From 9c01281931a371304bcfa465005d7363c003bc5f Mon Sep 17 00:00:00 2001
From: devin ivy <devinivy@gmail.com>
Date: Thu, 16 Jan 2025 18:43:27 -0500
Subject: [PATCH] fetch-node: ensure unicast checks allow psl domains (#3379)

---
 .changeset/silver-birds-run.md              |  5 +++++
 packages/internal/fetch-node/src/unicast.ts | 10 +++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/silver-birds-run.md

diff --git a/.changeset/silver-birds-run.md b/.changeset/silver-birds-run.md
new file mode 100644
index 00000000000..2521fe33e1a
--- /dev/null
+++ b/.changeset/silver-birds-run.md
@@ -0,0 +1,5 @@
+---
+"@atproto-labs/fetch-node": patch
+---
+
+Unicast checks should permit PSL domains.
diff --git a/packages/internal/fetch-node/src/unicast.ts b/packages/internal/fetch-node/src/unicast.ts
index 92ca7416938..aae1f9ae33b 100644
--- a/packages/internal/fetch-node/src/unicast.ts
+++ b/packages/internal/fetch-node/src/unicast.ts
@@ -9,7 +9,7 @@ import {
   FetchRequestError,
 } from '@atproto-labs/fetch'
 import ipaddr from 'ipaddr.js'
-import { isValid as isValidDomain } from 'psl'
+import { parse as pslParse } from 'psl'
 import { Agent, Client } from 'undici'
 
 import { isUnicastIp } from './util.js'
@@ -185,6 +185,14 @@ export function unicastLookup(
   })
 }
 
+// see lupomontero/psl#258 for context on psl usage.
+// in short, this ensures a structurally valid domain
+// plus a "listed" tld.
+function isValidDomain(domain: string) {
+  const parsed = pslParse(domain)
+  return !parsed.error && parsed.listed
+}
+
 function isNotUnicast(ip: ipaddr.IPv4 | ipaddr.IPv6): boolean {
   return ip.range() !== 'unicast'
 }