From f2d366c35dfa8bcd1bac71ba7ea82c43d2b1e3ce Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Wed, 24 Feb 2021 11:40:23 -0800
Subject: [PATCH] dkim: use a hash for the selector instead of domain name
 directory

we use a hash instead of random so that it is the same (unless admin domain changed)
within the same server. hash also ensures one cannot reverse it.

fixes #770
---
 src/domains.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/domains.js b/src/domains.js
index 19f179d3f..699305fd3 100644
--- a/src/domains.js
+++ b/src/domains.js
@@ -32,6 +32,7 @@ module.exports = exports = {
 var assert = require('assert'),
     BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
+    crypto = require('crypto'),
     debug = require('debug')('box:domains'),
     domaindb = require('./domaindb.js'),
     eventlog = require('./eventlog.js'),
@@ -191,7 +192,11 @@ function add(domain, data, auditSource, callback) {
     let error = validateTlsConfig(tlsConfig, provider);
     if (error) return callback(error);
 
-    if (!dkimSelector) dkimSelector = 'cloudron-' + settings.adminDomain().replace(/\./g, '');
+    if (!dkimSelector) {
+        // create a unique suffix. this lets one add this domain can be added in another cloudron instance and not have their dkim selector conflict
+        const suffix = crypto.createHash('sha256').update(settings.adminDomain()).digest('hex').substr(0, 6);
+        dkimSelector = `cloudron-${suffix}`;
+    }
 
     verifyDnsConfig(config, domain, zoneName, provider, function (error, sanitizedConfig) {
         if (error) return callback(error);