diff options
| author | Leonardo Bishop <me@leonardobishop.com> | 2025-02-19 15:19:46 +0000 |
|---|---|---|
| committer | Leonardo Bishop <me@leonardobishop.com> | 2025-02-19 15:19:46 +0000 |
| commit | 141c08bc5fe1432be8372cdae7c7544b9f862c35 (patch) | |
| tree | 2ac26da7fcfa298f7c32101cca923b9c9ed2f37f /api/handlers | |
| parent | 7eee9e83517338c784d428596bbc32ca149a002a (diff) | |
Diffstat (limited to 'api/handlers')
| -rw-r--r-- | api/handlers/peer.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/api/handlers/peer.go b/api/handlers/peer.go index 51fa047..af6e42a 100644 --- a/api/handlers/peer.go +++ b/api/handlers/peer.go @@ -1,6 +1,7 @@ package handlers import ( + "crypto/subtle" "fmt" "log/slog" "net/http" @@ -36,6 +37,13 @@ func NewPeer(storeService store.Service, wireguardService wireguard.Service, con return func(w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) port := params["port"] + key := r.URL.Query().Get("key") + + if configService.Config().Permissions.Enabled { + if subtle.ConstantTimeCompare([]byte(key), []byte(configService.Config().Permissions.SecretKey)) != 1 { + http.Error(w, "bad key", http.StatusForbidden) + } + } peer, err := wireguardService.NewPeer() if err != nil { |