From 5433362b11ac21130f84e5b1761c2c15aa87fef5 Mon Sep 17 00:00:00 2001
From: Hector Sanjuan <code@hector.link>
Date: Wed, 18 Oct 2023 19:35:03 +0200
Subject: [PATCH] Handle IPNS names without dots

When checking if an ipfs name is blocked, we may get an
`/ipns/{dnslink_name}` where the `{dnslink_name}` has been
encoded according to

https://specs.ipfs.tech/http-gateways/subdomain-gateway/#host-request-header

That is, "." has been replaced with "-" and "-" has been replaced with "--".

Because of this, when the given dns name has no dots, we undo things are
replace "--" with "-" and "-" with ".".
---
 denylist.go      | 30 ++++++++++++++++++++++++++++++
 tester/tester.go |  2 ++
 2 files changed, 32 insertions(+)

diff --git a/denylist.go b/denylist.go
index 7d49926..2d09f08 100644
--- a/denylist.go
+++ b/denylist.go
@@ -511,6 +511,31 @@ func (dl *Denylist) IsSubpathBlocked(subpath string) StatusResponse {
 	}
 }
 
+func toDNSLinkFQDN(label string) string {
+	var result strings.Builder
+	for i := 0; i < len(label); i++ {
+		char := rune(label[i])
+		nextChar := rune(0)
+		if i < len(label)-1 {
+			nextChar = rune(label[i+1])
+		}
+
+		if char == '-' && nextChar == '-' {
+			result.WriteRune('-')
+			i++
+			continue
+		}
+
+		if char == '-' {
+			result.WriteRune('.')
+			continue
+		}
+
+		result.WriteRune(char)
+	}
+	return result.String()
+}
+
 // IsIPNSPathBlocked returns Blocking Status for a given IPNS name and its
 // subpath. The name is NOT an "/ipns/name" path, but just the name.
 func (dl *Denylist) IsIPNSPathBlocked(name, subpath string) StatusResponse {
@@ -534,6 +559,11 @@ func (dl *Denylist) IsIPNSPathBlocked(name, subpath string) StatusResponse {
 	c, err := cid.Decode(key)
 	if err == nil {
 		key = c.Hash().B58String()
+	} else if !strings.ContainsRune(key, '.') {
+		// not a CID. It must be a ipns-dnslink name if it does not
+		// contain ".", maybe they got replaced by "-"
+		// https://specs.ipfs.tech/http-gateways/subdomain-gateway/#host-request-header
+		key = toDNSLinkFQDN(key)
 	}
 	logger.Debugf("IsIPNSPathBlocked load: %s %s", key, subpath)
 	entries, _ := dl.IPNSBlocksDB.Load(key)
diff --git a/tester/tester.go b/tester/tester.go
index 4cee1c1..faa5c69 100644
--- a/tester/tester.go
+++ b/tester/tester.go
@@ -265,10 +265,12 @@ func (s *Suite) testIPNSPath() error {
 	// rule6
 	rule6 := []string{
 		"/ipns/domain.example",
+		"/ipns/domain-example",
 	}
 	rule6allowed := []string{
 		"/ipns/domainaefa.example",
 		"/ipns/domain.example/path",
+		"/ipns/domain--example",
 	}
 
 	if err := s.testPaths(rule6, n, "rule6", false); err != nil {