Address CR

Author: arjunkomath

apps/web/package.json

@@ -27,6 +27,7 @@
     "@supabase/supabase-js": "^2.39.3",
     "@tailwindcss/typography": "^0.5.1",
     "@types/canvas-confetti": "^1.6.4",
+    "@types/validator": "^13.15.3",
     "@vercel/og": "^0.0.20",
     "canvas-confetti": "^1.9.3",
     "chrono-node": "^2.7.6",
@@ -66,6 +67,7 @@
     "use-debounce": "^7.0.1",
     "use-file-picker": "^1.4.1",
     "uuid": "^8.3.2",
+    "validator": "^13.15.15",
     "yup": "^1.3.3"
   },
   "devDependencies": {

apps/web/pages/api/pages/settings/remove-domain.ts

@@ -1,3 +1,4 @@
+import isFQDN from "validator/lib/isFQDN";
 import { withAuth } from "../../../../utils/withAuth";
 
 const removeDomain = withAuth<{ success: boolean }>(
@@ -6,6 +7,13 @@ const removeDomain = withAuth<{ success: boolean }>(
 
     console.log("removeDomain", user?.id, `domain: ${domain}`);
 
+    if (
+      typeof domain !== "string" ||
+      !isFQDN(domain, { require_tld: true, allow_underscores: false })
+    ) {
+      return res.status(400).json({ success: false });
+    }
+
     const response = await fetch(
       `https://api.vercel.com/v8/projects/${process.env.VERCEL_PAGES_PROJECT_ID}/domains/${domain}?teamId=${process.env.VERCEL_TEAM_ID}`,
       {