From 24d8a4044b8262bd7cc850d674e806242622ca8d Mon Sep 17 00:00:00 2001
From: Maxim Kochurov <maxim.v.kochurov@gmail.com>
Date: Tue, 22 Feb 2022 16:14:11 +0000
Subject: [PATCH] add validation layer for public key

---
 handler/routes.go   | 20 ++++++++++++++------
 templates/base.html |  5 ++++-
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/handler/routes.go b/handler/routes.go
index 9c18fc4..9c2720e 100644
--- a/handler/routes.go
+++ b/handler/routes.go
@@ -171,10 +171,20 @@ func NewClient(db store.IStore) echo.HandlerFunc {
 		client.ID = guid.String()
 
 		// gen Wireguard key pair
-		key, err := wgtypes.GeneratePrivateKey()
-		if err != nil {
-			log.Error("Cannot generate wireguard key pair: ", err)
-			return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, "Cannot generate Wireguard key pair"})
+		if client.PublicKey == "" {
+			key, err := wgtypes.GeneratePrivateKey()
+			if err != nil {
+				log.Error("Cannot generate wireguard key pair: ", err)
+				return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, "Cannot generate Wireguard key pair"})
+			}
+		    client.PrivateKey = key.String()
+		    client.PublicKey = key.PublicKey().String()
+		} else {
+			_, err := wgtypes.ParseKey(client.PublicKey)
+			if err != nil {
+				log.Error("Cannot verify wireguard public key: ", err)
+				return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, "Cannot verify Wireguard public key"})
+			}
 		}
 
 		presharedKey, err := wgtypes.GenerateKey()
@@ -185,8 +195,6 @@ func NewClient(db store.IStore) echo.HandlerFunc {
 			})
 		}
 
-		client.PrivateKey = key.String()
-		client.PublicKey = key.PublicKey().String()
 		client.PresharedKey = presharedKey.String()
 		client.CreatedAt = time.Now().UTC()
 		client.UpdatedAt = client.CreatedAt
diff --git a/templates/base.html b/templates/base.html
index 36e26eb..c6380e2 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -328,9 +328,12 @@
             if ($("#enabled").is(':checked')){
                 enabled = true;
             }
+            const public_key = $("#client_public_key").val();
+            const preshared_key = $("#client_preshared_key").val();
 
             const data = {"name": name, "email": email, "allocated_ips": allocated_ips, "allowed_ips": allowed_ips,
-                "extra_allowed_ips": extra_allowed_ips, "use_server_dns": use_server_dns, "enabled": enabled};
+                "extra_allowed_ips": extra_allowed_ips, "use_server_dns": use_server_dns, "enabled": enabled,
+                "public_key": public_key, "preshared_key": preshared_key};
 
             $.ajax({
                 cache: false,