coldfix: finally fix config updates

2023-09-26 09:06:26 -04:00 · 2023-09-26 09:06:26 -04:00 · babfc526ba
parent 7637528196
commit babfc526ba
2 changed files with 40 additions and 2 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1219,6 +1219,7 @@ dependencies = [
 "base64 0.21.2",
 "base64-serde",
 "chrono",
+ "hex",
 "log",
 "rand",
 "reqwest",
--- a/trifid-api/src/routes/v1/dnclient.rs
+++ b/trifid-api/src/routes/v1/dnclient.rs
@ -65,9 +65,11 @@ pub async fn dnclient(

    let counter = keystore_header.counter;

+    log::debug!("using cntr {}", counter);
+
    // pull their key information

-    let key_info = match keystore_entry::Entity::find().filter(keystore_entry::Column::Host.eq(&keystore_header.id)).one(&db.conn).await {
+    let key_info = match keystore_entry::Entity::find().filter(keystore_entry::Column::Host.eq(&keystore_header.id)).filter(keystore_entry::Column::Counter.eq(counter)).one(&db.conn).await {
        Ok(maybe_keys) => maybe_keys,
        Err(_e) => {
            return HttpResponse::InternalServerError().json(vec![APIError {
@ -104,6 +106,8 @@ pub async fn dnclient(
        }
    };

+    log::debug!("{:x?}", keystore_data.client_signing_key);
+
    let key = VerifyingKey::from_bytes(&keystore_data.client_signing_key.try_into().unwrap()).unwrap();

    if key.verify(req.message.as_bytes(), &signature).is_err() {
@ -330,6 +334,8 @@ pub async fn dnclient(
                }
            };

+            log::debug!("new key: {:x?}", ed_pubkey);
+
            let cfg_str = match serde_yaml::to_string(&cfg) {
                Ok(c_str) => c_str,
                Err(e) => {
@ -343,7 +349,7 @@ pub async fn dnclient(
                }
            };

-            let _ks_entry_model = keystore_entry::Model {
+            let ks_entry_model = keystore_entry::Model {
                id: random_id("ksentry"),
                host: host.clone(),
                counter: counter + 1,
@ -354,6 +360,37 @@ pub async fn dnclient(
                signing_key: keystore_data.signing_key.clone()
            };

+            match ks_entry_model.into_active_model().insert(&db.conn).await {
+                Ok(_) => (),
+                Err(e) => {
+                    error!("db error: {}", e);
+                    return HttpResponse::InternalServerError().json(vec![APIError {
+                        code: "ERR_DB_ERROR".to_string(),
+                        message: "There was an error saving the new keys to the database."
+                            .to_string(),
+                        path: None,
+                    }]);
+                }
+            }
+
+            // update the host
+            let mut ks_header_am = keystore_header.into_active_model();
+            ks_header_am.counter = Set(counter + 1);
+            match ks_header_am.update(&db.conn).await {
+                Ok(_) => (),
+                Err(e) => {
+                    error!("Database error: {}", e);
+                    return HttpResponse::InternalServerError().json(APIErrorsResponse {
+                        errors: vec![crate::error::APIError {
+                            code: "ERR_DB_ERROR".to_string(),
+                            message: "There was an error with the database query. Please try again later."
+                                .to_string(),
+                            path: None,
+                        }],
+                    });
+                }
+            }
+
            let signing_key = SigningKey::from_bytes(&keystore_data.signing_key.try_into().unwrap());

            // get the signing key that the client last trusted based on its current config version