add fully automated vhost registrations (\#87)

Signed-off-by: n4chung <n4chung@csclub.uwaterloo.ca>
2023-01-06 16:36:17 -05:00 · 2023-01-06 16:36:17 -05:00 · 3331e1e3ef
parent b507c56136
commit 3331e1e3ef
2 changed files with 28 additions and 2 deletions
--- a/ceod/model/VHostManager.py
+++ b/ceod/model/VHostManager.py
@ -4,9 +4,12 @@ import os
 import re
 import shutil
 import subprocess
+from hashlib import md5
 from typing import List, Dict, Tuple

+import dns.resolver
 import jinja2
+import tldextract
 from zope import component
 from zope.interface import implementer

@ -99,8 +102,29 @@ class VHostManager:
            prefix = domain[:len(domain) - len(self.k8s_vhost_domain) - 1]
        elif domain.endswith('.' + self.vhost_domain):
            prefix = domain[:len(domain) - len(self.vhost_domain) - 1]
-        else:
-            return False
+        else:  # user is requesting for a custom domain...
+            # generate checksum based on username
+            checksum = md5(username.encode('utf-8')).hexdigest()
+            record = f"csc-verification={checksum}"
+
+            # not implemented: check domain name exists?
+            # look up for TXT record `csc-verification` at root
+            rootname = tldextract.extract(domain).registered_domain
+            records = dns.resolver.resolve(rootname, "TXT").rrset
+            if records is None:
+                # TODO: handle errors separately, return errors to user
+                print(f"{rootname} does not contain any TXT records.")
+                return False
+
+            for x in records:
+                if record in x.to_text():
+                    print(f"found correct`csc-verification` record at {rootname}")
+                    return True
+
+            print(f"cannot find a `csc-verification` record at {rootname}")
+
+            return False  # deny by default
+
        last_part = prefix.split('.')[-1]

        if last_part == username:
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,6 @@
 click==8.1.3
 cryptography==35.0.0
+dnspython==2.2.1
 Flask==2.1.2
 gssapi==1.6.14
 gunicorn==20.1.0
@ -10,6 +11,7 @@ psycopg2==2.9.1
 python-augeas==1.1.0
 requests==2.26.0
 requests-gssapi==1.2.3
+tldextract==3.4.0
 urwid==2.1.2
 Werkzeug==2.1.2
 zope.component==5.0.1