1
0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00
gristlabs_grist-core/app/common/orgNameUtils.ts
Jarosław Sadziński 7e78ebfeeb (core) Subdomain can start from a number
Summary: Allowing subdomain names to start from a number.

Test Plan: Updated tests

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D3009
2021-09-01 18:16:57 +02:00

63 lines
2.4 KiB
TypeScript

const BLACKLISTED_SUBDOMAINS = new Set([
// from wiki page as of 2018-12-14
'aws',
'gristlogin',
'issues',
'metrics',
'phab',
'releases',
'test',
'vpn',
'www',
// A few more reserved just in case. The minimum length requirement would eliminate
// some in any case, but specified here also in case that minimum changes.
'w', 'ww', 'wwww', 'wwwww',
'docs', 'api', 'static',
'ftp', 'imap', 'pop', 'smtp', 'mail', 'git', 'blog', 'wiki', 'support', 'kb', 'help',
'admin', 'store', 'dev', 'beta',
'community', 'try', 'wpx',
// a few random tech brands
'google', 'apple', 'microsoft', 'ms', 'facebook', 'fb', 'twitter', 'youtube', 'yt',
// updates for new special domains
'current', 'staging', 'prod', 'login', 'login-dev',
// some domains that look suspicious
'1ogin', '1ogin-dev'
]);
/**
*
* Checks whether the subdomain is on the list of forbidden subdomains.
* See https://phab.getgrist.com/w/hosting/v1/urls/#organization-subdomains
*
* Also enforces various sanity checks.
*
* Throws if the subdomain is invalid.
*
*/
export function checkSubdomainValidity(subdomain: string): void {
// stick with limited alphanumeric subdomains.
if (!(/^[a-z0-9][-a-z0-9]*$/.test(subdomain))) {
throw new Error('Domain must include letters, numbers, and dashes only.');
}
// 'docs-*' is reserved for personal orgs.
if (subdomain.startsWith('docs-')) { throw new Error('Domain cannot use reserved prefix "docs-".'); }
// 'o-*' is reserved for automatic org domains.
if (subdomain.startsWith('o-')) { throw new Error('Domain cannot use reserved prefix "o-".'); }
// 'doc-worker-*' is reserved for doc workers.
if (subdomain.startsWith('doc-worker-')) { throw new Error('Domain cannot use reserved prefix "doc-worker-".'); }
// special subdomains like _domainkey.
if (subdomain.startsWith('_')) { throw new Error('Domain cannot use reserved prefix "_".'); }
// some domains are currently in use for testing v1.
if (subdomain.startsWith('v1-')) { throw new Error('Domain cannot use reserved prefix "v1-".'); }
// check limit of 63 characters on dns label.
if (subdomain.length > 63) { throw new Error('Domain must contain less than 64 characters.'); }
// check the subdomain isn't too short.
if (subdomain.length <= 2) { throw new Error('Domain must contain more than 2 characters.'); }
// a small blacklist prepared by hand.
if (BLACKLISTED_SUBDOMAINS.has(subdomain)) { throw new Error('Invalid domain value.'); }
}