Initial multi-user support using namespaces
This commit is contained in:
parent
562e996996
commit
b7655b1f68
6 changed files with 229 additions and 41 deletions
65
api.go
65
api.go
|
@ -18,10 +18,44 @@ import (
|
||||||
"tailscale.com/wgengine/wgcfg"
|
"tailscale.com/wgengine/wgcfg"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// KeyHandler provides the Headscale pub key
|
||||||
|
// Listens in /key
|
||||||
func (h *Headscale) KeyHandler(c *gin.Context) {
|
func (h *Headscale) KeyHandler(c *gin.Context) {
|
||||||
c.Data(200, "text/plain; charset=utf-8", []byte(h.publicKey.HexString()))
|
c.Data(200, "text/plain; charset=utf-8", []byte(h.publicKey.HexString()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RegisterWebAPI shows a simple message in the browser to point to the CLI
|
||||||
|
// Listens in /register
|
||||||
|
func (h *Headscale) RegisterWebAPI(c *gin.Context) {
|
||||||
|
mKeyStr := c.Query("key")
|
||||||
|
if mKeyStr == "" {
|
||||||
|
c.String(http.StatusBadRequest, "Wrong params")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
|
||||||
|
<html>
|
||||||
|
<body>
|
||||||
|
<h1>headscale</h1>
|
||||||
|
<p>
|
||||||
|
Run the command below in the headscale server to add this machine to your network:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<code>
|
||||||
|
<b>headscale register %s</b>
|
||||||
|
</code>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
|
`, mKeyStr)))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// RegistrationHandler handles the actual registration process of a machine
|
||||||
|
// Endpoint /machine/:id
|
||||||
func (h *Headscale) RegistrationHandler(c *gin.Context) {
|
func (h *Headscale) RegistrationHandler(c *gin.Context) {
|
||||||
body, _ := io.ReadAll(c.Request.Body)
|
body, _ := io.ReadAll(c.Request.Body)
|
||||||
mKeyStr := c.Param("id")
|
mKeyStr := c.Param("id")
|
||||||
|
@ -59,6 +93,7 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
|
||||||
if m.Registered {
|
if m.Registered {
|
||||||
log.Println("Client is registered and we have the current key. All clear to /map")
|
log.Println("Client is registered and we have the current key. All clear to /map")
|
||||||
resp.AuthURL = ""
|
resp.AuthURL = ""
|
||||||
|
resp.User = *m.Namespace.toUser()
|
||||||
respBody, err := encode(resp, &mKey, h.privateKey)
|
respBody, err := encode(resp, &mKey, h.privateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Cannot encode message: %s", err)
|
log.Printf("Cannot encode message: %s", err)
|
||||||
|
@ -89,6 +124,7 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
|
||||||
m.NodeKey = wgcfg.Key(req.NodeKey).HexString()
|
m.NodeKey = wgcfg.Key(req.NodeKey).HexString()
|
||||||
db.Save(&m)
|
db.Save(&m)
|
||||||
resp.AuthURL = ""
|
resp.AuthURL = ""
|
||||||
|
resp.User = *m.Namespace.toUser()
|
||||||
respBody, err := encode(resp, &mKey, h.privateKey)
|
respBody, err := encode(resp, &mKey, h.privateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Cannot encode message: %s", err)
|
log.Printf("Cannot encode message: %s", err)
|
||||||
|
@ -318,35 +354,6 @@ func (h *Headscale) getMapKeepAliveResponse(mKey wgcfg.Key, req tailcfg.MapReque
|
||||||
return &data, nil
|
return &data, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// RegisterWebAPI shows a simple message in the browser to point to the CLI
|
|
||||||
func (h *Headscale) RegisterWebAPI(c *gin.Context) {
|
|
||||||
mKeyStr := c.Query("key")
|
|
||||||
if mKeyStr == "" {
|
|
||||||
c.String(http.StatusBadRequest, "Wrong params")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
|
|
||||||
<html>
|
|
||||||
<body>
|
|
||||||
<h1>headscale</h1>
|
|
||||||
<p>
|
|
||||||
Run the command below in the headscale server to add this machine to your network:
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<p>
|
|
||||||
<code>
|
|
||||||
<b>headscale register %s</b>
|
|
||||||
</code>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
|
|
||||||
`, mKeyStr)))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
func (h *Headscale) handleNewServer(c *gin.Context, db *gorm.DB, idKey wgcfg.Key, req tailcfg.RegisterRequest) {
|
func (h *Headscale) handleNewServer(c *gin.Context, db *gorm.DB, idKey wgcfg.Key, req tailcfg.RegisterRequest) {
|
||||||
mNew := Machine{
|
mNew := Machine{
|
||||||
MachineKey: idKey.HexString(),
|
MachineKey: idKey.HexString(),
|
||||||
|
|
7
app.go
7
app.go
|
@ -74,7 +74,11 @@ func (h *Headscale) Serve() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// RegisterMachine is executed from the CLI to register a new Machine using its MachineKey
|
// RegisterMachine is executed from the CLI to register a new Machine using its MachineKey
|
||||||
func (h *Headscale) RegisterMachine(key string) error {
|
func (h *Headscale) RegisterMachine(key string, namespace string) error {
|
||||||
|
ns, err := h.GetNamespace(namespace)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
mKey, err := wgcfg.ParseHexKey(key)
|
mKey, err := wgcfg.ParseHexKey(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Cannot parse client key: %s", err)
|
log.Printf("Cannot parse client key: %s", err)
|
||||||
|
@ -103,6 +107,7 @@ func (h *Headscale) RegisterMachine(key string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
m.IPAddress = ip.String()
|
m.IPAddress = ip.String()
|
||||||
|
m.NamespaceID = ns.ID
|
||||||
m.Registered = true
|
m.Registered = true
|
||||||
db.Save(&m)
|
db.Save(&m)
|
||||||
fmt.Println("Machine registered 🎉")
|
fmt.Println("Machine registered 🎉")
|
||||||
|
|
|
@ -50,8 +50,31 @@ var serveCmd = &cobra.Command{
|
||||||
}
|
}
|
||||||
|
|
||||||
var registerCmd = &cobra.Command{
|
var registerCmd = &cobra.Command{
|
||||||
Use: "register machineID",
|
Use: "register machineID namespace",
|
||||||
Short: "Registers a machine to your network",
|
Short: "Registers a machine to your network",
|
||||||
|
Args: func(cmd *cobra.Command, args []string) error {
|
||||||
|
if len(args) < 2 {
|
||||||
|
return fmt.Errorf("Missing parameters")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
|
h, err := getHeadscaleApp()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error initializing: %s", err)
|
||||||
|
}
|
||||||
|
h.RegisterMachine(args[0], args[1])
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
var namespaceCmd = &cobra.Command{
|
||||||
|
Use: "namespace",
|
||||||
|
Short: "Manage the namespaces of Headscale",
|
||||||
|
}
|
||||||
|
|
||||||
|
var createNamespaceCmd = &cobra.Command{
|
||||||
|
Use: "create NAME",
|
||||||
|
Short: "Creates a new namespace",
|
||||||
Args: func(cmd *cobra.Command, args []string) error {
|
Args: func(cmd *cobra.Command, args []string) error {
|
||||||
if len(args) < 1 {
|
if len(args) < 1 {
|
||||||
return fmt.Errorf("Missing parameters")
|
return fmt.Errorf("Missing parameters")
|
||||||
|
@ -63,7 +86,32 @@ var registerCmd = &cobra.Command{
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Error initializing: %s", err)
|
log.Fatalf("Error initializing: %s", err)
|
||||||
}
|
}
|
||||||
h.RegisterMachine(args[0])
|
_, err = h.CreateNamespace(args[0])
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
fmt.Printf("Ook.\n")
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
var listNamespacesCmd = &cobra.Command{
|
||||||
|
Use: "list",
|
||||||
|
Short: "Creates a new namespace",
|
||||||
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
|
h, err := getHeadscaleApp()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error initializing: %s", err)
|
||||||
|
}
|
||||||
|
ns, err := h.ListNamespaces()
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
fmt.Printf("ID\tName\n")
|
||||||
|
for _, n := range *ns {
|
||||||
|
fmt.Printf("%d\t%s\n", n.ID, n.Name)
|
||||||
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,6 +127,9 @@ func main() {
|
||||||
headscaleCmd.AddCommand(versionCmd)
|
headscaleCmd.AddCommand(versionCmd)
|
||||||
headscaleCmd.AddCommand(serveCmd)
|
headscaleCmd.AddCommand(serveCmd)
|
||||||
headscaleCmd.AddCommand(registerCmd)
|
headscaleCmd.AddCommand(registerCmd)
|
||||||
|
headscaleCmd.AddCommand(namespaceCmd)
|
||||||
|
namespaceCmd.AddCommand(createNamespaceCmd)
|
||||||
|
namespaceCmd.AddCommand(listNamespacesCmd)
|
||||||
|
|
||||||
if err := headscaleCmd.Execute(); err != nil {
|
if err := headscaleCmd.Execute(); err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
|
|
1
db.go
1
db.go
|
@ -23,6 +23,7 @@ func (h *Headscale) initDB() error {
|
||||||
db.Exec("create extension if not exists \"uuid-ossp\";")
|
db.Exec("create extension if not exists \"uuid-ossp\";")
|
||||||
db.AutoMigrate(&Machine{})
|
db.AutoMigrate(&Machine{})
|
||||||
db.AutoMigrate(&KV{})
|
db.AutoMigrate(&KV{})
|
||||||
|
db.AutoMigrate(&Namespace{})
|
||||||
db.Close()
|
db.Close()
|
||||||
|
|
||||||
h.setValue("db_version", dbVersion)
|
h.setValue("db_version", dbVersion)
|
||||||
|
|
20
machine.go
20
machine.go
|
@ -16,12 +16,14 @@ import (
|
||||||
|
|
||||||
// Machine is a Headscale client
|
// Machine is a Headscale client
|
||||||
type Machine struct {
|
type Machine struct {
|
||||||
ID uint64 `gorm:"primary_key"`
|
ID uint64 `gorm:"primary_key"`
|
||||||
MachineKey string `gorm:"type:varchar(64);unique_index"`
|
MachineKey string `gorm:"type:varchar(64);unique_index"`
|
||||||
NodeKey string
|
NodeKey string
|
||||||
DiscoKey string
|
DiscoKey string
|
||||||
IPAddress string
|
IPAddress string
|
||||||
Name string
|
Name string
|
||||||
|
NamespaceID uint
|
||||||
|
Namespace Namespace
|
||||||
|
|
||||||
Registered bool // temp
|
Registered bool // temp
|
||||||
LastSeen *time.Time
|
LastSeen *time.Time
|
||||||
|
@ -106,7 +108,7 @@ func (m Machine) toNode() (*tailcfg.Node, error) {
|
||||||
ID: tailcfg.NodeID(m.ID), // this is the actual ID
|
ID: tailcfg.NodeID(m.ID), // this is the actual ID
|
||||||
StableID: tailcfg.StableNodeID(strconv.FormatUint(m.ID, 10)), // in headscale, unlike tailcontrol server, IDs are permantent
|
StableID: tailcfg.StableNodeID(strconv.FormatUint(m.ID, 10)), // in headscale, unlike tailcontrol server, IDs are permantent
|
||||||
Name: hostinfo.Hostname,
|
Name: hostinfo.Hostname,
|
||||||
User: 1,
|
User: tailcfg.UserID(m.NamespaceID),
|
||||||
Key: tailcfg.NodeKey(nKey),
|
Key: tailcfg.NodeKey(nKey),
|
||||||
KeyExpiry: *m.Expiry,
|
KeyExpiry: *m.Expiry,
|
||||||
Machine: tailcfg.MachineKey(mKey),
|
Machine: tailcfg.MachineKey(mKey),
|
||||||
|
@ -136,9 +138,9 @@ func (h *Headscale) getPeers(m Machine) (*[]*tailcfg.Node, error) {
|
||||||
}
|
}
|
||||||
defer db.Close()
|
defer db.Close()
|
||||||
|
|
||||||
// Add user management here
|
|
||||||
machines := []Machine{}
|
machines := []Machine{}
|
||||||
if err = db.Where("machine_key <> ? AND registered", m.MachineKey).Find(&machines).Error; err != nil {
|
if err = db.Where("namespace_id = ? AND machine_key <> ? AND registered",
|
||||||
|
m.NamespaceID, m.MachineKey).Find(&machines).Error; err != nil {
|
||||||
log.Printf("Error accessing db: %s", err)
|
log.Printf("Error accessing db: %s", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
122
namespaces.go
Normal file
122
namespaces.go
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
package headscale
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/jinzhu/gorm"
|
||||||
|
"tailscale.com/tailcfg"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Namespace is the way Headscale implements the concept of users in Tailscale
|
||||||
|
//
|
||||||
|
// At the end of the day, users in Tailscale are some kind of 'bubbles' or namespaces
|
||||||
|
// that contain our machines.
|
||||||
|
type Namespace struct {
|
||||||
|
gorm.Model
|
||||||
|
Name string `gorm:"unique"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateNamespace creates a new Namespace. Returns error if could not be created
|
||||||
|
// or another namespace already exists
|
||||||
|
func (h *Headscale) CreateNamespace(name string) (*Namespace, error) {
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Cannot open DB: %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer db.Close()
|
||||||
|
|
||||||
|
n := Namespace{}
|
||||||
|
if err := db.Where("name = ?", name).First(&n).Error; err == nil {
|
||||||
|
return nil, fmt.Errorf("Namespace already exists")
|
||||||
|
}
|
||||||
|
n.Name = name
|
||||||
|
if err := db.Create(&n).Error; err != nil {
|
||||||
|
log.Printf("Could not create row: %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &n, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetNamespace fetches a namespace by name
|
||||||
|
func (h *Headscale) GetNamespace(name string) (*Namespace, error) {
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Cannot open DB: %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer db.Close()
|
||||||
|
|
||||||
|
n := Namespace{}
|
||||||
|
if db.First(&n, "name = ?", name).RecordNotFound() {
|
||||||
|
return nil, fmt.Errorf("Namespace not found")
|
||||||
|
}
|
||||||
|
return &n, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListNamespaces gets all the existing namespaces
|
||||||
|
func (h *Headscale) ListNamespaces() (*[]Namespace, error) {
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Cannot open DB: %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer db.Close()
|
||||||
|
namespaces := []Namespace{}
|
||||||
|
if err := db.Find(&namespaces).Error; err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &namespaces, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListMachinesInNamespace gets all the nodes in a given namespace
|
||||||
|
func (h *Headscale) ListMachinesInNamespace(name string) (*[]Machine, error) {
|
||||||
|
n, err := h.GetNamespace(name)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Cannot open DB: %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer db.Close()
|
||||||
|
|
||||||
|
machines := []Machine{}
|
||||||
|
if err := db.Where(&Machine{NamespaceID: n.ID}).Find(&machines).Error; err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &machines, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *Headscale) SetMachineNamespace(m *Machine, namespaceName string) error {
|
||||||
|
n, err := h.GetNamespace(namespaceName)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
db, err := h.db()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Cannot open DB: %s", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer db.Close()
|
||||||
|
m.NamespaceID = n.ID
|
||||||
|
db.Save(&m)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (n *Namespace) toUser() *tailcfg.User {
|
||||||
|
u := tailcfg.User{
|
||||||
|
ID: tailcfg.UserID(n.ID),
|
||||||
|
LoginName: "",
|
||||||
|
DisplayName: n.Name,
|
||||||
|
ProfilePicURL: "",
|
||||||
|
Domain: "",
|
||||||
|
Logins: []tailcfg.LoginID{},
|
||||||
|
Roles: []tailcfg.RoleID{},
|
||||||
|
Created: time.Time{},
|
||||||
|
}
|
||||||
|
return &u
|
||||||
|
}
|
Loading…
Reference in a new issue