From 141c08bc5fe1432be8372cdae7c7544b9f862c35 Mon Sep 17 00:00:00 2001
From: Leonardo Bishop <me@leonardobishop.com>
Date: Wed, 19 Feb 2025 15:19:46 +0000
Subject: Add permissioned setup

---
 api/handlers/peer.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'api/handlers')

diff --git a/api/handlers/peer.go b/api/handlers/peer.go
index 51fa047..af6e42a 100644
--- a/api/handlers/peer.go
+++ b/api/handlers/peer.go
@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"crypto/subtle"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -36,6 +37,13 @@ func NewPeer(storeService store.Service, wireguardService wireguard.Service, con
 	return func(w http.ResponseWriter, r *http.Request) {
 		params := mux.Vars(r)
 		port := params["port"]
+		key := r.URL.Query().Get("key")
+
+		if configService.Config().Permissions.Enabled {
+			if subtle.ConstantTimeCompare([]byte(key), []byte(configService.Config().Permissions.SecretKey)) != 1 {
+				http.Error(w, "bad key", http.StatusForbidden)
+			}
+		}
 
 		peer, err := wireguardService.NewPeer()
 		if err != nil {
-- 
cgit v1.2.3-70-g09d2