From 04e1335173fcb12fca16f932e78b73edd94c1551 Mon Sep 17 00:00:00 2001
From: Nathan Woodburn <github@nathan.woodburn.au>
Date: Tue, 22 Apr 2025 18:54:57 +1000
Subject: [PATCH] fix: Add more strict domain checking

---
 discord-bot/bot.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/discord-bot/bot.py b/discord-bot/bot.py
index 9915466..d71e06b 100644
--- a/discord-bot/bot.py
+++ b/discord-bot/bot.py
@@ -4,6 +4,7 @@ import discord
 from discord import app_commands
 import requests
 import asyncio
+import re
 
 load_dotenv()
 TOKEN = os.getenv('DISCORD_TOKEN')
@@ -79,6 +80,12 @@ async def createsite(ctx, domain: str, licence: str = None):
         await ctx.response.send_message("You must specify a domain without http:// or https://",ephemeral=True)
         return
 
+    domain = domain.lower().trim()
+    # Regex for a domain (or a tld)
+    if not re.match(r'^[a-z0-9-]+(\.[a-z0-9-]+)*$', domain):
+        await ctx.response.send_message("You must specify a valid domain",ephemeral=True)
+        return
+
     if FREE_LICENCE == True: # If free licences are enabled then auto generate a licence
         r = requests.post(f"http://{Master_IP}:{Master_Port}/add-licence",headers={"key":os.getenv('LICENCE_KEY')})
         if r.status_code == 200: