From 15594d445860bffd18552f5d989fedd83592b4b1 Mon Sep 17 00:00:00 2001
From: Jakob-Niklas See <github@nwex.de>
Date: Wed, 10 Aug 2022 23:13:55 +0200
Subject: [PATCH] server: Implement disable-peer and enable-peer commands
 (#226)

* client: Update enable_or_disable_peer exit message to be more accurate

* server: Implement disable-peer and enable-peer commands

* server: Immediately apply enable- and disable-peer to device
---
 client/src/main.rs |  2 +-
 server/src/main.rs | 55 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/client/src/main.rs b/client/src/main.rs
index de5ca89..ae04477 100644
--- a/client/src/main.rs
+++ b/client/src/main.rs
@@ -827,7 +827,7 @@ fn enable_or_disable_peer(
         contents.is_disabled = !enable;
         api.http_form("PUT", &format!("/admin/peers/{}", id), contents)?;
     } else {
-        log::info!("exiting without disabling peer.");
+        log::info!("exiting without enabling or disabling peer.");
     }
 
     Ok(())
diff --git a/server/src/main.rs b/server/src/main.rs
index 9bf9986..fdbdcaa 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -95,6 +95,12 @@ enum Command {
         args: AddPeerOpts,
     },
 
+    /// Disable an enabled peer
+    DisablePeer { interface: Interface },
+
+    /// Enable a disabled peer
+    EnablePeer { interface: Interface },
+
     /// Rename an existing peer.
     RenamePeer {
         interface: Interface,
@@ -264,6 +270,12 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         } => serve(*interface, &conf, routing).await?,
         Command::AddPeer { interface, args } => add_peer(&interface, &conf, args, opts.network)?,
         Command::RenamePeer { interface, args } => rename_peer(&interface, &conf, args)?,
+        Command::DisablePeer { interface } => {
+            enable_or_disable_peer(&interface, &conf, false, opts.network)?
+        },
+        Command::EnablePeer { interface } => {
+            enable_or_disable_peer(&interface, &conf, true, opts.network)?
+        },
         Command::AddCidr { interface, args } => add_cidr(&interface, &conf, args)?,
         Command::DeleteCidr { interface, args } => delete_cidr(&interface, &conf, args)?,
         Command::Completions { shell } => {
@@ -365,6 +377,49 @@ fn rename_peer(
     Ok(())
 }
 
+fn enable_or_disable_peer(
+    interface: &InterfaceName,
+    conf: &ServerConfig,
+    enable: bool,
+    network: NetworkOpts,
+) -> Result<(), Error> {
+    let conn = open_database_connection(interface, conf)?;
+    let peers = DatabasePeer::list(&conn)?
+        .into_iter()
+        .map(|dp| dp.inner)
+        .collect::<Vec<_>>();
+
+    if let Some(peer) = prompts::enable_or_disable_peer(&peers[..], enable)? {
+        let mut db_peer = DatabasePeer::get(&conn, peer.id)?;
+        db_peer.update(
+            &conn,
+            PeerContents {
+                is_disabled: !enable,
+                ..peer.contents.clone()
+            },
+        )?;
+
+        if enable {
+            DeviceUpdate::new()
+                .add_peer(db_peer.deref().into())
+                .apply(interface, network.backend)
+                .map_err(|_| ServerError::WireGuard)?;
+        } else {
+            let public_key =
+                Key::from_base64(&peer.public_key).map_err(|_| ServerError::WireGuard)?;
+
+            DeviceUpdate::new()
+                .remove_peer_by_key(&public_key)
+                .apply(interface, network.backend)
+                .map_err(|_| ServerError::WireGuard)?;
+        }
+    } else {
+        log::info!("exiting without enabling or disabling peer.");
+    }
+
+    Ok(())
+}
+
 fn add_cidr(
     interface: &InterfaceName,
     conf: &ServerConfig,