#!/bin/bash
# FILE:       	fed/peer/del
# DESCRIPTION:	Delete a peer from a federated server
# USAGE:      	del $remote_ip $querystring
# QUERYSTRING:	?secret=$secret&pubkey=$pubkey

source /etc/wgapi/config
ip="${1}"; qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
secret="$(<<<"${qs}" grep -oP 'secret=(.*)' | sed 's/^secret//' | xargs)"
pubkey="$(<<<"${qs}" grep -oP 'pubkey=(.*)' | sed 's/^pubkey//' | xargs)"

# Check that requesting ip is in the servers file
if ! sed '/^#/d' /etc/wgapi/servers | cut -f2,3 | grep -w "${ip}"; then
	printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
	/usr/lib/wgapi/http_res 403; exit
fi

# Check server secret
local_secret="$(grep -w "^${LOCAL_SERVER}" /etc/wgapi/servers | cut -f7)"
if ! [ "${local_secret}" == "${secret}" ]; then
	printf "ERROR! Federated server %s provided a secret, %s, that doesn't match the one in our servers file, %s\n" "${ip}" "${secret}" "${local_secret}" >&2
	/usr/lib/wgapi/http_res 403; exit
fi

# Delete peer from wireguard
if /usr/lib/wgapi/wg_peer_del "${pubkey}"; then
	printf 'Deleted %s from wireguard.\n' "${pubkey}" >&2
else
	printf 'ERROR! Failed to delete %s from wireguard!\n' "${pubkey}" >&2
	/usr/lib/wgapi/http_res 500; exit
fi
/usr/lib/wgapi/http_res 200