Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Checking if a user owns a domain
Paul Walker
Paul Walker

Posted on • Originally published atsolarwinter.net on

     

Checking if a user owns a domain

The technique we’re using is the one used by Google, Microsoft and others to verify that you've got some authority over a domain. So while it's not foolproof, at least we're in good company!

The code in this article is TypeScript, but the same method would work in most languages.

Overview

All of the verification methods I've seen rely on the user being able to modify the site in some way - which makes sense, since you're checking if they have control over the site they're trying to use.

Most of them seem to have settled on using some form of DNS entry - a special record which they can check actually exists.

Quick DNS intro

This is very brief; for a (slightly) fuller introduction to the DNS, seemy other post.

The Domain Name System consists of records giving information to computers accessing the internet. There are quite a few different types of record. The most basic one is called an A record, A for address. It essentially says "this text - foobar.example.com - points to this IP address".

There are a number of reserved addresses which have particular meanings. One useful address is127.0.0.1 - that always means "this computer". The symbolic name for it islocalhost.

The plan

We want to check the user can modify the DNS entries for that domain, but not with anything particularly disruptive or complicated - the more complicated we make it the more likely it is that user error will creep in.

The simplest way - generate a random subdomain and have them create an A record pointing to127.0.0.1.

Generating an alias

There are many different ways to do this. I chose to use the Nodeuuid module and take the first 8 characters. 8 was chosen because it was random enough for our purposes, and because it was the first 'lump' in the v4 UUID.

siteDetails["alias"] = uuid().substr(0, 8);
Enter fullscreen modeExit fullscreen mode

Checking the alias

Using the Nodedns module we can resolve the alias we created; we appenddomain after it, makingalias a subdomain.

The plaindns methods are callback based; it also supplies adnsPromises set of APIs which are Promise based. We’ll usethat resolve methodfor convenience.

import dns from "dns";const dnsPromises = dns.promises;type Site = {  alias: string; // Alias we'll be verifying  domain: string; // Domain the user gave us  verified: boolean; // Is it verified yet}async function verifySite(site: Site) {  try {    const res = await dnsPromises.resolve(site.alias + "." + site.domain);    const valid = ((res.length == 1) && (res[0] == "127.0.0.1"));    site.verified = valid;  } catch (err) {    console.error(`Error ${err} doing site ${site.id} verification`);  }}
Enter fullscreen modeExit fullscreen mode

We’re expecting result of the lookup to be a single entry,127.0.0.1 - if it is then we called it verified. Lastly, we make sure the data reflects what we just found.

Running checks in the background

We now have a function which we can use to verify domains. The last stage is to have it run periodically in the background, rather than on-demand.

The implementation I used is below. I haven’t included the utility functions (likegetAllSites, but the code should still be understandable without those.

startBackground usesDOMAIN_VERIFY_PERIOD_SECONDS from the environment if it’s defined - if it isn’t it defaults to 300 seconds (5 minutes). It then usessetInterval to scheduleverifySites.setInterval takes milliseconds as an argument, so we convert it first.

verifySites simply gets the current list of sites and runsverifySite on all of them.

Lastly,stopBackground will cancel the interval function if it’s been scheduled to run.

import { getAllSites } from "./queries";let domainCheckId: NodeJS.Timeout | null = null;export async function verifySites() {  const sites: Site[] = await getAllSites();  sites.forEach(site => verifySite(site));}export function startBackground(): void {  const SECOND = 1000;  const period: number = parseInt(process.env.DOMAIN_VERIFY_PERIOD_SECONDS || "300");  console.log(`Starting domainCheck, period ${period} seconds`);  domainCheckId = setInterval(verifySites, SECOND * period);}export function stopBackground(): void {  if (domainCheckId) {    clearInterval(domainCheckId);    domainCheckId = null;  }}
Enter fullscreen modeExit fullscreen mode

And that’s it - those functions are enough to start verifying domains in the background. Let me know if you use it!

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

  • Location
    Bristol, UK
  • Joined

More fromPaul Walker

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp