Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-12-20 19:09:07 +01:00
Code Issues Projects Releases Wiki Activity

suggested documentation and comments

Browse Source
This commit is contained in:
Raal Goff 2021-10-29 21:35:07 +08:00
parent dbe193ad17
commit 2d252da221
3 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api.go
View File

@ -111,7 +111,8 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
// We have the updated key! // We have the updated key!
if m.NodeKey == wgkey.Key(req.NodeKey).HexString() { if m.NodeKey == wgkey.Key(req.NodeKey).HexString() {
// The client sends an Expiry in the past if the client is requesting a logout // The client sends an Expiry in the past if the client is requesting to expire the key (aka logout)
// https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L648
if !req.Expiry.IsZero() && req.Expiry.UTC().Before(now) { if !req.Expiry.IsZero() && req.Expiry.UTC().Before(now) {
log.Info(). log.Info().
Str("handler", "Registration"). Str("handler", "Registration").
@ -178,7 +179,13 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
strings.TrimSuffix(h.cfg.ServerURL, "/"), mKey.HexString()) strings.TrimSuffix(h.cfg.ServerURL, "/"), mKey.HexString())
} }
m.RequestedExpiry = &req.Expiry // save the requested expiry time for retrieval later in the authentication flow // When a client connects, it may request a specific expiry time in its
// RegisterRequest (https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L634)
m.RequestedExpiry = &req.Expiry // RequestedExpiry is used to store the clients requested expiry time since the authentication flow is broken
// into two steps (which cant pass arbitrary data between them easily) and needs to be
// retrieved again after the user has authenticated. After the authentication flow
// completes, RequestedExpiry is copied into Expiry.
h.db.Save(&m) h.db.Save(&m)
respBody, err := encode(resp, &mKey, h.privateKey) respBody, err := encode(resp, &mKey, h.privateKey)

17
cmd/headscale/cli/utils.go
View File

@ -161,14 +161,18 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
return nil, err return nil, err
} }
// maxMachineRegistrationDuration is the maximum time a client can request for a client registration // maxMachineRegistrationDuration is the maximum time headscale will allow a client to (optionally) request for
maxMachineRegistrationDuration, _ := time.ParseDuration("10h") // the machine key expiry time. RegisterRequests with Expiry times that are more than
// maxMachineRegistrationDuration in the future will be clamped to (now + maxMachineRegistrationDuration)
maxMachineRegistrationDuration, _ := time.ParseDuration("10h") // use 10h here because it is the length of a standard business day plus a small amount of leeway
if viper.GetDuration("max_machine_registration_duration") >= time.Second { if viper.GetDuration("max_machine_registration_duration") >= time.Second {
maxMachineRegistrationDuration = viper.GetDuration("max_machine_registration_duration") maxMachineRegistrationDuration = viper.GetDuration("max_machine_registration_duration")
} }
// defaultMachineRegistrationDuration is the default time assigned to a client registration if one is not specified by the client // defaultMachineRegistrationDuration is the default time assigned to a machine registration if one is not
defaultMachineRegistrationDuration, _ := time.ParseDuration("8h") // specified by the tailscale client. It is the default amount of time a machine registration is valid for
// (ie the amount of time before the user has to re-authenticate when requesting a connection)
defaultMachineRegistrationDuration, _ := time.ParseDuration("8h") // use 8h here because it's the length of a standard business day
if viper.GetDuration("default_machine_registration_duration") >= time.Second { if viper.GetDuration("default_machine_registration_duration") >= time.Second {
defaultMachineRegistrationDuration = viper.GetDuration("default_machine_registration_duration") defaultMachineRegistrationDuration = viper.GetDuration("default_machine_registration_duration")
} }
@ -212,9 +216,8 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
ClientSecret: viper.GetString("oidc.client_secret"), ClientSecret: viper.GetString("oidc.client_secret"),
}, },
MaxMachineRegistrationDuration: maxMachineRegistrationDuration, // the maximum duration a client may request for expiry time MaxMachineRegistrationDuration: maxMachineRegistrationDuration,
DefaultMachineRegistrationDuration: defaultMachineRegistrationDuration, // if a client does not request a specific expiry time, use this duration DefaultMachineRegistrationDuration: defaultMachineRegistrationDuration,
} }
cfg.OIDC.MatchMap = loadOIDCMatchMap() cfg.OIDC.MatchMap = loadOIDCMatchMap()

6
machine.go
View File

@ -36,7 +36,7 @@ type Machine struct {
LastSeen *time.Time LastSeen *time.Time
LastSuccessfulUpdate *time.Time LastSuccessfulUpdate *time.Time
Expiry *time.Time Expiry *time.Time
RequestedExpiry *time.Time // when a client connects, it may request a specific expiry time, use this field to store it RequestedExpiry *time.Time
HostInfo datatypes.JSON HostInfo datatypes.JSON
Endpoints datatypes.JSON Endpoints datatypes.JSON
@ -63,7 +63,9 @@ func (m Machine) isExpired() bool {
} }
// If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration, // If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration,
// or the default duration if no Expiry time was requested by the client // or the default duration if no Expiry time was requested by the client. The expiry time here does not (yet) cause
// a client to be disconnected, however they will have to re-auth the machine if they attempt to reconnect after the
// expiry time.
func (h *Headscale) updateMachineExpiry(m *Machine) { func (h *Headscale) updateMachineExpiry(m *Machine) {
if m.isExpired() { if m.isExpired() {