From e8c2a06b57a971eb438a28e1e4e5dcd0406838f9 Mon Sep 17 00:00:00 2001 From: the_aceix Date: Mon, 11 Dec 2023 13:57:00 +0000 Subject: [PATCH] fix(NET-786): enhance enrollment key validation --- controllers/enrollmentkeys.go | 28 ++++++++++++++++++++++++++++ logic/enrollmentkey.go | 6 +++--- models/enrollment_key.go | 25 +++++++++++++++++++------ 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/controllers/enrollmentkeys.go b/controllers/enrollmentkeys.go index c7de4f92a..8978b6f43 100644 --- a/controllers/enrollmentkeys.go +++ b/controllers/enrollmentkeys.go @@ -4,8 +4,10 @@ import ( "encoding/json" "fmt" "net/http" + "strings" "time" + "github.com/go-playground/validator/v10" "github.com/google/uuid" "github.com/gorilla/mux" @@ -115,6 +117,32 @@ func createEnrollmentKey(w http.ResponseWriter, r *http.Request) { if enrollmentKeyBody.Expiration > 0 { newTime = time.Unix(enrollmentKeyBody.Expiration, 0) } + v := validator.New() + err = v.Struct(enrollmentKeyBody) + if err != nil { + logger.Log(0, r.Header.Get("user"), "error validating request body: ", + err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("validation error: name length must be between 3 and 32: %w", err), "badrequest")) + return + } + + if keys, err := logic.GetAllEnrollmentKeys(); err != nil { + logger.Log(0, r.Header.Get("user"), "error validating request body: ", + err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } else { + for _, existingKey := range keys { + for _, t1 := range enrollmentKeyBody.Tags { + for _, t2 := range existingKey.Tags { + if strings.EqualFold(t1, t2) { + logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("key names must be unique"), "badrequest")) + return + } + } + } + } + } relayId := uuid.Nil if enrollmentKeyBody.Relay != "" { diff --git a/logic/enrollmentkey.go b/logic/enrollmentkey.go index 5605bdac9..ae5d01d5f 100644 --- a/logic/enrollmentkey.go +++ b/logic/enrollmentkey.go @@ -22,7 +22,7 @@ var EnrollmentErrors = struct { FailedToTokenize error FailedToDeTokenize error }{ - InvalidCreate: fmt.Errorf("invalid enrollment key created"), + InvalidCreate: fmt.Errorf("failed to create enrollment key. paramters invalid"), NoKeyFound: fmt.Errorf("no enrollmentkey found"), InvalidKey: fmt.Errorf("invalid key provided"), NoUsesRemaining: fmt.Errorf("no uses remaining"), @@ -61,8 +61,8 @@ func CreateEnrollmentKey(uses int, expiration time.Time, networks, tags []string if len(tags) > 0 { k.Tags = tags } - if ok := k.Validate(); !ok { - return nil, EnrollmentErrors.InvalidCreate + if err := k.Validate(); err != nil { + return nil, err } if relay != uuid.Nil { relayNode, err := GetNodeByID(relay.String()) diff --git a/models/enrollment_key.go b/models/enrollment_key.go index 982c5463b..a8cce8532 100644 --- a/models/enrollment_key.go +++ b/models/enrollment_key.go @@ -1,6 +1,7 @@ package models import ( + "fmt" "time" "github.com/google/uuid" @@ -50,7 +51,7 @@ type APIEnrollmentKey struct { UsesRemaining int `json:"uses_remaining"` Networks []string `json:"networks"` Unlimited bool `json:"unlimited"` - Tags []string `json:"tags"` + Tags []string `json:"tags" validate:"required,dive,min=3,max=32"` Type KeyType `json:"type"` Relay string `json:"relay"` } @@ -81,9 +82,21 @@ func (k *EnrollmentKey) IsValid() bool { // EnrollmentKey.Validate - validate's an EnrollmentKey // should be used during creation -func (k *EnrollmentKey) Validate() bool { - return k.Networks != nil && - k.Tags != nil && - len(k.Value) == EnrollmentKeyLength && - k.IsValid() +func (k *EnrollmentKey) Validate() error { + if k == nil { + return fmt.Errorf("enrollment key is nil") + } + if k.Networks == nil { + return fmt.Errorf("enrollment key networks is nil") + } + if k.Tags == nil { + return fmt.Errorf("enrollment key tags is nil") + } + if len(k.Value) != EnrollmentKeyLength { + return fmt.Errorf("enrollment key value is not %d characters", EnrollmentKeyLength) + } + if !k.IsValid() { + return fmt.Errorf("enrollment key is not valid. uses remaining: %d, expiration: %s, unlimited: %t", k.UsesRemaining, k.Expiration, k.Unlimited) + } + return nil }