const t = require("ava"); const fs = require("fs-extra"); const path = require("path"); const validRecordTypes = new Set(["A", "AAAA", "CAA", "CNAME", "DS", "MX", "NS", "SRV", "TXT", "URL"]); const hostnameRegex = /^(?=.{1,253}$)(?:(?:[_a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)\.)+[a-zA-Z]{2,63}$/; const ipv4Regex = /^(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}$/; const ipv6Regex = /^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::(?:[0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,7}:$|^(?:[0-9a-fA-F]{1,4}:){0,6}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}$/; const domainsPath = path.resolve("domains"); const files = fs.readdirSync(domainsPath).filter((file) => file.endsWith(".json")); const domainCache = {}; function getDomainData(file) { if (domainCache[file]) { return domainCache[file]; } try { const data = fs.readJsonSync(path.join(domainsPath, file)); domainCache[file] = data; return data; } catch (error) { throw new Error(`Failed to read JSON for ${file}: ${error.message}`); } } function expandIPv6(ip) { let segments = ip.split(":"); const emptyIndex = segments.indexOf(""); if (emptyIndex !== -1) { const nonEmptySegments = segments.filter((seg) => seg !== ""); const missingSegments = 8 - nonEmptySegments.length; segments = [ ...nonEmptySegments.slice(0, emptyIndex), ...Array(missingSegments).fill("0000"), ...nonEmptySegments.slice(emptyIndex) ]; } return segments.map((segment) => segment.padStart(4, "0")).join(":"); } function validateIPv4(ip, proxied) { const parts = ip.split(".").map(Number); if (parts.length !== 4 || parts.some((part) => isNaN(part) || part < 0 || part > 255)) return false; if (ip === "192.0.2.1" && proxied) return true; return !( parts[0] === 10 || (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) || (parts[0] === 192 && parts[1] === 168) || (parts[0] === 100 && parts[1] >= 64 && parts[1] <= 127) || (parts[0] === 169 && parts[1] === 254) || (parts[0] === 192 && parts[1] === 0 && parts[2] === 0) || (parts[0] === 192 && parts[1] === 0 && parts[2] === 2) || (parts[0] === 198 && parts[1] === 18) || (parts[0] === 198 && parts[1] === 51 && parts[2] === 100) || (parts[0] === 203 && parts[1] === 0 && parts[2] === 113) || parts[0] >= 224 ); } function validateIPv6(ip) { return !( ip.toLowerCase().startsWith("fc") || ip.toLowerCase().startsWith("fd") || ip.toLowerCase().startsWith("fe80") || ip.toLowerCase().startsWith("::1") || ip.toLowerCase().startsWith("2001:db8") ); } function validateRecordType(recordType) { return validRecordTypes.has(recordType); } function isValidHostname(hostname) { return hostnameRegex.test(hostname); } function isValidHexadecimal(value) { return /^[0-9a-fA-F]+$/.test(value); } function validateRecordValues(t, data, file) { const subdomain = file.replace(/\.json$/, ""); Object.entries(data.record).forEach(([key, value]) => { // General validation for arrays if (["A", "AAAA", "MX", "NS"].includes(key)) { t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); value.forEach((record, idx) => { t.true( typeof record === "string", `${file}: Record value for ${key} should be a string at index ${idx}` ); if (key === "A") { t.true(ipv4Regex.test(record), `${file}: Invalid IPv4 address for ${key} at index ${idx}`); t.true( validateIPv4(record, data.proxied), `${file}: Invalid IPv4 address for ${key} at index ${idx}` ); } else if (key === "AAAA") { const expandedIPv6 = expandIPv6(record); t.true(ipv6Regex.test(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`); t.true(validateIPv6(expandedIPv6), `${file}: Invalid IPv6 address for ${key} at index ${idx}`); } else if (["MX", "NS"].includes(key)) { t.true(isValidHostname(record), `${file}: Invalid hostname for ${key} at index ${idx}`); } }); } // CNAME and URL validations if (["CNAME", "URL"].includes(key)) { t.true(typeof value === "string", `${file}: Record value for ${key} should be a string`); if (key === "CNAME") { t.true(isValidHostname(value), `${file}: Invalid hostname for ${key}`); t.true(value !== file, `${file}: CNAME cannot point to itself`); } else if (key === "URL") { t.true( value.startsWith("http://") || value.startsWith("https://"), `${file}: Record value for ${key} must start with http:// or https://` ); t.notThrows(() => new URL(value), `${file}: Invalid URL for ${key}`); const urlHost = new URL(value).host; const isSelfReferencing = file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`; t.false(isSelfReferencing, `${file}: URL cannot point to itself`); } } // CAA, DS, SRV validations if (["CAA", "DS", "SRV"].includes(key)) { t.true(Array.isArray(value), `${file}: Record value for ${key} should be an array`); value.forEach((record, idx) => { t.true( typeof record === "object", `${file}: Record value for ${key} should be an object at index ${idx}` ); if (key === "CAA") { t.true( ["issue", "issuewild", "iodef"].includes(record.tag), `${file}: Invalid tag for CAA at index ${idx}` ); t.true(typeof record.value === "string", `${file}: Invalid value for CAA at index ${idx}`); t.true( isValidHostname(record.value) || record.value === ";", `${file}: Value must be a hostname or semicolon for CAA at index ${idx}` ); } else if (key === "DS") { t.true( Number.isInteger(record.key_tag) && record.key_tag >= 0 && record.key_tag <= 65535, `${file}: Invalid key_tag for DS at index ${idx}` ); t.true( Number.isInteger(record.algorithm) && record.algorithm >= 0 && record.algorithm <= 255, `${file}: Invalid algorithm for DS at index ${idx}` ); t.true( Number.isInteger(record.digest_type) && record.digest_type >= 0 && record.digest_type <= 255, `${file}: Invalid digest_type for DS at index ${idx}` ); t.true(isValidHexadecimal(record.digest), `${file}: Invalid digest for DS at index ${idx}`); } else if (key === "SRV") { t.true( Number.isInteger(record.priority) && record.priority >= 0 && record.priority <= 65535, `${file}: Invalid priority for SRV at index ${idx}` ); t.true( Number.isInteger(record.weight) && record.weight >= 0 && record.weight <= 65535, `${file}: Invalid weight for SRV at index ${idx}` ); t.true( Number.isInteger(record.port) && record.port >= 0 && record.port <= 65535, `${file}: Invalid port for SRV at index ${idx}` ); t.true(isValidHostname(record.target), `${file}: Invalid target for SRV at index ${idx}`); } }); } // TXT validation if (key === "TXT") { const values = Array.isArray(value) ? value : [value]; values.forEach((record, idx) => { t.true(typeof record === "string", `${file}: TXT record value should be a string at index ${idx}`); }); } }); if (data.redirect_config) { const customPaths = Object.keys(data.redirect_config.custom_paths || {}); const pathRegex = /^\/[a-zA-Z0-9\-_\.\/]+(? { const customRedirectURL = data.redirect_config.custom_paths[customPath]; const urlMessage = `${file}: Custom path in redirect_config`; // Validate the custom path t.true( pathRegex.test(customPath), `${urlMessage} must start with a slash, contain only alphanumeric characters, hyphens, underscores, periods, and slashes, and cannot end with a slash at index ${idx}` ); t.true( customPath.length >= 2 && customPath.length <= 255, `${urlMessage} should be 2-255 characters long at index ${idx}` ); // Validate the redirect URL t.true( data.record.URL !== customRedirectURL, `${urlMessage} should be different from the URL record at index ${idx}` ); t.true( customRedirectURL.startsWith("http://") || customRedirectURL.startsWith("https://"), `${urlMessage} must start with http:// or https:// at index ${idx}` ); t.notThrows(() => new URL(customRedirectURL), `${urlMessage} contains an invalid URL at index ${idx}`); // Check for self-referencing redirects const urlHost = new URL(customRedirectURL).host; const isSelfReferencing = file === "@.json" ? urlHost === "is-a.dev" : urlHost === `${subdomain}.is-a.dev`; t.false(isSelfReferencing, `${urlMessage} cannot point to itself at index ${idx}`); }); } } t("All files should have valid record types", (t) => { files.forEach((file) => { const data = getDomainData(file); const recordKeys = Object.keys(data.record); recordKeys.forEach((key) => { t.true(validateRecordType(key), `${file}: Invalid record type: ${key}`); }); // Record type combinations validation if (recordKeys.includes("CNAME") && !data.proxied) { t.is(recordKeys.length, 1, `${file}: CNAME records cannot be combined with other records unless proxied`); } if (recordKeys.includes("NS")) { t.true( recordKeys.length === 1 || (recordKeys.length === 2 && recordKeys.includes("DS")), `${file}: NS records cannot be combined with other records, except for DS records` ); } if (recordKeys.includes("DS")) { t.true(recordKeys.includes("NS"), `${file}: DS records must be combined with NS records`); } if (recordKeys.includes("URL")) { t.true( !recordKeys.includes("A") && !recordKeys.includes("AAAA") && !recordKeys.includes("CNAME"), `${file}: URL records cannot be combined with A, AAAA, or CNAME records` ); } if (data.redirect_config) { t.true( recordKeys.includes("URL") || data.proxied, `${file}: Redirect config must be combined with a URL record or the domain must be proxied` ); if (data.redirect_config.redirect_paths) { t.true(recordKeys.includes("URL"), `${file}: redirect_config.redirect_paths requires a URL record`); } } validateRecordValues(t, data, file); }); t.pass(); });