Added fields in Machine to store authkey + validation tests

2025-08-25 18:28:43 +00:00 · 2021-05-06 00:08:36 +02:00
parent 486faa9656
commit 3110dd1575
3 changed files with 105 additions and 3 deletions
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -9,6 +9,7 @@ import (

 const errorAuthKeyNotFound = Error("AuthKey not found")
 const errorAuthKeyExpired = Error("AuthKey expired")
+const errorAuthKeyNotReusableAlreadyUsed = Error("AuthKey not reusable already used")

 // PreAuthKey describes a pre-authorization key usable in a particular namespace
 type PreAuthKey struct {
@@ -93,6 +94,19 @@ func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
 		return nil, errorAuthKeyExpired
 	}

+	if pak.Reusable { // we don't need to check if has been used before
+		return &pak, nil
+	}
+
+	machines := []Machine{}
+	if err := db.Preload("AuthKey").Where(&Machine{AuthKeyID: uint(pak.ID)}).Find(&machines).Error; err != nil {
+		return nil, err
+	}
+
+	if len(machines) != 0 {
+		return nil, errorAuthKeyNotReusableAlreadyUsed
+	}
+
 	// missing here validation on current usage
 	return &pak, nil
 }