nekomimi.pet / wisp.place-monorepo
Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
fork atom

enhance DNS verification to prevent ownership race conditions during domain validation

nekomimi.pet 5ab414c1 c5a7d252

0/2
deploy-wisp.yml
test.yml
options
unified split
Changed files
+20 -1
src
lib
dns-verification-worker.ts
+20 -1
src/lib/dns-verification-worker.ts
··· 100 100 // Extract hash from id (SHA256 of did:domain) 101 101 const expectedHash = id.substring(0, 16); 102 102 103 - // Verify DNS records 103 + // Verify DNS records - this will only verify if TXT record matches this specific DID 104 104 const result = await verifyCustomDomain(domain, did, expectedHash); 105 105 106 106 if (result.verified) { 107 + // Double-check: ensure this record is still the current owner in database 108 + // This prevents race conditions where domain ownership changed during verification 109 + const currentOwner = await db<Array<{ id: string; did: string; verified: boolean }>>` 110 + SELECT id, did, verified FROM custom_domains WHERE domain = ${domain} 111 + `; 112 + 113 + const isStillOwner = currentOwner.length > 0 && currentOwner[0].id === id; 114 + 115 + if (!isStillOwner) { 116 + this.log(`⚠️ Domain ownership changed during verification: ${domain}`, { 117 + expectedId: id, 118 + expectedDid: did, 119 + actualId: currentOwner[0]?.id, 120 + actualDid: currentOwner[0]?.did 121 + }); 122 + runStats.failed++; 123 + continue; 124 + } 125 + 107 126 // Update verified status and last_verified_at timestamp 108 127 await db` 109 128 UPDATE custom_domains