WIP Working on authkeys + tests

This commit is contained in:
Juan Font Alonso 2021-05-05 23:00:04 +02:00
parent 03bb32083b
commit 486faa9656
3 changed files with 50 additions and 0 deletions

View file

@ -7,6 +7,9 @@ import (
"time" "time"
) )
const errorAuthKeyNotFound = Error("AuthKey not found")
const errorAuthKeyExpired = Error("AuthKey expired")
// PreAuthKey describes a pre-authorization key usable in a particular namespace // PreAuthKey describes a pre-authorization key usable in a particular namespace
type PreAuthKey struct { type PreAuthKey struct {
ID uint64 `gorm:"primary_key"` ID uint64 `gorm:"primary_key"`
@ -72,6 +75,28 @@ func (h *Headscale) GetPreAuthKeys(namespaceName string) (*[]PreAuthKey, error)
return &keys, nil return &keys, nil
} }
// checkKeyValidity does the heavy lifting for validation of the PreAuthKey coming from a node
// If returns no error and a PreAuthKey, it can be used
func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
db, err := h.db()
if err != nil {
return nil, err
}
defer db.Close()
pak := PreAuthKey{}
if db.First(&pak, "key = ?", k).RecordNotFound() {
return nil, errorAuthKeyNotFound
}
if pak.Expiration != nil && pak.Expiration.Before(time.Now()) {
return nil, errorAuthKeyExpired
}
// missing here validation on current usage
return &pak, nil
}
func (h *Headscale) generateKey() (string, error) { func (h *Headscale) generateKey() (string, error) {
size := 24 size := 24
bytes := make([]byte, size) bytes := make([]byte, size)

View file

@ -5,6 +5,7 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"testing" "testing"
"time"
_ "github.com/jinzhu/gorm/dialects/sqlite" // sql driver _ "github.com/jinzhu/gorm/dialects/sqlite" // sql driver
@ -48,6 +49,7 @@ func (s *Suite) TearDownSuite(c *check.C) {
func (*Suite) TestCreatePreAuthKey(c *check.C) { func (*Suite) TestCreatePreAuthKey(c *check.C) {
_, err := h.CreatePreAuthKey("bogus", true, nil) _, err := h.CreatePreAuthKey("bogus", true, nil)
c.Assert(err, check.NotNil) c.Assert(err, check.NotNil)
n, err := h.CreateNamespace("test") n, err := h.CreateNamespace("test")
@ -73,3 +75,22 @@ func (*Suite) TestCreatePreAuthKey(c *check.C) {
// Make sure the Namespace association is populated // Make sure the Namespace association is populated
c.Assert((*keys)[0].Namespace.Name, check.Equals, n.Name) c.Assert((*keys)[0].Namespace.Name, check.Equals, n.Name)
} }
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
n, err := h.CreateNamespace("test2")
c.Assert(err, check.IsNil)
now := time.Now()
pak, err := h.CreatePreAuthKey(n.Name, true, &now)
c.Assert(err, check.IsNil)
p, err := h.checkKeyValidity(pak.Key)
c.Assert(err, check.Equals, errorAuthKeyExpired)
c.Assert(p, check.IsNil)
}
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
p, err := h.checkKeyValidity("potatoKey")
c.Assert(err, check.Equals, errorAuthKeyNotFound)
c.Assert(p, check.IsNil)
}

View file

@ -21,6 +21,10 @@ import (
"tailscale.com/wgengine/wgcfg" "tailscale.com/wgengine/wgcfg"
) )
type Error string
func (e Error) Error() string { return string(e) }
func decode(msg []byte, v interface{}, pubKey *wgcfg.Key, privKey *wgcfg.PrivateKey) error { func decode(msg []byte, v interface{}, pubKey *wgcfg.Key, privKey *wgcfg.PrivateKey) error {
return decodeMsg(msg, v, pubKey, privKey) return decodeMsg(msg, v, pubKey, privKey)
} }