feat/enterpriseportal: validate and normalize instance domains (#63415)

Validates domains on update (subscription and member) to ensure that we
don't get anything too wonky.

## Test plan

Tests

Author: bobheadxi

cmd/enterprise-portal/internal/subscriptionsservice/v1.go

@@ -335,6 +335,14 @@ func (s *handlerV1) UpdateEnterpriseSubscription(ctx context.Context, req *conne
 		}
 	}
 
+	// Validate and normalize the domain
+	if opts.InstanceDomain != "" {
+		opts.InstanceDomain, err = subscriptionsv1.NormalizeInstanceDomain(opts.InstanceDomain)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeInvalidArgument, errors.Wrap(err, "invalid instance domain"))
+		}
+	}
+
 	subscription, err := s.store.UpsertEnterpriseSubscription(ctx, subscriptionID, opts)
 	if err != nil {
 		return nil, connectutil.InternalError(ctx, logger, err, "upsert subscription")
@@ -396,6 +404,11 @@ func (s *handlerV1) UpdateEnterpriseSubscriptionMembership(ctx context.Context,
 			return nil, connect.NewError(connect.CodeNotFound, errors.New("subscription not found"))
 		}
 	} else if instanceDomain != "" {
+		// Validate and normalize the domain
+		instanceDomain, err = subscriptionsv1.NormalizeInstanceDomain(instanceDomain)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeInvalidArgument, errors.Wrap(err, "invalid instance domain"))
+		}
 		subscriptions, err := s.store.ListEnterpriseSubscriptions(
 			ctx,
 			database.ListEnterpriseSubscriptionsOptions{

lib/enterpriseportal/subscriptions/v1/BUILD.bazel

@@ -1,3 +1,4 @@
+load("//dev:go_defs.bzl", "go_test")
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 load("@rules_proto//proto:defs.bzl", "proto_library")
 load("@rules_proto_grpc//doc:defs.bzl", "doc_template_compile")
@@ -30,6 +31,7 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/lib/enterpriseportal/subscriptions/v1",
     visibility = ["//visibility:public"],
     deps = [
+        "//lib/errors",
         "@org_golang_google_grpc//:grpc",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//status",
@@ -46,3 +48,14 @@ buf_lint_test(
     config = "//internal:buf.yaml",
     targets = [":v1_proto"],
 )
+
+go_test(
+    name = "subscriptions_test",
+    srcs = ["v1_test.go"],
+    embed = [":subscriptions"],
+    deps = [
+        "@com_github_hexops_autogold_v2//:autogold",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+    ],
+)

lib/enterpriseportal/subscriptions/v1/v1.go

@@ -1,5 +1,12 @@
 package v1
 
+import (
+	"net/url"
+	"strings"
+
+	"github.com/sourcegraph/sourcegraph/lib/errors"
+)
+
 const (
 	// EnterpriseSubscriptionIDPrefix is the prefix for a subscription ID
 	// ('es' for 'Enterprise Subscription').
@@ -8,3 +15,30 @@ const (
 	// ('esl' for 'Enterprise Subscription License').
 	EnterpriseSubscriptionLicenseIDPrefix = "esl_"
 )
+
+// NormalizeInstanceDomain normalizes the given instance domain to just the
+// hostname.
+func NormalizeInstanceDomain(domain string) (string, error) {
+	// Basic validation because url.Parse is VERY generous
+	if domain == "" {
+		return "", errors.New("domain is empty")
+	}
+	if !strings.Contains(domain, ".") {
+		return "", errors.New("domain does contain a '.'")
+	}
+
+	u, err := url.Parse(domain)
+	if err != nil {
+		return "", errors.Wrap(err, "domain is not a valid URL")
+	}
+
+	// If the parsing didn't find a scheme, assume HTTP and try again.
+	if u.Scheme == "" && u.Host == "" {
+		u, err = url.Parse("http://" + domain)
+		if err != nil {
+			return "", errors.Wrap(err, "invalid URL")
+		}
+	}
+
+	return u.Host, nil
+}

lib/enterpriseportal/subscriptions/v1/v1_test.go

@@ -0,0 +1,61 @@
+package v1
+
+import (
+	"testing"
+
+	"github.com/hexops/autogold/v2"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNormalizeInstanceDomain(t *testing.T) {
+	for _, tc := range []struct {
+		name       string
+		domain     string
+		wantDomain autogold.Value
+		wantError  autogold.Value
+	}{{
+		name:       "normal URL",
+		domain:     "https://souregraph.com/",
+		wantDomain: autogold.Expect("souregraph.com"),
+	}, {
+		name:       "already a host",
+		domain:     "sourcegraph.com",
+		wantDomain: autogold.Expect("sourcegraph.com"),
+	}, {
+		name:       "subdomain",
+		domain:     "foo.sourcegraph.com",
+		wantDomain: autogold.Expect("foo.sourcegraph.com"),
+	}, {
+		name:       "host with trailing slash",
+		domain:     "sourcegraph.com/",
+		wantDomain: autogold.Expect("sourcegraph.com"),
+	}, {
+		name:       "normal URL with path",
+		domain:     "https://souregraph.com/search",
+		wantDomain: autogold.Expect("souregraph.com"),
+	}, {
+		name:      "clearly not a domain",
+		domain:    "foo-bar",
+		wantError: autogold.Expect("domain does contain a '.'"),
+	}, {
+		name:      "empty value",
+		domain:    "",
+		wantError: autogold.Expect("domain is empty"),
+	}} {
+		t.Run(tc.name, func(t *testing.T) {
+			gotDomain, err := NormalizeInstanceDomain(tc.domain)
+			if tc.wantError != nil {
+				require.Error(t, err)
+				tc.wantError.Equal(t, err.Error())
+			} else {
+				assert.NoError(t, err)
+			}
+			if tc.wantDomain != nil {
+				tc.wantDomain.Equal(t, gotDomain)
+			} else {
+				assert.Empty(t, gotDomain)
+			}
+		})
+	}
+}

lib/go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db
 	github.com/hexops/autogold/v2 v2.0.3
-	github.com/jackc/pgconn v1.14.0
+	github.com/jackc/pgconn v1.14.3
 	github.com/json-iterator/go v1.1.12
 	github.com/klauspost/pgzip v1.2.5
 	github.com/mattn/go-isatty v0.0.18