From a4b9ba545c93f708baf5c474a688905a633ad670 Mon Sep 17 00:00:00 2001
From: Lucas RODRIGUEZ <lucas.rodriguez@outscale.com>
Date: Wed, 3 Jul 2024 13:25:21 +0000
Subject: [PATCH] Fix CreateNetPeering not checking SourceNet ownership

---
 src/main.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 3c9b619..85a681b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2850,7 +2850,6 @@ impl RicCall {
                 Ok((jsonobj_to_strret(json, req_id), StatusCode::OK))
             },
             RicCall::CreateNetPeering => {
-                // TODO Source Net needs to be user ownership
                 if auth != AuthType::AkSk {
                     return eval_bad_auth(req_id, json, "CreateNetPeering require v4 signature")
                 }
@@ -2899,6 +2898,10 @@ impl RicCall {
                     Some ((i, net)) => (i, net),
                     _ => return bad_argument(req_id, json, format!("can't find user linked with source net id {}", accepter_net_id).as_str())
                 };
+                if source_user_id != user_id {
+                    return bad_argument(req_id, json, format!("the source net id {} needs to be your own", accepter_net_id).as_str())
+                }
+                
                 net_peering["State"]["Message"] = ("Pending acceptance by ".to_owned() + &format!("{:012x}", accepter_user_id)).into();
                 net_peering["AccepterNet"]["IpRange"] = accepter_net["IpRange"].clone();
                 net_peering["AccepterNet"]["AccountId"] = format!("{:012x}", accepter_user_id).into();