#13 Added intra-server authentication

2021-10-21 12:24:51 -06:00 · 2021-10-21 12:24:51 -06:00 · c2c998feae
parent 3ec541c282
commit c2c998feae
4 changed files with 52 additions and 19 deletions
--- a/admin/add.js
+++ b/admin/add.js
@ -6,13 +6,22 @@
 const env = require(process.argv[2]||'../env/env.json')
 const fs = require('fs').promises

+// Get secret
+const local_secret = env.SERVERS.filter(
+	(server) => server.host === env.LOCAL_SERVER
+)[0].secret
+
 module.exports = async (req, res) => {
-	console.log(`Received peer from ${req.requester}`)
-	try {
+	if (req.query['secret']!==local_secret) {
+		console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
+		return res.sendStatus(403)
+	} else try {
 		await fs.appendFile(env.WG_CONFIG_FILE, req.body)
 	} catch (err) { 
-		console.error(`Failed to save new peer config to ${env.WG_CONFIG_FILE}`,err)
-		res.sendStatus(500)
+		console.error(`Failed to save new peer config from ${req.requester} to ${env.WG_CONFIG_FILE}`,err)
+		return res.sendStatus(500)
+	} finally {
+		console.log(`Saved new peer from ${req.requester}`)
+		return res.sendStatus(200)		
 	}
-	res.sendStatus(200)
 }
--- a/admin/del.js
+++ b/admin/del.js
@ -6,30 +6,54 @@
 const env = require(process.argv[2]||'../env/env.json')
 const fs = require('fs').promises

+// Get secret
+const local_secret = env.SERVERS.filter(
+	(server) => server.host === env.LOCAL_SERVER
+)[0].secret
+
 module.exports = async (req, res) => {
 	console.log(`Received delete from ${req.requester} for ${req.body}`)
 	let config
-	try {
+
+	// Check secret
+	if (req.query['secret']!==local_secret) {
+		console.log(`Peer sent from ${req.requester} without correct secret querystring!`)
+		return res.sendStatus(403)
+		
+	// Read config file
+	} else try {
 		const config_file = await fs.readFile(env.WG_CONFIG_FILE)
 		config = config_file.toString()
 	} catch (err) {
 		console.error(`Failed to load config from ${env.WG_CONFIG_FILE}:\n`,err)
 		res.sendStatus(500)
-	}
-	const peer = config.split('\n\n')
+	} finally {
+		
+		// Find peer in config
+		const peer = config.split('\n\n')
 		.filter( (paragraph) => {
 			return paragraph.includes('[Peer]')
 		}).filter( (peer) => {
 			return peer.includes(`PublicKey = ${req.body}`)
 		})
-	try {
-		await fs.writeFile(env.WG_CONFIG_FILE, 
-			config.replace(`\n\n${peer}`,'')
-			.replace('\n\n\n','\n\n')
-		)
-	} catch (err) {
-		console.error(`Failed to delete peer config from ${env.WG_CONFIG_FILE}:\n`,err)
-		res.sendStatus(500)
+		
+		// Delete peer
+		try {
+			await fs.writeFile(env.WG_CONFIG_FILE, 
+				config.replace(`\n\n${peer}`,'')
+				.replace('\n\n\n','\n\n')
+			)
+		} catch (err) { 
+			console.error(`Failed to delete peer config from ${env.WG_CONFIG_FILE}:\n`,err)
+			return res.sendStatus(500)
+		} finally {
+			
+			// Success
+			console.log(`Saved new peer from ${req.requester}`)
+			return res.sendStatus(200)
+			
+		}
+		
 	}
-	res.sendStatus(200)
+	
 }
--- a/app/add.js
+++ b/app/add.js
@ -102,7 +102,7 @@ AllowedIPs = ${ipv4_addr}/32, ${ipv6_addr}/128`
 		} else {
 			console.log(`Sending config to ${server.host}.gf4`)
 			try {
-				await axios.post(`${server.admin_endpoint}/add`, server_config, {
+				await axios.post(`${server.admin_endpoint}/add?secret=${server.secret}`, server_config, {
 					headers: {'Content-Type': 'text/plain'},
 				})
 			} catch (err) { 
--- a/app/del.js
+++ b/app/del.js
@ -105,7 +105,7 @@ module.exports = async (req, res) => {
 		if (server.host!==env.LOCAL_SERVER) {
 			try {
 				console.log(`Informing ${server.host} to delete ${peer_name}`)
-				await axios.post(`${server.admin_endpoint}/del`, peer_pubkey, {
+				await axios.post(`${server.admin_endpoint}/del?secret=${server.secret}`, peer_pubkey, {
 					headers: {'Content-Type': 'text/plain'},
 				})
 			} catch (err) {