fix: worker DNS check for SPF

un · Aug 26, 2024 · e7c669e · e7c669e
1 parent 2dde482
commit e7c669e
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/apps/worker/env.ts b/apps/worker/env.ts
@@ -3,6 +3,7 @@ import { z } from 'zod';
 
 export const env = createEnv({
  server: {
+ PRIMARY_DOMAIN: z.string(),
  PLATFORM_URL: z.string().url(),
  DB_REDIS_CONNECTION_STRING: z.string().min(1),
  WORKER_ACCESS_KEY: z.string().min(32),

diff --git a/apps/worker/functions/check-dns.ts b/apps/worker/functions/check-dns.ts
@@ -23,7 +23,7 @@ export async function checkDns(publicId: TypeId<'domains'>) {
  value: domainInfo.verificationToken
  },
  spf: {
- includes: `_spf.${domainInfo.postalHost}`
+ includes: [`_spf.${env.PRIMARY_DOMAIN}`]
  },
  dkim: {
  key: domainInfo.dkimKey,

diff --git a/packages/utils/dns/verifier.ts b/packages/utils/dns/verifier.ts
@@ -21,7 +21,7 @@ type ExpectedDnsRecords = {
  priority: number;
  };
  spf: {
- includes: string;
+ includes: string[];
  };
  dkim: {
  key: string | null;
@@ -72,7 +72,8 @@ export async function dnsVerifier({ rootDomain, expected }: DnsVerifierInput) {
  spfTxtRecords.data.find((_) => _.startsWith('v=spf1')) ?? ''
  );
  results.spf.valid =
- !!spfRecords && spfRecords.includes.includes(expected.spf.includes);
+ !!spfRecords &&
+ expected.spf.includes.some((_) => spfRecords.includes.includes(_));
  results.spf.current = spfRecords;
  }