From 50af44bc2fa7a578b3e141518ffcef2e32976325 Mon Sep 17 00:00:00 2001
From: Adrien Raffin-Caboisse <adrien.raffin@sekoia.fr>
Date: Mon, 21 Feb 2022 20:06:31 +0100
Subject: [PATCH] fix: add error checking in acl and poll

If aclPolicy is not defined, in updateAclPolicy, return an error.
---
 acls.go |  4 ++++
 poll.go | 17 +++++++++--------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/acls.go b/acls.go
index f9ed09da..db2fc588 100644
--- a/acls.go
+++ b/acls.go
@@ -86,6 +86,10 @@ func (h *Headscale) UpdateACLRules() error {
 func (h *Headscale) generateACLRules() ([]tailcfg.FilterRule, error) {
 	rules := []tailcfg.FilterRule{}
 
+	if h.aclPolicy == nil {
+		return nil, errEmptyPolicy
+	}
+
 	machines, err := h.ListAllMachines()
 	if err != nil {
 		return nil, err
diff --git a/poll.go b/poll.go
index 96db43f2..21aa3b33 100644
--- a/poll.go
+++ b/poll.go
@@ -95,15 +95,16 @@ func (h *Headscale) PollNetMapHandler(ctx *gin.Context) {
 	now := time.Now().UTC()
 
 	// update ACLRules with peer informations (to update server tags if necessary)
-	err = h.UpdateACLRules()
-	if err != nil {
-		log.Error().
-			Caller().
-			Str("func", "handleAuthKey").
-			Str("machine", machine.Name).
-			Err(err)
+	if h.aclPolicy != nil {
+		err = h.UpdateACLRules()
+		if err != nil {
+			log.Error().
+				Caller().
+				Str("func", "handleAuthKey").
+				Str("machine", machine.Name).
+				Err(err)
+		}
 	}
-
 	// From Tailscale client:
 	//
 	// ReadOnly is whether the client just wants to fetch the MapResponse,