Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-09-20 17:53:11 +02:00
Code Issues Projects Releases Wiki Activity

add flags for server to provide initial api key

Browse Source
This commit is contained in:
Grigoriy Mikhalkin 2022-06-26 20:39:57 +02:00
parent 4a200c308b
commit a4fcb2d5e5
3 changed files with 47 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api_key.go
View File

@ -46,11 +46,25 @@ func (h *Headscale) CreateAPIKey(
// Key to return to user, this will only be visible _once_ // Key to return to user, this will only be visible _once_
keyStr := prefix + "." + toBeHashed keyStr := prefix + "." + toBeHashed
hash, err := bcrypt.GenerateFromPassword([]byte(toBeHashed), bcrypt.DefaultCost) key, err := h.SaveAPIKey(prefix, toBeHashed, expiration)
if err != nil { if err != nil {
return "", nil, err return "", nil, err
} }
return keyStr, key, nil
}
// SaveAPIKey saves an ApiKey in a namespace.
func (h *Headscale) SaveAPIKey(
prefix string,
toBeHashed string,
expiration *time.Time,
) (*APIKey, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(toBeHashed), bcrypt.DefaultCost)
if err != nil {
return nil, err
}
key := APIKey{ key := APIKey{
Prefix: prefix, Prefix: prefix,
Hash: hash, Hash: hash,
@ -58,10 +72,10 @@ func (h *Headscale) CreateAPIKey(
} }
if err := h.db.Save(&key).Error; err != nil { if err := h.db.Save(&key).Error; err != nil {
return "", nil, fmt.Errorf("failed to save API key to database: %w", err) return nil, fmt.Errorf("failed to save API key to database: %w", err)
} }
return keyStr, &key, nil return &key, nil
} }
// ListAPIKeys returns the list of ApiKeys for a namespace. // ListAPIKeys returns the list of ApiKeys for a namespace.

29
cmd/headscale/cli/server.go
View File

@ -1,12 +1,21 @@
package cli package cli
import ( import (
"github.com/prometheus/common/model"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"time"
) )
func init() { func init() {
rootCmd.AddCommand(serveCmd) rootCmd.AddCommand(serveCmd)
serveCmd.Flags().
String("api-key-prefix", "", "Initial API Key prefix")
serveCmd.Flags().
String("api-key-pass", "", "Initial API Key password")
serveCmd.Flags().
String("api-key-expiration", DefaultAPIKeyExpiry, "Human-readable expiration for initial API key (e.g. 30m, 24h)")
} }
var serveCmd = &cobra.Command{ var serveCmd = &cobra.Command{
@ -21,6 +30,26 @@ var serveCmd = &cobra.Command{
log.Fatal().Caller().Err(err).Msg("Error initializing") log.Fatal().Caller().Err(err).Msg("Error initializing")
} }
// Save API key if provided
prefix, _ := cmd.Flags().GetString("api-key-prefix")
password, _ := cmd.Flags().GetString("api-key-pass")
if prefix != "" || password != "" {
if !(prefix != "" && password != "") {
log.Fatal().Caller().Msg("For initial API key both prefix and password should be provided")
}
durationStr, _ := cmd.Flags().GetString("api-key-expiration")
duration, err := model.ParseDuration(durationStr)
if err != nil {
log.Fatal().Caller().Err(err).Msg("Could not parse duration")
}
expiration := time.Now().UTC().Add(time.Duration(duration))
if _, err := app.SaveAPIKey(prefix, password, &expiration); err != nil {
log.Fatal().Caller().Err(err).Msg("Error while saving initial API key")
}
}
err = app.Serve() err = app.Serve()
if err != nil { if err != nil {
log.Fatal().Caller().Err(err).Msg("Error starting server") log.Fatal().Caller().Err(err).Msg("Error starting server")

2
cmd/headscale/cli/utils.go
View File

@ -97,7 +97,7 @@ func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.
if cfg.CLI.Insecure { if cfg.CLI.Insecure {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
// turn of gosec as we are intentionally setting // turn off gosec as we are intentionally setting
// insecure. // insecure.
//nolint:gosec //nolint:gosec
InsecureSkipVerify: true, InsecureSkipVerify: true,