From ab7f19bb55d180ab1d01b4212b7081308ee03b38 Mon Sep 17 00:00:00 2001
From: Christoph Haas <christoph.h@sprinternet.at>
Date: Fri, 28 Oct 2022 18:40:06 +0200
Subject: [PATCH] only remove private key if a custom public key was specified
 (#112)

---
 internal/server/handlers_peer.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/internal/server/handlers_peer.go b/internal/server/handlers_peer.go
index 2cea361..78966ee 100644
--- a/internal/server/handlers_peer.go
+++ b/internal/server/handlers_peer.go
@@ -420,10 +420,10 @@ func (s *Server) PostUserCreatePeer(c *gin.Context) {
 		formPeer = currentSession.FormData.(wireguard.Peer)
 	}
 
-	formPeer.Email = currentSession.Email;
-	formPeer.Identifier = currentSession.Email;
-	formPeer.DeviceType = wireguard.DeviceTypeServer;
-	
+	formPeer.Email = currentSession.Email
+	formPeer.Identifier = currentSession.Email
+	formPeer.DeviceType = wireguard.DeviceTypeServer
+
 	if err := c.ShouldBind(&formPeer); err != nil {
 		_ = s.updateFormInSession(c, formPeer)
 		SetFlashMessage(c, "failed to bind form data: "+err.Error(), "danger")
@@ -431,6 +431,11 @@ func (s *Server) PostUserCreatePeer(c *gin.Context) {
 		return
 	}
 
+	// if public key was manually set, remove the incorrect private key
+	if formPeer.PublicKey != currentSession.FormData.(wireguard.Peer).PublicKey {
+		formPeer.PrivateKey = ""
+	}
+
 	disabled := c.PostForm("isdisabled") != ""
 	now := time.Now()
 	if disabled {
@@ -451,7 +456,6 @@ func (s *Server) PostUserCreatePeer(c *gin.Context) {
 func (s *Server) GetUserEditPeer(c *gin.Context) {
 	peer := s.peers.GetPeerByKey(c.Query("pkey"))
 
-	
 	currentSession, err := s.setFormInSession(c, peer)
 	if err != nil {
 		s.GetHandleError(c, http.StatusInternalServerError, "Session error", err.Error())
@@ -460,7 +464,7 @@ func (s *Server) GetUserEditPeer(c *gin.Context) {
 
 	if peer.Email != currentSession.Email {
 		s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
-		return;
+		return
 	}
 
 	c.HTML(http.StatusOK, "user_edit_client.html", gin.H{
@@ -485,7 +489,7 @@ func (s *Server) PostUserEditPeer(c *gin.Context) {
 
 	if currentPeer.Email != currentSession.Email {
 		s.GetHandleError(c, http.StatusUnauthorized, "No permissions", "You don't have permissions to view this resource!")
-		return;
+		return
 	}
 
 	disabled := c.PostForm("isdisabled") != ""
@@ -493,7 +497,7 @@ func (s *Server) PostUserEditPeer(c *gin.Context) {
 	if disabled && currentPeer.DeactivatedAt == nil {
 		currentPeer.DeactivatedAt = &now
 	}
-	
+
 	// Update in database
 	if err := s.UpdatePeer(currentPeer, now); err != nil {
 		_ = s.updateFormInSession(c, currentPeer)