tsid

README

tsid is a Caddy plugin that allows access only to requests coming from the Tailscale network and allows to identify users behind these requests by setting some Caddy placeholders:

Placeholder	Description
{http.vars.tailscale.name}	User name
{http.vars.tailscale.email}	User email

Usage

1. Build Caddy with this plugin by xcaddy:

    $ xcaddy build --with go.astrophena.name/tsid
   

2. Make sure that tsid is ordered first:

    {
      order tsid first
    }
   

3. Add the tsid directive to your Caddyfile and use the placeholders:

    tsid
   
    respond "Hello, {http.vars.tailscale.name}!"
   

License

MIT © Ilya Mateyko

Documentation

Overview

Package tsid is a Caddy plugin that allows access only to requests coming from the Tailscale network and allows to identify users behind these requests by setting some Caddy placeholders.

Index

• Constants
• Variables
• type Middleware
  • func (Middleware) CaddyModule() caddy.ModuleInfo
  • func (m *Middleware) Provision(ctx caddy.Context) error
  • func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
  • func (m *Middleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
• type Requirements
  • func (a Requirements) HasCapacities(m tailcfg.NodeCapMap) bool
  • func (a Requirements) IsIpAllowed(ip netip.Addr) bool
  • func (a Requirements) IsLoginAllowed(s string) bool
  • func (a Requirements) IsWhoIsLegal(whoIs *apitype.WhoIsResponse) bool

Constants

const (
	RangePrefix      = "ip"
	LoginPrefix      = "login"
	CapabilityPrefix = "cap"
)

const LenientEmailRegexString = "^[^@]+@[^@]+\\.[^@]+$"

const (
	TailscaleAdminCap = tailcfg.NodeCapability("https://tailscale.com/cap/is-admin")
)

Variables

var LenientEmailRegex *regexp.Regexp

Types

type Middleware

type Middleware struct {
	RawAllowed []string `json:"allowed,omitempty"`
	// contains filtered or unexported fields
}

Middleware is a Caddy HTTP handler that allows requests only from the Tailscale network and sets placeholders based on the Tailscale node information.

func (Middleware) CaddyModule

func (Middleware) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*Middleware) Provision

func (m *Middleware) Provision(ctx caddy.Context) error

func (*Middleware) ServeHTTP

func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error

ServeHTTP implements the caddyhttp.MiddlewareHandler interface.

func (*Middleware) UnmarshalCaddyfile

func (m *Middleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile implements the caddyfile.Unmarshaler interface.

type Requirements

type Requirements struct {
	Ranges       []netip.Prefix
	Logins       []string
	Capabilities []string
}

func (Requirements) HasCapacities

func (a Requirements) HasCapacities(m tailcfg.NodeCapMap) bool

func (Requirements) IsIpAllowed

func (a Requirements) IsIpAllowed(ip netip.Addr) bool

func (Requirements) IsLoginAllowed

func (a Requirements) IsLoginAllowed(s string) bool

func (Requirements) IsWhoIsLegal

func (a Requirements) IsWhoIsLegal(whoIs *apitype.WhoIsResponse) bool