diff --git a/api.go b/api.go index b8169111..ee10e88f 100644 --- a/api.go +++ b/api.go @@ -369,13 +369,9 @@ func (h *Headscale) handleMachineExpired( strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString()) } - // When a client connects, it may request a specific expiry time in its - // RegisterRequest (https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L634) - // RequestedExpiry is used to store the clients requested expiry time since the authentication flow is broken - // into two steps (which cant pass arbitrary data between them easily) and needs to be - // retrieved again after the user has authenticated. After the authentication flow - // completes, RequestedExpiry is copied into Expiry. - machine.RequestedExpiry = &reqisterRequest.Expiry + if !reqisterRequest.Expiry.IsZero() { + machine.Expiry = &reqisterRequest.Expiry + } h.db.Save(&machine) @@ -450,8 +446,10 @@ func (h *Headscale) handleMachineRegistrationNew( strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString()) } - // save the requested expiry time for retrieval later in the authentication flow - machine.RequestedExpiry = &reqisterRequest.Expiry + if !reqisterRequest.Expiry.IsZero() { + machine.Expiry = &reqisterRequest.Expiry + } + machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey h.db.Save(&machine) diff --git a/app.go b/app.go index 08b67fe0..b2b545b4 100644 --- a/app.go +++ b/app.go @@ -96,9 +96,6 @@ type Config struct { OIDC OIDCConfig CLI CLIConfig - - MaxMachineRegistrationDuration time.Duration - DefaultMachineRegistrationDuration time.Duration } type OIDCConfig struct { diff --git a/cli_test.go b/cli_test.go index 44ef9f08..ef7e2993 100644 --- a/cli_test.go +++ b/cli_test.go @@ -13,15 +13,14 @@ func (s *Suite) TestRegisterMachine(c *check.C) { now := time.Now().UTC() machine := Machine{ - ID: 0, - MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e", - NodeKey: "bar", - DiscoKey: "faa", - Name: "testmachine", - NamespaceID: namespace.ID, - IPAddress: "10.0.0.1", - Expiry: &now, - RequestedExpiry: &now, + ID: 0, + MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e", + NodeKey: "bar", + DiscoKey: "faa", + Name: "testmachine", + NamespaceID: namespace.ID, + IPAddress: "10.0.0.1", + Expiry: &now, } app.db.Save(&machine) diff --git a/machine.go b/machine.go index 293b26fa..813da35c 100644 --- a/machine.go +++ b/machine.go @@ -45,7 +45,6 @@ type Machine struct { LastSeen *time.Time LastSuccessfulUpdate *time.Time Expiry *time.Time - RequestedExpiry *time.Time HostInfo datatypes.JSON Endpoints datatypes.JSON @@ -68,38 +67,14 @@ func (machine Machine) isAlreadyRegistered() bool { // isExpired returns whether the machine registration has expired. func (machine Machine) isExpired() bool { - return time.Now().UTC().After(*machine.Expiry) -} - -// If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration, -// or the default duration if no Expiry time was requested by the client. The expiry time here does not (yet) cause -// a client to be disconnected, however they will have to re-auth the machine if they attempt to reconnect after the -// expiry time. -func (h *Headscale) updateMachineExpiry(machine *Machine) { - if machine.isExpired() { - now := time.Now().UTC() - maxExpiry := now.Add( - h.cfg.MaxMachineRegistrationDuration, - ) // calculate the maximum expiry - defaultExpiry := now.Add( - h.cfg.DefaultMachineRegistrationDuration, - ) // calculate the default expiry - - // clamp the expiry time of the machine registration to the maximum allowed, or use the default if none supplied - if maxExpiry.Before(*machine.RequestedExpiry) { - log.Debug(). - Msgf("Clamping registration expiry time to maximum: %v (%v)", maxExpiry, h.cfg.MaxMachineRegistrationDuration) - machine.Expiry = &maxExpiry - } else if machine.RequestedExpiry.IsZero() { - log.Debug().Msgf("Using default machine registration expiry time: %v (%v)", defaultExpiry, h.cfg.DefaultMachineRegistrationDuration) - machine.Expiry = &defaultExpiry - } else { - log.Debug().Msgf("Using requested machine registration expiry time: %v", machine.RequestedExpiry) - machine.Expiry = machine.RequestedExpiry - } - - h.db.Save(&machine) + // If Expiry is not set, the client has not indicated that + // it wants an expiry time, it is therefor considered + // to mean "not expired" + if machine.Expiry.IsZero() { + return false } + + return time.Now().UTC().After(*machine.Expiry) } func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) { diff --git a/oidc.go b/oidc.go index f796c908..fb27354b 100644 --- a/oidc.go +++ b/oidc.go @@ -228,8 +228,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) { h.db.Save(&machine) } - h.updateMachineExpiry(machine) - ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`