2022-11-05 09:07:22 +01:00
|
|
|
// nolint
|
2023-05-10 09:24:05 +02:00
|
|
|
package hscontrol
|
2021-10-26 22:42:20 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2024-04-17 07:03:06 +02:00
|
|
|
"errors"
|
2024-08-30 16:58:29 +02:00
|
|
|
"fmt"
|
2024-07-18 07:38:25 +02:00
|
|
|
"io"
|
|
|
|
"os"
|
2024-02-18 19:31:29 +01:00
|
|
|
"sort"
|
2022-05-13 09:47:34 +02:00
|
|
|
"strings"
|
2021-11-04 23:19:27 +01:00
|
|
|
"time"
|
2021-10-26 22:42:20 +02:00
|
|
|
|
2021-11-04 23:19:27 +01:00
|
|
|
"github.com/rs/zerolog/log"
|
2022-05-13 10:17:52 +02:00
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
2024-07-18 07:38:25 +02:00
|
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
2024-02-08 17:28:19 +01:00
|
|
|
"gorm.io/gorm"
|
2021-11-04 23:19:27 +01:00
|
|
|
"tailscale.com/tailcfg"
|
2022-11-05 09:07:22 +01:00
|
|
|
"tailscale.com/types/key"
|
2024-02-12 11:31:21 +01:00
|
|
|
|
|
|
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/db"
|
2024-07-18 07:38:25 +02:00
|
|
|
"github.com/juanfont/headscale/hscontrol/policy"
|
2024-02-12 11:31:21 +01:00
|
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
2021-10-26 22:42:20 +02:00
|
|
|
)
|
|
|
|
|
2021-11-04 23:19:27 +01:00
|
|
|
type headscaleV1APIServer struct { // v1.HeadscaleServiceServer
|
|
|
|
v1.UnimplementedHeadscaleServiceServer
|
2021-10-26 22:42:20 +02:00
|
|
|
h *Headscale
|
|
|
|
}
|
|
|
|
|
2021-11-04 23:19:27 +01:00
|
|
|
func newHeadscaleV1APIServer(h *Headscale) v1.HeadscaleServiceServer {
|
2021-10-26 22:42:20 +02:00
|
|
|
return headscaleV1APIServer{
|
|
|
|
h: h,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
func (api headscaleV1APIServer) GetUser(
|
2021-10-26 22:42:20 +02:00
|
|
|
ctx context.Context,
|
2023-01-17 17:43:44 +01:00
|
|
|
request *v1.GetUserRequest,
|
|
|
|
) (*v1.GetUserResponse, error) {
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetName())
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-10-29 18:44:32 +02:00
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
return &v1.GetUserResponse{User: user.Proto()}, nil
|
2021-10-29 18:44:32 +02:00
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
func (api headscaleV1APIServer) CreateUser(
|
2021-10-29 18:44:32 +02:00
|
|
|
ctx context.Context,
|
2023-01-17 17:43:44 +01:00
|
|
|
request *v1.CreateUserRequest,
|
|
|
|
) (*v1.CreateUserResponse, error) {
|
2023-05-11 09:09:18 +02:00
|
|
|
user, err := api.h.db.CreateUser(request.GetName())
|
2021-10-26 22:42:20 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
return &v1.CreateUserResponse{User: user.Proto()}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
func (api headscaleV1APIServer) RenameUser(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-01-17 17:43:44 +01:00
|
|
|
request *v1.RenameUserRequest,
|
|
|
|
) (*v1.RenameUserResponse, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
oldUser, err := api.h.db.GetUserByName(request.GetOldName())
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-11-18 03:40:06 +01:00
|
|
|
err = api.h.db.RenameUser(types.UserID(oldUser.ID), request.GetNewName())
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-11-18 03:40:06 +01:00
|
|
|
newUser, err := api.h.db.GetUserByName(request.GetNewName())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.RenameUserResponse{User: newUser.Proto()}, nil
|
2021-10-29 18:44:32 +02:00
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
func (api headscaleV1APIServer) DeleteUser(
|
2021-10-29 18:44:32 +02:00
|
|
|
ctx context.Context,
|
2023-01-17 17:43:44 +01:00
|
|
|
request *v1.DeleteUserRequest,
|
|
|
|
) (*v1.DeleteUserResponse, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetName())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = api.h.db.DestroyUser(types.UserID(user.ID))
|
2021-10-29 18:44:32 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
return &v1.DeleteUserResponse{}, nil
|
2021-10-29 18:44:32 +02:00
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
func (api headscaleV1APIServer) ListUsers(
|
2021-10-29 18:44:32 +02:00
|
|
|
ctx context.Context,
|
2023-01-17 17:43:44 +01:00
|
|
|
request *v1.ListUsersRequest,
|
|
|
|
) (*v1.ListUsersResponse, error) {
|
2023-05-11 09:09:18 +02:00
|
|
|
users, err := api.h.db.ListUsers()
|
2021-10-29 18:44:32 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
response := make([]*v1.User, len(users))
|
|
|
|
for index, user := range users {
|
2023-05-21 18:37:59 +02:00
|
|
|
response[index] = user.Proto()
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2024-02-18 19:31:29 +01:00
|
|
|
sort.Slice(response, func(i, j int) bool {
|
|
|
|
return response[i].Id < response[j].Id
|
|
|
|
})
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
log.Trace().Caller().Interface("users", response).Msg("")
|
2021-11-04 23:19:27 +01:00
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
return &v1.ListUsersResponse{Users: response}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) CreatePreAuthKey(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.CreatePreAuthKeyRequest,
|
|
|
|
) (*v1.CreatePreAuthKeyResponse, error) {
|
2021-11-08 09:02:01 +01:00
|
|
|
var expiration time.Time
|
|
|
|
if request.GetExpiration() != nil {
|
|
|
|
expiration = request.GetExpiration().AsTime()
|
|
|
|
}
|
|
|
|
|
2022-09-23 09:58:06 +02:00
|
|
|
for _, tag := range request.AclTags {
|
|
|
|
err := validateTag(tag)
|
|
|
|
if err != nil {
|
|
|
|
return &v1.CreatePreAuthKeyResponse{
|
|
|
|
PreAuthKey: nil,
|
|
|
|
}, status.Error(codes.InvalidArgument, err.Error())
|
2022-08-25 12:43:15 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-11-18 03:40:06 +01:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
preAuthKey, err := api.h.db.CreatePreAuthKey(
|
2024-11-18 03:40:06 +01:00
|
|
|
types.UserID(user.ID),
|
2021-11-08 21:49:03 +01:00
|
|
|
request.GetReusable(),
|
2021-11-04 23:19:27 +01:00
|
|
|
request.GetEphemeral(),
|
|
|
|
&expiration,
|
2022-08-25 12:03:38 +02:00
|
|
|
request.AclTags,
|
2021-11-04 23:19:27 +01:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-05-21 18:37:59 +02:00
|
|
|
return &v1.CreatePreAuthKeyResponse{PreAuthKey: preAuthKey.Proto()}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) ExpirePreAuthKey(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.ExpirePreAuthKeyRequest,
|
|
|
|
) (*v1.ExpirePreAuthKeyResponse, error) {
|
2024-04-21 18:28:17 +02:00
|
|
|
err := api.h.db.Write(func(tx *gorm.DB) error {
|
2024-02-08 17:28:19 +01:00
|
|
|
preAuthKey, err := db.GetPreAuthKey(tx, request.GetUser(), request.Key)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-11-04 23:19:27 +01:00
|
|
|
|
2024-02-08 17:28:19 +01:00
|
|
|
return db.ExpirePreAuthKey(tx, preAuthKey)
|
|
|
|
})
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.ExpirePreAuthKeyResponse{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) ListPreAuthKeys(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.ListPreAuthKeysRequest,
|
|
|
|
) (*v1.ListPreAuthKeysResponse, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
preAuthKeys, err := api.h.db.ListPreAuthKeys(types.UserID(user.ID))
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
response := make([]*v1.PreAuthKey, len(preAuthKeys))
|
|
|
|
for index, key := range preAuthKeys {
|
2023-05-21 18:37:59 +02:00
|
|
|
response[index] = key.Proto()
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2024-02-18 19:31:29 +01:00
|
|
|
sort.Slice(response, func(i, j int) bool {
|
|
|
|
return response[i].Id < response[j].Id
|
|
|
|
})
|
|
|
|
|
2021-11-04 23:19:27 +01:00
|
|
|
return &v1.ListPreAuthKeysResponse{PreAuthKeys: response}, nil
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) RegisterNode(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.RegisterNodeRequest,
|
|
|
|
) (*v1.RegisterNodeResponse, error) {
|
2021-11-13 09:36:45 +01:00
|
|
|
log.Trace().
|
2023-01-17 17:43:44 +01:00
|
|
|
Str("user", request.GetUser()).
|
2023-11-19 22:37:04 +01:00
|
|
|
Str("machine_key", request.GetKey()).
|
2023-09-24 13:42:05 +02:00
|
|
|
Msg("Registering node")
|
2022-02-27 18:42:43 +01:00
|
|
|
|
2023-11-19 22:37:04 +01:00
|
|
|
var mkey key.MachinePublic
|
|
|
|
err := mkey.UnmarshalText([]byte(request.GetKey()))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-04-17 07:03:06 +02:00
|
|
|
ipv4, ipv6, err := api.h.ipAlloc.Next()
|
2024-02-18 19:31:29 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("looking up user: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
node, err := api.h.db.RegisterNodeFromAuthCallback(
|
|
|
|
mkey,
|
|
|
|
types.UserID(user.ID),
|
|
|
|
nil,
|
|
|
|
util.RegisterMethodCLI,
|
|
|
|
ipv4, ipv6,
|
|
|
|
)
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.RegisterNodeResponse{Node: node.Proto()}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) GetNode(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.GetNodeRequest,
|
|
|
|
) (*v1.GetNodeResponse, error) {
|
2024-02-23 10:59:24 +01:00
|
|
|
node, err := api.h.db.GetNodeByID(types.NodeID(request.GetNodeId()))
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-12-09 18:09:24 +01:00
|
|
|
resp := node.Proto()
|
|
|
|
|
|
|
|
// Populate the online field based on
|
|
|
|
// currently connected nodes.
|
2024-02-23 10:59:24 +01:00
|
|
|
resp.Online = api.h.nodeNotifier.IsConnected(node.ID)
|
2023-12-09 18:09:24 +01:00
|
|
|
|
|
|
|
return &v1.GetNodeResponse{Node: resp}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2022-04-25 21:16:14 +02:00
|
|
|
func (api headscaleV1APIServer) SetTags(
|
2022-04-15 13:11:41 +02:00
|
|
|
ctx context.Context,
|
2022-04-25 21:16:14 +02:00
|
|
|
request *v1.SetTagsRequest,
|
|
|
|
) (*v1.SetTagsResponse, error) {
|
2022-05-13 09:47:34 +02:00
|
|
|
for _, tag := range request.GetTags() {
|
2022-07-25 11:25:20 +02:00
|
|
|
err := validateTag(tag)
|
|
|
|
if err != nil {
|
2024-02-08 17:28:19 +01:00
|
|
|
return nil, err
|
2022-05-13 09:47:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-02-08 17:28:19 +01:00
|
|
|
node, err := db.Write(api.h.db.DB, func(tx *gorm.DB) (*types.Node, error) {
|
2024-02-23 10:59:24 +01:00
|
|
|
err := db.SetTags(tx, types.NodeID(request.GetNodeId()), request.GetTags())
|
2024-02-08 17:28:19 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
return db.GetNodeByID(tx, types.NodeID(request.GetNodeId()))
|
2024-02-08 17:28:19 +01:00
|
|
|
})
|
2022-05-13 11:09:28 +02:00
|
|
|
if err != nil {
|
|
|
|
return &v1.SetTagsResponse{
|
2023-09-24 13:42:05 +02:00
|
|
|
Node: nil,
|
2024-02-08 17:28:19 +01:00
|
|
|
}, status.Error(codes.InvalidArgument, err.Error())
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx = types.NotifyCtx(ctx, "cli-settags", node.Hostname)
|
|
|
|
api.h.nodeNotifier.NotifyWithIgnore(ctx, types.StateUpdate{
|
2024-02-08 17:28:19 +01:00
|
|
|
Type: types.StatePeerChanged,
|
2024-02-23 10:59:24 +01:00
|
|
|
ChangeNodes: []types.NodeID{node.ID},
|
2024-02-08 17:28:19 +01:00
|
|
|
Message: "called from api.SetTags",
|
2024-02-23 10:59:24 +01:00
|
|
|
}, node.ID)
|
2022-04-15 13:11:41 +02:00
|
|
|
|
2022-04-25 21:16:14 +02:00
|
|
|
log.Trace().
|
2023-09-24 13:42:05 +02:00
|
|
|
Str("node", node.Hostname).
|
2022-04-25 21:16:14 +02:00
|
|
|
Strs("tags", request.GetTags()).
|
2023-09-24 13:42:05 +02:00
|
|
|
Msg("Changing tags of node")
|
2022-04-15 13:11:41 +02:00
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.SetTagsResponse{Node: node.Proto()}, nil
|
2022-04-15 13:11:41 +02:00
|
|
|
}
|
|
|
|
|
2022-07-25 11:25:20 +02:00
|
|
|
func validateTag(tag string) error {
|
|
|
|
if strings.Index(tag, "tag:") != 0 {
|
2024-04-21 16:53:50 +02:00
|
|
|
return errors.New("tag must start with the string 'tag:'")
|
2022-07-25 11:25:20 +02:00
|
|
|
}
|
|
|
|
if strings.ToLower(tag) != tag {
|
2024-04-21 16:53:50 +02:00
|
|
|
return errors.New("tag should be lowercase")
|
2022-07-25 11:25:20 +02:00
|
|
|
}
|
|
|
|
if len(strings.Fields(tag)) > 1 {
|
2024-04-21 16:53:50 +02:00
|
|
|
return errors.New("tag should not contains space")
|
2022-07-25 11:25:20 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) DeleteNode(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.DeleteNodeRequest,
|
|
|
|
) (*v1.DeleteNodeResponse, error) {
|
2024-02-23 10:59:24 +01:00
|
|
|
node, err := api.h.db.GetNodeByID(types.NodeID(request.GetNodeId()))
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
changedNodes, err := api.h.db.DeleteNode(
|
2023-09-24 13:42:05 +02:00
|
|
|
node,
|
2024-04-21 18:28:17 +02:00
|
|
|
api.h.nodeNotifier.LikelyConnectedMap(),
|
2021-11-04 23:19:27 +01:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx = types.NotifyCtx(ctx, "cli-deletenode", node.Hostname)
|
|
|
|
api.h.nodeNotifier.NotifyAll(ctx, types.StateUpdate{
|
2024-02-08 17:28:19 +01:00
|
|
|
Type: types.StatePeerRemoved,
|
2024-02-23 10:59:24 +01:00
|
|
|
Removed: []types.NodeID{node.ID},
|
|
|
|
})
|
|
|
|
|
|
|
|
if changedNodes != nil {
|
|
|
|
api.h.nodeNotifier.NotifyAll(ctx, types.StateUpdate{
|
|
|
|
Type: types.StatePeerChanged,
|
|
|
|
ChangeNodes: changedNodes,
|
|
|
|
})
|
2024-02-08 17:28:19 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.DeleteNodeResponse{}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) ExpireNode(
|
2021-11-21 14:40:19 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.ExpireNodeRequest,
|
|
|
|
) (*v1.ExpireNodeResponse, error) {
|
2024-02-08 17:28:19 +01:00
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
node, err := db.Write(api.h.db.DB, func(tx *gorm.DB) (*types.Node, error) {
|
|
|
|
db.NodeSetExpiry(
|
|
|
|
tx,
|
2024-02-23 10:59:24 +01:00
|
|
|
types.NodeID(request.GetNodeId()),
|
2024-02-08 17:28:19 +01:00
|
|
|
now,
|
|
|
|
)
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
return db.GetNodeByID(tx, types.NodeID(request.GetNodeId()))
|
2024-02-08 17:28:19 +01:00
|
|
|
})
|
2021-11-21 14:40:19 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx = types.NotifyCtx(ctx, "cli-expirenode-self", node.Hostname)
|
2024-04-21 18:28:17 +02:00
|
|
|
api.h.nodeNotifier.NotifyByNodeID(
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx,
|
|
|
|
types.StateUpdate{
|
|
|
|
Type: types.StateSelfUpdate,
|
|
|
|
ChangeNodes: []types.NodeID{node.ID},
|
|
|
|
},
|
|
|
|
node.ID)
|
2023-07-17 13:35:05 +02:00
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx = types.NotifyCtx(ctx, "cli-expirenode-peers", node.Hostname)
|
|
|
|
api.h.nodeNotifier.NotifyWithIgnore(ctx, types.StateUpdateExpire(node.ID, now), node.ID)
|
2021-11-21 14:40:19 +01:00
|
|
|
|
|
|
|
log.Trace().
|
2023-09-24 13:42:05 +02:00
|
|
|
Str("node", node.Hostname).
|
|
|
|
Time("expiry", *node.Expiry).
|
|
|
|
Msg("node expired")
|
2021-11-21 14:40:19 +01:00
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.ExpireNodeResponse{Node: node.Proto()}, nil
|
2021-11-21 14:40:19 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) RenameNode(
|
2022-03-13 22:03:20 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.RenameNodeRequest,
|
|
|
|
) (*v1.RenameNodeResponse, error) {
|
2024-02-08 17:28:19 +01:00
|
|
|
node, err := db.Write(api.h.db.DB, func(tx *gorm.DB) (*types.Node, error) {
|
|
|
|
err := db.RenameNode(
|
|
|
|
tx,
|
2024-09-11 18:27:49 +02:00
|
|
|
types.NodeID(request.GetNodeId()),
|
2024-02-08 17:28:19 +01:00
|
|
|
request.GetNewName(),
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
return db.GetNodeByID(tx, types.NodeID(request.GetNodeId()))
|
2024-02-08 17:28:19 +01:00
|
|
|
})
|
2022-03-13 22:03:20 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
ctx = types.NotifyCtx(ctx, "cli-renamenode", node.Hostname)
|
|
|
|
api.h.nodeNotifier.NotifyWithIgnore(ctx, types.StateUpdate{
|
2024-02-08 17:28:19 +01:00
|
|
|
Type: types.StatePeerChanged,
|
2024-02-23 10:59:24 +01:00
|
|
|
ChangeNodes: []types.NodeID{node.ID},
|
2024-02-08 17:28:19 +01:00
|
|
|
Message: "called from api.RenameNode",
|
2024-02-23 10:59:24 +01:00
|
|
|
}, node.ID)
|
2022-03-13 22:03:20 +01:00
|
|
|
|
|
|
|
log.Trace().
|
2023-09-24 13:42:05 +02:00
|
|
|
Str("node", node.Hostname).
|
2022-05-16 20:35:35 +02:00
|
|
|
Str("new_name", request.GetNewName()).
|
2023-09-24 13:42:05 +02:00
|
|
|
Msg("node renamed")
|
2022-03-13 22:03:20 +01:00
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.RenameNodeResponse{Node: node.Proto()}, nil
|
2022-03-13 22:03:20 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) ListNodes(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.ListNodesRequest,
|
|
|
|
) (*v1.ListNodesResponse, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
// TODO(kradalby): it looks like this can be simplified a lot,
|
|
|
|
// the filtering of nodes by user, vs nodes as a whole can
|
|
|
|
// probably be done once.
|
|
|
|
// TODO(kradalby): This should be done in one tx.
|
|
|
|
|
2024-04-21 18:28:17 +02:00
|
|
|
isLikelyConnected := api.h.nodeNotifier.LikelyConnectedMap()
|
2023-01-17 17:43:44 +01:00
|
|
|
if request.GetUser() != "" {
|
2024-11-18 03:40:06 +01:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-08 17:28:19 +01:00
|
|
|
nodes, err := db.Read(api.h.db.DB, func(rx *gorm.DB) (types.Nodes, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
return db.ListNodesByUser(rx, types.UserID(user.ID))
|
2024-02-08 17:28:19 +01:00
|
|
|
})
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
response := make([]*v1.Node, len(nodes))
|
|
|
|
for index, node := range nodes {
|
2023-12-09 18:09:24 +01:00
|
|
|
resp := node.Proto()
|
|
|
|
|
|
|
|
// Populate the online field based on
|
|
|
|
// currently connected nodes.
|
2024-04-21 18:28:17 +02:00
|
|
|
if val, ok := isLikelyConnected.Load(node.ID); ok && val {
|
|
|
|
resp.Online = true
|
|
|
|
}
|
2023-12-09 18:09:24 +01:00
|
|
|
|
|
|
|
response[index] = resp
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.ListNodesResponse{Nodes: response}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
nodes, err := api.h.db.ListNodes()
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-18 19:31:29 +01:00
|
|
|
sort.Slice(nodes, func(i, j int) bool {
|
|
|
|
return nodes[i].ID < nodes[j].ID
|
|
|
|
})
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
response := make([]*v1.Node, len(nodes))
|
|
|
|
for index, node := range nodes {
|
2023-12-09 18:09:24 +01:00
|
|
|
resp := node.Proto()
|
|
|
|
|
|
|
|
// Populate the online field based on
|
|
|
|
// currently connected nodes.
|
2024-04-21 18:28:17 +02:00
|
|
|
if val, ok := isLikelyConnected.Load(node.ID); ok && val {
|
|
|
|
resp.Online = true
|
|
|
|
}
|
2023-12-09 18:09:24 +01:00
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
validTags, invalidTags := api.h.ACLPolicy.TagsOfNode(
|
2024-02-08 17:28:19 +01:00
|
|
|
node,
|
2022-04-16 13:15:18 +02:00
|
|
|
)
|
2023-12-09 18:09:24 +01:00
|
|
|
resp.InvalidTags = invalidTags
|
|
|
|
resp.ValidTags = validTags
|
|
|
|
response[index] = resp
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.ListNodesResponse{Nodes: response}, nil
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) MoveNode(
|
2022-05-01 15:44:34 +02:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.MoveNodeRequest,
|
|
|
|
) (*v1.MoveNodeResponse, error) {
|
2024-11-18 03:40:06 +01:00
|
|
|
// TODO(kradalby): This should be done in one tx.
|
2024-02-23 10:59:24 +01:00
|
|
|
node, err := api.h.db.GetNodeByID(types.NodeID(request.GetNodeId()))
|
2022-05-01 15:44:34 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-11-18 03:40:06 +01:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = api.h.db.AssignNodeToUser(node, types.UserID(user.ID))
|
2022-05-01 15:44:34 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.MoveNodeResponse{Node: node.Proto()}, nil
|
2022-05-01 15:44:34 +02:00
|
|
|
}
|
|
|
|
|
2024-04-17 07:03:06 +02:00
|
|
|
func (api headscaleV1APIServer) BackfillNodeIPs(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.BackfillNodeIPsRequest,
|
|
|
|
) (*v1.BackfillNodeIPsResponse, error) {
|
|
|
|
log.Trace().Msg("Backfill called")
|
|
|
|
|
|
|
|
if !request.Confirmed {
|
|
|
|
return nil, errors.New("not confirmed, aborting")
|
|
|
|
}
|
|
|
|
|
|
|
|
changes, err := api.h.db.BackfillNodeIPs(api.h.ipAlloc)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.BackfillNodeIPsResponse{Changes: changes}, nil
|
|
|
|
}
|
|
|
|
|
2022-11-26 01:03:39 +01:00
|
|
|
func (api headscaleV1APIServer) GetRoutes(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2022-11-26 01:03:39 +01:00
|
|
|
request *v1.GetRoutesRequest,
|
|
|
|
) (*v1.GetRoutesResponse, error) {
|
2024-02-08 17:28:19 +01:00
|
|
|
routes, err := db.Read(api.h.db.DB, func(rx *gorm.DB) (types.Routes, error) {
|
|
|
|
return db.GetRoutes(rx)
|
|
|
|
})
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-11-26 01:03:39 +01:00
|
|
|
return &v1.GetRoutesResponse{
|
2023-05-21 18:37:59 +02:00
|
|
|
Routes: types.Routes(routes).Proto(),
|
2021-11-04 23:19:27 +01:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2022-11-26 01:03:39 +01:00
|
|
|
func (api headscaleV1APIServer) EnableRoute(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.EnableRouteRequest,
|
|
|
|
) (*v1.EnableRouteResponse, error) {
|
2024-02-08 17:28:19 +01:00
|
|
|
update, err := db.Write(api.h.db.DB, func(tx *gorm.DB) (*types.StateUpdate, error) {
|
|
|
|
return db.EnableRoute(tx, request.GetRouteId())
|
|
|
|
})
|
2022-11-26 01:03:39 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
if update != nil {
|
2024-02-08 17:28:19 +01:00
|
|
|
ctx := types.NotifyCtx(ctx, "cli-enableroute", "unknown")
|
|
|
|
api.h.nodeNotifier.NotifyAll(
|
|
|
|
ctx, *update)
|
|
|
|
}
|
|
|
|
|
2022-11-26 01:03:39 +01:00
|
|
|
return &v1.EnableRouteResponse{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) DisableRoute(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.DisableRouteRequest,
|
|
|
|
) (*v1.DisableRouteResponse, error) {
|
2024-02-23 10:59:24 +01:00
|
|
|
update, err := db.Write(api.h.db.DB, func(tx *gorm.DB) ([]types.NodeID, error) {
|
2024-04-21 18:28:17 +02:00
|
|
|
return db.DisableRoute(tx, request.GetRouteId(), api.h.nodeNotifier.LikelyConnectedMap())
|
2024-02-08 17:28:19 +01:00
|
|
|
})
|
2022-11-26 01:03:39 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
if update != nil {
|
2024-02-08 17:28:19 +01:00
|
|
|
ctx := types.NotifyCtx(ctx, "cli-disableroute", "unknown")
|
2024-02-23 10:59:24 +01:00
|
|
|
api.h.nodeNotifier.NotifyAll(ctx, types.StateUpdate{
|
|
|
|
Type: types.StatePeerChanged,
|
|
|
|
ChangeNodes: update,
|
|
|
|
})
|
2024-02-08 17:28:19 +01:00
|
|
|
}
|
|
|
|
|
2022-11-26 01:03:39 +01:00
|
|
|
return &v1.DisableRouteResponse{}, nil
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) GetNodeRoutes(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.GetNodeRoutesRequest,
|
|
|
|
) (*v1.GetNodeRoutesResponse, error) {
|
2024-02-23 10:59:24 +01:00
|
|
|
node, err := api.h.db.GetNodeByID(types.NodeID(request.GetNodeId()))
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
routes, err := api.h.db.GetNodeRoutes(node)
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.GetNodeRoutesResponse{
|
2023-05-21 18:37:59 +02:00
|
|
|
Routes: types.Routes(routes).Proto(),
|
2021-11-04 23:19:27 +01:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2023-03-06 09:05:40 +01:00
|
|
|
func (api headscaleV1APIServer) DeleteRoute(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.DeleteRouteRequest,
|
|
|
|
) (*v1.DeleteRouteResponse, error) {
|
2024-04-21 18:28:17 +02:00
|
|
|
isConnected := api.h.nodeNotifier.LikelyConnectedMap()
|
2024-02-23 10:59:24 +01:00
|
|
|
update, err := db.Write(api.h.db.DB, func(tx *gorm.DB) ([]types.NodeID, error) {
|
2024-02-08 17:28:19 +01:00
|
|
|
return db.DeleteRoute(tx, request.GetRouteId(), isConnected)
|
|
|
|
})
|
2023-03-06 09:05:40 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-02-23 10:59:24 +01:00
|
|
|
if update != nil {
|
2024-02-08 17:28:19 +01:00
|
|
|
ctx := types.NotifyCtx(ctx, "cli-deleteroute", "unknown")
|
2024-02-23 10:59:24 +01:00
|
|
|
api.h.nodeNotifier.NotifyAll(ctx, types.StateUpdate{
|
|
|
|
Type: types.StatePeerChanged,
|
|
|
|
ChangeNodes: update,
|
|
|
|
})
|
2024-02-08 17:28:19 +01:00
|
|
|
}
|
|
|
|
|
2023-03-06 09:05:40 +01:00
|
|
|
return &v1.DeleteRouteResponse{}, nil
|
|
|
|
}
|
|
|
|
|
2022-01-25 23:11:15 +01:00
|
|
|
func (api headscaleV1APIServer) CreateApiKey(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.CreateApiKeyRequest,
|
|
|
|
) (*v1.CreateApiKeyResponse, error) {
|
|
|
|
var expiration time.Time
|
|
|
|
if request.GetExpiration() != nil {
|
|
|
|
expiration = request.GetExpiration().AsTime()
|
|
|
|
}
|
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
apiKey, _, err := api.h.db.CreateAPIKey(
|
2022-01-25 23:11:15 +01:00
|
|
|
&expiration,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.CreateApiKeyResponse{ApiKey: apiKey}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) ExpireApiKey(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.ExpireApiKeyRequest,
|
|
|
|
) (*v1.ExpireApiKeyResponse, error) {
|
2023-05-21 18:37:59 +02:00
|
|
|
var apiKey *types.APIKey
|
2022-01-25 23:11:15 +01:00
|
|
|
var err error
|
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
apiKey, err = api.h.db.GetAPIKey(request.Prefix)
|
2022-01-25 23:11:15 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
err = api.h.db.ExpireAPIKey(apiKey)
|
2022-01-25 23:11:15 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.ExpireApiKeyResponse{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) ListApiKeys(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.ListApiKeysRequest,
|
|
|
|
) (*v1.ListApiKeysResponse, error) {
|
2023-05-11 09:09:18 +02:00
|
|
|
apiKeys, err := api.h.db.ListAPIKeys()
|
2022-01-25 23:11:15 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
response := make([]*v1.ApiKey, len(apiKeys))
|
|
|
|
for index, key := range apiKeys {
|
2023-05-21 18:37:59 +02:00
|
|
|
response[index] = key.Proto()
|
2022-01-25 23:11:15 +01:00
|
|
|
}
|
|
|
|
|
2024-02-18 19:31:29 +01:00
|
|
|
sort.Slice(response, func(i, j int) bool {
|
|
|
|
return response[i].Id < response[j].Id
|
|
|
|
})
|
|
|
|
|
2022-01-25 23:11:15 +01:00
|
|
|
return &v1.ListApiKeysResponse{ApiKeys: response}, nil
|
|
|
|
}
|
|
|
|
|
2024-02-12 11:31:21 +01:00
|
|
|
func (api headscaleV1APIServer) DeleteApiKey(
|
|
|
|
ctx context.Context,
|
|
|
|
request *v1.DeleteApiKeyRequest,
|
|
|
|
) (*v1.DeleteApiKeyResponse, error) {
|
|
|
|
var (
|
|
|
|
apiKey *types.APIKey
|
|
|
|
err error
|
|
|
|
)
|
|
|
|
|
|
|
|
apiKey, err = api.h.db.GetAPIKey(request.Prefix)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := api.h.db.DestroyAPIKey(*apiKey); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.DeleteApiKeyResponse{}, nil
|
|
|
|
}
|
|
|
|
|
2024-07-18 07:38:25 +02:00
|
|
|
func (api headscaleV1APIServer) GetPolicy(
|
|
|
|
_ context.Context,
|
|
|
|
_ *v1.GetPolicyRequest,
|
|
|
|
) (*v1.GetPolicyResponse, error) {
|
|
|
|
switch api.h.cfg.Policy.Mode {
|
|
|
|
case types.PolicyModeDB:
|
|
|
|
p, err := api.h.db.GetPolicy()
|
|
|
|
if err != nil {
|
2024-09-07 09:23:58 +02:00
|
|
|
return nil, fmt.Errorf("loading ACL from database: %w", err)
|
2024-07-18 07:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.GetPolicyResponse{
|
|
|
|
Policy: p.Data,
|
|
|
|
UpdatedAt: timestamppb.New(p.UpdatedAt),
|
|
|
|
}, nil
|
|
|
|
case types.PolicyModeFile:
|
|
|
|
// Read the file and return the contents as-is.
|
2024-08-12 12:11:59 +02:00
|
|
|
absPath := util.AbsolutePathFromConfigPath(api.h.cfg.Policy.Path)
|
|
|
|
f, err := os.Open(absPath)
|
2024-07-18 07:38:25 +02:00
|
|
|
if err != nil {
|
2024-09-07 09:23:58 +02:00
|
|
|
return nil, fmt.Errorf("reading policy from path %q: %w", absPath, err)
|
2024-07-18 07:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
b, err := io.ReadAll(f)
|
|
|
|
if err != nil {
|
2024-09-07 09:23:58 +02:00
|
|
|
return nil, fmt.Errorf("reading policy from file: %w", err)
|
2024-07-18 07:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &v1.GetPolicyResponse{Policy: string(b)}, nil
|
|
|
|
}
|
|
|
|
|
2024-09-07 09:23:58 +02:00
|
|
|
return nil, fmt.Errorf("no supported policy mode found in configuration, policy.mode: %q", api.h.cfg.Policy.Mode)
|
2024-07-18 07:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) SetPolicy(
|
|
|
|
_ context.Context,
|
|
|
|
request *v1.SetPolicyRequest,
|
|
|
|
) (*v1.SetPolicyResponse, error) {
|
|
|
|
if api.h.cfg.Policy.Mode != types.PolicyModeDB {
|
|
|
|
return nil, types.ErrPolicyUpdateIsDisabled
|
|
|
|
}
|
|
|
|
|
|
|
|
p := request.GetPolicy()
|
|
|
|
|
2024-08-30 16:58:29 +02:00
|
|
|
pol, err := policy.LoadACLPolicyFromBytes([]byte(p))
|
2024-07-18 07:38:25 +02:00
|
|
|
if err != nil {
|
2024-08-30 16:58:29 +02:00
|
|
|
return nil, fmt.Errorf("loading ACL policy file: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate and reject configuration that would error when applied
|
|
|
|
// when creating a map response. This requires nodes, so there is still
|
|
|
|
// a scenario where they might be allowed if the server has no nodes
|
|
|
|
// yet, but it should help for the general case and for hot reloading
|
|
|
|
// configurations.
|
|
|
|
nodes, err := api.h.db.ListNodes()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("loading nodes from database to validate policy: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = pol.CompileFilterRules(nodes)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("verifying policy rules: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(nodes) > 0 {
|
|
|
|
_, err = pol.CompileSSHPolicy(nodes[0], nodes)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("verifying SSH rules: %w", err)
|
|
|
|
}
|
2024-07-18 07:38:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
updated, err := api.h.db.SetPolicy(p)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-08-30 16:58:29 +02:00
|
|
|
api.h.ACLPolicy = pol
|
2024-07-18 07:38:25 +02:00
|
|
|
|
|
|
|
ctx := types.NotifyCtx(context.Background(), "acl-update", "na")
|
|
|
|
api.h.nodeNotifier.NotifyAll(ctx, types.StateUpdate{
|
|
|
|
Type: types.StateFullUpdate,
|
|
|
|
})
|
|
|
|
|
|
|
|
response := &v1.SetPolicyResponse{
|
|
|
|
Policy: updated.Data,
|
|
|
|
UpdatedAt: timestamppb.New(updated.UpdatedAt),
|
|
|
|
}
|
|
|
|
|
|
|
|
return response, nil
|
|
|
|
}
|
|
|
|
|
2021-11-04 23:19:27 +01:00
|
|
|
// The following service calls are for testing and debugging
|
2023-09-24 13:42:05 +02:00
|
|
|
func (api headscaleV1APIServer) DebugCreateNode(
|
2021-11-04 23:19:27 +01:00
|
|
|
ctx context.Context,
|
2023-09-24 13:42:05 +02:00
|
|
|
request *v1.DebugCreateNodeRequest,
|
|
|
|
) (*v1.DebugCreateNodeResponse, error) {
|
Redo OIDC configuration (#2020)
expand user, add claims to user
This commit expands the user table with additional fields that
can be retrieved from OIDC providers (and other places) and
uses this data in various tailscale response objects if it is
available.
This is the beginning of implementing
https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY/edit
trying to make OIDC more coherant and maintainable in addition
to giving the user a better experience and integration with a
provider.
remove usernames in magic dns, normalisation of emails
this commit removes the option to have usernames as part of MagicDNS
domains and headscale will now align with Tailscale, where there is a
root domain, and the machine name.
In addition, the various normalisation functions for dns names has been
made lighter not caring about username and special character that wont
occur.
Email are no longer normalised as part of the policy processing.
untagle oidc and regcache, use typed cache
This commits stops reusing the registration cache for oidc
purposes and switches the cache to be types and not use any
allowing the removal of a bunch of casting.
try to make reauth/register branches clearer in oidc
Currently there was a function that did a bunch of stuff,
finding the machine key, trying to find the node, reauthing
the node, returning some status, and it was called validate
which was very confusing.
This commit tries to split this into what to do if the node
exists, if it needs to register etc.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-10-02 14:50:17 +02:00
|
|
|
user, err := api.h.db.GetUserByName(request.GetUser())
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-05-11 09:09:18 +02:00
|
|
|
routes, err := util.StringToIPPrefix(request.GetRoutes())
|
2021-11-04 23:19:27 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2021-11-13 09:36:45 +01:00
|
|
|
log.Trace().
|
|
|
|
Caller().
|
|
|
|
Interface("route-prefix", routes).
|
|
|
|
Interface("route-str", request.GetRoutes()).
|
|
|
|
Msg("")
|
2021-11-04 23:19:27 +01:00
|
|
|
|
|
|
|
hostinfo := tailcfg.Hostinfo{
|
|
|
|
RoutableIPs: routes,
|
|
|
|
OS: "TestOS",
|
2023-09-24 13:42:05 +02:00
|
|
|
Hostname: "DebugTestNode",
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
|
|
|
|
2023-11-19 22:37:04 +01:00
|
|
|
var mkey key.MachinePublic
|
|
|
|
err = mkey.UnmarshalText([]byte(request.GetKey()))
|
2022-05-16 20:32:37 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-11-19 22:37:04 +01:00
|
|
|
nodeKey := key.NewNode()
|
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
newNode := types.Node{
|
2023-11-19 22:37:04 +01:00
|
|
|
MachineKey: mkey,
|
|
|
|
NodeKey: nodeKey.Public(),
|
2022-04-24 21:56:28 +02:00
|
|
|
Hostname: request.GetName(),
|
2023-01-17 17:43:44 +01:00
|
|
|
User: *user,
|
2021-11-04 23:19:27 +01:00
|
|
|
|
2023-09-11 13:23:29 +02:00
|
|
|
Expiry: &time.Time{},
|
|
|
|
LastSeen: &time.Time{},
|
2021-11-04 23:19:27 +01:00
|
|
|
|
2023-11-21 18:20:06 +01:00
|
|
|
Hostinfo: &hostinfo,
|
2021-11-04 23:19:27 +01:00
|
|
|
}
|
2022-11-28 16:54:23 +01:00
|
|
|
|
2023-11-19 22:37:04 +01:00
|
|
|
log.Debug().
|
|
|
|
Str("machine_key", mkey.ShortString()).
|
|
|
|
Msg("adding debug machine via CLI, appending to registration cache")
|
2021-11-04 23:19:27 +01:00
|
|
|
|
2022-02-28 17:34:50 +01:00
|
|
|
api.h.registrationCache.Set(
|
2023-11-19 22:37:04 +01:00
|
|
|
mkey.String(),
|
2023-09-24 13:42:05 +02:00
|
|
|
newNode,
|
2022-02-28 17:34:50 +01:00
|
|
|
)
|
2021-10-29 18:44:32 +02:00
|
|
|
|
2023-09-24 13:42:05 +02:00
|
|
|
return &v1.DebugCreateNodeResponse{Node: newNode.Proto()}, nil
|
2021-10-26 22:42:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (api headscaleV1APIServer) mustEmbedUnimplementedHeadscaleServiceServer() {}
|