From 3fa1ac9c793177d0238026020fe602deb2c2361f Mon Sep 17 00:00:00 2001
From: Felix Yan <felixonmars@archlinux.org>
Date: Sun, 8 Aug 2021 01:52:01 +0800
Subject: [PATCH 1/5] Correct a typo in routes.go

---
 routes.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routes.go b/routes.go
index 4838cda6..7c83436e 100644
--- a/routes.go
+++ b/routes.go
@@ -47,7 +47,7 @@ func (h *Headscale) EnableNodeRoute(namespace string, nodeName string, routeStr
 
 			// THIS IS COMPLETELY USELESS.
 			// The peers map is stored in memory in the server process.
-			// Definetely not accessible from the CLI tool.
+			// Definitely not accessible from the CLI tool.
 			// We need RPC to the server - or some kind of 'needsUpdate' field in the DB
 			peers, _ := h.getPeers(*m)
 			for _, p := range *peers {

From 226cb89d97da6ab77ec4afecda18c4e7b5b5bd3a Mon Sep 17 00:00:00 2001
From: Juan Font <juanfontalonso@gmail.com>
Date: Sat, 7 Aug 2021 23:57:52 +0200
Subject: [PATCH 2/5] Added func to expire PAKs

---
 preauth_keys.go      |  7 +++++++
 preauth_keys_test.go | 17 +++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/preauth_keys.go b/preauth_keys.go
index 7cffceae..460797c4 100644
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -67,6 +67,13 @@ func (h *Headscale) GetPreAuthKeys(namespaceName string) (*[]PreAuthKey, error)
 	return &keys, nil
 }
 
+func (h *Headscale) MarkExpirePreAuthKey(k *PreAuthKey) error {
+	if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
+		return err
+	}
+	return nil
+}
+
 // checkKeyValidity does the heavy lifting for validation of the PreAuthKey coming from a node
 // If returns no error and a PreAuthKey, it can be used
 func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
diff --git a/preauth_keys_test.go b/preauth_keys_test.go
index 6f1369c5..37f2e4dd 100644
--- a/preauth_keys_test.go
+++ b/preauth_keys_test.go
@@ -163,3 +163,20 @@ func (*Suite) TestEphemeralKey(c *check.C) {
 	_, err = h.GetMachine("test7", "testest")
 	c.Assert(err, check.NotNil)
 }
+
+func (*Suite) TestExpirePreauthKey(c *check.C) {
+	n, err := h.CreateNamespace("test3")
+	c.Assert(err, check.IsNil)
+
+	pak, err := h.CreatePreAuthKey(n.Name, true, false, nil)
+	c.Assert(err, check.IsNil)
+	c.Assert(pak.Expiration, check.IsNil)
+
+	err = h.MarkExpirePreAuthKey(pak)
+	c.Assert(err, check.IsNil)
+	c.Assert(pak.Expiration, check.NotNil)
+
+	p, err := h.checkKeyValidity(pak.Key)
+	c.Assert(err, check.Equals, errorAuthKeyExpired)
+	c.Assert(p, check.IsNil)
+}

From 05e08e0ac724eeda8336223c9578d08af4f22c56 Mon Sep 17 00:00:00 2001
From: Juan Font <juanfontalonso@gmail.com>
Date: Sun, 8 Aug 2021 00:10:30 +0200
Subject: [PATCH 3/5] Added cmd to expire preauth keys (requested in #78)

---
 cmd/headscale/cli/preauthkeys.go | 40 ++++++++++++++++++++++++++++++++
 preauth_keys.go                  | 13 +++++++++++
 2 files changed, 53 insertions(+)

diff --git a/cmd/headscale/cli/preauthkeys.go b/cmd/headscale/cli/preauthkeys.go
index eb9d182c..c164610f 100644
--- a/cmd/headscale/cli/preauthkeys.go
+++ b/cmd/headscale/cli/preauthkeys.go
@@ -19,6 +19,7 @@ func init() {
 	}
 	preauthkeysCmd.AddCommand(listPreAuthKeys)
 	preauthkeysCmd.AddCommand(createPreAuthKeyCmd)
+	preauthkeysCmd.AddCommand(expirePreAuthKeyCmd)
 	createPreAuthKeyCmd.PersistentFlags().Bool("reusable", false, "Make the preauthkey reusable")
 	createPreAuthKeyCmd.PersistentFlags().Bool("ephemeral", false, "Preauthkey for ephemeral nodes")
 	createPreAuthKeyCmd.Flags().StringP("expiration", "e", "", "Human-readable expiration of the key (30m, 24h, 365d...)")
@@ -119,3 +120,42 @@ var createPreAuthKeyCmd = &cobra.Command{
 		fmt.Printf("Key: %s\n", k.Key)
 	},
 }
+
+var expirePreAuthKeyCmd = &cobra.Command{
+	Use:   "expire",
+	Short: "Expire a preauthkey",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) < 1 {
+			return fmt.Errorf("missing parameters")
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		n, err := cmd.Flags().GetString("namespace")
+		if err != nil {
+			log.Fatalf("Error getting namespace: %s", err)
+		}
+		o, _ := cmd.Flags().GetString("output")
+
+		h, err := getHeadscaleApp()
+		if err != nil {
+			log.Fatalf("Error initializing: %s", err)
+		}
+
+		k, err := h.GetPreAuthKey(n, args[0])
+		if err != nil {
+			log.Fatalf("Error getting the key: %s", err)
+		}
+
+		err = h.MarkExpirePreAuthKey(k)
+		if strings.HasPrefix(o, "json") {
+			JsonOutput(k, err, o)
+			return
+		}
+		if err != nil {
+			fmt.Println(err)
+			return
+		}
+		fmt.Println("Expired")
+	},
+}
diff --git a/preauth_keys.go b/preauth_keys.go
index 460797c4..25efe64a 100644
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -67,6 +67,19 @@ func (h *Headscale) GetPreAuthKeys(namespaceName string) (*[]PreAuthKey, error)
 	return &keys, nil
 }
 
+func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, error) {
+	pak, err := h.checkKeyValidity(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if pak.Namespace.Name != namespace {
+		return nil, errors.New("Namespace mismatch")
+	}
+
+	return pak, nil
+}
+
 func (h *Headscale) MarkExpirePreAuthKey(k *PreAuthKey) error {
 	if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
 		return err

From 033136cb9a1cace0ec79b6ef7c61fcf6549a972f Mon Sep 17 00:00:00 2001
From: Juan Font <juanfontalonso@gmail.com>
Date: Sun, 8 Aug 2021 00:13:44 +0200
Subject: [PATCH 4/5] fixed linting

---
 preauth_keys.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/preauth_keys.go b/preauth_keys.go
index 25efe64a..f462fb56 100644
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -67,6 +67,7 @@ func (h *Headscale) GetPreAuthKeys(namespaceName string) (*[]PreAuthKey, error)
 	return &keys, nil
 }
 
+// GetPreAuthKey returns a PreAuthKey for a given key
 func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, error) {
 	pak, err := h.checkKeyValidity(key)
 	if err != nil {
@@ -80,6 +81,7 @@ func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, er
 	return pak, nil
 }
 
+// MarkExpirePreauthKey marks a PreAuthKey as expired
 func (h *Headscale) MarkExpirePreAuthKey(k *PreAuthKey) error {
 	if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
 		return err

From 01248997595abf8d8a24c4047a75af322acd07c4 Mon Sep 17 00:00:00 2001
From: Juan Font <juanfontalonso@gmail.com>
Date: Sun, 8 Aug 2021 00:14:10 +0200
Subject: [PATCH 5/5] fixed linting x 2

---
 preauth_keys.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/preauth_keys.go b/preauth_keys.go
index f462fb56..cc849fc0 100644
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -81,7 +81,7 @@ func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, er
 	return pak, nil
 }
 
-// MarkExpirePreauthKey marks a PreAuthKey as expired
+// MarkExpirePreAuthKey marks a PreAuthKey as expired
 func (h *Headscale) MarkExpirePreAuthKey(k *PreAuthKey) error {
 	if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
 		return err