Merge pull request #229 from zkemail/fix/dns

DNS fixes
2026-01-09 13:38:03 -05:00 · 2024-10-17 05:50:15 +07:00
parent 0df17211d8 ba1c892949
commit bc6f9460ab
3 changed files with 30 additions and 8 deletions
--- a/packages/helpers/src/dkim/dns-archive.ts
+++ b/packages/helpers/src/dkim/dns-archive.ts
@@ -8,7 +8,7 @@ export async function resolveDNSFromZKEmailArchive(name: string, type: string) {
  }

  // Get domain from full dns record name - $selector._domainkey.$domain.com
-  const domain = name.split('.').slice(-2).join('.');
+  const domain = name.split('.').slice(2).join('.');
  const selector = name.split('.')[0];

  const queryUrl = new URL(ZKEMAIL_DNS_ARCHIVER_API);
--- a/packages/helpers/src/dkim/dns-over-http.ts
+++ b/packages/helpers/src/dkim/dns-over-http.ts
@@ -65,7 +65,7 @@ export class DoH {
        if (result.Status === DoH.DoHStatusNoError && result.Answer.length > 0) {
          for (const ans of result.Answer) {
            if (ans.type === DoH.DoHTypeTXT) {
-              let DKIMRecord = ans.data;
+              let dkimRecord = ans.data;
              /*
                  Remove all double quotes
                  Some DNS providers wrap TXT records in double quotes, 
@@ -73,8 +73,8 @@ export class DoH {
                  TXT (potentially multi-line) and DKIM (Base64 data) standards,
                  we can directly remove all double quotes from the DKIM public key.
              */
-              DKIMRecord = DKIMRecord.replace(/"/g, "");
-              return DKIMRecord;
+              dkimRecord = dkimRecord.replace(/"/g, "");
+              return dkimRecord;
            }
          }
        }
@@ -115,6 +115,15 @@ export async function resolveDNSHTTP(name: string, type: string) {
    throw new CustomError('No DKIM record found in Google', 'ENODATA');
  }

+  const regex = /p=([^;]*)/;
+  const match = regex.exec(googleResult);
+  if (match) {
+    const valueAfterP = match[1]; // Extracting the value after p=
+    if (valueAfterP === '') {
+      throw new CustomError('No DKIM record found in Google (empty p=)', 'ENODATA');
+    }
+  }
+
  const cloudflareResult = await DoH.resolveDKIMPublicKey(
    name,
    DoHServer.Cloudflare
--- a/packages/helpers/src/input-generators.ts
+++ b/packages/helpers/src/input-generators.ts
@@ -29,6 +29,12 @@ type InputGenerationArgs = {
  bodyMask?: number[];
 };

+type DKIMVerificationArgs = {
+  domain?: string;
+  enableSanitization?: boolean;
+  fallbackToZKEmailDNSArchive?: boolean;
+};
+
 function removeSoftLineBreaks(body: string[]): string[] {
  const result = [];
  let i = 0;
@@ -58,16 +64,23 @@ function removeSoftLineBreaks(body: string[]): string[] {
 *
 * @description Generate circuit inputs for the EmailVerifier circuit from raw email content
 * @param rawEmail Full email content as a buffer or string
- * @param params Arguments to control the input generation
+ * @param inputParams Arguments to control the input generation
+ * @param dkimVerificationArgs Arguments to control the DKIM verification
 * @returns Circuit inputs for the EmailVerifier circuit
 */
 export async function generateEmailVerifierInputs(
  rawEmail: Buffer | string,
-  params: InputGenerationArgs = {},
+  inputParams: InputGenerationArgs = {},
+  dkimVerificationArgs: DKIMVerificationArgs = {},
 ) {
-  const dkimResult = await verifyDKIMSignature(rawEmail);
+  const dkimResult = await verifyDKIMSignature(
+    rawEmail,
+    dkimVerificationArgs.domain,
+    dkimVerificationArgs.enableSanitization,
+    dkimVerificationArgs.fallbackToZKEmailDNSArchive,
+  );

-  return generateEmailVerifierInputsFromDKIMResult(dkimResult, params);
+  return generateEmailVerifierInputsFromDKIMResult(dkimResult, inputParams);
 }

 /**