From 16acd0987f5b3c1407d042ab085e296d03113ce9 Mon Sep 17 00:00:00 2001
From: Keith Irwin <git@ki9.us>
Date: Sat, 3 Dec 2022 17:16:33 -0700
Subject: [PATCH] Added check to see that federated server is in servers file

---
 back/lib/fed/peer/add | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/back/lib/fed/peer/add b/back/lib/fed/peer/add
index 33f0f84..a70bf12 100755
--- a/back/lib/fed/peer/add
+++ b/back/lib/fed/peer/add
@@ -5,6 +5,7 @@
 # QUERYSTRING:	?pubkey=$pubkey&psk=$psk&ips=$allowedips
 
 CONFIG_FILE='/etc/wgapi/config'
+SERVERS_FILE='/etc/wgapi/servers'
 if ! [ ${#} -eq 2 ]; then
 	printf 'ERROR! Bad input: %s %s\n' "${0}" "${*}" >&2
 	"${LIB_DIR}/http_res" 500; exit
@@ -21,14 +22,17 @@ pubkey="$(<<<"${qs}" grep -oP 'pubkey=(.*)' | sed 's/^pubkey//' | xargs)"
 psk="$(<<<"${qs}" grep -oP 'psk=(.*)' | sed 's/^psk//' | xargs)"
 allowedips="$(<<<"${qs}" grep -oP 'ips=(.*)' | sed 's/^ips//' | xargs)"
 
-# TODO: Check that ${ip} is on the list
+# Check that requesting ip is in the servers file
+if ! cat "${SERVERS_FILE}" | sed '/^#/d' | cut -f2,3 | grep -w "${ip}"; then
+	printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
+	"${LIB_DIR}/http_res" 403; exit
+fi
 
 # Add peer to wireguard
 if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${allowedips}"; then
 	printf 'Added %s to local wireguard server.\n' "${pubkey}" >&2
 else
 	printf 'ERROR! Failed to add %s to wireguard server!\n' "${pubkey}" >&2
-	# TODO: clear existing progress
 	"${LIB_DIR}/http_res" 500; exit
 fi
 "${LIB_DIR}/http_res" 200