headscale/preauth_keys.go

package headscale

import (
	"crypto/rand"
	"encoding/hex"
	"errors"
	"fmt"
	"strconv"
	"strings"
	"time"

	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
	"google.golang.org/protobuf/types/known/timestamppb"
	"gorm.io/gorm"
)

const (
	ErrPreAuthKeyNotFound          = Error("AuthKey not found")
	ErrPreAuthKeyExpired           = Error("AuthKey expired")
	ErrSingleUseAuthKeyHasBeenUsed = Error("AuthKey has already been used")
	ErrNamespaceMismatch           = Error("namespace mismatch")
	ErrPreAuthKeyACLTagInvalid     = Error("AuthKey tag is invalid")
)

// PreAuthKey describes a pre-authorization key usable in a particular namespace.
type PreAuthKey struct {
	ID          uint64 `gorm:"primary_key"`
	Key         string
	NamespaceID uint
	Namespace   Namespace
	Reusable    bool
	Ephemeral   bool `gorm:"default:false"`
	Used        bool `gorm:"default:false"`
	ACLTags     []PreAuthKeyACLTag

	CreatedAt  *time.Time
	Expiration *time.Time
}

// PreAuthKeyACLTag describes an autmatic tag applied to a node when registered with the associated PreAuthKey.
type PreAuthKeyACLTag struct {
	ID           uint64 `gorm:"primary_key"`
	PreAuthKeyID uint64
	Tag          string
}

// CreatePreAuthKey creates a new PreAuthKey in a namespace, and returns it.
func (h *Headscale) CreatePreAuthKey(
	namespaceName string,
	reusable bool,
	ephemeral bool,
	expiration *time.Time,
	aclTags []string,
) (*PreAuthKey, error) {
	namespace, err := h.GetNamespace(namespaceName)
	if err != nil {
		return nil, err
	}

	for _, tag := range aclTags {
		if !strings.HasPrefix(tag, "tag:") {
			return nil, fmt.Errorf("%w: '%s' did not begin with 'tag:'", ErrPreAuthKeyACLTagInvalid, tag)
		}
	}

	now := time.Now().UTC()
	kstr, err := h.generateKey()
	if err != nil {
		return nil, err
	}

	key := PreAuthKey{
		Key:         kstr,
		NamespaceID: namespace.ID,
		Namespace:   *namespace,
		Reusable:    reusable,
		Ephemeral:   ephemeral,
		CreatedAt:   &now,
		Expiration:  expiration,
	}

	err = h.db.Transaction(func(db *gorm.DB) error {
		if err := db.Save(&key).Error; err != nil {
			return fmt.Errorf("failed to create key in the database: %w", err)
		}

		if len(aclTags) > 0 {
			seenTags := map[string]bool{}

			for _, tag := range aclTags {
				if !seenTags[tag] {
					if err := db.Save(&PreAuthKeyACLTag{PreAuthKeyID: key.ID, Tag: tag}).Error; err != nil {
						return fmt.Errorf(
							"failed to ceate key tag in the database: %w",
							err,
						)
					}
					seenTags[tag] = true
				}
			}
		}

		return nil
	})

	if err != nil {
		return nil, err
	}

	return &key, nil
}

// ListPreAuthKeys returns the list of PreAuthKeys for a namespace.
func (h *Headscale) ListPreAuthKeys(namespaceName string) ([]PreAuthKey, error) {
	namespace, err := h.GetNamespace(namespaceName)
	if err != nil {
		return nil, err
	}

	keys := []PreAuthKey{}
	if err := h.db.Preload("Namespace").Preload("ACLTags").Where(&PreAuthKey{NamespaceID: namespace.ID}).Find(&keys).Error; err != nil {
		return nil, err
	}

	return keys, nil
}

// GetPreAuthKey returns a PreAuthKey for a given key.
func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, error) {
	pak, err := h.checkKeyValidity(key)
	if err != nil {
		return nil, err
	}

	if pak.Namespace.Name != namespace {
		return nil, ErrNamespaceMismatch
	}

	return pak, nil
}

// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey
// does not exist.
func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error {
	return h.db.Transaction(func(db *gorm.DB) error {
		if result := db.Unscoped().Where(PreAuthKeyACLTag{PreAuthKeyID: pak.ID}).Delete(&PreAuthKeyACLTag{}); result.Error != nil {
			return result.Error
		}

		if result := db.Unscoped().Delete(pak); result.Error != nil {
			return result.Error
		}

		return nil
	})
}

// MarkExpirePreAuthKey marks a PreAuthKey as expired.
func (h *Headscale) ExpirePreAuthKey(k *PreAuthKey) error {
	if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
		return err
	}

	return nil
}

// UsePreAuthKey marks a PreAuthKey as used.
func (h *Headscale) UsePreAuthKey(k *PreAuthKey) error {
	k.Used = true
	if err := h.db.Save(k).Error; err != nil {
		return fmt.Errorf("failed to update key used status in the database: %w", err)
	}

	return nil
}

// checkKeyValidity does the heavy lifting for validation of the PreAuthKey coming from a node
// If returns no error and a PreAuthKey, it can be used.
func (h *Headscale) checkKeyValidity(k string) (*PreAuthKey, error) {
	pak := PreAuthKey{}
	if result := h.db.Preload("Namespace").Preload("ACLTags").First(&pak, "key = ?", k); errors.Is(
		result.Error,
		gorm.ErrRecordNotFound,
	) {
		return nil, ErrPreAuthKeyNotFound
	}

	if pak.Expiration != nil && pak.Expiration.Before(time.Now()) {
		return nil, ErrPreAuthKeyExpired
	}

	if pak.Reusable || pak.Ephemeral { // we don't need to check if has been used before
		return &pak, nil
	}

	machines := []Machine{}
	if err := h.db.Preload("AuthKey").Where(&Machine{AuthKeyID: uint(pak.ID)}).Find(&machines).Error; err != nil {
		return nil, err
	}

	if len(machines) != 0 || pak.Used {
		return nil, ErrSingleUseAuthKeyHasBeenUsed
	}

	return &pak, nil
}

func (h *Headscale) generateKey() (string, error) {
	size := 24
	bytes := make([]byte, size)
	if _, err := rand.Read(bytes); err != nil {
		return "", err
	}

	return hex.EncodeToString(bytes), nil
}

func (key *PreAuthKey) toProto() *v1.PreAuthKey {
	protoKey := v1.PreAuthKey{
		Namespace: key.Namespace.Name,
		Id:        strconv.FormatUint(key.ID, Base10),
		Key:       key.Key,
		Ephemeral: key.Ephemeral,
		Reusable:  key.Reusable,
		Used:      key.Used,
		AclTags:   make([]string, len(key.ACLTags)),
	}

	if key.Expiration != nil {
		protoKey.Expiration = timestamppb.New(*key.Expiration)
	}

	if key.CreatedAt != nil {
		protoKey.CreatedAt = timestamppb.New(*key.CreatedAt)
	}

	for idx := range key.ACLTags {
		protoKey.AclTags[idx] = key.ACLTags[idx].Tag
	}

	return &protoKey
}
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`package headscale`

			`import (`
			`"crypto/rand"`
			`"encoding/hex"`
Update Headscale to depend on gorm v2 2021-06-24 21:44:19 +08:00			`"errors"`
Check all errors for db.Save 2022-05-30 21:31:06 +08:00			`"fmt"`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`"strconv"`
Set tags as part of handleAuthKeyCommon 2022-08-25 18:43:15 +08:00			`"strings"`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`"time"`
Update Headscale to depend on gorm v2 2021-06-24 21:44:19 +08:00
golangci-lint --fix 2021-11-13 16:39:04 +08:00			`v1 "github.com/juanfont/headscale/gen/go/headscale/v1"`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`"google.golang.org/protobuf/types/known/timestamppb"`
Update Headscale to depend on gorm v2 2021-06-24 21:44:19 +08:00			`"gorm.io/gorm"`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`)`

Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`const (`
exported API errors 2022-07-29 23:35:21 +08:00			`ErrPreAuthKeyNotFound = Error("AuthKey not found")`
			`ErrPreAuthKeyExpired = Error("AuthKey expired")`
			`ErrSingleUseAuthKeyHasBeenUsed = Error("AuthKey has already been used")`
			`ErrNamespaceMismatch = Error("namespace mismatch")`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`ErrPreAuthKeyACLTagInvalid = Error("AuthKey tag is invalid")`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`)`
WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00
golangci-lint --fix 2021-11-13 16:39:04 +08:00			`// PreAuthKey describes a pre-authorization key usable in a particular namespace.`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`type PreAuthKey struct {`
			ID uint64 `gorm:"primary_key"`
			`Key string`
			`NamespaceID uint`
			`Namespace Namespace`
			`Reusable bool`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			Ephemeral bool `gorm:"default:false"`
Fixed merge 2021-10-14 05:28:47 +08:00			Used bool `gorm:"default:false"`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`ACLTags []PreAuthKeyACLTag`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00
			`CreatedAt *time.Time`
			`Expiration *time.Time`
			`}`

fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`// PreAuthKeyACLTag describes an autmatic tag applied to a node when registered with the associated PreAuthKey.`
			`type PreAuthKeyACLTag struct {`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			ID uint64 `gorm:"primary_key"`
			`PreAuthKeyID uint64`
			`Tag string`
			`}`

golangci-lint --fix 2021-11-13 16:39:04 +08:00			`// CreatePreAuthKey creates a new PreAuthKey in a namespace, and returns it.`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`func (h *Headscale) CreatePreAuthKey(`
			`namespaceName string,`
			`reusable bool,`
			`ephemeral bool,`
			`expiration *time.Time,`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`aclTags []string,`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`) (*PreAuthKey, error) {`
Fix rest of var name in main code 2021-11-16 00:15:50 +08:00			`namespace, err := h.GetNamespace(namespaceName)`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`if err != nil {`
			`return nil, err`
			`}`

Set tags as part of handleAuthKeyCommon 2022-08-25 18:43:15 +08:00			`for _, tag := range aclTags {`
			`if !strings.HasPrefix(tag, "tag:") {`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`return nil, fmt.Errorf("%w: '%s' did not begin with 'tag:'", ErrPreAuthKeyACLTagInvalid, tag)`
Set tags as part of handleAuthKeyCommon 2022-08-25 18:43:15 +08:00			`}`
			`}`

WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`now := time.Now().UTC()`
			`kstr, err := h.generateKey()`
			`if err != nil {`
			`return nil, err`
			`}`

Fix rest of var name in main code 2021-11-16 00:15:50 +08:00			`key := PreAuthKey{`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`Key: kstr,`
Fix rest of var name in main code 2021-11-16 00:15:50 +08:00			`NamespaceID: namespace.ID,`
			`Namespace: *namespace,`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`Reusable: reusable,`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`Ephemeral: ephemeral,`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`CreatedAt: &now,`
			`Expiration: expiration,`
			`}`
Check all errors for db.Save 2022-05-30 21:31:06 +08:00
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`err = h.db.Transaction(func(db *gorm.DB) error {`
			`if err := db.Save(&key).Error; err != nil {`
			`return fmt.Errorf("failed to create key in the database: %w", err)`
			`}`

			`if len(aclTags) > 0 {`
Set tags as part of handleAuthKeyCommon 2022-08-25 18:43:15 +08:00			`seenTags := map[string]bool{}`

Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`for _, tag := range aclTags {`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`if !seenTags[tag] {`
			`if err := db.Save(&PreAuthKeyACLTag{PreAuthKeyID: key.ID, Tag: tag}).Error; err != nil {`
Set tags as part of handleAuthKeyCommon 2022-08-25 18:43:15 +08:00			`return fmt.Errorf(`
			`"failed to ceate key tag in the database: %w",`
			`err,`
			`)`
			`}`
			`seenTags[tag] = true`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`}`
			`}`
			`}`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`return nil`
			`})`

			`if err != nil {`
			`return nil, err`
Check all errors for db.Save 2022-05-30 21:31:06 +08:00			`}`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00
Fix rest of var name in main code 2021-11-16 00:15:50 +08:00			`return &key, nil`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`}`

golangci-lint --fix 2021-11-13 16:39:04 +08:00			`// ListPreAuthKeys returns the list of PreAuthKeys for a namespace.`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`func (h *Headscale) ListPreAuthKeys(namespaceName string) ([]PreAuthKey, error) {`
Fix rest of var name in main code 2021-11-16 00:15:50 +08:00			`namespace, err := h.GetNamespace(namespaceName)`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`keys := []PreAuthKey{}`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`if err := h.db.Preload("Namespace").Preload("ACLTags").Where(&PreAuthKey{NamespaceID: namespace.ID}).Find(&keys).Error; err != nil {`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`return nil, err`
			`}`
Add and fix nlreturn (new line return) 2021-11-14 23:46:09 +08:00
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`return keys, nil`
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`}`

golangci-lint --fix 2021-11-13 16:39:04 +08:00			`// GetPreAuthKey returns a PreAuthKey for a given key.`
Added cmd to expire preauth keys (requested in #78) 2021-08-08 06:10:30 +08:00			`func (h Headscale) GetPreAuthKey(namespace string, key string) (PreAuthKey, error) {`
			`pak, err := h.checkKeyValidity(key)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if pak.Namespace.Name != namespace {`
exported API errors 2022-07-29 23:35:21 +08:00			`return nil, ErrNamespaceMismatch`
Added cmd to expire preauth keys (requested in #78) 2021-08-08 06:10:30 +08:00			`}`

			`return pak, nil`
			`}`

Improvements for namespace deletion: add a confirmation prompt, and make sure to also delete any associated preauthkeys. 2021-11-14 03:01:05 +08:00			`// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey`
			`// does not exist.`
Add and fix gosec 2021-11-16 02:31:52 +08:00			`func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error {`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`return h.db.Transaction(func(db *gorm.DB) error {`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`if result := db.Unscoped().Where(PreAuthKeyACLTag{PreAuthKeyID: pak.ID}).Delete(&PreAuthKeyACLTag{}); result.Error != nil {`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`return result.Error`
			`}`
Improvements for namespace deletion: add a confirmation prompt, and make sure to also delete any associated preauthkeys. 2021-11-14 03:01:05 +08:00
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`if result := db.Unscoped().Delete(pak); result.Error != nil {`
			`return result.Error`
			`}`

			`return nil`
			`})`
Improvements for namespace deletion: add a confirmation prompt, and make sure to also delete any associated preauthkeys. 2021-11-14 03:01:05 +08:00			`}`

Fix golanglint 2021-11-14 16:32:58 +08:00			`// MarkExpirePreAuthKey marks a PreAuthKey as expired.`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`func (h Headscale) ExpirePreAuthKey(k PreAuthKey) error {`
Added func to expire PAKs 2021-08-08 05:57:52 +08:00			`if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {`
			`return err`
			`}`
Add and fix nlreturn (new line return) 2021-11-14 23:46:09 +08:00
Added func to expire PAKs 2021-08-08 05:57:52 +08:00			`return nil`
			`}`

Register new machines needing callback in memory This commit stores temporary registration data in cache, instead of memory allowing us to only have actually registered machines in the database. 2022-02-28 16:06:39 +08:00			`// UsePreAuthKey marks a PreAuthKey as used.`
Check all errors for db.Save 2022-05-30 21:31:06 +08:00			`func (h Headscale) UsePreAuthKey(k PreAuthKey) error {`
Register new machines needing callback in memory This commit stores temporary registration data in cache, instead of memory allowing us to only have actually registered machines in the database. 2022-02-28 16:06:39 +08:00			`k.Used = true`
Check all errors for db.Save 2022-05-30 21:31:06 +08:00			`if err := h.db.Save(k).Error; err != nil {`
			`return fmt.Errorf("failed to update key used status in the database: %w", err)`
			`}`

			`return nil`
Register new machines needing callback in memory This commit stores temporary registration data in cache, instead of memory allowing us to only have actually registered machines in the database. 2022-02-28 16:06:39 +08:00			`}`

WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00			`// checkKeyValidity does the heavy lifting for validation of the PreAuthKey coming from a node`
golangci-lint --fix 2021-11-13 16:39:04 +08:00			`// If returns no error and a PreAuthKey, it can be used.`
WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00			`func (h Headscale) checkKeyValidity(k string) (PreAuthKey, error) {`
			`pak := PreAuthKey{}`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`if result := h.db.Preload("Namespace").Preload("ACLTags").First(&pak, "key = ?", k); errors.Is(`
Go format with shorter lines 2021-11-13 16:36:45 +08:00			`result.Error,`
			`gorm.ErrRecordNotFound,`
			`) {`
exported API errors 2022-07-29 23:35:21 +08:00			`return nil, ErrPreAuthKeyNotFound`
WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00			`}`

			`if pak.Expiration != nil && pak.Expiration.Before(time.Now()) {`
exported API errors 2022-07-29 23:35:21 +08:00			`return nil, ErrPreAuthKeyExpired`
WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00			`}`

Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`if pak.Reusable \|\| pak.Ephemeral { // we don't need to check if has been used before`
Added fields in Machine to store authkey + validation tests 2021-05-06 06:08:36 +08:00			`return &pak, nil`
			`}`

			`machines := []Machine{}`
Use gorm connection pool 2021-07-05 03:40:46 +08:00			`if err := h.db.Preload("AuthKey").Where(&Machine{AuthKeyID: uint(pak.ID)}).Find(&machines).Error; err != nil {`
Added fields in Machine to store authkey + validation tests 2021-05-06 06:08:36 +08:00			`return nil, err`
			`}`

Apply suggestions from code review Renamed AlreadyUsed to Used Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no> 2021-10-14 04:51:55 +08:00			`if len(machines) != 0 \|\| pak.Used {`
exported API errors 2022-07-29 23:35:21 +08:00			`return nil, ErrSingleUseAuthKeyHasBeenUsed`
Added fields in Machine to store authkey + validation tests 2021-05-06 06:08:36 +08:00			`}`

WIP Working on authkeys + tests 2021-05-06 05:00:04 +08:00			`return &pak, nil`
			`}`

WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`func (h *Headscale) generateKey() (string, error) {`
			`size := 24`
			`bytes := make([]byte, size)`
			`if _, err := rand.Read(bytes); err != nil {`
			`return "", err`
			`}`
Add and fix nlreturn (new line return) 2021-11-14 23:46:09 +08:00
WIP on PreAuthKeys 2021-04-23 06:25:01 +08:00			`return hex.EncodeToString(bytes), nil`
			`}`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00
			`func (key PreAuthKey) toProto() v1.PreAuthKey {`
Try to address issue raised by cure 2021-11-09 04:48:20 +08:00			`protoKey := v1.PreAuthKey{`
			`Namespace: key.Namespace.Name,`
Add and fix stylecheck (golint replacement) 2021-11-16 01:24:24 +08:00			`Id: strconv.FormatUint(key.ID, Base10),`
Try to address issue raised by cure 2021-11-09 04:48:20 +08:00			`Key: key.Key,`
			`Ephemeral: key.Ephemeral,`
			`Reusable: key.Reusable,`
			`Used: key.Used,`
fix linting issues in preauthkey tags 2022-09-07 20:12:29 +08:00			`AclTags: make([]string, len(key.ACLTags)),`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`}`
Try to address issue raised by cure 2021-11-09 04:48:20 +08:00
			`if key.Expiration != nil {`
			`protoKey.Expiration = timestamppb.New(*key.Expiration)`
			`}`

			`if key.CreatedAt != nil {`
			`protoKey.CreatedAt = timestamppb.New(*key.CreatedAt)`
			`}`

remove unnecessary checks on slices 2022-09-23 15:58:06 +08:00			`for idx := range key.ACLTags {`
			`protoKey.AclTags[idx] = key.ACLTags[idx].Tag`
Adds grpc/cli support for preauthkey tags 2022-08-25 18:03:38 +08:00			`}`

Try to address issue raised by cure 2021-11-09 04:48:20 +08:00			`return &protoKey`
Simplify and streamline preauth commands for new cli/rpc/api 2021-11-05 06:14:39 +08:00			`}`