WIP Working on authkeys + tests

2025-08-25 18:28:43 +00:00 · 2021-05-05 23:00:04 +02:00
parent 03bb32083b
commit 486faa9656
3 changed files with 50 additions and 0 deletions
--- a/preauth_keys.go
+++ b/preauth_keys.go
@@ -7,6 +7,9 @@ import (
 	"time"
 )

+const errorAuthKeyNotFound = Error("AuthKey not found")
+const errorAuthKeyExpired = Error("AuthKey expired")
+
 // PreAuthKey describes a pre-authorization key usable in a particular namespace
 type PreAuthKey struct {
 	ID          uint64 `gorm:"primary_key"`
@@ -72,6 +75,28 @@ func (h *Headscale) GetPreAuthKeys(namespaceName string) (*[]PreAuthKey, error)
 	return &keys, nil
 }

+// checkKeyValidity does the heavy lifting for validation of the PreAuthKey coming from a node
+// If returns no error and a PreAuthKey, it can be used
+func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
+	db, err := h.db()
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	pak := PreAuthKey{}
+	if db.First(&pak, "key = ?", k).RecordNotFound() {
+		return nil, errorAuthKeyNotFound
+	}
+
+	if pak.Expiration != nil && pak.Expiration.Before(time.Now()) {
+		return nil, errorAuthKeyExpired
+	}
+
+	// missing here validation on current usage
+	return &pak, nil
+}
+
 func (h *Headscale) generateKey() (string, error) {
 	size := 24
 	bytes := make([]byte, size)