jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

domains: validate well known

Browse Source
This commit is contained in:
Girish Ramakrishnan
2026-02-25 05:55:14 +01:00
parent c20fbe8635
commit f4ff63485a
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/domains.js
View File

@@ -116,6 +116,15 @@ function validateTlsConfig(tlsConfig, dnsProvider) {
function validateWellKnown(wellKnown) {
assert.strictEqual(typeof wellKnown, 'object');
if (wellKnown === null) return null;
for (const key of Object.keys(wellKnown)) {
if (typeof wellKnown[key] !== 'string') return new BoxError(BoxError.BAD_FIELD, `well-known value for ${key} must be a string`);
}
if (wellKnown.carddav && wellKnown.carddav.includes('://')) return new BoxError(BoxError.BAD_FIELD, 'carddav must be a domain, not a URL');
if (wellKnown.caldav && wellKnown.caldav.includes('://')) return new BoxError(BoxError.BAD_FIELD, 'caldav must be a domain, not a URL');
return null;
}

4
src/wellknown.js
View File

@@ -47,13 +47,13 @@ async function get(domain, location) {
if (!domainObject) throw new BoxError(BoxError.NOT_FOUND, 'Domain not found');
if (!domainObject.wellKnown || !domainObject.wellKnown.carddav) throw new BoxError(BoxError.NOT_FOUND, 'No custom well-known config');
return { redirectTo: domainObject.wellKnown.carddav };
return { redirectTo: `https://${domainObject.wellKnown.carddav}` };
} else if (location === 'caldav') {
const domainObject = await domains.get(domain);
if (!domainObject) throw new BoxError(BoxError.NOT_FOUND, 'Domain not found');
if (!domainObject.wellKnown || !domainObject.wellKnown.caldav) throw new BoxError(BoxError.NOT_FOUND, 'No custom well-known config');
return { redirectTo: domainObject.wellKnown.caldav };
return { redirectTo: `https://${domainObject.wellKnown.caldav}` };
} else {
throw new BoxError(BoxError.NOT_FOUND, 'No custom well-known config');
}