geolocation: add client-side validation for result destination

ben-dz · ben-dz · commit f4daf9f7e663 · 2026-04-08T11:06:42.000-04:00
diff --git a/smartcontract/cli/src/geolocation/user/set_result_destination.rs b/smartcontract/cli/src/geolocation/user/set_result_destination.rs
@@ -1,10 +1,11 @@
 use crate::{geoclicommand::GeoCliCommand, validators::validate_code};
 use clap::Args;
+use doublezero_geolocation::validation::validate_public_ip;
 use doublezero_sdk::geolocation::geolocation_user::{
     get::GetGeolocationUserCommand, set_result_destination::SetResultDestinationCommand,
 };
 use solana_sdk::pubkey::Pubkey;
-use std::io::Write;
+use std::{io::Write, net::Ipv4Addr};
 
 #[derive(Args, Debug)]
 pub struct SetResultDestinationCliCommand {
@@ -19,13 +20,69 @@ pub struct SetResultDestinationCliCommand {
     pub clear: bool,
 }
 
+fn validate_domain(host: &str) -> eyre::Result<()> {
+    if host.len() > 253 {
+        return Err(eyre::eyre!(
+            "domain too long ({} chars, max 253)",
+            host.len()
+        ));
+    }
+    let labels: Vec<&str> = host.split('.').collect();
+    if labels.len() < 2 {
+        return Err(eyre::eyre!(
+            "domain must have at least two labels (e.g., \"example.com\")"
+        ));
+    }
+    for label in &labels {
+        if label.is_empty() || label.len() > 63 {
+            return Err(eyre::eyre!("invalid domain label length: {}", label.len()));
+        }
+        if label.starts_with('-') || label.ends_with('-') {
+            return Err(eyre::eyre!(
+                "domain label \"{}\" cannot start or end with a hyphen",
+                label
+            ));
+        }
+        if !label.chars().all(|c| c.is_ascii_alphanumeric() || c == '-') {
+            return Err(eyre::eyre!(
+                "domain label \"{}\" contains invalid characters",
+                label
+            ));
+        }
+    }
+    Ok(())
+}
+
+fn validate_destination(destination: &str) -> eyre::Result<()> {
+    let colon_pos = destination.rfind(':').ok_or_else(|| {
+        eyre::eyre!("invalid destination \"{destination}\": expected host:port format")
+    })?;
+    let host = &destination[..colon_pos];
+    let port_str = &destination[colon_pos + 1..];
+
+    port_str
+        .parse::<u16>()
+        .map_err(|_| eyre::eyre!("invalid port \"{port_str}\": must be a number 0-65535"))?;
+
+    if let Ok(ip) = host.parse::<Ipv4Addr>() {
+        validate_public_ip(&ip).map_err(|e| eyre::eyre!("invalid IP address {host}: {e}"))?;
+        return Ok(());
+    }
+
+    validate_domain(host)?;
+    Ok(())
+}
+
 impl SetResultDestinationCliCommand {
     pub fn execute<C: GeoCliCommand, W: Write>(self, client: &C, out: &mut W) -> eyre::Result<()> {
         let destination = if self.clear {
             String::new()
         } else {
-            self.destination
-                .ok_or_else(|| eyre::eyre!("--destination is required (or use --clear)"))?
+            let dest = self
+                .destination
+                .ok_or_else(|| eyre::eyre!("--destination is required (or use --clear)"))?;
+            validate_destination(&dest)?;
+            dest
         };
 
         let (_, user) = client.get_geolocation_user(GetGeolocationUserCommand {
@@ -195,4 +252,35 @@ mod tests {
         assert!(res.is_err());
         assert!(res.unwrap_err().to_string().contains("--destination"));
     }
+
+    #[test]
+    fn test_cli_set_result_destination_invalid_destinations() {
+        let cases = vec![
+            ("no-port", "expected host:port"),
+            ("10.0.0.1:9000", "invalid IP"),
+            ("192.168.1.1:9000", "invalid IP"),
+            ("example.com:99999", "invalid port"),
+            ("example.com:abc", "invalid port"),
+            ("bad..domain:80", "invalid domain label length"),
+            ("-bad.example.com:80", "cannot start or end with a hyphen"),
+            ("localhost:9000", "at least two labels"),
+            ("bad_label.example.com:80", "invalid characters"),
+        ];
+        for (dest, expected_msg) in cases {
+            let client = MockGeoCliCommand::new();
+            let mut output = Vec::new();
+            let res = SetResultDestinationCliCommand {
+                user: "geo-user-01".to_string(),
+                destination: Some(dest.to_string()),
+                clear: false,
+            }
+            .execute(&client, &mut output);
+            assert!(res.is_err(), "expected error for destination \"{dest}\"");
+            let err = res.unwrap_err().to_string();
+            assert!(
+                err.contains(expected_msg),
+                "destination \"{dest}\": expected error containing \"{expected_msg}\", got \"{err}\""
+            );
+        }
+    }
 }
