Merge pull request #229 from zkemail/fix/dns

DNS fixes
zkemail · Oct 16, 2024 · bc6f946 · bc6f946
2 parents 0df1721 + ba1c892
commit bc6f946
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 8 deletions.
diff --git a/packages/helpers/src/dkim/dns-archive.ts b/packages/helpers/src/dkim/dns-archive.ts
@@ -8,7 +8,7 @@ export async function resolveDNSFromZKEmailArchive(name: string, type: string) {
   }
 
   // Get domain from full dns record name - $selector._domainkey.$domain.com
-  const domain = name.split('.').slice(-2).join('.');
+  const domain = name.split('.').slice(2).join('.');
   const selector = name.split('.')[0];
 
   const queryUrl = new URL(ZKEMAIL_DNS_ARCHIVER_API);

diff --git a/packages/helpers/src/dkim/dns-over-http.ts b/packages/helpers/src/dkim/dns-over-http.ts
@@ -65,16 +65,16 @@ export class DoH {
         if (result.Status === DoH.DoHStatusNoError && result.Answer.length > 0) {
           for (const ans of result.Answer) {
             if (ans.type === DoH.DoHTypeTXT) {
-              let DKIMRecord = ans.data;
+              let dkimRecord = ans.data;
               /*
                   Remove all double quotes
                   Some DNS providers wrap TXT records in double quotes, 
                   and others like Cloudflare may include them. According to 
                   TXT (potentially multi-line) and DKIM (Base64 data) standards,
                   we can directly remove all double quotes from the DKIM public key.
               */
-              DKIMRecord = DKIMRecord.replace(/"/g, "");
-              return DKIMRecord;
+              dkimRecord = dkimRecord.replace(/"/g, "");
+              return dkimRecord;
             }
           }
         }
@@ -115,6 +115,15 @@ export async function resolveDNSHTTP(name: string, type: string) {
     throw new CustomError('No DKIM record found in Google', 'ENODATA');
   }
 
+  const regex = /p=([^;]*)/;
+  const match = regex.exec(googleResult);
+  if (match) {
+    const valueAfterP = match[1]; // Extracting the value after p=
+    if (valueAfterP === '') {
+      throw new CustomError('No DKIM record found in Google (empty p=)', 'ENODATA');
+    }
+  }
+
   const cloudflareResult = await DoH.resolveDKIMPublicKey(
     name,
     DoHServer.Cloudflare

diff --git a/packages/helpers/src/input-generators.ts b/packages/helpers/src/input-generators.ts
@@ -29,6 +29,12 @@ type InputGenerationArgs = {
   bodyMask?: number[];
 };
 
+type DKIMVerificationArgs = {
+  domain?: string;
+  enableSanitization?: boolean;
+  fallbackToZKEmailDNSArchive?: boolean;
+};
+
 function removeSoftLineBreaks(body: string[]): string[] {
   const result = [];
   let i = 0;
@@ -58,16 +64,23 @@ function removeSoftLineBreaks(body: string[]): string[] {
  *
  * @description Generate circuit inputs for the EmailVerifier circuit from raw email content
  * @param rawEmail Full email content as a buffer or string
- * @param params Arguments to control the input generation
+ * @param inputParams Arguments to control the input generation
+ * @param dkimVerificationArgs Arguments to control the DKIM verification
  * @returns Circuit inputs for the EmailVerifier circuit
  */
 export async function generateEmailVerifierInputs(
   rawEmail: Buffer | string,
-  params: InputGenerationArgs = {},
+  inputParams: InputGenerationArgs = {},
+  dkimVerificationArgs: DKIMVerificationArgs = {},
 ) {
-  const dkimResult = await verifyDKIMSignature(rawEmail);
+  const dkimResult = await verifyDKIMSignature(
+    rawEmail,
+    dkimVerificationArgs.domain,
+    dkimVerificationArgs.enableSanitization,
+    dkimVerificationArgs.fallbackToZKEmailDNSArchive,
+  );
 
-  return generateEmailVerifierInputsFromDKIMResult(dkimResult, params);
+  return generateEmailVerifierInputsFromDKIMResult(dkimResult, inputParams);
 }
 
 /**