From 85c4080661cc4d7aa777d7797d0536204a93f8ad Mon Sep 17 00:00:00 2001
From: cameronts <cameron@netmaker.io>
Date: Wed, 31 Aug 2022 03:59:33 -0700
Subject: [PATCH 1/4] Blank access keys before writing config.

---
 netclient/functions/pull.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netclient/functions/pull.go b/netclient/functions/pull.go
index afe7ac94..af86d871 100644
--- a/netclient/functions/pull.go
+++ b/netclient/functions/pull.go
@@ -72,6 +72,7 @@ func Pull(network string, iface bool) (*models.Node, error) {
 		}
 		informPortChange(&resNode)
 	}
+	resNode.AccessKey = "" // don't store the access key on disk
 	if err = config.ModNodeConfig(&resNode); err != nil {
 		return nil, err
 	}

From 67ca0adef092d0794d0c4c3dd04f7f24626f43c7 Mon Sep 17 00:00:00 2001
From: cameronts <cameron@netmaker.io>
Date: Wed, 31 Aug 2022 15:48:55 -0700
Subject: [PATCH 2/4] Revert "Blank access keys before writing config."

This reverts commit 85c4080661cc4d7aa777d7797d0536204a93f8ad.
---
 netclient/functions/pull.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/netclient/functions/pull.go b/netclient/functions/pull.go
index af86d871..afe7ac94 100644
--- a/netclient/functions/pull.go
+++ b/netclient/functions/pull.go
@@ -72,7 +72,6 @@ func Pull(network string, iface bool) (*models.Node, error) {
 		}
 		informPortChange(&resNode)
 	}
-	resNode.AccessKey = "" // don't store the access key on disk
 	if err = config.ModNodeConfig(&resNode); err != nil {
 		return nil, err
 	}

From 59351b1e006568c52129c493b5b7bdaaeec0bd3b Mon Sep 17 00:00:00 2001
From: cameronts <cameron@netmaker.io>
Date: Fri, 2 Sep 2022 01:52:28 -0700
Subject: [PATCH 3/4] Access key blanking for calls that the client uses.

---
 controllers/node.go | 10 ++++++++++
 mq/publishers.go    |  6 ++++++
 2 files changed, 16 insertions(+)

diff --git a/controllers/node.go b/controllers/node.go
index fda392ff..9421b79c 100644
--- a/controllers/node.go
+++ b/controllers/node.go
@@ -319,6 +319,12 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, node := range nodes {
+		if len(node.NetworkSettings.AccessKeys) > 0 {
+			node.NetworkSettings.AccessKeys = nil // not to be sent back to client; client already knows how to join the network
+		}
+	}
+
 	//Returns all the nodes in JSON format
 	logger.Log(2, r.Header.Get("user"), "fetched nodes on network", networkName)
 	w.WriteHeader(http.StatusOK)
@@ -395,6 +401,10 @@ func getNode(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(node.NetworkSettings.AccessKeys) > 0 {
+		node.NetworkSettings.AccessKeys = nil // not to be sent back to client; client already knows how to join the network
+	}
+
 	response := models.NodeGet{
 		Node:         node,
 		Peers:        peerUpdate.Peers,
diff --git a/mq/publishers.go b/mq/publishers.go
index 49b958e6..b2dbb8bd 100644
--- a/mq/publishers.go
+++ b/mq/publishers.go
@@ -85,6 +85,12 @@ func NodeUpdate(node *models.Node) error {
 		return nil
 	}
 	logger.Log(3, "publishing node update to "+node.Name)
+
+	if len(node.NetworkSettings.AccessKeys) > 0 {
+		node.NetworkSettings.AccessKeys = nil // not to be sent (don't need to spread access keys around the network; we need to know how to reach other nodes, not become them)
+	}
+	node.AccessKey = "" // no need to send this node's access key to others
+
 	data, err := json.Marshal(node)
 	if err != nil {
 		logger.Log(2, "error marshalling node update ", err.Error())

From 53385eb1005f37202a02ff2d68f53886df99f5ff Mon Sep 17 00:00:00 2001
From: cameronts <cameron@netmaker.io>
Date: Fri, 2 Sep 2022 07:29:29 -0700
Subject: [PATCH 4/4] Updated per commit comments.

---
 controllers/node.go | 4 ++--
 mq/publishers.go    | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/controllers/node.go b/controllers/node.go
index 9421b79c..1235de8c 100644
--- a/controllers/node.go
+++ b/controllers/node.go
@@ -321,7 +321,7 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 
 	for _, node := range nodes {
 		if len(node.NetworkSettings.AccessKeys) > 0 {
-			node.NetworkSettings.AccessKeys = nil // not to be sent back to client; client already knows how to join the network
+			node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent back to client; client already knows how to join the network
 		}
 	}
 
@@ -402,7 +402,7 @@ func getNode(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if len(node.NetworkSettings.AccessKeys) > 0 {
-		node.NetworkSettings.AccessKeys = nil // not to be sent back to client; client already knows how to join the network
+		node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent back to client; client already knows how to join the network
 	}
 
 	response := models.NodeGet{
diff --git a/mq/publishers.go b/mq/publishers.go
index b2dbb8bd..423e1461 100644
--- a/mq/publishers.go
+++ b/mq/publishers.go
@@ -87,9 +87,8 @@ func NodeUpdate(node *models.Node) error {
 	logger.Log(3, "publishing node update to "+node.Name)
 
 	if len(node.NetworkSettings.AccessKeys) > 0 {
-		node.NetworkSettings.AccessKeys = nil // not to be sent (don't need to spread access keys around the network; we need to know how to reach other nodes, not become them)
+		node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent (don't need to spread access keys around the network; we need to know how to reach other nodes, not become them)
 	}
-	node.AccessKey = "" // no need to send this node's access key to others
 
 	data, err := json.Marshal(node)
 	if err != nil {