From 96a226d90cd59773d43d9fabd243d39f73bea878 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Sat, 30 Mar 2024 00:48:09 +0100
Subject: [PATCH] Fix issue with wildcard domain blocks

---
 .../Api/V1/Admin/DomainBlocksController.php         | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/Http/Controllers/Api/V1/Admin/DomainBlocksController.php b/app/Http/Controllers/Api/V1/Admin/DomainBlocksController.php
index 66bd2f3a..955891d1 100644
--- a/app/Http/Controllers/Api/V1/Admin/DomainBlocksController.php
+++ b/app/Http/Controllers/Api/V1/Admin/DomainBlocksController.php
@@ -64,6 +64,19 @@ class DomainBlocksController extends ApiController {
 		abort_if(!strpos($domain, '.'), 400, 'Invalid domain');
 		abort_if(!filter_var($domain, FILTER_VALIDATE_DOMAIN), 400, 'Invalid domain');
 
+    $parts = explode('.', $domain);
+
+    if ($parts[0] == '*') {
+      // If we only have two parts, e.g., "*", "example", then we want to fail:
+      abort_if(count($parts) <= 2, 400, 'Invalid domain: This API does not support wildcard domain blocks yet');
+
+      // Otherwise we convert the *.foo.example to foo.example
+      $domain = implode('.', array_slice($parts, 1));
+    }
+
+    // Double check we definitely haven't let anything through:
+    abort_if(str_contains($domain, '*'), 400, 'Invalid domain');
+
     $existing_domain_block = Instance::moderated()->whereDomain($domain)->first();
 
     if ($existing_domain_block) {