From 3f5c2b9905b9434b6930512c0d7de27cff6cb23a Mon Sep 17 00:00:00 2001
From: Christian Ditaputratama <ditatompel@gmail.com>
Date: Wed, 6 Nov 2024 20:21:15 +0700
Subject: [PATCH] feat: Added TOR address validation #149

---
 internal/monero/monero.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/internal/monero/monero.go b/internal/monero/monero.go
index cad166d..bd0fac2 100644
--- a/internal/monero/monero.go
+++ b/internal/monero/monero.go
@@ -8,6 +8,7 @@ import (
 	"log/slog"
 	"math"
 	"net"
+	"regexp"
 	"slices"
 	"strings"
 	"time"
@@ -221,8 +222,8 @@ func (r *moneroRepo) Add(protocol string, hostname string, port uint) error {
 		ipAddr = hostIp.String()
 		ips = ip.SliceToString(hostIps)
 	} else {
-		if strings.HasPrefix(hostname, "http://") || strings.HasPrefix(hostname, "https://") {
-			return errors.New("Don't start hostname with http:// or https://, just put your hostname")
+		if !validTorHostname(hostname) {
+			return errors.New("Invalid TOR v3 .onion hostname")
 		}
 	}
 
@@ -295,6 +296,12 @@ func (r *moneroRepo) Add(protocol string, hostname string, port uint) error {
 	return nil
 }
 
+// Checks if a given hostname is a valid TOR v3 .onion address
+// TOR v3 .onion addresses are 56 characters of base32 followed by ".onion"
+func validTorHostname(hostname string) bool {
+	return regexp.MustCompile(`^[a-z2-7]{56}\.onion$`).MatchString(hostname)
+}
+
 func (r *moneroRepo) Delete(id uint) error {
 	if _, err := r.db.Exec(`DELETE FROM tbl_node WHERE id = ?`, id); err != nil {
 		return err