniedError("unknown custom domain")
 	}