juanfont.headscale

mirror of https://github.com/juanfont/headscale.git synced 2025-11-10 01:20:58 +01:00

History

Kristoffer Dalby d49ae71a80 db: use partial unique index for pre_auth_keys.prefix This commit fixes the UNIQUE constraint on the pre_auth_keys.prefix column to allow multiple legacy keys (with NULL or empty prefix) while still enforcing uniqueness for new bcrypt-based keys. Changes: - Modified migration to create partial unique index with WHERE clause - Updated schema.sql to match migration - Added comprehensive test (TestMultipleLegacyKeysAllowed) to verify: * Multiple legacy keys with empty prefix can coexist * New bcrypt keys have unique prefixes * Duplicate non-empty prefixes are rejected - Fixed lint issues (errcheck, intrange) - Fixed hardening: position-based parsing instead of separator-based - Added validation for empty string, length, separator, and character set The partial index uses: WHERE prefix IS NOT NULL AND prefix != '' This allows unlimited legacy keys (backward compatibility) while preventing duplicate prefixes for new keys (security). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-11-02 15:26:55 +01:00
..
assets	update flake, fix prettier lint	2023-09-05 08:47:43 +02:00
capver	policy: fix autogroup:self propagation and optimize cache invalidation (#2807 )	2025-10-23 17:57:41 +02:00
db	db: use partial unique index for pre_auth_keys.prefix	2025-11-02 15:26:55 +01:00
derp	Fix flaky TestShuffleDERPMapDeterministic by ensuring deterministic map iteration (#2848 )	2025-11-02 10:05:23 +01:00
dns	integration: replace time.Sleep with assert.EventuallyWithT (#2680 )	2025-07-10 23:38:55 +02:00
mapper	state: use AllApprovedRoutes instead of SubnetRoutes	2025-11-02 13:19:59 +01:00
policy	matcher: Add func for comparing Dests and TheInternet	2025-11-02 13:19:59 +01:00
routes	debug: add json and improve	2025-09-09 09:40:00 +02:00
state	types: make pre auth key use bcrypt	2025-11-02 15:26:54 +01:00
templates	integration: replace time.Sleep with assert.EventuallyWithT (#2680 )	2025-07-10 23:38:55 +02:00
types	types: make pre auth key use bcrypt	2025-11-02 15:26:54 +01:00
util	stricter hostname validation and replace (#2383 )	2025-10-22 13:50:39 +02:00
app.go	hscontrol: add /version HTTP endpoint (#2821 )	2025-10-27 10:41:34 +01:00
auth_test.go	stability and race conditions in auth and node store (#2781 )	2025-10-16 12:17:43 +02:00
auth.go	stricter hostname validation and replace (#2383 )	2025-10-22 13:50:39 +02:00
debug.go	lint and leftover	2025-09-09 09:40:00 +02:00
grpcv1_test.go
grpcv1.go	expire nodes with a custom timestamp (#2828 )	2025-11-01 08:09:13 +01:00
handlers.go	hscontrol: add /version HTTP endpoint (#2821 )	2025-10-27 10:41:34 +01:00
metrics.go	integration: replace time.Sleep with assert.EventuallyWithT (#2680 )	2025-07-10 23:38:55 +02:00
noise.go	lint and leftover	2025-09-09 09:40:00 +02:00
oidc.go	fix: return valid AuthUrl in followup request on expired reg id	2025-10-11 05:57:39 +02:00
platform_config.go	Return better web errors to the user (#2398 )	2025-02-01 15:25:18 +01:00
poll.go	stability and race conditions in auth and node store (#2781 )	2025-10-16 12:17:43 +02:00
suite_test.go	Redo OIDC configuration (#2020 )	2024-10-02 14:50:17 +02:00
tailsql.go	integration: replace time.Sleep with assert.EventuallyWithT (#2680 )	2025-07-10 23:38:55 +02:00