Preauth keys kinda working

This commit is contained in:
Juan Font Alonso 2021-05-06 00:59:26 +02:00
parent 9ce8dc3fb6
commit e17e10e0b7

52
api.go
View file

@ -9,6 +9,7 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/davecgh/go-spew/spew"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/jinzhu/gorm" "github.com/jinzhu/gorm"
"github.com/jinzhu/gorm/dialects/postgres" "github.com/jinzhu/gorm/dialects/postgres"
@ -33,6 +34,8 @@ func (h *Headscale) RegisterWebAPI(c *gin.Context) {
return return
} }
spew.Dump(c.Params)
c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(` c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
<html> <html>
<body> <body>
@ -71,6 +74,7 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
c.String(http.StatusInternalServerError, "Very sad!") c.String(http.StatusInternalServerError, "Very sad!")
return return
} }
db, err := h.db() db, err := h.db()
if err != nil { if err != nil {
log.Printf("Cannot open DB: %s", err) log.Printf("Cannot open DB: %s", err)
@ -359,21 +363,59 @@ func (h *Headscale) getMapKeepAliveResponse(mKey wgcfg.Key, req tailcfg.MapReque
} }
func (h *Headscale) handleNewServer(c *gin.Context, db *gorm.DB, idKey wgcfg.Key, req tailcfg.RegisterRequest) { func (h *Headscale) handleNewServer(c *gin.Context, db *gorm.DB, idKey wgcfg.Key, req tailcfg.RegisterRequest) {
mNew := Machine{ m := Machine{
MachineKey: idKey.HexString(), MachineKey: idKey.HexString(),
NodeKey: wgcfg.Key(req.NodeKey).HexString(), NodeKey: wgcfg.Key(req.NodeKey).HexString(),
Expiry: &req.Expiry, Expiry: &req.Expiry,
Name: req.Hostinfo.Hostname, Name: req.Hostinfo.Hostname,
} }
if err := db.Create(&mNew).Error; err != nil { if err := db.Create(&m).Error; err != nil {
log.Printf("Could not create row: %s", err) log.Printf("Could not create row: %s", err)
return return
} }
resp := tailcfg.RegisterResponse{
AuthURL: fmt.Sprintf("%s/register?key=%s", resp := tailcfg.RegisterResponse{}
h.cfg.ServerURL, idKey.HexString()),
if req.Auth.AuthKey != "" {
pak, err := h.checkKeyValidity(req.Auth.AuthKey)
if err != nil {
resp.MachineAuthorized = false
respBody, err := encode(resp, &idKey, h.privateKey)
if err != nil {
log.Printf("Cannot encode message: %s", err)
c.String(http.StatusInternalServerError, "")
return
}
c.Data(200, "application/json; charset=utf-8", respBody)
return
}
ip, err := h.getAvailableIP()
if err != nil {
log.Println(err)
return
}
m.IPAddress = ip.String()
m.NamespaceID = pak.NamespaceID
m.AuthKeyID = uint(pak.ID)
m.Registered = true
db.Save(&m)
resp.MachineAuthorized = true
resp.User = *pak.Namespace.toUser()
respBody, err := encode(resp, &idKey, h.privateKey)
if err != nil {
log.Printf("Cannot encode message: %s", err)
c.String(http.StatusInternalServerError, "Extremely sad!")
return
}
c.Data(200, "application/json; charset=utf-8", respBody)
return
} }
resp.AuthURL = fmt.Sprintf("%s/register?key=%s",
h.cfg.ServerURL, idKey.HexString())
respBody, err := encode(resp, &idKey, h.privateKey) respBody, err := encode(resp, &idKey, h.privateKey)
if err != nil { if err != nil {
log.Printf("Cannot encode message: %s", err) log.Printf("Cannot encode message: %s", err)