fetch-node: ensure unicast checks allow psl domains (#3379)

bluesky-social · Jan 16, 2025 · 9c01281 · 9c01281
1 parent 4ab7075
commit 9c01281
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/.changeset/silver-birds-run.md b/.changeset/silver-birds-run.md
@@ -0,0 +1,5 @@
+---
+"@atproto-labs/fetch-node": patch
+---
+
+Unicast checks should permit PSL domains.
diff --git a/packages/internal/fetch-node/src/unicast.ts b/packages/internal/fetch-node/src/unicast.ts
@@ -9,7 +9,7 @@ import {
   FetchRequestError,
 } from '@atproto-labs/fetch'
 import ipaddr from 'ipaddr.js'
-import { isValid as isValidDomain } from 'psl'
+import { parse as pslParse } from 'psl'
 import { Agent, Client } from 'undici'
 
 import { isUnicastIp } from './util.js'
@@ -185,6 +185,14 @@ export function unicastLookup(
   })
 }
 
+// see lupomontero/psl#258 for context on psl usage.
+// in short, this ensures a structurally valid domain
+// plus a "listed" tld.
+function isValidDomain(domain: string) {
+  const parsed = pslParse(domain)
+  return !parsed.error && parsed.listed
+}
+
 function isNotUnicast(ip: ipaddr.IPv4 | ipaddr.IPv6): boolean {
   return ip.range() !== 'unicast'
 }