Fix case of empty agent registration shared key config

Previously if the agent registration shared key was left empty, we would simply configure the agent registration endpoints with an empty auth key. That could allow for arbitrary external actors to register new gateways and bridges. This enforces that if the agent registration shared key config is left empty, the associated endpoints will no longer be served.

Fix case of empty agent registration shared key config
fcd000b8 · Maxb · be7b30d3 · fcd000b8
Commit fcd000b8 authored 3 months ago by Maxb
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -115,12 +115,14 @@ func InitServer(cfg *Config) *echo.Echo {
 		return c.HTML(http.StatusOK, help.HelpiOS)
 	})

-	agentEndpoints := e.Group("/api/5/agent")
-	agentEndpoints.Use(agentRegistrationMiddleware(cfg.AgentSharedKey))
-	// Limit agent registration requests to 10MB
-	agentEndpoints.Use(middleware.BodyLimit("10M"))
-	agentEndpoints.PUT("/bridge", r.RegisterBridge)
-	agentEndpoints.PUT("/gateway", r.RegisterGateway)
+	if cfg.AgentSharedKey != "" {
+		agentEndpoints := e.Group("/api/5/agent")
+		agentEndpoints.Use(agentRegistrationMiddleware(cfg.AgentSharedKey))
+		// Limit agent registration requests to 10MB
+		agentEndpoints.Use(middleware.BodyLimit("10M"))
+		agentEndpoints.PUT("/bridge", r.RegisterBridge)
+		agentEndpoints.PUT("/gateway", r.RegisterGateway)
+	}

 	e.HideBanner = true
 	return e