arcad/emissary
arcad
/
emissary
16
0
Fork 0
Code Issues 14 Pull Requests Packages Projects Releases 3 Wiki Activity

feat(server): allow registering renewal for forgotten agents
arcad/emissary/pipeline/head This commit looks good Details

This commit is contained in:
wpetit 2024-03-04 18:52:19 +01:00
parent f6ffb68c43
commit ab08d30d2a
1 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
internal/server/api/register_agent.go
View File

@ -50,8 +50,8 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
} }
if !validSignature { if !validSignature {
logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature)) logger.Warn(ctx, "invalid thumbprint signature", logger.F("signature", registerAgentReq.Signature))
api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
return return
} }
@ -109,29 +109,39 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
return return
} }
validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata) if agent.Status != datastore.AgentStatusForgotten {
if err != nil { validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
err = errors.WithStack(err) if err != nil {
logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err)) err = errors.WithStack(err)
logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))
api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
return return
}
if !validSignature {
logger.Error(ctx, "invalid signature")
api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
return
}
} }
if !validSignature { updates := []datastore.AgentUpdateOptionFunc{
logger.Error(ctx, "invalid signature") datastore.WithAgentUpdateKeySet(keySet),
api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil) datastore.WithAgentUpdateMetadata(metadata),
datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
}
return if agent.Status == datastore.AgentStatusForgotten {
updates = append(updates, datastore.WithAgentUpdateStatus(datastore.AgentStatusPending))
} }
agent, err = m.agentRepo.Update( agent, err = m.agentRepo.Update(
ctx, ctx,
agents[0].ID, agents[0].ID,
datastore.WithAgentUpdateKeySet(keySet), updates...,
datastore.WithAgentUpdateMetadata(metadata),
datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
) )
if err != nil { if err != nil {
err = errors.WithStack(err) err = errors.WithStack(err)