[chore] better dns validation (#3644)

* add seperate PunifyValidate() function for properly validating domain names when converting to punycode

* rename function, strip port from domain validation

internal/db/bundb/account.go

@@ -137,8 +137,9 @@ func (a *accountDB) GetAccountByURL(ctx context.Context, url string) (*gtsmodel.
 
 func (a *accountDB) GetAccountByUsernameDomain(ctx context.Context, username string, domain string) (*gtsmodel.Account, error) {
 	if domain != "" {
-		// Normalize the domain as punycode
 		var err error
+
+		// Normalize the domain as punycode
 		domain, err = util.Punify(domain)
 		if err != nil {
 			return nil, err

internal/db/bundb/domain.go

@@ -36,12 +36,12 @@ type domainDB struct {
 	state *state.State
 }
 
-func (d *domainDB) CreateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) error {
-	// Normalize the domain as punycode
-	var err error
-	allow.Domain, err = util.Punify(allow.Domain)
+func (d *domainDB) CreateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) (err error) {
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	allow.Domain, err = util.PunifySafely(allow.Domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", allow.Domain, err)
 	}
 
 	// Attempt to store domain allow in DB
@@ -58,10 +58,10 @@ func (d *domainDB) CreateDomainAllow(ctx context.Context, allow *gtsmodel.Domain
 }
 
 func (d *domainDB) GetDomainAllow(ctx context.Context, domain string) (*gtsmodel.DomainAllow, error) {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Check for easy case, domain referencing *us*
@@ -111,12 +111,12 @@ func (d *domainDB) GetDomainAllowByID(ctx context.Context, id string) (*gtsmodel
 	return &allow, nil
 }
 
-func (d *domainDB) UpdateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow, columns ...string) error {
-	// Normalize the domain as punycode
-	var err error
-	allow.Domain, err = util.Punify(allow.Domain)
+func (d *domainDB) UpdateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow, columns ...string) (err error) {
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	allow.Domain, err = util.PunifySafely(allow.Domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", allow.Domain, err)
 	}
 
 	// Ensure updated_at is set.
@@ -142,10 +142,10 @@ func (d *domainDB) UpdateDomainAllow(ctx context.Context, allow *gtsmodel.Domain
 }
 
 func (d *domainDB) DeleteDomainAllow(ctx context.Context, domain string) error {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Attempt to delete domain allow
@@ -163,11 +163,13 @@ func (d *domainDB) DeleteDomainAllow(ctx context.Context, domain string) error {
 }
 
 func (d *domainDB) CreateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error {
-	// Normalize the domain as punycode
 	var err error
-	block.Domain, err = util.Punify(block.Domain)
+
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	block.Domain, err = util.PunifySafely(block.Domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", block.Domain, err)
 	}
 
 	// Attempt to store domain block in DB
@@ -184,10 +186,10 @@ func (d *domainDB) CreateDomainBlock(ctx context.Context, block *gtsmodel.Domain
 }
 
 func (d *domainDB) GetDomainBlock(ctx context.Context, domain string) (*gtsmodel.DomainBlock, error) {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Check for easy case, domain referencing *us*
@@ -238,11 +240,13 @@ func (d *domainDB) GetDomainBlockByID(ctx context.Context, id string) (*gtsmodel
 }
 
 func (d *domainDB) UpdateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock, columns ...string) error {
-	// Normalize the domain as punycode
 	var err error
-	block.Domain, err = util.Punify(block.Domain)
+
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	block.Domain, err = util.PunifySafely(block.Domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", block.Domain, err)
 	}
 
 	// Ensure updated_at is set.
@@ -268,10 +272,10 @@ func (d *domainDB) UpdateDomainBlock(ctx context.Context, block *gtsmodel.Domain
 }
 
 func (d *domainDB) DeleteDomainBlock(ctx context.Context, domain string) error {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Attempt to delete domain block
@@ -289,10 +293,10 @@ func (d *domainDB) DeleteDomainBlock(ctx context.Context, domain string) error {
 }
 
 func (d *domainDB) IsDomainBlocked(ctx context.Context, domain string) (bool, error) {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return false, err
+		return false, gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Domain referencing *us* cannot be blocked.

internal/db/bundb/domainpermissiondraft.go

@@ -168,7 +168,7 @@ func (d *domainDB) GetDomainPermissionDrafts(
 	if domain != "" {
 		var err error
 
-		// Normalize domain as punycode.
+		// Normalize domain as punycode for lookup.
 		domain, err = util.Punify(domain)
 		if err != nil {
 			return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
@@ -234,22 +234,23 @@ func (d *domainDB) GetDomainPermissionDrafts(
 
 func (d *domainDB) PutDomainPermissionDraft(
 	ctx context.Context,
-	permDraft *gtsmodel.DomainPermissionDraft,
+	draft *gtsmodel.DomainPermissionDraft,
 ) error {
 	var err error
 
-	// Normalize the domain as punycode
-	permDraft.Domain, err = util.Punify(permDraft.Domain)
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	draft.Domain, err = util.PunifySafely(draft.Domain)
 	if err != nil {
-		return gtserror.Newf("error punifying domain %s: %w", permDraft.Domain, err)
+		return gtserror.Newf("error punifying domain %s: %w", draft.Domain, err)
 	}
 
 	return d.state.Caches.DB.DomainPermissionDraft.Store(
-		permDraft,
+		draft,
 		func() error {
 			_, err := d.db.
 				NewInsert().
-				Model(permDraft).
+				Model(draft).
 				Exec(ctx)
 			return err
 		},

internal/db/bundb/domainpermissionexclude.go

@@ -37,11 +37,13 @@ func (d *domainDB) PutDomainPermissionExclude(
 	ctx context.Context,
 	exclude *gtsmodel.DomainPermissionExclude,
 ) error {
-	// Normalize the domain as punycode
 	var err error
-	exclude.Domain, err = util.Punify(exclude.Domain)
+
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	exclude.Domain, err = util.PunifySafely(exclude.Domain)
 	if err != nil {
-		return err
+		return gtserror.Newf("error punifying domain %s: %w", exclude.Domain, err)
 	}
 
 	// Attempt to store domain perm exclude in DB
@@ -58,10 +60,10 @@ func (d *domainDB) PutDomainPermissionExclude(
 }
 
 func (d *domainDB) IsDomainPermissionExcluded(ctx context.Context, domain string) (bool, error) {
-	// Normalize the domain as punycode
+	// Normalize domain as punycode for lookup.
 	domain, err := util.Punify(domain)
 	if err != nil {
-		return false, err
+		return false, gtserror.Newf("error punifying domain %s: %w", domain, err)
 	}
 
 	// Func to scan list of all
@@ -177,7 +179,7 @@ func (d *domainDB) GetDomainPermissionExcludes(
 	if domain != "" {
 		var err error
 
-		// Normalize domain as punycode.
+		// Normalize domain as punycode for lookup.
 		domain, err = util.Punify(domain)
 		if err != nil {
 			return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)

internal/db/bundb/instance.go

@@ -158,8 +158,9 @@ func (i *instanceDB) CountInstanceDomains(ctx context.Context, domain string) (i
 }
 
 func (i *instanceDB) GetInstance(ctx context.Context, domain string) (*gtsmodel.Instance, error) {
-	// Normalize the domain as punycode
 	var err error
+
+	// Normalize the domain as punycode
 	domain, err = util.Punify(domain)
 	if err != nil {
 		return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
@@ -265,8 +266,9 @@ func (i *instanceDB) PopulateInstance(ctx context.Context, instance *gtsmodel.In
 func (i *instanceDB) PutInstance(ctx context.Context, instance *gtsmodel.Instance) error {
 	var err error
 
-	// Normalize the domain as punycode
-	instance.Domain, err = util.Punify(instance.Domain)
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	instance.Domain, err = util.PunifySafely(instance.Domain)
 	if err != nil {
 		return gtserror.Newf("error punifying domain %s: %w", instance.Domain, err)
 	}
@@ -279,9 +281,11 @@ func (i *instanceDB) PutInstance(ctx context.Context, instance *gtsmodel.Instanc
 }
 
 func (i *instanceDB) UpdateInstance(ctx context.Context, instance *gtsmodel.Instance, columns ...string) error {
-	// Normalize the domain as punycode
 	var err error
-	instance.Domain, err = util.Punify(instance.Domain)
+
+	// Normalize the domain as punycode, note the extra
+	// validation step for domain name write operations.
+	instance.Domain, err = util.PunifySafely(instance.Domain)
 	if err != nil {
 		return gtserror.Newf("error punifying domain %s: %w", instance.Domain, err)
 	}
@@ -349,8 +353,9 @@ func (i *instanceDB) GetInstanceAccounts(ctx context.Context, domain string, max
 		limit = 0
 	}
 
-	// Normalize the domain as punycode.
 	var err error
+
+	// Normalize the domain as punycode
 	domain, err = util.Punify(domain)
 	if err != nil {
 		return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)