Lint fixes 3/n
This commit is contained in:
parent
a913d1b521
commit
c859bea0cf
2 changed files with 61 additions and 61 deletions
6
app.go
6
app.go
|
@ -407,9 +407,9 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router {
|
||||||
|
|
||||||
router.HandleFunc(
|
router.HandleFunc(
|
||||||
"/health",
|
"/health",
|
||||||
func(w http.ResponseWriter, r *http.Request) {
|
func(writer http.ResponseWriter, req *http.Request) {
|
||||||
w.WriteHeader(http.StatusOK)
|
writer.WriteHeader(http.StatusOK)
|
||||||
w.Write([]byte("{\"healthy\": \"ok\"}"))
|
writer.Write([]byte("{\"healthy\": \"ok\"}"))
|
||||||
}).Methods(http.MethodGet)
|
}).Methods(http.MethodGet)
|
||||||
|
|
||||||
router.HandleFunc("/key", h.KeyHandler).Methods(http.MethodGet)
|
router.HandleFunc("/key", h.KeyHandler).Methods(http.MethodGet)
|
||||||
|
|
116
oidc.go
116
oidc.go
|
@ -133,16 +133,16 @@ var oidcCallbackTemplate = template.Must(
|
||||||
// TODO: Add groups information from OIDC tokens into machine HostInfo
|
// TODO: Add groups information from OIDC tokens into machine HostInfo
|
||||||
// Listens in /oidc/callback.
|
// Listens in /oidc/callback.
|
||||||
func (h *Headscale) OIDCCallback(
|
func (h *Headscale) OIDCCallback(
|
||||||
w http.ResponseWriter,
|
writer http.ResponseWriter,
|
||||||
r *http.Request,
|
req *http.Request,
|
||||||
) {
|
) {
|
||||||
code := r.URL.Query().Get("code")
|
code := req.URL.Query().Get("code")
|
||||||
state := r.URL.Query().Get("state")
|
state := req.URL.Query().Get("state")
|
||||||
|
|
||||||
if code == "" || state == "" {
|
if code == "" || state == "" {
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("Wrong params"))
|
writer.Write([]byte("Wrong params"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -153,9 +153,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Caller().
|
Caller().
|
||||||
Msg("Could not exchange code for token")
|
Msg("Could not exchange code for token")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("Could not exchange code for token"))
|
writer.Write([]byte("Could not exchange code for token"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -168,9 +168,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
|
|
||||||
rawIDToken, rawIDTokenOK := oauth2Token.Extra("id_token").(string)
|
rawIDToken, rawIDTokenOK := oauth2Token.Extra("id_token").(string)
|
||||||
if !rawIDTokenOK {
|
if !rawIDTokenOK {
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("Could not extract ID Token"))
|
writer.Write([]byte("Could not extract ID Token"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -183,9 +183,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Caller().
|
Caller().
|
||||||
Msg("failed to verify id token")
|
Msg("failed to verify id token")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("Failed to verify id token"))
|
writer.Write([]byte("Failed to verify id token"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -204,9 +204,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Caller().
|
Caller().
|
||||||
Msg("Failed to decode id token claims")
|
Msg("Failed to decode id token claims")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("Failed to decode id token claims"))
|
writer.Write([]byte("Failed to decode id token claims"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -216,9 +216,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
if at := strings.LastIndex(claims.Email, "@"); at < 0 ||
|
if at := strings.LastIndex(claims.Email, "@"); at < 0 ||
|
||||||
!IsStringInSlice(h.cfg.OIDC.AllowedDomains, claims.Email[at+1:]) {
|
!IsStringInSlice(h.cfg.OIDC.AllowedDomains, claims.Email[at+1:]) {
|
||||||
log.Error().Msg("authenticated principal does not match any allowed domain")
|
log.Error().Msg("authenticated principal does not match any allowed domain")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("unauthorized principal (domain mismatch)"))
|
writer.Write([]byte("unauthorized principal (domain mismatch)"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -228,9 +228,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
if len(h.cfg.OIDC.AllowedUsers) > 0 &&
|
if len(h.cfg.OIDC.AllowedUsers) > 0 &&
|
||||||
!IsStringInSlice(h.cfg.OIDC.AllowedUsers, claims.Email) {
|
!IsStringInSlice(h.cfg.OIDC.AllowedUsers, claims.Email) {
|
||||||
log.Error().Msg("authenticated principal does not match any allowed user")
|
log.Error().Msg("authenticated principal does not match any allowed user")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("unauthorized principal (user mismatch)"))
|
writer.Write([]byte("unauthorized principal (user mismatch)"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -241,9 +241,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
if !machineKeyFound {
|
if !machineKeyFound {
|
||||||
log.Error().
|
log.Error().
|
||||||
Msg("requested machine state key expired before authorisation completed")
|
Msg("requested machine state key expired before authorisation completed")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("state has expired"))
|
writer.Write([]byte("state has expired"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -257,18 +257,18 @@ func (h *Headscale) OIDCCallback(
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Msg("could not parse machine public key")
|
Msg("could not parse machine public key")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
writer.WriteHeader(http.StatusBadRequest)
|
||||||
w.Write([]byte("could not parse public key"))
|
writer.Write([]byte("could not parse public key"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !machineKeyOK {
|
if !machineKeyOK {
|
||||||
log.Error().Msg("could not get machine key from cache")
|
log.Error().Msg("could not get machine key from cache")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("could not get machine key from cache"))
|
writer.Write([]byte("could not get machine key from cache"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -298,16 +298,16 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Msg("Could not render OIDC callback template")
|
Msg("Could not render OIDC callback template")
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("Could not render OIDC callback template"))
|
writer.Write([]byte("Could not render OIDC callback template"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusOK)
|
writer.WriteHeader(http.StatusOK)
|
||||||
w.Write(content.Bytes())
|
writer.Write(content.Bytes())
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -318,9 +318,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Err(err).Caller().Msgf("couldn't normalize email")
|
log.Error().Err(err).Caller().Msgf("couldn't normalize email")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("couldn't normalize email"))
|
writer.Write([]byte("couldn't normalize email"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -337,9 +337,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Caller().
|
Caller().
|
||||||
Msgf("could not create new namespace '%s'", namespaceName)
|
Msgf("could not create new namespace '%s'", namespaceName)
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("could not create namespace"))
|
writer.Write([]byte("could not create namespace"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -349,9 +349,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Str("namespace", namespaceName).
|
Str("namespace", namespaceName).
|
||||||
Msg("could not find or create namespace")
|
Msg("could not find or create namespace")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("could not find or create namespace"))
|
writer.Write([]byte("could not find or create namespace"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -368,9 +368,9 @@ func (h *Headscale) OIDCCallback(
|
||||||
Caller().
|
Caller().
|
||||||
Err(err).
|
Err(err).
|
||||||
Msg("could not register machine")
|
Msg("could not register machine")
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("could not register machine"))
|
writer.Write([]byte("could not register machine"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -386,14 +386,14 @@ func (h *Headscale) OIDCCallback(
|
||||||
Err(err).
|
Err(err).
|
||||||
Msg("Could not render OIDC callback template")
|
Msg("Could not render OIDC callback template")
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
w.Write([]byte("Could not render OIDC callback template"))
|
writer.Write([]byte("Could not render OIDC callback template"))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
writer.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||||
w.WriteHeader(http.StatusOK)
|
writer.WriteHeader(http.StatusOK)
|
||||||
w.Write(content.Bytes())
|
writer.Write(content.Bytes())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue