add expiration from OIDC token to machine

2024-09-20 23:37:07 +08:00 · 2022-12-15 01:10:26 +01:00 · 2022-12-15 01:10:26 +01:00 · 7157e14aff
parent 4e2c4f92d3
commit 7157e14aff
3 changed files with 9 additions and 1 deletions
--- a/grpcv1.go
+++ b/grpcv1.go
@ -176,6 +176,7 @@ func (api headscaleV1APIServer) RegisterMachine(
 	machine, err := api.h.RegisterMachineFromAuthCallback(
 		request.GetKey(),
 		request.GetNamespace(),
+		nil,
 		RegisterMethodCLI,
 	)
 	if err != nil {
--- a/machine.go
+++ b/machine.go
@ -852,6 +852,7 @@ func getTags(
 func (h *Headscale) RegisterMachineFromAuthCallback(
 	nodeKeyStr string,
 	namespaceName string,
+	machineExpiry *time.Time,
 	registrationMethod string,
 ) (*Machine, error) {
 	nodeKey := key.NodePublic{}
@ -885,6 +886,10 @@ func (h *Headscale) RegisterMachineFromAuthCallback(
 			registrationMachine.NamespaceID = namespace.ID
 			registrationMachine.RegisterMethod = registrationMethod

+			if machineExpiry != nil {
+				registrationMachine.Expiry = machineExpiry
+			}
+
 			machine, err := h.RegisterMachine(
 				registrationMachine,
 			)
--- a/oidc.go
+++ b/oidc.go
@ -236,7 +236,7 @@ func (h *Headscale) OIDCCallback(
 		return
 	}

-	if err := h.registerMachineForOIDCCallback(writer, namespace, nodeKey); err != nil {
+	if err := h.registerMachineForOIDCCallback(writer, namespace, nodeKey, idToken.Expiry); err != nil {
 		return
 	}

@ -679,10 +679,12 @@ func (h *Headscale) registerMachineForOIDCCallback(
 	writer http.ResponseWriter,
 	namespace *Namespace,
 	nodeKey *key.NodePublic,
+	expiry time.Time,
 ) error {
 	if _, err := h.RegisterMachineFromAuthCallback(
 		nodeKey.String(),
 		namespace.Name,
+		&expiry,
 		RegisterMethodOIDC,
 	); err != nil {
 		log.Error().