1
0
mirror of https://github.com/juanfont/headscale.git synced 2024-12-20 19:09:07 +01:00

Add AlreadyUsed field to Auth Keys (fixes #157 and #158)

This commit is contained in:
Juan Font Alonso 2021-10-13 18:13:26 +02:00
parent dd1e425d02
commit 30788e1a70
4 changed files with 20 additions and 3 deletions

3
api.go
View File

@ -395,6 +395,9 @@ func (h *Headscale) handleAuthKey(c *gin.Context, db *gorm.DB, idKey wgkey.Key,
m.RegisterMethod = "authKey"
db.Save(&m)
pak.AlreadyUsed = true
db.Save(&pak)
resp.MachineAuthorized = true
resp.User = *pak.Namespace.toUser()
respBody, err := encode(resp, &idKey, h.privateKey)

View File

@ -57,7 +57,7 @@ var listPreAuthKeys = &cobra.Command{
return
}
d := pterm.TableData{{"ID", "Key", "Reusable", "Ephemeral", "Expiration", "Created"}}
d := pterm.TableData{{"ID", "Key", "Reusable", "Ephemeral", "AlreadyUsed", "Expiration", "Created"}}
for _, k := range *keys {
expiration := "-"
if k.Expiration != nil {
@ -76,6 +76,7 @@ var listPreAuthKeys = &cobra.Command{
k.Key,
reusable,
strconv.FormatBool(k.Ephemeral),
fmt.Sprintf("%v", k.AlreadyUsed),
expiration,
k.CreatedAt.Format("2006-01-02 15:04:05"),
})

View File

@ -21,6 +21,7 @@ type PreAuthKey struct {
Namespace Namespace
Reusable bool
Ephemeral bool `gorm:"default:false"`
AlreadyUsed bool `gorm:"default:false"`
CreatedAt *time.Time
Expiration *time.Time
@ -110,11 +111,10 @@ func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
return nil, err
}
if len(machines) != 0 {
if len(machines) != 0 || pak.AlreadyUsed {
return nil, errorAuthKeyNotReusableAlreadyUsed
}
// missing here validation on current usage
return &pak, nil
}

View File

@ -180,3 +180,16 @@ func (*Suite) TestExpirePreauthKey(c *check.C) {
c.Assert(err, check.Equals, errorAuthKeyExpired)
c.Assert(p, check.IsNil)
}
func (*Suite) TestNotReusableMarkedAsAlreadyUsed(c *check.C) {
n, err := h.CreateNamespace("test6")
c.Assert(err, check.IsNil)
pak, err := h.CreatePreAuthKey(n.Name, false, false, nil)
c.Assert(err, check.IsNil)
pak.AlreadyUsed = true
h.db.Save(&pak)
_, err = h.checkKeyValidity(pak.Key)
c.Assert(err, check.Equals, errorAuthKeyNotReusableAlreadyUsed)
}