internal/rest: Validate new member names serverside

We probably shouldn't just rely on the client to validate new cluster member names correctly. Signed-off-by: Wesley Hershberger <[email protected]>
MggMuggins · Apr 19, 2024 · cda0927 · cda0927
1 parent 4aae4c3
commit cda0927
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/internal/rest/resources/cluster.go b/internal/rest/resources/cluster.go
@@ -17,6 +17,7 @@ import (
 	"github.com/canonical/lxd/lxd/response"
 	"github.com/canonical/lxd/shared/api"
 	"github.com/canonical/lxd/shared/logger"
+	"github.com/canonical/lxd/shared/validate"
 	"github.com/gorilla/mux"
 	"golang.org/x/sys/unix"
 
@@ -97,6 +98,11 @@ func clusterPost(s *state.State, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
+	err = validate.IsHostname(req.Name)
+	if err != nil {
+		return response.SmartError(fmt.Errorf("Invalid cluster member name %q: %w", req.Name, err))
+	}
+
 	// Check if any of the remote's addresses are currently in use.
 	existingRemote := s.Remotes().RemoteByAddress(req.Address)
 	if existingRemote != nil {

diff --git a/internal/rest/resources/control.go b/internal/rest/resources/control.go
@@ -11,6 +11,7 @@ import (
 	"github.com/canonical/lxd/shared"
 	"github.com/canonical/lxd/shared/api"
 	"github.com/canonical/lxd/shared/logger"
+	"github.com/canonical/lxd/shared/validate"
 
 	"github.com/canonical/microcluster/internal/rest/access"
 	"github.com/canonical/microcluster/internal/rest/client"
@@ -43,6 +44,13 @@ func controlPost(state *state.State, r *http.Request) response.Response {
 		return joinWithToken(state, req)
 	}
 
+	if req.Bootstrap {
+		err = validate.IsHostname(req.Name)
+		if err != nil {
+			return response.SmartError(fmt.Errorf("Invalid cluster member name %q: %w", req.Name, err))
+		}
+	}
+
 	daemonConfig := &trust.Location{Address: req.Address, Name: req.Name}
 	err = state.StartAPI(req.Bootstrap, req.InitConfig, daemonConfig)
 	if err != nil {