hscontrol

package
v0.25.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2025 License: BSD-3-Clause Imports: 88 Imported by: 1

Documentation

Overview

nolint

Index

Constants

View Source
const (
	AuthPrefix = "Bearer "
)
View Source
const (
	// The CapabilityVersion is used by Tailscale clients to indicate
	// their codebase version. Tailscale clients can communicate over TS2021
	// from CapabilityVersion 28, but we only have good support for it
	// since https://github.com/tailscale/tailscale/pull/4323 (Noise in any HTTPS port).
	//
	// Related to this change, there is https://github.com/tailscale/tailscale/pull/5379,
	// where CapabilityVersion 39 is introduced to indicate #4323 was merged.
	//
	// See also https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go
	NoiseCapabilityVersion = 39
)

Variables

View Source
var ErrNoCapabilityVersion = errors.New("no capability version set")
View Source
var ErrRegisterMethodCLIDoesNotSupportExpire = errors.New(
	"machines registered with CLI does not support expire",
)

Functions

This section is empty.

Types

type AppleMobileConfig

type AppleMobileConfig struct {
	UUID    uuid.UUID
	URL     string
	Payload string
}

type AppleMobilePlatformConfig

type AppleMobilePlatformConfig struct {
	UUID uuid.UUID
	URL  string
}

type AuthProvider added in v0.24.0

type AuthProvider interface {
	RegisterHandler(http.ResponseWriter, *http.Request)
	AuthURL(types.RegistrationID) string
}

type AuthProviderOIDC added in v0.24.0

type AuthProviderOIDC struct {
	// contains filtered or unexported fields
}

func NewAuthProviderOIDC added in v0.24.0

func NewAuthProviderOIDC(
	ctx context.Context,
	serverURL string,
	cfg *types.OIDCConfig,
	db *db.HSDatabase,
	notif *notifier.Notifier,
	ipAlloc *db.IPAllocator,
	polMan policy.PolicyManager,
) (*AuthProviderOIDC, error)

func (*AuthProviderOIDC) AuthURL added in v0.24.0

func (a *AuthProviderOIDC) AuthURL(registrationID types.RegistrationID) string

func (*AuthProviderOIDC) OIDCCallbackHandler added in v0.24.0

func (a *AuthProviderOIDC) OIDCCallbackHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

OIDCCallbackHandler handles the callback from the OIDC endpoint Retrieves the nkey from the state cache and adds the node to the users email user TODO: A confirmation page for new nodes should be added to avoid phishing vulnerabilities TODO: Add groups information from OIDC tokens into node HostInfo Listens in /oidc/callback.

func (*AuthProviderOIDC) RegisterHandler added in v0.24.0

func (a *AuthProviderOIDC) RegisterHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

RegisterOIDC redirects to the OIDC provider for authentication Puts NodeKey in cache so the callback can retrieve it using the oidc state param Listens in /register/:registration_id.

type AuthProviderWeb added in v0.24.0

type AuthProviderWeb struct {
	// contains filtered or unexported fields
}

func NewAuthProviderWeb added in v0.24.0

func NewAuthProviderWeb(serverURL string) *AuthProviderWeb

func (*AuthProviderWeb) AuthURL added in v0.24.0

func (a *AuthProviderWeb) AuthURL(registrationId types.RegistrationID) string

func (*AuthProviderWeb) RegisterHandler added in v0.24.0

func (a *AuthProviderWeb) RegisterHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

RegisterWebAPI shows a simple message in the browser to point to the CLI Listens in /register/:registration_id.

This is not part of the Tailscale control API, as we could send whatever URL in the RegisterResponse.AuthURL field.

type HTTPError added in v0.25.0

type HTTPError struct {
	Code int    // HTTP response code to send to client; 0 means 500
	Msg  string // Response body to send to client
	Err  error  // Detailed error to log on the server
}

HTTPError represents an error that is surfaced to the user via web.

func NewHTTPError added in v0.25.0

func NewHTTPError(code int, msg string, err error) HTTPError

Error returns an HTTPError containing the given information.

func (HTTPError) Error added in v0.25.0

func (e HTTPError) Error() string

func (HTTPError) Unwrap added in v0.25.0

func (e HTTPError) Unwrap() error

type Headscale

type Headscale struct {
	DERPMap    *tailcfg.DERPMap
	DERPServer *derpServer.DERPServer
	// contains filtered or unexported fields
}

Headscale represents the base app of the service.

func NewHeadscale

func NewHeadscale(cfg *types.Config) (*Headscale, error)

func (*Headscale) AppleConfigMessage

func (h *Headscale) AppleConfigMessage(
	writer http.ResponseWriter,
	req *http.Request,
)

AppleConfigMessage shows a simple message in the browser to point the user to the iOS/MacOS profile and instructions for how to install it.

func (*Headscale) ApplePlatformConfig

func (h *Headscale) ApplePlatformConfig(
	writer http.ResponseWriter,
	req *http.Request,
)

func (*Headscale) HealthHandler

func (h *Headscale) HealthHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

func (*Headscale) KeyHandler

func (h *Headscale) KeyHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

KeyHandler provides the Headscale pub key Listens in /key.

func (*Headscale) NoiseUpgradeHandler

func (h *Headscale) NoiseUpgradeHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

NoiseUpgradeHandler is to upgrade the connection and hijack the net.Conn in order to use the Noise-based TS2021 protocol. Listens in /ts2021.

func (*Headscale) Serve

func (h *Headscale) Serve() error

Serve launches the HTTP and gRPC server service Headscale and the API.

func (*Headscale) VerifyHandler added in v0.24.0

func (h *Headscale) VerifyHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

see https://github.com/tailscale/tailscale/blob/964282d34f06ecc06ce644769c66b0b31d118340/derp/derp_server.go#L1159, Derp use verifyClientsURL to verify whether a client is allowed to connect to the DERP server.

func (*Headscale) WindowsConfigMessage

func (h *Headscale) WindowsConfigMessage(
	writer http.ResponseWriter,
	req *http.Request,
)

WindowsConfigMessage shows a simple message in the browser for how to configure the Windows Tailscale client.

type RegistrationInfo added in v0.24.0

type RegistrationInfo struct {
	RegistrationID types.RegistrationID
	Verifier       *string
}

RegistrationInfo contains both machine key and verifier information for OIDC validation.

Directories

Path Synopsis
gen

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL