Documentation
¶
Overview ¶
nolint
Index ¶
- Constants
- Variables
- type AppleMobileConfig
- type AppleMobilePlatformConfig
- type AuthProvider
- type AuthProviderOIDC
- type AuthProviderWeb
- type Headscale
- func (h *Headscale) AppleConfigMessage(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) ApplePlatformConfig(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) HealthHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) KeyHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) NoiseUpgradeHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) Serve() error
- func (h *Headscale) VerifyHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) WindowsConfigMessage(writer http.ResponseWriter, req *http.Request)
- type RegistrationInfo
Constants ¶
const (
AuthPrefix = "Bearer "
)
const (
MinimumCapVersion tailcfg.CapabilityVersion = 82
)
const ( // The CapabilityVersion is used by Tailscale clients to indicate // their codebase version. Tailscale clients can communicate over TS2021 // from CapabilityVersion 28, but we only have good support for it // since https://github.com/tailscale/tailscale/pull/4323 (Noise in any HTTPS port). // // Related to this change, there is https://github.com/tailscale/tailscale/pull/5379, // where CapabilityVersion 39 is introduced to indicate #4323 was merged. // // See also https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go NoiseCapabilityVersion = 39 )
Variables ¶
var ErrNoCapabilityVersion = errors.New("no capability version set")
var ErrRegisterMethodCLIDoesNotSupportExpire = errors.New(
"machines registered with CLI does not support expire",
)
Functions ¶
This section is empty.
Types ¶
type AppleMobileConfig ¶
type AppleMobilePlatformConfig ¶
type AppleMobilePlatformConfig struct {
UUID uuid.UUID
URL string
}
type AuthProvider ¶ added in v0.24.0
type AuthProvider interface {
RegisterHandler(http.ResponseWriter, *http.Request)
AuthURL(key.MachinePublic) string
}
type AuthProviderOIDC ¶ added in v0.24.0
type AuthProviderOIDC struct {
// contains filtered or unexported fields
}
func NewAuthProviderOIDC ¶ added in v0.24.0
func NewAuthProviderOIDC( ctx context.Context, serverURL string, cfg *types.OIDCConfig, db *db.HSDatabase, notif *notifier.Notifier, ipAlloc *db.IPAllocator, polMan policy.PolicyManager, ) (*AuthProviderOIDC, error)
func (*AuthProviderOIDC) AuthURL ¶ added in v0.24.0
func (a *AuthProviderOIDC) AuthURL(mKey key.MachinePublic) string
func (*AuthProviderOIDC) OIDCCallbackHandler ¶ added in v0.24.0
func (a *AuthProviderOIDC) OIDCCallbackHandler( writer http.ResponseWriter, req *http.Request, )
OIDCCallbackHandler handles the callback from the OIDC endpoint Retrieves the nkey from the state cache and adds the node to the users email user TODO: A confirmation page for new nodes should be added to avoid phishing vulnerabilities TODO: Add groups information from OIDC tokens into node HostInfo Listens in /oidc/callback.
func (*AuthProviderOIDC) RegisterHandler ¶ added in v0.24.0
func (a *AuthProviderOIDC) RegisterHandler( writer http.ResponseWriter, req *http.Request, )
RegisterOIDC redirects to the OIDC provider for authentication Puts NodeKey in cache so the callback can retrieve it using the oidc state param Listens in /register/:mKey.
type AuthProviderWeb ¶ added in v0.24.0
type AuthProviderWeb struct {
// contains filtered or unexported fields
}
func NewAuthProviderWeb ¶ added in v0.24.0
func NewAuthProviderWeb(serverURL string) *AuthProviderWeb
func (*AuthProviderWeb) AuthURL ¶ added in v0.24.0
func (a *AuthProviderWeb) AuthURL(mKey key.MachinePublic) string
func (*AuthProviderWeb) RegisterHandler ¶ added in v0.24.0
func (a *AuthProviderWeb) RegisterHandler( writer http.ResponseWriter, req *http.Request, )
RegisterWebAPI shows a simple message in the browser to point to the CLI Listens in /register/:nkey.
This is not part of the Tailscale control API, as we could send whatever URL in the RegisterResponse.AuthURL field.
type Headscale ¶
type Headscale struct {
DERPMap *tailcfg.DERPMap
DERPServer *derpServer.DERPServer
// contains filtered or unexported fields
}
Headscale represents the base app of the service.
func (*Headscale) AppleConfigMessage ¶
func (h *Headscale) AppleConfigMessage( writer http.ResponseWriter, req *http.Request, )
AppleConfigMessage shows a simple message in the browser to point the user to the iOS/MacOS profile and instructions for how to install it.
func (*Headscale) ApplePlatformConfig ¶
func (h *Headscale) ApplePlatformConfig( writer http.ResponseWriter, req *http.Request, )
func (*Headscale) HealthHandler ¶
func (h *Headscale) HealthHandler( writer http.ResponseWriter, req *http.Request, )
func (*Headscale) KeyHandler ¶
func (h *Headscale) KeyHandler( writer http.ResponseWriter, req *http.Request, )
KeyHandler provides the Headscale pub key Listens in /key.
func (*Headscale) NoiseUpgradeHandler ¶
func (h *Headscale) NoiseUpgradeHandler( writer http.ResponseWriter, req *http.Request, )
NoiseUpgradeHandler is to upgrade the connection and hijack the net.Conn in order to use the Noise-based TS2021 protocol. Listens in /ts2021.
func (*Headscale) VerifyHandler ¶ added in v0.24.0
func (h *Headscale) VerifyHandler( writer http.ResponseWriter, req *http.Request, )
see https://github.com/tailscale/tailscale/blob/964282d34f06ecc06ce644769c66b0b31d118340/derp/derp_server.go#L1159, Derp use verifyClientsURL to verify whether a client is allowed to connect to the DERP server.
func (*Headscale) WindowsConfigMessage ¶
func (h *Headscale) WindowsConfigMessage( writer http.ResponseWriter, req *http.Request, )
WindowsConfigMessage shows a simple message in the browser for how to configure the Windows Tailscale client.
type RegistrationInfo ¶ added in v0.24.0
type RegistrationInfo struct {
MachineKey key.MachinePublic
Verifier *string
}
RegistrationInfo contains both machine key and verifier information for OIDC validation.
Source Files
Directories