From 823f389bce154d871b5c69205755475ecd5e9d38 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Wed, 22 May 2024 12:52:59 -0500
Subject: [PATCH] NIP05: skip network request for invalid TLDs

---
 src/utils/nip05.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/utils/nip05.ts b/src/utils/nip05.ts
index eaab6ed..840ef6d 100644
--- a/src/utils/nip05.ts
+++ b/src/utils/nip05.ts
@@ -1,6 +1,7 @@
 import { NIP05, NStore } from '@nostrify/nostrify';
 import Debug from '@soapbox/stickynotes/debug';
 import { nip19 } from 'nostr-tools';
+import tldts from 'tldts';
 
 import { Conf } from '@/config.ts';
 import { SimpleLRU } from '@/utils/SimpleLRU.ts';
@@ -13,7 +14,14 @@ const debug = Debug('ditto:nip05');
 const nip05Cache = new SimpleLRU<string, nip19.ProfilePointer>(
   async (key, { signal }) => {
     debug(`Lookup ${key}`);
+    const tld = tldts.parse(key);
+
+    if (!tld.isIcann || tld.isIp || tld.isPrivate) {
+      throw new Error(`Invalid NIP-05: ${key}`);
+    }
+
     const [name, domain] = key.split('@');
+
     try {
       if (domain === Conf.url.host) {
         const store = await Storages.db();