nekomimi.pet / wisp.place-monorepo
Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
fork atom

enhance DNS verification to prevent ownership race conditions during domain validation

nekomimi.pet 5ab414c1 c5a7d252

0/2
deploy-wisp.yml
test.yml
options
unified split
Changed files
+20 -1
src
lib
dns-verification-worker.ts
+20 -1
src/lib/dns-verification-worker.ts 
···

       
100

       
100

       
 

       
          // Extract hash from id (SHA256 of did:domain)


     

       
101

       
101

       
 

       
          const expectedHash = id.substring(0, 16);


     

       
102

       
102

       
 

       



     

       
103

       

       
-

       
          // Verify DNS records


     

       

       
103

       
+

       
          // Verify DNS records - this will only verify if TXT record matches this specific DID


     

       
104

       
104

       
 

       
          const result = await verifyCustomDomain(domain, did, expectedHash);


     

       
105

       
105

       
 

       



     

       
106

       
106

       
 

       
          if (result.verified) {


     

       

       
107

       
+

       
            // Double-check: ensure this record is still the current owner in database


     

       

       
108

       
+

       
            // This prevents race conditions where domain ownership changed during verification


     

       

       
109

       
+

       
            const currentOwner = await db<Array<{ id: string; did: string; verified: boolean }>>`


     

       

       
110

       
+

       
              SELECT id, did, verified FROM custom_domains WHERE domain = ${domain}


     

       

       
111

       
+

       
            `;


     

       

       
112

       
+

       
            


     

       

       
113

       
+

       
            const isStillOwner = currentOwner.length > 0 && currentOwner[0].id === id;


     

       

       
114

       
+

       
            


     

       

       
115

       
+

       
            if (!isStillOwner) {


     

       

       
116

       
+

       
              this.log(`⚠️  Domain ownership changed during verification: ${domain}`, {


     

       

       
117

       
+

       
                expectedId: id,


     

       

       
118

       
+

       
                expectedDid: did,


     

       

       
119

       
+

       
                actualId: currentOwner[0]?.id,


     

       

       
120

       
+

       
                actualDid: currentOwner[0]?.did


     

       

       
121

       
+

       
              });


     

       

       
122

       
+

       
              runStats.failed++;


     

       

       
123

       
+

       
              continue;


     

       

       
124

       
+

       
            }


     

       

       
125

       
+

       



     

       
107

       
126

       
 

       
            // Update verified status and last_verified_at timestamp


     

       
108

       
127

       
 

       
            await db`


     

       
109

       
128

       
 

       
              UPDATE custom_domains