diff --git a/CHANGELOG.md b/CHANGELOG.md index be9e845..a7bf028 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ ## 0.17.0 (2022-XX-XX) +- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745) + +## 0.16.3 (2022-08-17) + +### Changes + +- Fix issue with OIDC authentication [#747](https://github.com/juanfont/headscale/pull/747) + ## 0.16.2 (2022-08-14) ### Changes @@ -125,7 +133,7 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh - OpenID Connect users will be mapped per namespaces - Each user will get its own namespace, created if it does not exist - `oidc.domain_map` option has been removed - - `strip_email_domain` option has been added (see [config-example.yaml](./config_example.yaml)) + - `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml)) ### Changes diff --git a/app.go b/app.go index 966fb3a..851805d 100644 --- a/app.go +++ b/app.go @@ -145,12 +145,16 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { switch cfg.DBtype { case Postgres: dbString = fmt.Sprintf( - "host=%s dbname=%s user=%s sslmode=disable", + "host=%s dbname=%s user=%s", cfg.DBhost, cfg.DBname, cfg.DBuser, ) + if !cfg.DBssl { + dbString += " sslmode=disable" + } + if cfg.DBport != 0 { dbString += fmt.Sprintf(" port=%d", cfg.DBport) } diff --git a/config-example.yaml b/config-example.yaml index 47053e8..5ebc130 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -128,6 +128,7 @@ db_path: /var/lib/headscale/db.sqlite # db_name: headscale # db_user: foo # db_pass: bar +# db_ssl: false ### TLS configuration # diff --git a/config.go b/config.go index 99e7a4c..e503b61 100644 --- a/config.go +++ b/config.go @@ -48,6 +48,7 @@ type Config struct { DBname string DBuser string DBpass string + DBssl bool TLS TLSConfig @@ -514,6 +515,7 @@ func GetHeadscaleConfig() (*Config, error) { DBname: viper.GetString("db_name"), DBuser: viper.GetString("db_user"), DBpass: viper.GetString("db_pass"), + DBssl: viper.GetBool("db_ssl"), TLS: GetTLSConfig(), diff --git a/oidc.go b/oidc.go index 6376271..60d531e 100644 --- a/oidc.go +++ b/oidc.go @@ -318,7 +318,7 @@ func extractIDTokenClaims( idToken *oidc.IDToken, ) (*IDTokenClaims, error) { var claims IDTokenClaims - if err := idToken.Claims(claims); err != nil { + if err := idToken.Claims(&claims); err != nil { log.Error(). Err(err). Caller(). diff --git a/swagger.go b/swagger.go index 588b42a..306fc1f 100644 --- a/swagger.go +++ b/swagger.go @@ -83,7 +83,7 @@ func SwaggerAPIv1( writer http.ResponseWriter, req *http.Request, ) { - writer.Header().Set("Content-Type", "application/json; charset=utf-88") + writer.Header().Set("Content-Type", "application/json; charset=utf-8") writer.WriteHeader(http.StatusOK) if _, err := writer.Write(apiV1JSON); err != nil { log.Error().