From 30849818aa55178a741bc734ad35c258d39572d3 Mon Sep 17 00:00:00 2001
From: quackerd <d@quacker.org>
Date: Mon, 21 Aug 2023 09:54:09 -0400
Subject: [PATCH] merge key file

---
 README.md   |  6 ++++--
 opt/init.py | 29 +++++++++++++++--------------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index b4fc967..66edc0c 100644
--- a/README.md
+++ b/README.md
@@ -18,9 +18,11 @@ d2ray is a single Docker container that provides easy 5-minute setups and braind
 All d2ray logs and private/public key pairs are stored in `/etc/d2ray` in the container. You can mount an external folder to that location to persist settings. See the example `docker-compose.yml`.
 
 ## Key Generation
-d2ray checks whether a private key file exists at path `/etc/xray/certs/private_key` and generates a new private key if not found.
+d2ray checks whether a key file exists at path `/etc/xray/certs/keys` and generates a new key pair if not found.
 
-You can either supply a pre-generated private key using `xray x25519` or let d2ray generate one. The corresponding public key is both printed to the container log (`docker logs`) and written to `/etc/xray/certs/public_key`, which clients use to connect. 
+You can either supply a pre-generated private key using `xray x25519` or let d2ray generate one. The corresponding public key is printed to the container log (`docker logs`), which clients use to connect. 
+
+If you are generating the private key yourself, the key file must contain exactly the output of `xray x25519`.
 
 ## How To Update?
 - `docker compose down`
diff --git a/opt/init.py b/opt/init.py
index 7d2d0d3..e24f266 100644
--- a/opt/init.py
+++ b/opt/init.py
@@ -6,8 +6,7 @@ import string
 import pathlib
 
 CONFIG_DIR = pathlib.Path("/etc/d2ray")
-PRIVKEY = CONFIG_DIR.joinpath("certs/private_key")
-PUBKEY = CONFIG_DIR.joinpath("certs/public_key")
+KEY_FILE = CONFIG_DIR.joinpath("certs/keys")
 LOG_DIR = CONFIG_DIR.joinpath("logs")
 XRAY_BIN = pathlib.Path("/opt/xray/xray")
 
@@ -118,21 +117,23 @@ def main():
     args.from_env()
 
     print("====== init.py ======", flush=True)
-    print(f"Checking server private key...", flush=True)
-    if not PRIVKEY.exists():
-        print(f"Server private key not found at {PRIVKEY}. Generating...")
-        skey, _ = parse_xray_x25519_output(subprocess.check_output(f"{XRAY_BIN} x25519", shell = True).decode())
-        with open(PRIVKEY, "w") as f:
-            f.write(skey)
+    print(f"Checking key file...", flush=True)
+    if not KEY_FILE.exists():
+        print(f"Key file not found at {KEY_FILE}. Generating...")
+        out = subprocess.check_output(f"{XRAY_BIN} x25519", shell = True).decode()
+        with open(KEY_FILE, "w") as f:
+            f.write(out)
     
-    with open(PRIVKEY, "r") as f:
-        skey = f.read().strip()
+    with open(KEY_FILE, "r") as f:
+        out = f.read()
 
-    print(f"Deriving public key...", flush=True)
-    _, pkey = parse_xray_x25519_output(subprocess.check_output(f"{XRAY_BIN} x25519 -i {skey}", shell = True).decode())
+    print(f"Reading keys...", flush=True)
+    skey, pkey = parse_xray_x25519_output(out)
 
-    with open(PUBKEY, "w") as f:
-        f.write(pkey)
+    print(f"Verifying public key...", flush=True)
+    _, _pkey = parse_xray_x25519_output(subprocess.check_output(f"{XRAY_BIN} x25519 -i {skey}", shell = True).decode())
+    if (_pkey != pkey):
+        print(f"Unmatching public key: expected \"{_pkey}\" but key file provided \"{pkey}\". Please verify the key file.", flush=True)
 
     print(f"\nConfigurations:\n{str(args)}\nPublic key: {pkey}\n", flush=True)