Skip to content

Commit a33cde6

Browse files
duanhongyiduanhongyi
committed
chore(domain): added reserved domain check
1 parent 4c56e0c commit a33cde6

3 files changed

Lines changed: 6 additions & 1 deletion

File tree

rootfs/api/serializers.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
import ipaddress
1111
from urllib.parse import urlparse
1212

13+
from django.conf import settings
1314
from django.contrib.auth.models import User
1415
from django.utils import timezone
1516
from rest_framework import serializers
@@ -435,6 +436,9 @@ def validate_domain(self, value):
435436
if value == "*":
436437
raise serializers.ValidationError("Hostname can't only be a wildcard")
437438

439+
if value.endswith(".{}".format(settings.PLATFORM_DOMAIN)):
440+
raise serializers.ValidationError("This is a reserved domain")
441+
438442
labels = value.split('.')
439443

440444
# Let wildcards through by not trying to validate it

rootfs/api/settings/production.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -263,7 +263,7 @@
263263
# experimental native ingress
264264
INGRESS_CLASS = os.environ.get('DRYCC_INGRESS_CLASS', '')
265265

266-
PLATFORM_DOMAIN = os.environ.get('DRYCC_PLATFORM_DOMAIN', '')
266+
PLATFORM_DOMAIN = os.environ.get('DRYCC_PLATFORM_DOMAIN', 'local.drycc.cc')
267267

268268
# k8s image policies
269269
SLUGRUNNER_IMAGE = os.environ.get('SLUGRUNNER_IMAGE_NAME', 'quay.io/drycc/slugrunner:canary') # noqa

rootfs/api/tests/test_domain.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -277,6 +277,7 @@ def test_manage_domain_invalid_domain(self):
277277
'django.pa--assandbox',
278278
'too.looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong',
279279
'foo.*.bar.com',
280+
'test.local.drycc.cc',
280281
'*',
281282
'a' * 300,
282283
'.'.join(['a'] * 128)

0 commit comments

Comments
 (0)