added whitelist for organisations

bitmaelum · Jan 17, 2021 · 3ce19bd · 3ce19bd
1 parent 77ecc9b
commit 3ce19bd
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/cmd/bm-server/handler/account.go b/cmd/bm-server/handler/account.go
@@ -100,6 +100,19 @@ func CreateAccount(w http.ResponseWriter, req *http.Request) {
 
 		// Use the organisation public key for signature verification
 		pubKey = oi.PublicKey
+
+
+		// Check if the organisation is whitelisted on our server
+		allowed := false
+		for _, org := range config.Server.Organisations {
+			if hash.New(org).String() == orgHash.String() {
+				allowed = true
+			}
+		}
+		if !allowed {
+			httputils.ErrorOut(w, http.StatusBadRequest, "organisation not allowed to register on this server")
+			return
+		}
 	}
 
 	// Verify token

diff --git a/internal/config/config_server.go b/internal/config/config_server.go
@@ -74,6 +74,8 @@ type ServerConfig struct {
 		Enabled bool `yaml:"remote_enabled"`
 	} `yaml:"management"`
 
+	Organisations []string `yaml:"organisations"`
+
 	Webhooks struct {
 		Enabled bool   `yaml:"enabled"`
 		System  string `yaml:"system"`

diff --git a/internal/config/config_templates.go b/internal/config/config_templates.go
@@ -131,6 +131,10 @@ config:
         # Routing file holds the server's keypair and routing ID.
         routingfile: "~/.bitmaelum/private/routing.json"
 
+    organisations:
+        # Temporary list of all organisations that are allowed to register on your server
+        # - foo  
+        # - bar
     management: 
         # When enabled, allow remote management through HTTPS instead of only local bm-config
         remote_enabled: false