mirror of
https://github.com/juanfont/headscale.git
synced 2025-01-19 02:10:04 +09:00
Remove expiry logic, this needs to be redone
This commit is contained in:
parent
106b1e7e8d
commit
9aac1fb255
5 changed files with 22 additions and 55 deletions
16
api.go
16
api.go
|
@ -369,13 +369,9 @@ func (h *Headscale) handleMachineExpired(
|
|||
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
||||
}
|
||||
|
||||
// When a client connects, it may request a specific expiry time in its
|
||||
// RegisterRequest (https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L634)
|
||||
// RequestedExpiry is used to store the clients requested expiry time since the authentication flow is broken
|
||||
// into two steps (which cant pass arbitrary data between them easily) and needs to be
|
||||
// retrieved again after the user has authenticated. After the authentication flow
|
||||
// completes, RequestedExpiry is copied into Expiry.
|
||||
machine.RequestedExpiry = &reqisterRequest.Expiry
|
||||
if !reqisterRequest.Expiry.IsZero() {
|
||||
machine.Expiry = &reqisterRequest.Expiry
|
||||
}
|
||||
|
||||
h.db.Save(&machine)
|
||||
|
||||
|
@ -450,8 +446,10 @@ func (h *Headscale) handleMachineRegistrationNew(
|
|||
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
|
||||
}
|
||||
|
||||
// save the requested expiry time for retrieval later in the authentication flow
|
||||
machine.RequestedExpiry = &reqisterRequest.Expiry
|
||||
if !reqisterRequest.Expiry.IsZero() {
|
||||
machine.Expiry = &reqisterRequest.Expiry
|
||||
}
|
||||
|
||||
machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey
|
||||
h.db.Save(&machine)
|
||||
|
||||
|
|
3
app.go
3
app.go
|
@ -96,9 +96,6 @@ type Config struct {
|
|||
OIDC OIDCConfig
|
||||
|
||||
CLI CLIConfig
|
||||
|
||||
MaxMachineRegistrationDuration time.Duration
|
||||
DefaultMachineRegistrationDuration time.Duration
|
||||
}
|
||||
|
||||
type OIDCConfig struct {
|
||||
|
|
17
cli_test.go
17
cli_test.go
|
@ -13,15 +13,14 @@ func (s *Suite) TestRegisterMachine(c *check.C) {
|
|||
now := time.Now().UTC()
|
||||
|
||||
machine := Machine{
|
||||
ID: 0,
|
||||
MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e",
|
||||
NodeKey: "bar",
|
||||
DiscoKey: "faa",
|
||||
Name: "testmachine",
|
||||
NamespaceID: namespace.ID,
|
||||
IPAddress: "10.0.0.1",
|
||||
Expiry: &now,
|
||||
RequestedExpiry: &now,
|
||||
ID: 0,
|
||||
MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e",
|
||||
NodeKey: "bar",
|
||||
DiscoKey: "faa",
|
||||
Name: "testmachine",
|
||||
NamespaceID: namespace.ID,
|
||||
IPAddress: "10.0.0.1",
|
||||
Expiry: &now,
|
||||
}
|
||||
app.db.Save(&machine)
|
||||
|
||||
|
|
39
machine.go
39
machine.go
|
@ -45,7 +45,6 @@ type Machine struct {
|
|||
LastSeen *time.Time
|
||||
LastSuccessfulUpdate *time.Time
|
||||
Expiry *time.Time
|
||||
RequestedExpiry *time.Time
|
||||
|
||||
HostInfo datatypes.JSON
|
||||
Endpoints datatypes.JSON
|
||||
|
@ -68,38 +67,14 @@ func (machine Machine) isAlreadyRegistered() bool {
|
|||
|
||||
// isExpired returns whether the machine registration has expired.
|
||||
func (machine Machine) isExpired() bool {
|
||||
return time.Now().UTC().After(*machine.Expiry)
|
||||
}
|
||||
|
||||
// If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration,
|
||||
// or the default duration if no Expiry time was requested by the client. The expiry time here does not (yet) cause
|
||||
// a client to be disconnected, however they will have to re-auth the machine if they attempt to reconnect after the
|
||||
// expiry time.
|
||||
func (h *Headscale) updateMachineExpiry(machine *Machine) {
|
||||
if machine.isExpired() {
|
||||
now := time.Now().UTC()
|
||||
maxExpiry := now.Add(
|
||||
h.cfg.MaxMachineRegistrationDuration,
|
||||
) // calculate the maximum expiry
|
||||
defaultExpiry := now.Add(
|
||||
h.cfg.DefaultMachineRegistrationDuration,
|
||||
) // calculate the default expiry
|
||||
|
||||
// clamp the expiry time of the machine registration to the maximum allowed, or use the default if none supplied
|
||||
if maxExpiry.Before(*machine.RequestedExpiry) {
|
||||
log.Debug().
|
||||
Msgf("Clamping registration expiry time to maximum: %v (%v)", maxExpiry, h.cfg.MaxMachineRegistrationDuration)
|
||||
machine.Expiry = &maxExpiry
|
||||
} else if machine.RequestedExpiry.IsZero() {
|
||||
log.Debug().Msgf("Using default machine registration expiry time: %v (%v)", defaultExpiry, h.cfg.DefaultMachineRegistrationDuration)
|
||||
machine.Expiry = &defaultExpiry
|
||||
} else {
|
||||
log.Debug().Msgf("Using requested machine registration expiry time: %v", machine.RequestedExpiry)
|
||||
machine.Expiry = machine.RequestedExpiry
|
||||
}
|
||||
|
||||
h.db.Save(&machine)
|
||||
// If Expiry is not set, the client has not indicated that
|
||||
// it wants an expiry time, it is therefor considered
|
||||
// to mean "not expired"
|
||||
if machine.Expiry.IsZero() {
|
||||
return false
|
||||
}
|
||||
|
||||
return time.Now().UTC().After(*machine.Expiry)
|
||||
}
|
||||
|
||||
func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) {
|
||||
|
|
2
oidc.go
2
oidc.go
|
@ -228,8 +228,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
|
|||
h.db.Save(&machine)
|
||||
}
|
||||
|
||||
h.updateMachineExpiry(machine)
|
||||
|
||||
ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
|
||||
<html>
|
||||
<body>
|
||||
|
|
Loading…
Reference in a new issue