fix: apply code review suggestions

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## Next
 
+### Changes
+
+- Support client verify for DERP
+  [#2046](https://github.com/juanfont/headscale/pull/2046)
+
 ## 0.26.0 (2025-05-14)
 
 ### BREAKING

config-example.yaml

@@ -85,7 +85,7 @@ derp:
     region_code: "headscale"
     region_name: "Headscale Embedded DERP"
 
-    # Verify clients to this DERP server using the Headscale node list
+    # Only allow clients associated with this server access
     verify_clients: true
 
     # Listens over UDP at the configured address for STUN connections - to help with NAT traversal.

hscontrol/app.go

@@ -227,7 +227,7 @@ func NewHeadscale(cfg *types.Config) (*Headscale, error) {
 		}
 
 		if cfg.DERP.ServerVerifyClients {
-			t := http.DefaultTransport.(*http.Transport)
+			t := http.DefaultTransport.(*http.Transport) //nolint:forcetypeassert
 			t.RegisterProtocol(
 				derpServer.DerpVerifyScheme,
 				derpServer.NewDERPVerifyTransport(app.handleVerifyRequest),

hscontrol/derp/server/derp_server.go

@@ -384,10 +384,7 @@ type DERPVerifyTransport struct {
 func (t *DERPVerifyTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	buf := new(bytes.Buffer)
 	if err := t.handleVerifyRequest(req, buf); err != nil {
-		log.Error().
-			Caller().
-			Err(err).
-			Msg("Failed to handle verify request")
+		log.Error().Caller().Err(err).Msg("Failed to handle client verify request: ")
 
 		return nil, err
 	}

integration/derp_verify_endpoint_test.go

@@ -101,6 +101,8 @@ func DERPVerify(
 	c := derphttp.NewRegionClient(nodeKey, t.Logf, netmon.NewStatic(), func() *tailcfg.DERPRegion {
 		return &region
 	})
+	defer c.Close()
+
 	var result error
 	if err := c.Connect(context.Background()); err != nil {
 		result = fmt.Errorf("client Connect: %w", err)