hscontrol

package

v0.25.1 Latest Latest Go to latest Published: Feb 25, 2025 License: BSD-3-Clause Imports: 88 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/juanfont/headscale

Documentation ¶

Overview ¶

nolint

Index ¶

Constants
Variables
type AppleMobileConfig
type AppleMobilePlatformConfig
type AuthProvider
type AuthProviderOIDC
- func NewAuthProviderOIDC(ctx context.Context, serverURL string, cfg *types.OIDCConfig, ...) (*AuthProviderOIDC, error)
type AuthProviderWeb
- func NewAuthProviderWeb(serverURL string) *AuthProviderWeb
- func (a *AuthProviderWeb) AuthURL(registrationId types.RegistrationID) string
- func (a *AuthProviderWeb) RegisterHandler(writer http.ResponseWriter, req *http.Request)
type HTTPError
- func NewHTTPError(code int, msg string, err error) HTTPError
- func (e HTTPError) Error() string
- func (e HTTPError) Unwrap() error
type Headscale
- func NewHeadscale(cfg *types.Config) (*Headscale, error)
type RegistrationInfo

Constants ¶

View Source

const (
	AuthPrefix = "Bearer "
)

View Source

const (
	// The CapabilityVersion is used by Tailscale clients to indicate
	// their codebase version. Tailscale clients can communicate over TS2021
	// from CapabilityVersion 28, but we only have good support for it
	// since https://github.com/tailscale/tailscale/pull/4323 (Noise in any HTTPS port).
	//
	// Related to this change, there is https://github.com/tailscale/tailscale/pull/5379,
	// where CapabilityVersion 39 is introduced to indicate #4323 was merged.
	//
	// See also https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go
	NoiseCapabilityVersion = 39
)

Variables ¶

View Source

var ErrNoCapabilityVersion = errors.New("no capability version set")

View Source

var ErrRegisterMethodCLIDoesNotSupportExpire = errors.New(
	"machines registered with CLI does not support expire",
)

Functions ¶

This section is empty.

Types ¶

type AppleMobileConfig ¶

type AppleMobileConfig struct {
	UUID    uuid.UUID
	URL     string
	Payload string
}

type AppleMobilePlatformConfig ¶

type AppleMobilePlatformConfig struct {
	UUID uuid.UUID
	URL  string
}

type AuthProvider ¶ added in v0.24.0

type AuthProvider interface {
	RegisterHandler(http.ResponseWriter, *http.Request)
	AuthURL(types.RegistrationID) string
}

type AuthProviderOIDC ¶ added in v0.24.0

type AuthProviderOIDC struct {
	// contains filtered or unexported fields
}

func NewAuthProviderOIDC ¶ added in v0.24.0

func NewAuthProviderOIDC(
	ctx context.Context,
	serverURL string,
	cfg *types.OIDCConfig,
	db *db.HSDatabase,
	notif *notifier.Notifier,
	ipAlloc *db.IPAllocator,
	polMan policy.PolicyManager,
) (*AuthProviderOIDC, error)

func (*AuthProviderOIDC) AuthURL ¶ added in v0.24.0

func (a *AuthProviderOIDC) AuthURL(registrationID types.RegistrationID) string

func (*AuthProviderOIDC) OIDCCallbackHandler ¶ added in v0.24.0

func (a *AuthProviderOIDC) OIDCCallbackHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

OIDCCallbackHandler handles the callback from the OIDC endpoint Retrieves the nkey from the state cache and adds the node to the users email user TODO: A confirmation page for new nodes should be added to avoid phishing vulnerabilities TODO: Add groups information from OIDC tokens into node HostInfo Listens in /oidc/callback.

func (*AuthProviderOIDC) RegisterHandler ¶ added in v0.24.0

func (a *AuthProviderOIDC) RegisterHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

RegisterOIDC redirects to the OIDC provider for authentication Puts NodeKey in cache so the callback can retrieve it using the oidc state param Listens in /register/:registration_id.

type AuthProviderWeb ¶ added in v0.24.0

type AuthProviderWeb struct {
	// contains filtered or unexported fields
}

func NewAuthProviderWeb ¶ added in v0.24.0

func NewAuthProviderWeb(serverURL string) *AuthProviderWeb

func (*AuthProviderWeb) AuthURL ¶ added in v0.24.0

func (a *AuthProviderWeb) AuthURL(registrationId types.RegistrationID) string

func (*AuthProviderWeb) RegisterHandler ¶ added in v0.24.0

func (a *AuthProviderWeb) RegisterHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

RegisterWebAPI shows a simple message in the browser to point to the CLI Listens in /register/:registration_id.

This is not part of the Tailscale control API, as we could send whatever URL in the RegisterResponse.AuthURL field.

type HTTPError ¶ added in v0.25.0

type HTTPError struct {
	Code int    // HTTP response code to send to client; 0 means 500
	Msg  string // Response body to send to client
	Err  error  // Detailed error to log on the server
}

HTTPError represents an error that is surfaced to the user via web.

func NewHTTPError ¶ added in v0.25.0

func NewHTTPError(code int, msg string, err error) HTTPError

Error returns an HTTPError containing the given information.

func (HTTPError) Error ¶ added in v0.25.0

func (e HTTPError) Error() string

func (HTTPError) Unwrap ¶ added in v0.25.0

func (e HTTPError) Unwrap() error

type Headscale ¶

type Headscale struct {
	DERPMap    *tailcfg.DERPMap
	DERPServer *derpServer.DERPServer
	// contains filtered or unexported fields
}

Headscale represents the base app of the service.

func NewHeadscale ¶

func NewHeadscale(cfg *types.Config) (*Headscale, error)

func (*Headscale) AppleConfigMessage ¶

func (h *Headscale) AppleConfigMessage(
	writer http.ResponseWriter,
	req *http.Request,
)

AppleConfigMessage shows a simple message in the browser to point the user to the iOS/MacOS profile and instructions for how to install it.

func (*Headscale) ApplePlatformConfig ¶

func (h *Headscale) ApplePlatformConfig(
	writer http.ResponseWriter,
	req *http.Request,
)

func (*Headscale) HealthHandler ¶

func (h *Headscale) HealthHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

func (*Headscale) KeyHandler ¶

func (h *Headscale) KeyHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

KeyHandler provides the Headscale pub key Listens in /key.

func (*Headscale) NoiseUpgradeHandler ¶

func (h *Headscale) NoiseUpgradeHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

NoiseUpgradeHandler is to upgrade the connection and hijack the net.Conn in order to use the Noise-based TS2021 protocol. Listens in /ts2021.

func (*Headscale) Serve ¶

func (h *Headscale) Serve() error

Serve launches the HTTP and gRPC server service Headscale and the API.

func (*Headscale) VerifyHandler ¶ added in v0.24.0

func (h *Headscale) VerifyHandler(
	writer http.ResponseWriter,
	req *http.Request,
)

see https://github.com/tailscale/tailscale/blob/964282d34f06ecc06ce644769c66b0b31d118340/derp/derp_server.go#L1159, Derp use verifyClientsURL to verify whether a client is allowed to connect to the DERP server.

func (*Headscale) WindowsConfigMessage ¶

func (h *Headscale) WindowsConfigMessage(
	writer http.ResponseWriter,
	req *http.Request,
)

WindowsConfigMessage shows a simple message in the browser for how to configure the Windows Tailscale client.

type RegistrationInfo ¶ added in v0.24.0

type RegistrationInfo struct {
	RegistrationID types.RegistrationID
	Verifier       *string
}

RegistrationInfo contains both machine key and verifier information for OIDC validation.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
capver
gen
db
derp
server
dns
mapper
notifier
policy
matcher
templates
types
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL