juanfont/headscale
1
1
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-09-20 15:26:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
1922 commits 53 branches 130 tags 28 MiB
Commit graph

52 commits

Author SHA1 Message Date
Kristoffer Dalby e631c6f7e0 Merge master 2022-05-16 21:41:46 +02:00
Antoine POPINEAU 7cc58af932
Allow more configuration over the OIDC flow. 
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
 2022-05-02 17:11:07 +02:00
Kristoffer Dalby 14994cb6cc Use new logic and fields for dns 2022-04-24 20:55:54 +01:00
Kristoffer Dalby 739653fa71
Merge branch 'main' into feat-add-debug-log 2022-03-18 20:44:21 +00:00
Adrien Raffin-Caboisse 2e04abf4bb
feat(oidc): add debug log 2022-03-18 09:40:12 +01:00
Adrien Raffin-Caboisse 61ebb713f2
fix(oidc): Reset expiry for reauthentication 
The previous code resetted the expiry time to be expired.  So the machine was never reauthenticated
 2022-03-18 09:32:07 +01:00
Adrien Raffin-Caboisse f19c048569
fix: change normalization function name 2022-03-07 22:55:54 +01:00
Adrien Raffin-Caboisse 1114449601
change: update name of method to check and normalize Domain name 2022-03-06 20:46:17 +01:00
Kristoffer Dalby 1f8c7f427b Add comment 2022-03-02 07:29:56 +00:00
Kristoffer Dalby ec4dc68524 Use correct machinekey format for oidc reg 2022-03-02 07:29:56 +00:00
Kristoffer Dalby 86ade72c19 Remove err check 2022-03-02 07:29:56 +00:00
Kristoffer Dalby 82cb6b9ddc Cleanup some unreachable code 2022-02-28 23:00:41 +00:00
Kristoffer Dalby 8bef04d8df Remove sorted todo 2022-02-28 22:45:42 +00:00
Kristoffer Dalby 5e92ddad43 Remove redundant caches 
This commit removes the two extra caches (oidc, requested time) and uses
the new central registration cache instead. The requested time is
unified into the main machine object and the oidc key is just added to
the same cache, as a string with the state as a key instead of machine
key.
 2022-02-28 22:42:30 +00:00
Kristoffer Dalby 16b21e8158 Remove all references to Machine.Registered 2022-02-28 16:55:57 +00:00
Kristoffer Dalby 35616eb861 Fix oidc error were namespace isnt created #365 2022-02-28 16:41:28 +00:00
Kristoffer Dalby 54cc3c067f Implement new machine register parameter 2022-02-28 16:34:50 +00:00
Kristoffer Dalby 469551bc5d Register new machines needing callback in memory 
This commit stores temporary registration data in cache, instead of
memory allowing us to only have actually registered machines in the
database.
 2022-02-28 08:06:39 +00:00
Kristoffer Dalby fd1e4a1dcd Generalise registration for openid 2022-02-27 18:42:24 +01:00
Adrien Raffin-Caboisse 046116656b chore: update formatting 2022-02-23 14:22:21 +01:00
Adrien Raffin-Caboisse 4f1f235a2e feat: add strip_email_domain to normalization of namespace 2022-02-23 14:03:07 +01:00
Adrien Raffin-Caboisse afd4a3706e chore: update formating 2022-02-22 21:05:39 +01:00
Adrien Raffin-Caboisse 0191ea93ff
feat(oidc): bind email to namespace 2022-02-22 19:59:15 +01:00
Csaba Sarkadi 1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
wakeful-cloud 1c7cb98042
Template Fixes 2021-12-22 19:43:53 -07:00
Kristoffer Dalby 59aeaa8476 Ensure we always have the key prefix when needed 2021-11-27 20:25:12 +00:00
Kristoffer Dalby c38f00fab8 Unmarshal keys in the non-deprecated way 2021-11-26 23:50:42 +00:00
Kristoffer Dalby cfd53bc4aa Factor wgkey to types/key 
This commit converts all the uses of wgkey to the new key interfaces.

It now has specific  machine, node and discovery keys and we now should
use them correctly.

Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.

In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
 2021-11-26 23:30:42 +00:00
Kristoffer Dalby 021c464148 Add cache for requested expiry times 
This commit adds a sentral cache to keep track of clients whom has
requested an expiry time, but were we need to keep hold of it until the
second request comes in.
 2021-11-22 19:32:52 +00:00
Kristoffer Dalby e600ead3e9 Make sure nodes can reauthenticate 
This commit fixes an issue where nodes were not able to reauthenticate.
 2021-11-22 19:32:11 +00:00
Kristoffer Dalby 200c10e48c Add missing return in oidc.go 2021-11-22 17:22:47 +00:00
Kristoffer Dalby 74044f62f4
Remove anouther potential error leak 2021-11-21 21:54:19 +00:00
Kristoffer Dalby fcd4d94927
Clean up logging and error handling in oidc 
We should never expose errors via web, it gives attackers a lot of info
(Insert OWASP guide).

Also handle error that didnt separate not found gorm issue and other
errors.
 2021-11-21 21:51:39 +00:00
Kristoffer Dalby 9aac1fb255 Remove expiry logic, this needs to be redone 2021-11-19 09:02:29 +00:00
Kristoffer Dalby 106b1e7e8d Create constants for other reg methods 2021-11-18 17:51:54 +00:00
Kristoffer Dalby 715542ac1c
Add and fix stylecheck (golint replacement) 2021-11-15 17:24:24 +00:00
Kristoffer Dalby 333be80f9c
Fix rest of var name in main code 2021-11-15 16:15:50 +00:00
Kristoffer Dalby 471c0b4993
Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00
Kristoffer Dalby 53ed749f45
Start work on making gocritic pass 2021-11-14 18:44:37 +01:00
Kristoffer Dalby 85f28a3f4a
Remove all instances of undefined numbers (gonmd) 2021-11-14 18:31:51 +01:00
Kristoffer Dalby 796072a5a4
Add and fix ifshort 2021-11-14 18:09:22 +01:00
Kristoffer Dalby 89eb13c6cb
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Kristoffer Dalby 2634215f12 golangci-lint --fix 2021-11-13 08:39:04 +00:00
Kristoffer Dalby 03b7ec62ca Go format with shorter lines 2021-11-13 08:36:45 +00:00
Kristoffer Dalby dbe193ad17
Fix up leftovers from kradalby PR 2021-10-19 18:25:59 +01:00
Kristoffer Dalby 677bd9b657 Implement namespace matching 2021-10-18 19:27:52 +00:00
Raal Goff 74e6c1479e updates from code review 2021-10-10 17:22:42 +08:00
Raal Goff e407d423d4 updates from code review 2021-10-08 17:43:52 +08:00
unreality 35795c79c3
Handle trailing slash on uris 
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
 2021-10-08 15:26:31 +08:00
Raal Goff c487591437 use go-oidc instead of verifying and extracting tokens ourselves, rename oidc_endpoint to oidc_issuer to be more inline with spec 2021-10-06 17:19:15 +08:00