juanfont.headscale

mirror of https://github.com/juanfont/headscale.git synced 2025-10-28 10:51:44 +01:00

History

Mustafa Enes Batur bad783321e Fix `/machine/map` endpoint vulnerability (#2642 ) * Improve map auth logic * Bugfix * Add comment, improve error message * noise: make func, get by node this commit splits the additional validation into a separate function so it can be reused if we add more endpoints in the future. It swaps the check, so we still look up by NodeKey, but before accepting the connection, we validate the known machinekey from the db against the noise connection. The reason for this is that when a node logs in or out, the node key is replaced and it will no longer be possible to look it up, breaking reauthentication. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * noise: add comment to remind future use of getAndVal Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog: add entry Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>		2025-06-06 12:14:11 +02:00
..
assets	update flake, fix prettier lint	2023-09-05 08:47:43 +02:00
capver	update capmap and deps for release (#2522 )	2025-05-02 22:12:29 +02:00
db	policy: remove v1 code (#2600 )	2025-05-20 13:57:26 +02:00
derp	feat: derpmap field in config (#1823 )	2024-10-17 05:34:20 -06:00
dns	fixes to extra-record file watcher (#2298 )	2024-12-16 11:26:56 +01:00
mapper	policy: remove v1 code (#2600 )	2025-05-20 13:57:26 +02:00
notifier	policy: reduce routes sent to peers based on packetfilter (#2561 )	2025-05-04 21:52:47 +02:00
policy	policy: remove v1 code (#2600 )	2025-05-20 13:57:26 +02:00
routes	Multi network integration tests (#2464 )	2025-03-21 11:49:32 +01:00
templates	web: change node registration parameter order (#2607 )	2025-05-21 11:18:53 +02:00
types	users: harden, test, and add cleaner of identifier (#2593 )	2025-05-14 16:45:14 +02:00
util	fix webauth + autoapprove routes (#2528 )	2025-04-30 07:54:04 +02:00
app.go	bring back last_seen in database (#2579 )	2025-05-10 09:49:08 +02:00
auth_test.go	Return better web errors to the user (#2398 )	2025-02-01 15:25:18 +01:00
auth.go	auth: ensure that routes are autoapproved when the node is stored (#2550 )	2025-05-01 07:05:42 +02:00
debug.go	Make matchers part of the Policy interface (#2514 )	2025-05-01 07:06:30 +02:00
grpcv1_test.go
grpcv1.go	auth: ensure that routes are autoapproved when the node is stored (#2550 )	2025-05-01 07:05:42 +02:00
handlers.go	Return better web errors to the user (#2398 )	2025-02-01 15:25:18 +01:00
metrics.go	Handle /derp/latency-check (#2227 )	2024-11-06 15:59:38 +01:00
noise.go	Fix `/machine/map` endpoint vulnerability (#2642 )	2025-06-06 12:14:11 +02:00
oidc.go	auth: ensure that routes are autoapproved when the node is stored (#2550 )	2025-05-01 07:05:42 +02:00
platform_config.go	Return better web errors to the user (#2398 )	2025-02-01 15:25:18 +01:00
poll.go	bring back last_seen in database (#2579 )	2025-05-10 09:49:08 +02:00
suite_test.go	Redo OIDC configuration (#2020 )	2024-10-02 14:50:17 +02:00
tailsql.go	fix typo in TailSQL's log	2025-05-18 07:15:41 +02:00