From 158d77272722a04356bac82e0131d9a440d4d517 Mon Sep 17 00:00:00 2001
From: Philippe PITTOLI <karchnu@karchnu.fr>
Date: Sun, 28 Apr 2024 17:16:06 +0200
Subject: [PATCH] User authentication: limit the number of domains sent in
 "Logged" to a hundred.

---
 src/requests/user.cr | 6 +++++-
 src/storage.cr       | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/requests/user.cr b/src/requests/user.cr
index 13eefb7..68a986e 100644
--- a/src/requests/user.cr
+++ b/src/requests/user.cr
@@ -18,7 +18,11 @@ class DNSManager::Request
 				dnsmanagerd.storage.user_must_exist! user_id
 
 				accepted_domains = dnsmanagerd.configuration.accepted_domains.not_nil!
-				user_domains = dnsmanagerd.storage.user_domains user_id
+
+				# Limit the number of domains in this message.
+				# Pagination will be required beyond a hundred domains.
+				user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100]
+
 				perms = dnsmanagerd.check_permissions user_id, "*"
 				Response::Logged.new (perms == AuthD::User::PermissionLevel::Admin), accepted_domains, user_domains
 			else
diff --git a/src/storage.cr b/src/storage.cr
index dec3a0f..1b46d47 100644
--- a/src/storage.cr
+++ b/src/storage.cr
@@ -134,7 +134,7 @@ class DNSManager::Storage
 
 		matching_domains.each do |md|
 			# Prevent empty domains (from crafted requests) to be accepted.
-			return Response::InvalidDomainName.new unless (domain.chomp md).size > 2
+			return Response::InvalidDomainName.new unless (domain.chomp md).size > 1
 			Baguette::Log.info "Add new domain #{domain} (matching domain #{md})"
 		end