From 475a4318593a49b4105353b52a9db723b84246c4 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 20 Apr 2025 21:07:22 -0400
Subject: [PATCH 1/2] Add TODO

---
 server/routers/newt/handleGetConfigMessage.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts
index 07a598f7..ad405d08 100644
--- a/server/routers/newt/handleGetConfigMessage.ts
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -54,13 +54,17 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
         logger.warn("handleGetConfigMessage: Site not found");
         return;
     }
-// todo check if the public key has changed
+    
     // we need to wait for hole punch success
     if (!existingSite.endpoint) {
         logger.warn(`Site ${existingSite.siteId} has no endpoint, skipping`);
         return;
     }
 
+    if (existingSite.publicKey !== publicKey) {
+        // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly)
+    }
+
     if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 6) {
         logger.warn(
             `Site ${existingSite.siteId} last hole punch is too old, skipping`

From 0c370e4299cd16cec408747b46f1bdd43dfd278b Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 22 Apr 2025 22:18:50 -0400
Subject: [PATCH 2/2] Scope down the allowedIps so there are no conflicts

---
 server/routers/newt/handleGetConfigMessage.ts  | 2 +-
 server/routers/olm/handleOlmRegisterMessage.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts
index ad405d08..6c648baa 100644
--- a/server/routers/newt/handleGetConfigMessage.ts
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -133,7 +133,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
 
                 return {
                     publicKey: client.clients.pubKey!,
-                    allowedIps: [client.clients.subnet!],
+                    allowedIps: [`${client.clients.subnet.split('/')[0]}/32`], // we want to only allow from that client
                     endpoint: client.clientSites.isRelayed
                         ? ""
                         : client.clients.endpoint! // if its relayed it should be localhost
diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
index a398d5e4..d3ce74cd 100644
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -141,7 +141,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             );
             await addPeer(site.siteId, {
                 publicKey: publicKey,
-                allowedIps: [client.subnet],
+                allowedIps: [`${client.subnet.split('/')[0]}/32`], // we want to only allow from that client
                 endpoint: client.endpoint
             });
         } else {