Fix crash when peer has nil publicKey in site config

Skip sites with empty/nil publicKey instead of passing them to the WireGuard UAPI layer, which expects a valid 64-char hex string. A nil key occurs when a Newt site has never connected. Previously this caused all sites to fail with "hex string does not fit the slice".
2026-03-09 12:16:42 +00:00 · 2026-03-08 01:59:39 +01:00
parent ae88766d85
commit 3f258d3500
2 changed files with 11 additions and 0 deletions
--- a/olm/connect.go
+++ b/olm/connect.go
@@ -172,6 +172,12 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {

 	for i := range wgData.Sites {
 		site := wgData.Sites[i]
+
+		if site.PublicKey == "" {
+			logger.Warn("Skipping site %d (%s): no public key available (site may not be connected)", site.SiteId, site.Name)
+			continue
+		}
+
 		var siteEndpoint string
 		// here we are going to take the relay endpoint if it exists which means we requested a relay for this peer
 		if site.RelayEndpoint != "" {
--- a/olm/peer.go
+++ b/olm/peer.go
@@ -37,6 +37,11 @@ func (o *Olm) handleWgPeerAdd(msg websocket.WSMessage) {
 		return
 	}

+	if siteConfig.PublicKey == "" {
+		logger.Warn("Skipping add-peer for site %d (%s): no public key available (site may not be connected)", siteConfig.SiteId, siteConfig.Name)
+		return
+	}
+
 	_ = o.holePunchManager.TriggerHolePunch() // Trigger immediate hole punch attempt so that if the peer decides to relay we have already punched close to when we need it

 	if err := o.peerManager.AddPeer(siteConfig); err != nil {