Additional restrictions on adding domains to prevent conflicting with other users

Move error alert on some pages to bottom with form inputs so the error can be seen when submitting
Dont sort domains on domain page
npm audit fix

controllers/domains.js

@@ -3,6 +3,7 @@ const acme = require('../acme.js');
 const url = require('url');
 const { dynamicResponse } = require('../util.js');
 const redis = require('../redis.js');
+const psl = require('psl');
 const { nsTemplate, soaTemplate } = require('../templates.js');
 
 /**
@@ -76,13 +77,31 @@ exports.addDomain = async (req, res, next) => {
 	}
 
 	try {
+		const parsed = psl.parse(domain);
+		if (!parsed || !parsed.domain) {
+			dynamicResponse(req, res, 400, { error: 'Invalid input' })
+		}
+		const domains = [domain, parsed.domain];
 		const existing = await db.db.collection('accounts')
-			.findOne({ domains: domain });
+			.findOne({
+				'$or': [
+					{ domains: domain },
+					{ domains: new RegExp(`${parsed.domain}$`), _id: { '$ne': res.locals.user.username } },
+				]
+			});
 		if (existing) {
-			return dynamicResponse(req, res, 400, { error: 'This domain is already in use' });
+			return dynamicResponse(req, res, 400, { error: 'This domain is already in use or belongs to another user' });
 		}
 		await db.db.collection('accounts')
-			.updateOne({_id: res.locals.user.username}, {$addToSet: {domains: domain }});
+			.updateOne({
+				_id: res.locals.user.username
+			}, {
+				$addToSet: {
+					domains: {
+						'$each': domains,
+					}
+				}
+			});
 		if (domain.split('.').length < 3 //naive
 			&& (soaTemplate.length > 0 && nsTemplate.length > 0)) {
 			const records = [];

package.json

@@ -37,6 +37,7 @@
     "node-fetch": "^2.6.9",
     "nprogress": "^0.2.0",
     "openapi-client-axios": "^7.1.1",
+    "psl": "^1.9.0",
     "react": "^18.2.0",
     "react-content-loader": "^6.2.0",
     "react-dom": "^18.2.0",

pages/certs.js

@@ -35,11 +35,13 @@ export default function Certs(props) {
 	async function addCert(e) {
 		e.preventDefault();
 		try {
+			setError(null);
 			await API.addCert({
 				_csrf: csrf,
 				subject: e.target.subject.value,
 				altnames: e.target.altnames.value.split(',').map(x => x.trim()),
 			}, dispatch, setError, router);
+			e.target.reset();
 		} catch(err) {
 			console.warn(err);
 			await new Promise(res => setTimeout(res, 10000));
@@ -48,6 +50,7 @@ export default function Certs(props) {
 	}
 
 	async function deleteCert(csrf, subject, storageName) {
+		setError(null);
 		await API.deleteCert({
 			_csrf: csrf,
 			subject,
@@ -58,6 +61,7 @@ export default function Certs(props) {
 
 	async function uploadCert(csrf, domain) {
 		try {
+			setError(null);
 			await API.uploadCert({
 				_csrf: csrf,
 				domain: domain
@@ -143,8 +147,6 @@ export default function Certs(props) {
 				<title>Certificates</title>
 			</Head>
 
-			{error && <ErrorAlert error={error} />}
-
 			<h5 className="fw-bold">
 				HTTPS Certificates:
 			</h5>
@@ -202,6 +204,8 @@ export default function Certs(props) {
 				</form>
 			</div>
 
+			{error && <ErrorAlert error={error} />}
+
 			{/* back to account */}
 			<BackButton to="/account" />
 

pages/clusters.js

@@ -35,16 +35,20 @@ export default function Clusters(props) {
 
 	async function addCluster(e) {
 		e.preventDefault();
+		setError(null);
 		await API.addCluster({ _csrf: csrf, cluster: e.target.cluster.value }, dispatch, setError, router);
 		await API.getClusters(dispatch, setError, router);
+		e.target.reset();
 	}
 
 	async function deleteCluster(csrf, cluster) {
+		setError(null);
 		await API.deleteCluster({ _csrf: csrf, cluster }, dispatch, setError, router);
 		await API.getClusters(dispatch, setError, router);
 	}
 
 	async function setCluster(csrf, cluster) {
+		setError(null);
 		await API.changeCluster({ _csrf: csrf, cluster }, dispatch, setError, router);
 		await API.getClusters(dispatch, setError, router);
 	}
@@ -65,8 +69,6 @@ export default function Clusters(props) {
 				<title>Clusters</title>
 			</Head>
 
-			{error && <ErrorAlert error={error} />}
-
 			<h5 className="fw-bold">
 				Clusters ({user.clusters.length}):
 			</h5>
@@ -96,6 +98,8 @@ export default function Clusters(props) {
 				</form>
 			</div>
 
+			{error && <ErrorAlert error={error} />}
+
 			{/* back to account */}
 			<BackButton to="/account" />
 

pages/domains.js

@@ -35,11 +35,14 @@ export default function Domains(props) {
 
 	async function addDomain(e) {
 		e.preventDefault();
+		setError(null);
 		await API.addDomain({ _csrf: csrf, domain: e.target.domain.value }, dispatch, setError, router);
 		await API.getDomains(dispatch, setError, router);
+		e.target.reset();
 	}
 
 	async function deleteDomain(csrf, domain) {
+		setError(null);
 		await API.deleteDomain({ _csrf: csrf, domain }, dispatch, setError, router);
 		await API.getDomains(dispatch, setError, router);
 	}
@@ -47,7 +50,7 @@ export default function Domains(props) {
 	const domainList = [];
 	const subdomainList = [];
 	user.domains
-		.sort((a, b) => a.localeCompare(b))
+		//.sort((a, b) => a.localeCompare(b))
 		.forEach((d, i) => {
 		//TODO: refactor, to component
 		const domainCert = certs.find(c => c.subject === d || c.altnames.includes(d));
@@ -85,8 +88,6 @@ export default function Domains(props) {
 				<title>Domains</title>
 			</Head>
 
-			{error && <ErrorAlert error={error} />}
-
 			<h5 className="fw-bold">
 				Domains:
 			</h5>
@@ -132,6 +133,8 @@ export default function Domains(props) {
 				</table>
 			</div>
 
+			{error && <ErrorAlert error={error} />}
+
 			{/* back to account */}
 			<BackButton to="/account" />