mike/rustdesk-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Implement filters and column management in admin UI lists
build / build-linux-amd64 (push) Successful in 1m53s
Details

Browse Source
This commit is contained in:
Mike Müller
2026-05-22 18:40:40 +02:00
parent 6a0b698384
commit 840958aa0c
7 changed files with 1869 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/api/device_auth.rs
+31 -5
View File
@@ -112,15 +112,41 @@ pub async fn verify(
}
// Look up the peer's pk and managed flag in one query.
let (pk_bytes, managed) = state
let row = state
.db
.peer_get_auth(id_hdr)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?
.ok_or(ApiError::Unauthorized)?;
.map_err(|e| ApiError::Internal(e.to_string()))?;
let (pk_bytes, managed) = match row {
Some(v) => v,
None => {
// Early-boot race: the agent generates its keypair and starts
// signing API requests before its `--server` child has done
// the rendezvous RegisterPk handshake that creates the peer
// row. Returning Unauthorized here would leave brand-new
// agents stuck — the retry loop is designed around the
// ID_NOT_FOUND response from the handler, not a hard auth
// failure. Fall through to legacy so the handler can answer
// ID_NOT_FOUND; the next retry after RegisterPk completes
// will validate normally and TOFU-promote.
hbb_common::log::debug!(
"signed API request for unregistered peer {} — pre-rendezvous race, \
deferring to legacy path",
id_hdr,
);
return Ok(AuthOutcome::LegacyUnsigned);
}
};
if pk_bytes.is_empty() {
// No PK registered — rendezvous hasn't completed. Can't verify.
return Err(ApiError::Unauthorized);
// Peer row exists (rendezvous touched it) but no PK yet — same
// race as above, mid-handshake. Defer to legacy; the handler's
// `enforce_managed_for_id` still protects this peer if it was
// somehow flagged managed=1 with no pk.
hbb_common::log::debug!(
"signed API request for peer {} with empty pk — deferring to legacy path",
id_hdr,
);
return Ok(AuthOutcome::LegacyUnsigned);
}
// Build the canonical signed message: