Fix subdomain filtering

1 files changed, 16 insertions, 2 deletions

diff --git a/src/scadere/listen.py b/src/scadere/listen.py
index 982f547..6dc8f3a 100644
--- a/src/scadere/listen.py
+++ b/src/scadere/listen.py
@@ -127,6 +127,20 @@ async def write_xml(writer, document):
         await writer.drain()
 
 
+def split_domain(domain):
+    """Split domain and order by ascending level."""
+    return tuple(domain.split('.')[::-1])
+
+
+def is_subdomain(subject, objects):
+    """Check if subject is a subdomain of any object."""
+    if not objects:
+        return True
+    sbj_parts = split_domain(subject)
+    return any(sbj_parts[:len(obj_parts)] == obj_parts
+               for obj_parts in map(split_domain, objects))
+
+
 async def handle(certs, base_url, reader, writer):
     """Handle HTTP request."""
     summaries = map(parse_summary, certs.read_text().splitlines())
@@ -138,7 +152,7 @@ async def handle(certs, base_url, reader, writer):
     request = await reader.readuntil(b'\r\n')
     url = request.removeprefix(b'GET ').rsplit(b' HTTP/', 1)[0].strip()
     url_parts = urlsplit(urljoin(base_url, url.decode()))
-    domains = tuple(parse_qs(url_parts.query).get('domain', ['']))
+    domains = tuple(parse_qs(url_parts.query).get('domain', []))
 
     if not request.startswith(b'GET '):
         await describe_status(writer, HTTPStatus.METHOD_NOT_ALLOWED)
@@ -155,7 +169,7 @@ async def handle(certs, base_url, reader, writer):
                   'version': __version__},
                  'Scadere'),
                 *(entry(base_url, cert) for cert in lookup.values()
-                  if cert[2].endswith(domains)))
+                  if is_subdomain(cert[2], domains)))
         await write_xml(writer, feed)
     elif url_parts.path in lookup:  # accessible Atom entry's link/ID
         await write_status(writer, HTTPStatus.OK)