bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

test(security): add comprehensive did:web verification tests

Adds comprehensive test coverage for hostedBy domain verification,
including multi-part TLD support and security attack scenarios.

Test Coverage:

TestHostedByVerification_DomainMatching:
- ✅ Rejects communities with mismatched hostedBy domains
- ✅ Accepts communities with matching hostedBy domains
- ✅ Rejects non-did:web format hostedBy values
- ✅ Skip verification flag bypasses all checks (dev mode)

TestExtractDomainFromHandle:
- ✅ DNS-style handles with subdomains
- ✅ Simple two-part domains
- ✅ Multi-part subdomains
- ✅ Multi-part TLD: .co.uk (critical fix validation)
- ✅ Multi-part TLD: .com.au (critical fix validation)
- ✅ Multi-part TLD: .org.uk, .ac.uk
- ✅ Correctly rejects incorrect TLD extraction (e.g., did:web:co.uk)
- ✅ Domain mismatch detection

Security Attack Scenarios Tested:
1. Domain impersonation (evil.com claiming nintendo.com) - BLOCKED
2. Non-did:web hostedBy spoofing - BLOCKED
3. Multi-part TLD domain extraction failures - FIXED

All tests passing (9/9 multi-part TLD tests).

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev fe5258ea 33edf8c4

options
unified split
Changed files
+346
tests
integration
community_hostedby_security_test.go
+346
tests/integration/community_hostedby_security_test.go 
···

       

       
1

       
+

       
package integration


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"Coves/internal/atproto/jetstream"


     

       

       
5

       
+

       
	"Coves/internal/db/postgres"


     

       

       
6

       
+

       
	"context"


     

       

       
7

       
+

       
	"fmt"


     

       

       
8

       
+

       
	"testing"


     

       

       
9

       
+

       
	"time"


     

       

       
10

       
+

       
)


     

       

       
11

       
+

       



     

       

       
12

       
+

       
// TestHostedByVerification_DomainMatching tests that hostedBy domain must match handle domain


     

       

       
13

       
+

       
func TestHostedByVerification_DomainMatching(t *testing.T) {


     

       

       
14

       
+

       
	db := setupTestDB(t)


     

       

       
15

       
+

       
	defer func() {


     

       

       
16

       
+

       
		if err := db.Close(); err != nil {


     

       

       
17

       
+

       
			t.Logf("Failed to close database: %v", err)


     

       

       
18

       
+

       
		}


     

       

       
19

       
+

       
	}()


     

       

       
20

       
+

       



     

       

       
21

       
+

       
	repo := postgres.NewCommunityRepository(db)


     

       

       
22

       
+

       
	ctx := context.Background()


     

       

       
23

       
+

       



     

       

       
24

       
+

       
	t.Run("rejects community with mismatched hostedBy domain", func(t *testing.T) {


     

       

       
25

       
+

       
		// Create consumer with verification enabled


     

       

       
26

       
+

       
		consumer := jetstream.NewCommunityEventConsumer(repo, "did:web:coves.social", false)


     

       

       
27

       
+

       



     

       

       
28

       
+

       
		uniqueSuffix := fmt.Sprintf("%d", time.Now().UnixNano())


     

       

       
29

       
+

       
		communityDID := generateTestDID(uniqueSuffix)


     

       

       
30

       
+

       



     

       

       
31

       
+

       
		// Attempt to create community claiming to be hosted by nintendo.com


     

       

       
32

       
+

       
		// but with a coves.social handle (ATTACK!)


     

       

       
33

       
+

       
		event := &jetstream.JetstreamEvent{


     

       

       
34

       
+

       
			Did:    communityDID,


     

       

       
35

       
+

       
			TimeUS: time.Now().UnixMicro(),


     

       

       
36

       
+

       
			Kind:   "commit",


     

       

       
37

       
+

       
			Commit: &jetstream.CommitEvent{


     

       

       
38

       
+

       
				Rev:        "rev123",


     

       

       
39

       
+

       
				Operation:  "create",


     

       

       
40

       
+

       
				Collection: "social.coves.community.profile",


     

       

       
41

       
+

       
				RKey:       "self",


     

       

       
42

       
+

       
				CID:        "bafy123abc",


     

       

       
43

       
+

       
				Record: map[string]interface{}{


     

       

       
44

       
+

       
					"handle":      "gaming.communities.coves.social", // coves.social handle


     

       

       
45

       
+

       
					"name":        "gaming",


     

       

       
46

       
+

       
					"displayName": "Nintendo Gaming",


     

       

       
47

       
+

       
					"description": "Fake Nintendo community",


     

       

       
48

       
+

       
					"createdBy":   "did:plc:attacker123",


     

       

       
49

       
+

       
					"hostedBy":    "did:web:nintendo.com", // ← SPOOFED! Claiming Nintendo hosting


     

       

       
50

       
+

       
					"visibility":  "public",


     

       

       
51

       
+

       
					"federation": map[string]interface{}{


     

       

       
52

       
+

       
						"allowExternalDiscovery": true,


     

       

       
53

       
+

       
					},


     

       

       
54

       
+

       
					"memberCount":     0,


     

       

       
55

       
+

       
					"subscriberCount": 0,


     

       

       
56

       
+

       
					"createdAt":       time.Now().Format(time.RFC3339),


     

       

       
57

       
+

       
				},


     

       

       
58

       
+

       
			},


     

       

       
59

       
+

       
		}


     

       

       
60

       
+

       



     

       

       
61

       
+

       
		// This should fail verification


     

       

       
62

       
+

       
		err := consumer.HandleEvent(ctx, event)


     

       

       
63

       
+

       
		if err == nil {


     

       

       
64

       
+

       
			t.Fatal("Expected verification error for mismatched hostedBy domain, got nil")


     

       

       
65

       
+

       
		}


     

       

       
66

       
+

       



     

       

       
67

       
+

       
		// Verify error message mentions domain mismatch


     

       

       
68

       
+

       
		errMsg := err.Error()


     

       

       
69

       
+

       
		if errMsg == "" {


     

       

       
70

       
+

       
			t.Fatal("Expected error message, got empty string")


     

       

       
71

       
+

       
		}


     

       

       
72

       
+

       
		t.Logf("Got expected error: %v", err)


     

       

       
73

       
+

       



     

       

       
74

       
+

       
		// Verify community was NOT indexed


     

       

       
75

       
+

       
		_, getErr := repo.GetByDID(ctx, communityDID)


     

       

       
76

       
+

       
		if getErr == nil {


     

       

       
77

       
+

       
			t.Fatal("Community should not have been indexed, but was found in database")


     

       

       
78

       
+

       
		}


     

       

       
79

       
+

       
	})


     

       

       
80

       
+

       



     

       

       
81

       
+

       
	t.Run("accepts community with matching hostedBy domain", func(t *testing.T) {


     

       

       
82

       
+

       
		// Create consumer with verification enabled


     

       

       
83

       
+

       
		consumer := jetstream.NewCommunityEventConsumer(repo, "did:web:coves.social", false)


     

       

       
84

       
+

       



     

       

       
85

       
+

       
		uniqueSuffix := fmt.Sprintf("%d", time.Now().UnixNano())


     

       

       
86

       
+

       
		communityDID := generateTestDID(uniqueSuffix)


     

       

       
87

       
+

       



     

       

       
88

       
+

       
		// Create community with matching hostedBy and handle domains


     

       

       
89

       
+

       
		event := &jetstream.JetstreamEvent{


     

       

       
90

       
+

       
			Did:    communityDID,


     

       

       
91

       
+

       
			TimeUS: time.Now().UnixMicro(),


     

       

       
92

       
+

       
			Kind:   "commit",


     

       

       
93

       
+

       
			Commit: &jetstream.CommitEvent{


     

       

       
94

       
+

       
				Rev:        "rev123",


     

       

       
95

       
+

       
				Operation:  "create",


     

       

       
96

       
+

       
				Collection: "social.coves.community.profile",


     

       

       
97

       
+

       
				RKey:       "self",


     

       

       
98

       
+

       
				CID:        "bafy123abc",


     

       

       
99

       
+

       
				Record: map[string]interface{}{


     

       

       
100

       
+

       
					"handle":      "gaming.communities.coves.social", // coves.social handle


     

       

       
101

       
+

       
					"name":        "gaming",


     

       

       
102

       
+

       
					"displayName": "Gaming Community",


     

       

       
103

       
+

       
					"description": "Legitimate coves.social community",


     

       

       
104

       
+

       
					"createdBy":   "did:plc:user123",


     

       

       
105

       
+

       
					"hostedBy":    "did:web:coves.social", // ✅ Matches handle domain


     

       

       
106

       
+

       
					"visibility":  "public",


     

       

       
107

       
+

       
					"federation": map[string]interface{}{


     

       

       
108

       
+

       
						"allowExternalDiscovery": true,


     

       

       
109

       
+

       
					},


     

       

       
110

       
+

       
					"memberCount":     0,


     

       

       
111

       
+

       
					"subscriberCount": 0,


     

       

       
112

       
+

       
					"createdAt":       time.Now().Format(time.RFC3339),


     

       

       
113

       
+

       
				},


     

       

       
114

       
+

       
			},


     

       

       
115

       
+

       
		}


     

       

       
116

       
+

       



     

       

       
117

       
+

       
		// This should succeed


     

       

       
118

       
+

       
		err := consumer.HandleEvent(ctx, event)


     

       

       
119

       
+

       
		if err != nil {


     

       

       
120

       
+

       
			t.Fatalf("Expected verification to succeed, got error: %v", err)


     

       

       
121

       
+

       
		}


     

       

       
122

       
+

       



     

       

       
123

       
+

       
		// Verify community was indexed


     

       

       
124

       
+

       
		community, getErr := repo.GetByDID(ctx, communityDID)


     

       

       
125

       
+

       
		if getErr != nil {


     

       

       
126

       
+

       
			t.Fatalf("Community should have been indexed: %v", getErr)


     

       

       
127

       
+

       
		}


     

       

       
128

       
+

       
		if community.HostedByDID != "did:web:coves.social" {


     

       

       
129

       
+

       
			t.Errorf("Expected hostedByDID 'did:web:coves.social', got '%s'", community.HostedByDID)


     

       

       
130

       
+

       
		}


     

       

       
131

       
+

       
	})


     

       

       
132

       
+

       



     

       

       
133

       
+

       
	t.Run("rejects hostedBy with non-did:web format", func(t *testing.T) {


     

       

       
134

       
+

       
		// Create consumer with verification enabled


     

       

       
135

       
+

       
		consumer := jetstream.NewCommunityEventConsumer(repo, "did:web:coves.social", false)


     

       

       
136

       
+

       



     

       

       
137

       
+

       
		uniqueSuffix := fmt.Sprintf("%d", time.Now().UnixNano())


     

       

       
138

       
+

       
		communityDID := generateTestDID(uniqueSuffix)


     

       

       
139

       
+

       



     

       

       
140

       
+

       
		// Attempt to use did:plc for hostedBy (not allowed)


     

       

       
141

       
+

       
		event := &jetstream.JetstreamEvent{


     

       

       
142

       
+

       
			Did:    communityDID,


     

       

       
143

       
+

       
			TimeUS: time.Now().UnixMicro(),


     

       

       
144

       
+

       
			Kind:   "commit",


     

       

       
145

       
+

       
			Commit: &jetstream.CommitEvent{


     

       

       
146

       
+

       
				Rev:        "rev123",


     

       

       
147

       
+

       
				Operation:  "create",


     

       

       
148

       
+

       
				Collection: "social.coves.community.profile",


     

       

       
149

       
+

       
				RKey:       "self",


     

       

       
150

       
+

       
				CID:        "bafy123abc",


     

       

       
151

       
+

       
				Record: map[string]interface{}{


     

       

       
152

       
+

       
					"handle":      "gaming.communities.coves.social",


     

       

       
153

       
+

       
					"name":        "gaming",


     

       

       
154

       
+

       
					"displayName": "Test Community",


     

       

       
155

       
+

       
					"description": "Test",


     

       

       
156

       
+

       
					"createdBy":   "did:plc:user123",


     

       

       
157

       
+

       
					"hostedBy":    "did:plc:xyz123", // ← Invalid: must be did:web


     

       

       
158

       
+

       
					"visibility":  "public",


     

       

       
159

       
+

       
					"federation": map[string]interface{}{


     

       

       
160

       
+

       
						"allowExternalDiscovery": true,


     

       

       
161

       
+

       
					},


     

       

       
162

       
+

       
					"memberCount":     0,


     

       

       
163

       
+

       
					"subscriberCount": 0,


     

       

       
164

       
+

       
					"createdAt":       time.Now().Format(time.RFC3339),


     

       

       
165

       
+

       
				},


     

       

       
166

       
+

       
			},


     

       

       
167

       
+

       
		}


     

       

       
168

       
+

       



     

       

       
169

       
+

       
		// This should fail verification


     

       

       
170

       
+

       
		err := consumer.HandleEvent(ctx, event)


     

       

       
171

       
+

       
		if err == nil {


     

       

       
172

       
+

       
			t.Fatal("Expected verification error for non-did:web hostedBy, got nil")


     

       

       
173

       
+

       
		}


     

       

       
174

       
+

       
		t.Logf("Got expected error: %v", err)


     

       

       
175

       
+

       
	})


     

       

       
176

       
+

       



     

       

       
177

       
+

       
	t.Run("skip verification flag bypasses all checks", func(t *testing.T) {


     

       

       
178

       
+

       
		// Create consumer with verification DISABLED


     

       

       
179

       
+

       
		consumer := jetstream.NewCommunityEventConsumer(repo, "did:web:coves.social", true)


     

       

       
180

       
+

       



     

       

       
181

       
+

       
		uniqueSuffix := fmt.Sprintf("%d", time.Now().UnixNano())


     

       

       
182

       
+

       
		communityDID := generateTestDID(uniqueSuffix)


     

       

       
183

       
+

       



     

       

       
184

       
+

       
		// Even with mismatched domain, this should succeed with skipVerification=true


     

       

       
185

       
+

       
		event := &jetstream.JetstreamEvent{


     

       

       
186

       
+

       
			Did:    communityDID,


     

       

       
187

       
+

       
			TimeUS: time.Now().UnixMicro(),


     

       

       
188

       
+

       
			Kind:   "commit",


     

       

       
189

       
+

       
			Commit: &jetstream.CommitEvent{


     

       

       
190

       
+

       
				Rev:        "rev123",


     

       

       
191

       
+

       
				Operation:  "create",


     

       

       
192

       
+

       
				Collection: "social.coves.community.profile",


     

       

       
193

       
+

       
				RKey:       "self",


     

       

       
194

       
+

       
				CID:        "bafy123abc",


     

       

       
195

       
+

       
				Record: map[string]interface{}{


     

       

       
196

       
+

       
					"handle":      "gaming.communities.example.com",


     

       

       
197

       
+

       
					"name":        "gaming",


     

       

       
198

       
+

       
					"displayName": "Test",


     

       

       
199

       
+

       
					"description": "Test",


     

       

       
200

       
+

       
					"createdBy":   "did:plc:user123",


     

       

       
201

       
+

       
					"hostedBy":    "did:web:nintendo.com", // Mismatched, but verification skipped


     

       

       
202

       
+

       
					"visibility":  "public",


     

       

       
203

       
+

       
					"federation": map[string]interface{}{


     

       

       
204

       
+

       
						"allowExternalDiscovery": true,


     

       

       
205

       
+

       
					},


     

       

       
206

       
+

       
					"memberCount":     0,


     

       

       
207

       
+

       
					"subscriberCount": 0,


     

       

       
208

       
+

       
					"createdAt":       time.Now().Format(time.RFC3339),


     

       

       
209

       
+

       
				},


     

       

       
210

       
+

       
			},


     

       

       
211

       
+

       
		}


     

       

       
212

       
+

       



     

       

       
213

       
+

       
		// Should succeed because verification is skipped


     

       

       
214

       
+

       
		err := consumer.HandleEvent(ctx, event)


     

       

       
215

       
+

       
		if err != nil {


     

       

       
216

       
+

       
			t.Fatalf("Expected success with skipVerification=true, got error: %v", err)


     

       

       
217

       
+

       
		}


     

       

       
218

       
+

       



     

       

       
219

       
+

       
		// Verify community was indexed


     

       

       
220

       
+

       
		_, getErr := repo.GetByDID(ctx, communityDID)


     

       

       
221

       
+

       
		if getErr != nil {


     

       

       
222

       
+

       
			t.Fatalf("Community should have been indexed: %v", getErr)


     

       

       
223

       
+

       
		}


     

       

       
224

       
+

       
	})


     

       

       
225

       
+

       
}


     

       

       
226

       
+

       



     

       

       
227

       
+

       
// TestExtractDomainFromHandle tests the domain extraction logic for various handle formats


     

       

       
228

       
+

       
func TestExtractDomainFromHandle(t *testing.T) {


     

       

       
229

       
+

       
	// This is an internal function test - we'll test it through the consumer


     

       

       
230

       
+

       
	db := setupTestDB(t)


     

       

       
231

       
+

       
	defer func() {


     

       

       
232

       
+

       
		if err := db.Close(); err != nil {


     

       

       
233

       
+

       
			t.Logf("Failed to close database: %v", err)


     

       

       
234

       
+

       
		}


     

       

       
235

       
+

       
	}()


     

       

       
236

       
+

       



     

       

       
237

       
+

       
	repo := postgres.NewCommunityRepository(db)


     

       

       
238

       
+

       
	ctx := context.Background()


     

       

       
239

       
+

       



     

       

       
240

       
+

       
	testCases := []struct {


     

       

       
241

       
+

       
		name          string


     

       

       
242

       
+

       
		handle        string


     

       

       
243

       
+

       
		hostedByDID   string


     

       

       
244

       
+

       
		shouldSucceed bool


     

       

       
245

       
+

       
	}{


     

       

       
246

       
+

       
		{


     

       

       
247

       
+

       
			name:          "DNS-style handle with subdomain",


     

       

       
248

       
+

       
			handle:        "gaming.communities.coves.social",


     

       

       
249

       
+

       
			hostedByDID:   "did:web:coves.social",


     

       

       
250

       
+

       
			shouldSucceed: true,


     

       

       
251

       
+

       
		},


     

       

       
252

       
+

       
		{


     

       

       
253

       
+

       
			name:          "Simple two-part domain",


     

       

       
254

       
+

       
			handle:        "gaming.coves.social",


     

       

       
255

       
+

       
			hostedByDID:   "did:web:coves.social",


     

       

       
256

       
+

       
			shouldSucceed: true,


     

       

       
257

       
+

       
		},


     

       

       
258

       
+

       
		{


     

       

       
259

       
+

       
			name:          "Multi-part subdomain",


     

       

       
260

       
+

       
			handle:        "gaming.test.communities.example.com",


     

       

       
261

       
+

       
			hostedByDID:   "did:web:example.com",


     

       

       
262

       
+

       
			shouldSucceed: true,


     

       

       
263

       
+

       
		},


     

       

       
264

       
+

       
		{


     

       

       
265

       
+

       
			name:          "Mismatched domain",


     

       

       
266

       
+

       
			handle:        "gaming.communities.coves.social",


     

       

       
267

       
+

       
			hostedByDID:   "did:web:example.com",


     

       

       
268

       
+

       
			shouldSucceed: false,


     

       

       
269

       
+

       
		},


     

       

       
270

       
+

       
		// CRITICAL: Multi-part TLD tests (PR review feedback)


     

       

       
271

       
+

       
		{


     

       

       
272

       
+

       
			name:          "Multi-part TLD: .co.uk",


     

       

       
273

       
+

       
			handle:        "gaming.communities.coves.co.uk",


     

       

       
274

       
+

       
			hostedByDID:   "did:web:coves.co.uk",


     

       

       
275

       
+

       
			shouldSucceed: true,


     

       

       
276

       
+

       
		},


     

       

       
277

       
+

       
		{


     

       

       
278

       
+

       
			name:          "Multi-part TLD: .com.au",


     

       

       
279

       
+

       
			handle:        "gaming.communities.example.com.au",


     

       

       
280

       
+

       
			hostedByDID:   "did:web:example.com.au",


     

       

       
281

       
+

       
			shouldSucceed: true,


     

       

       
282

       
+

       
		},


     

       

       
283

       
+

       
		{


     

       

       
284

       
+

       
			name:          "Multi-part TLD: Reject incorrect .co.uk extraction",


     

       

       
285

       
+

       
			handle:        "gaming.communities.coves.co.uk",


     

       

       
286

       
+

       
			hostedByDID:   "did:web:co.uk", // Wrong! Should be coves.co.uk


     

       

       
287

       
+

       
			shouldSucceed: false,


     

       

       
288

       
+

       
		},


     

       

       
289

       
+

       
		{


     

       

       
290

       
+

       
			name:          "Multi-part TLD: .org.uk",


     

       

       
291

       
+

       
			handle:        "gaming.communities.myinstance.org.uk",


     

       

       
292

       
+

       
			hostedByDID:   "did:web:myinstance.org.uk",


     

       

       
293

       
+

       
			shouldSucceed: true,


     

       

       
294

       
+

       
		},


     

       

       
295

       
+

       
		{


     

       

       
296

       
+

       
			name:          "Multi-part TLD: .ac.uk",


     

       

       
297

       
+

       
			handle:        "gaming.communities.university.ac.uk",


     

       

       
298

       
+

       
			hostedByDID:   "did:web:university.ac.uk",


     

       

       
299

       
+

       
			shouldSucceed: true,


     

       

       
300

       
+

       
		},


     

       

       
301

       
+

       
	}


     

       

       
302

       
+

       



     

       

       
303

       
+

       
	for _, tc := range testCases {


     

       

       
304

       
+

       
		t.Run(tc.name, func(t *testing.T) {


     

       

       
305

       
+

       
			consumer := jetstream.NewCommunityEventConsumer(repo, "did:web:coves.social", false)


     

       

       
306

       
+

       



     

       

       
307

       
+

       
			uniqueSuffix := fmt.Sprintf("%d", time.Now().UnixNano())


     

       

       
308

       
+

       
			communityDID := generateTestDID(uniqueSuffix)


     

       

       
309

       
+

       



     

       

       
310

       
+

       
			event := &jetstream.JetstreamEvent{


     

       

       
311

       
+

       
				Did:    communityDID,


     

       

       
312

       
+

       
				TimeUS: time.Now().UnixMicro(),


     

       

       
313

       
+

       
				Kind:   "commit",


     

       

       
314

       
+

       
				Commit: &jetstream.CommitEvent{


     

       

       
315

       
+

       
					Rev:        "rev123",


     

       

       
316

       
+

       
					Operation:  "create",


     

       

       
317

       
+

       
					Collection: "social.coves.community.profile",


     

       

       
318

       
+

       
					RKey:       "self",


     

       

       
319

       
+

       
					CID:        "bafy123abc",


     

       

       
320

       
+

       
					Record: map[string]interface{}{


     

       

       
321

       
+

       
						"handle":      tc.handle,


     

       

       
322

       
+

       
						"name":        "test",


     

       

       
323

       
+

       
						"displayName": "Test",


     

       

       
324

       
+

       
						"description": "Test",


     

       

       
325

       
+

       
						"createdBy":   "did:plc:user123",


     

       

       
326

       
+

       
						"hostedBy":    tc.hostedByDID,


     

       

       
327

       
+

       
						"visibility":  "public",


     

       

       
328

       
+

       
						"federation": map[string]interface{}{


     

       

       
329

       
+

       
							"allowExternalDiscovery": true,


     

       

       
330

       
+

       
						},


     

       

       
331

       
+

       
						"memberCount":     0,


     

       

       
332

       
+

       
						"subscriberCount": 0,


     

       

       
333

       
+

       
						"createdAt":       time.Now().Format(time.RFC3339),


     

       

       
334

       
+

       
					},


     

       

       
335

       
+

       
				},


     

       

       
336

       
+

       
			}


     

       

       
337

       
+

       



     

       

       
338

       
+

       
			err := consumer.HandleEvent(ctx, event)


     

       

       
339

       
+

       
			if tc.shouldSucceed && err != nil {


     

       

       
340

       
+

       
				t.Errorf("Expected success for %s, got error: %v", tc.handle, err)


     

       

       
341

       
+

       
			} else if !tc.shouldSucceed && err == nil {


     

       

       
342

       
+

       
				t.Errorf("Expected failure for %s, got success", tc.handle)


     

       

       
343

       
+

       
			}


     

       

       
344

       
+

       
		})


     

       

       
345

       
+

       
	}


     

       

       
346

       
+

       
}