Remove expiry logic, this needs to be redone
This commit is contained in:
parent
106b1e7e8d
commit
9aac1fb255
5 changed files with 22 additions and 55 deletions
16
api.go
16
api.go
|
@ -369,13 +369,9 @@ func (h *Headscale) handleMachineExpired(
|
||||||
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
||||||
}
|
}
|
||||||
|
|
||||||
// When a client connects, it may request a specific expiry time in its
|
if !reqisterRequest.Expiry.IsZero() {
|
||||||
// RegisterRequest (https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L634)
|
machine.Expiry = &reqisterRequest.Expiry
|
||||||
// RequestedExpiry is used to store the clients requested expiry time since the authentication flow is broken
|
}
|
||||||
// into two steps (which cant pass arbitrary data between them easily) and needs to be
|
|
||||||
// retrieved again after the user has authenticated. After the authentication flow
|
|
||||||
// completes, RequestedExpiry is copied into Expiry.
|
|
||||||
machine.RequestedExpiry = &reqisterRequest.Expiry
|
|
||||||
|
|
||||||
h.db.Save(&machine)
|
h.db.Save(&machine)
|
||||||
|
|
||||||
|
@ -450,8 +446,10 @@ func (h *Headscale) handleMachineRegistrationNew(
|
||||||
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
||||||
}
|
}
|
||||||
|
|
||||||
// save the requested expiry time for retrieval later in the authentication flow
|
if !reqisterRequest.Expiry.IsZero() {
|
||||||
machine.RequestedExpiry = &reqisterRequest.Expiry
|
machine.Expiry = &reqisterRequest.Expiry
|
||||||
|
}
|
||||||
|
|
||||||
machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey
|
machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey
|
||||||
h.db.Save(&machine)
|
h.db.Save(&machine)
|
||||||
|
|
||||||
|
|
3
app.go
3
app.go
|
@ -96,9 +96,6 @@ type Config struct {
|
||||||
OIDC OIDCConfig
|
OIDC OIDCConfig
|
||||||
|
|
||||||
CLI CLIConfig
|
CLI CLIConfig
|
||||||
|
|
||||||
MaxMachineRegistrationDuration time.Duration
|
|
||||||
DefaultMachineRegistrationDuration time.Duration
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type OIDCConfig struct {
|
type OIDCConfig struct {
|
||||||
|
|
|
@ -21,7 +21,6 @@ func (s *Suite) TestRegisterMachine(c *check.C) {
|
||||||
NamespaceID: namespace.ID,
|
NamespaceID: namespace.ID,
|
||||||
IPAddress: "10.0.0.1",
|
IPAddress: "10.0.0.1",
|
||||||
Expiry: &now,
|
Expiry: &now,
|
||||||
RequestedExpiry: &now,
|
|
||||||
}
|
}
|
||||||
app.db.Save(&machine)
|
app.db.Save(&machine)
|
||||||
|
|
||||||
|
|
39
machine.go
39
machine.go
|
@ -45,7 +45,6 @@ type Machine struct {
|
||||||
LastSeen *time.Time
|
LastSeen *time.Time
|
||||||
LastSuccessfulUpdate *time.Time
|
LastSuccessfulUpdate *time.Time
|
||||||
Expiry *time.Time
|
Expiry *time.Time
|
||||||
RequestedExpiry *time.Time
|
|
||||||
|
|
||||||
HostInfo datatypes.JSON
|
HostInfo datatypes.JSON
|
||||||
Endpoints datatypes.JSON
|
Endpoints datatypes.JSON
|
||||||
|
@ -68,40 +67,16 @@ func (machine Machine) isAlreadyRegistered() bool {
|
||||||
|
|
||||||
// isExpired returns whether the machine registration has expired.
|
// isExpired returns whether the machine registration has expired.
|
||||||
func (machine Machine) isExpired() bool {
|
func (machine Machine) isExpired() bool {
|
||||||
|
// If Expiry is not set, the client has not indicated that
|
||||||
|
// it wants an expiry time, it is therefor considered
|
||||||
|
// to mean "not expired"
|
||||||
|
if machine.Expiry.IsZero() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
return time.Now().UTC().After(*machine.Expiry)
|
return time.Now().UTC().After(*machine.Expiry)
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration,
|
|
||||||
// or the default duration if no Expiry time was requested by the client. The expiry time here does not (yet) cause
|
|
||||||
// a client to be disconnected, however they will have to re-auth the machine if they attempt to reconnect after the
|
|
||||||
// expiry time.
|
|
||||||
func (h *Headscale) updateMachineExpiry(machine *Machine) {
|
|
||||||
if machine.isExpired() {
|
|
||||||
now := time.Now().UTC()
|
|
||||||
maxExpiry := now.Add(
|
|
||||||
h.cfg.MaxMachineRegistrationDuration,
|
|
||||||
) // calculate the maximum expiry
|
|
||||||
defaultExpiry := now.Add(
|
|
||||||
h.cfg.DefaultMachineRegistrationDuration,
|
|
||||||
) // calculate the default expiry
|
|
||||||
|
|
||||||
// clamp the expiry time of the machine registration to the maximum allowed, or use the default if none supplied
|
|
||||||
if maxExpiry.Before(*machine.RequestedExpiry) {
|
|
||||||
log.Debug().
|
|
||||||
Msgf("Clamping registration expiry time to maximum: %v (%v)", maxExpiry, h.cfg.MaxMachineRegistrationDuration)
|
|
||||||
machine.Expiry = &maxExpiry
|
|
||||||
} else if machine.RequestedExpiry.IsZero() {
|
|
||||||
log.Debug().Msgf("Using default machine registration expiry time: %v (%v)", defaultExpiry, h.cfg.DefaultMachineRegistrationDuration)
|
|
||||||
machine.Expiry = &defaultExpiry
|
|
||||||
} else {
|
|
||||||
log.Debug().Msgf("Using requested machine registration expiry time: %v", machine.RequestedExpiry)
|
|
||||||
machine.Expiry = machine.RequestedExpiry
|
|
||||||
}
|
|
||||||
|
|
||||||
h.db.Save(&machine)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) {
|
func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) {
|
||||||
log.Trace().
|
log.Trace().
|
||||||
Caller().
|
Caller().
|
||||||
|
|
2
oidc.go
2
oidc.go
|
@ -228,8 +228,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
|
||||||
h.db.Save(&machine)
|
h.db.Save(&machine)
|
||||||
}
|
}
|
||||||
|
|
||||||
h.updateMachineExpiry(machine)
|
|
||||||
|
|
||||||
ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
|
ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
|
||||||
<html>
|
<html>
|
||||||
<body>
|
<body>
|
||||||
|
|
Loading…
Reference in a new issue