Ensure registration clientIds are unique

Update the client registration handling to ensure that the clientId values associated with a client's registration are unique within the scope of a given telemetry server's clients table.
SUSE · Feb 7, 2025 · b2fa98a · b2fa98a
1 parent 41b930b
commit b2fa98a
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 0 deletions.
diff --git a/app/clients.go b/app/clients.go
@@ -180,6 +180,59 @@ func (c *ClientsRow) RegistrationExists() bool {
 	return true
 }
 
+func (c *ClientsRow) ClientIdExists() bool {
+	stmt, err := c.SelectStmt(
+		// select columns
+		[]string{
+			"id",
+			"systemUUID",
+			"clientTimestamp",
+			"registrationDate",
+			"authToken",
+		},
+		// match columns
+		[]string{
+			"clientId",
+		},
+		SelectOpts{}, // no special options
+	)
+	if err != nil {
+		slog.Error(
+			"registrationExists statement generation failed",
+			slog.String("table", c.TableName()),
+			slog.String("error", err.Error()),
+		)
+		panic(err)
+	}
+
+	row := c.DB().QueryRow(
+		stmt,
+		c.ClientId,
+	)
+	// if the entry was found, all fields not used to find the entry will have
+	// been updated to match what is in the DB
+	if err := row.Scan(
+		&c.Id,
+		&c.SystemUUID,
+		&c.ClientTimestamp,
+		&c.RegistrationDate,
+		&c.AuthToken,
+	); err != nil {
+		if err != sql.ErrNoRows {
+			slog.Error(
+				"check for matching entry failed",
+				slog.String("table", c.TableName()),
+				slog.String("clientId", c.ClientId),
+				slog.String("systemUUID", c.SystemUUID),
+				slog.String("clientTimestamp", c.ClientTimestamp),
+				slog.String("error", err.Error()),
+			)
+		}
+		return false
+	}
+	return true
+}
+
 func (c *ClientsRow) Insert() (err error) {
 	stmt, err := c.InsertStmt(
 		[]string{

diff --git a/app/handler_register.go b/app/handler_register.go
@@ -49,11 +49,19 @@ func (a *App) RegisterClient(ar *AppRequest) {
 	}
 
 	client.InitRegistration(&crReq)
+	// check if the supplied registration already exists, e.g. cloned system
 	if client.RegistrationExists() {
 		ar.ErrorResponse(http.StatusConflict, "specified registration already exists")
 		return
 	}
 
+	// check if the supplied registration's clientID already exists, e.g. a new
+	// client generated the same UUID value that an existing client is using
+	if client.ClientIdExists() {
+		ar.ErrorResponse(http.StatusConflict, "specified registration clientId already exists")
+		return
+	}
+
 	client.AuthToken, err = a.AuthManager.CreateToken()
 	if err != nil {
 		ar.ErrorResponse(http.StatusInternalServerError, "failed to create authtoken for client")