dynamic regex

2026-04-27 20:56:44 +00:00 · 2025-08-07 17:26:22 +02:00
parent 0af0447f1b
commit b5da6d3f8e
4 changed files with 47 additions and 13 deletions
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -224,7 +224,7 @@ func BuildManager(
 	// enable single account mode only if configured by user and number of existing accounts is not grater than 1
 	am.singleAccountMode = singleAccountModeDomain != "" && accountsCounter <= 1
 	if am.singleAccountMode {
-		if !domain.IsValidDomain(singleAccountModeDomain) {
+		if !domain.IsValidDomain(singleAccountModeDomain, false, false) {
 			return nil, status.Errorf(status.InvalidArgument, "invalid domain \"%s\" provided for a single account mode. Please review your input for --single-account-mode-domain", singleAccountModeDomain)
 		}
 		am.singleAccountModeDomain = singleAccountModeDomain
@@ -401,7 +401,7 @@ func (am *DefaultAccountManager) validateSettingsUpdate(ctx context.Context, tra
 		return status.Errorf(status.InvalidArgument, "peer login expiration can't be smaller than one hour")
 	}

-	if newSettings.DNSDomain != "" && !domain.IsValidDomain(newSettings.DNSDomain) {
+	if newSettings.DNSDomain != "" && !domain.IsValidDomain(newSettings.DNSDomain, false, true) {
 		return status.Errorf(status.InvalidArgument, "invalid domain \"%s\" provided for DNS domain", newSettings.DNSDomain)
 	}

@@ -1518,7 +1518,7 @@ func (am *DefaultAccountManager) getAccountIDWithAuthorizationClaims(ctx context
 		return userAuth.AccountId, nil
 	}

-	if userAuth.DomainCategory != types.PrivateCategory || !domain.IsValidDomain(userAuth.Domain) {
+	if userAuth.DomainCategory != types.PrivateCategory || !domain.IsValidDomain(userAuth.Domain, false, false) {
 		return am.GetAccountIDByUserID(ctx, userAuth.UserId, userAuth.Domain)
 	}

--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@@ -2,7 +2,6 @@ package server

 import (
 	"context"
-	"strings"
 	"unicode/utf8"

 	"github.com/rs/xid"
@@ -263,10 +262,7 @@ func validateDomainInput(primary bool, domains []string, searchDomainsEnabled bo
 	}

 	for _, domain := range domains {
-		if strings.HasPrefix(domain, "*") {
-			return status.Errorf(status.InvalidArgument, "wildcard prefix is not allowed: %s", domain)
-		}
-		if !nbDomain.IsValidDomain(domain) {
+		if !nbDomain.IsValidDomain(domain, false, true) {
 			return status.Errorf(status.InvalidArgument, "nameserver group got an invalid domain: %s", domain)
 		}
 	}
--- a/management/server/networks/resources/types/resource.go
+++ b/management/server/networks/resources/types/resource.go
@@ -165,7 +165,7 @@ func GetResourceType(address string) (NetworkResourceType, string, netip.Prefix,
 		return Host, "", netip.PrefixFrom(ip, ip.BitLen()), nil
 	}

-	if domain, err := nbDomain.ToValidDomain(address); err == nil {
+	if domain, err := nbDomain.ToValidDomain(address, true, false); err == nil {
 		return Domain, string(domain), netip.Prefix{}, nil
 	}