Added check to see that federated server is in servers file

2022-12-03 17:16:33 -07:00 · 2022-12-03 17:16:33 -07:00 · 16acd0987f
parent aa35d5c31a
commit 16acd0987f
1 changed files with 6 additions and 2 deletions
--- a/back/lib/fed/peer/add
+++ b/back/lib/fed/peer/add
@ -5,6 +5,7 @@
 # QUERYSTRING:	?pubkey=$pubkey&psk=$psk&ips=$allowedips

 CONFIG_FILE='/etc/wgapi/config'
+SERVERS_FILE='/etc/wgapi/servers'
 if ! [ ${#} -eq 2 ]; then
 	printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
 	"${LIB_DIR}/http_res" 500; exit
@ -21,14 +22,17 @@ pubkey="$(<<<"${qs}" grep -oP 'pubkey=(.*)' | sed 's/^pubkey//' | xargs)"
 psk="$(<<<"${qs}" grep -oP 'psk=(.*)' | sed 's/^psk//' | xargs)"
 allowedips="$(<<<"${qs}" grep -oP 'ips=(.*)' | sed 's/^ips//' | xargs)"

-# TODO: Check that ${ip} is on the list
+# Check that requesting ip is in the servers file
+if ! cat "${SERVERS_FILE}" | sed '/^#/d' | cut -f2,3 | grep -w "${ip}"; then
+	printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
+	"${LIB_DIR}/http_res" 403; exit
+fi

 # Add peer to wireguard
 if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${allowedips}"; then
 	printf 'Added %s to local wireguard server.\n' "${pubkey}" >&2
 else
 	printf 'ERROR! Failed to add %s to wireguard server!\n' "${pubkey}" >&2
-	# TODO: clear existing progress
 	"${LIB_DIR}/http_res" 500; exit
 fi
 "${LIB_DIR}/http_res" 200