From e950b3be29286f76296ff48f2a2ed9c488d65fe2 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Wed, 10 Aug 2022 13:15:31 +0200 Subject: [PATCH 01/12] Add method to fetch by nodekey --- machine.go | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/machine.go b/machine.go index 22be0da1..d2e55b03 100644 --- a/machine.go +++ b/machine.go @@ -350,7 +350,7 @@ func (h *Headscale) GetMachineByID(id uint64) (*Machine, error) { return &m, nil } -// GetMachineByMachineKey finds a Machine by ID and returns the Machine struct. +// GetMachineByMachineKey finds a Machine by its MachineKey and returns the Machine struct. func (h *Headscale) GetMachineByMachineKey( machineKey key.MachinePublic, ) (*Machine, error) { @@ -362,6 +362,19 @@ func (h *Headscale) GetMachineByMachineKey( return &m, nil } +// GetMachineByNodeKey finds a Machine by its current NodeKey +func (h *Headscale) GetMachineByNodeKey( + nodeKey key.NodePublic, +) (*Machine, error) { + machine := Machine{} + if result := h.db.Preload("Namespace").First(&machine, "node_key = ?", + NodePublicKeyStripPrefix(nodeKey)); result.Error != nil { + return nil, result.Error + } + + return &machine, nil +} + // UpdateMachineFromDatabase takes a Machine struct pointer (typically already loaded from database // and updates it with the latest data from the database. func (h *Headscale) UpdateMachineFromDatabase(machine *Machine) error { @@ -762,11 +775,11 @@ func getTags( } func (h *Headscale) RegisterMachineFromAuthCallback( - machineKeyStr string, + nodeKeyStr string, namespaceName string, registrationMethod string, ) (*Machine, error) { - if machineInterface, ok := h.registrationCache.Get(machineKeyStr); ok { + if machineInterface, ok := h.registrationCache.Get(nodeKeyStr); ok { if registrationMachine, ok := machineInterface.(Machine); ok { namespace, err := h.GetNamespace(namespaceName) if err != nil { From e91c378bd42a4339a36df045ac2ef9aca61a217a Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Wed, 10 Aug 2022 15:35:26 +0200 Subject: [PATCH 02/12] Replace machine key with node key in preparation for Noise in auth related stuff --- api.go | 8 +++--- cmd/headscale/cli/nodes.go | 2 +- grpcv1.go | 4 +-- oidc.go | 52 +++++++++++++++++++------------------- 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/api.go b/api.go index ff0de0c4..9760da0d 100644 --- a/api.go +++ b/api.go @@ -112,8 +112,8 @@ func (h *Headscale) RegisterWebAPI( writer http.ResponseWriter, req *http.Request, ) { - machineKeyStr := req.URL.Query().Get("key") - if machineKeyStr == "" { + nodeKeyStr := req.URL.Query().Get("key") + if nodeKeyStr == "" { writer.Header().Set("Content-Type", "text/plain; charset=utf-8") writer.WriteHeader(http.StatusBadRequest) _, err := writer.Write([]byte("Wrong params")) @@ -129,7 +129,7 @@ func (h *Headscale) RegisterWebAPI( var content bytes.Buffer if err := registerWebAPITemplate.Execute(&content, registerWebAPITemplateConfig{ - Key: machineKeyStr, + Key: nodeKeyStr, }); err != nil { log.Error(). Str("func", "RegisterWebAPI"). @@ -251,7 +251,7 @@ func (h *Headscale) RegistrationHandler( } h.registrationCache.Set( - machineKeyStr, + newMachine.NodeKey, newMachine, registerCacheExpiration, ) diff --git a/cmd/headscale/cli/nodes.go b/cmd/headscale/cli/nodes.go index c2b1e950..a4f2a693 100644 --- a/cmd/headscale/cli/nodes.go +++ b/cmd/headscale/cli/nodes.go @@ -108,7 +108,7 @@ var registerNodeCmd = &cobra.Command{ if err != nil { ErrorOutput( err, - fmt.Sprintf("Error getting machine key from flag: %s", err), + fmt.Sprintf("Error getting node key from flag: %s", err), output, ) diff --git a/grpcv1.go b/grpcv1.go index b1e5c1ee..e3db5dd4 100644 --- a/grpcv1.go +++ b/grpcv1.go @@ -159,7 +159,7 @@ func (api headscaleV1APIServer) RegisterMachine( ) (*v1.RegisterMachineResponse, error) { log.Trace(). Str("namespace", request.GetNamespace()). - Str("machine_key", request.GetKey()). + Str("node_key", request.GetKey()). Msg("Registering machine") machine, err := api.h.RegisterMachineFromAuthCallback( @@ -199,7 +199,7 @@ func (api headscaleV1APIServer) SetTags( err := validateTag(tag) if err != nil { return &v1.SetTagsResponse{ - Machine: nil, + Machine: nil, }, status.Error(codes.InvalidArgument, err.Error()) } } diff --git a/oidc.go b/oidc.go index d995c976..a9309191 100644 --- a/oidc.go +++ b/oidc.go @@ -27,7 +27,7 @@ const ( errOIDCAllowedDomains = Error("authenticated principal does not match any allowed domain") errOIDCAllowedUsers = Error("authenticated principal does not match any allowed user") errOIDCInvalidMachineState = Error("requested machine state key expired before authorisation completed") - errOIDCMachineKeyMissing = Error("could not get machine key from cache") + errOIDCNodeKeyMissing = Error("could not get node key from cache") ) type IDTokenClaims struct { @@ -68,26 +68,26 @@ func (h *Headscale) initOIDC() error { } // RegisterOIDC redirects to the OIDC provider for authentication -// Puts machine key in cache so the callback can retrieve it using the oidc state param +// Puts node key in cache so the callback can retrieve it using the oidc state param // Listens in /oidc/register/:mKey. func (h *Headscale) RegisterOIDC( writer http.ResponseWriter, req *http.Request, ) { vars := mux.Vars(req) - machineKeyStr, ok := vars["mkey"] - if !ok || machineKeyStr == "" { + nodeKeyStr, ok := vars["nkey"] + if !ok || nodeKeyStr == "" { log.Error(). Caller(). - Msg("Missing machine key in URL") - http.Error(writer, "Missing machine key in URL", http.StatusBadRequest) + Msg("Missing node key in URL") + http.Error(writer, "Missing node key in URL", http.StatusBadRequest) return } log.Trace(). Caller(). - Str("machine_key", machineKeyStr). + Str("node_key", nodeKeyStr). Msg("Received oidc register call") randomBlob := make([]byte, randomByteSize) @@ -102,8 +102,8 @@ func (h *Headscale) RegisterOIDC( stateStr := hex.EncodeToString(randomBlob)[:32] - // place the machine key into the state cache, so it can be retrieved later - h.registrationCache.Set(stateStr, machineKeyStr, registerCacheExpiration) + // place the node key into the state cache, so it can be retrieved later + h.registrationCache.Set(stateStr, nodeKeyStr, registerCacheExpiration) // Add any extra parameter provided in the configuration to the Authorize Endpoint request extras := make([]oauth2.AuthCodeOption, 0, len(h.cfg.OIDC.ExtraParams)) @@ -178,7 +178,7 @@ func (h *Headscale) OIDCCallback( return } - machineKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims) + nodeKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims) if err != nil || machineExists { return } @@ -196,7 +196,7 @@ func (h *Headscale) OIDCCallback( return } - if err := h.registerMachineForOIDCCallback(writer, namespace, machineKey); err != nil { + if err := h.registerMachineForOIDCCallback(writer, namespace, nodeKey); err != nil { return } @@ -401,7 +401,7 @@ func (h *Headscale) validateMachineForOIDCCallback( writer http.ResponseWriter, state string, claims *IDTokenClaims, -) (*key.MachinePublic, bool, error) { +) (*key.NodePublic, bool, error) { // retrieve machinekey from state cache machineKeyIf, machineKeyFound := h.registrationCache.Get(state) if !machineKeyFound { @@ -420,14 +420,14 @@ func (h *Headscale) validateMachineForOIDCCallback( return nil, false, errOIDCInvalidMachineState } - var machineKey key.MachinePublic - machineKeyFromCache, machineKeyOK := machineKeyIf.(string) - err := machineKey.UnmarshalText( - []byte(MachinePublicKeyEnsurePrefix(machineKeyFromCache)), + var nodeKey key.NodePublic + nodeKeyFromCache, nodeKeyOK := machineKeyIf.(string) + err := nodeKey.UnmarshalText( + []byte(NodePublicKeyEnsurePrefix(nodeKeyFromCache)), ) if err != nil { log.Error(). - Msg("could not parse machine public key") + Msg("could not parse node public key") writer.Header().Set("Content-Type", "text/plain; charset=utf-8") writer.WriteHeader(http.StatusBadRequest) _, werr := writer.Write([]byte("could not parse public key")) @@ -441,11 +441,11 @@ func (h *Headscale) validateMachineForOIDCCallback( return nil, false, err } - if !machineKeyOK { - log.Error().Msg("could not get machine key from cache") + if !nodeKeyOK { + log.Error().Msg("could not get node key from cache") writer.Header().Set("Content-Type", "text/plain; charset=utf-8") writer.WriteHeader(http.StatusInternalServerError) - _, err := writer.Write([]byte("could not get machine key from cache")) + _, err := writer.Write([]byte("could not get node key from cache")) if err != nil { log.Error(). Caller(). @@ -453,14 +453,14 @@ func (h *Headscale) validateMachineForOIDCCallback( Msg("Failed to write response") } - return nil, false, errOIDCMachineKeyMissing + return nil, false, errOIDCNodeKeyMissing } // retrieve machine information if it exist // The error is not important, because if it does not // exist, then this is a new machine and we will move // on to registration. - machine, _ := h.GetMachineByMachineKey(machineKey) + machine, _ := h.GetMachineByNodeKey(nodeKey) if machine != nil { log.Trace(). @@ -516,7 +516,7 @@ func (h *Headscale) validateMachineForOIDCCallback( return nil, true, nil } - return &machineKey, false, nil + return &nodeKey, false, nil } func getNamespaceName( @@ -596,12 +596,12 @@ func (h *Headscale) findOrCreateNewNamespaceForOIDCCallback( func (h *Headscale) registerMachineForOIDCCallback( writer http.ResponseWriter, namespace *Namespace, - machineKey *key.MachinePublic, + nodeKey *key.NodePublic, ) error { - machineKeyStr := MachinePublicKeyStripPrefix(*machineKey) + nodeKeyStr := NodePublicKeyStripPrefix(*nodeKey) if _, err := h.RegisterMachineFromAuthCallback( - machineKeyStr, + nodeKeyStr, namespace.Name, RegisterMethodOIDC, ); err != nil { From 030d7264e61b54fd01fb91e0cd290e8524baa78f Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Wed, 10 Aug 2022 16:03:33 +0200 Subject: [PATCH 03/12] Fixed comment for linting --- machine.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machine.go b/machine.go index d2e55b03..aebfbcef 100644 --- a/machine.go +++ b/machine.go @@ -362,7 +362,7 @@ func (h *Headscale) GetMachineByMachineKey( return &m, nil } -// GetMachineByNodeKey finds a Machine by its current NodeKey +// GetMachineByNodeKey finds a Machine by its current NodeKey. func (h *Headscale) GetMachineByNodeKey( nodeKey key.NodePublic, ) (*Machine, error) { From fb3b2e6bc8221914f81823c23b6b32ba125651d9 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Thu, 11 Aug 2022 12:11:02 +0200 Subject: [PATCH 04/12] Improve protocol implementation for client registration (fixes #706) --- api.go | 47 +++++++++++++++++++++++++++++++++++++++-------- app.go | 2 +- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/api.go b/api.go index 9760da0d..a9711e0e 100644 --- a/api.go +++ b/api.go @@ -107,13 +107,14 @@ var registerWebAPITemplate = template.Must( `)) // RegisterWebAPI shows a simple message in the browser to point to the CLI -// Listens in /register. +// Listens in /register/:nkey. func (h *Headscale) RegisterWebAPI( writer http.ResponseWriter, req *http.Request, ) { - nodeKeyStr := req.URL.Query().Get("key") - if nodeKeyStr == "" { + vars := mux.Vars(req) + nodeKeyStr, ok := vars["nkey"] + if !ok || nodeKeyStr == "" { writer.Header().Set("Content-Type", "text/plain; charset=utf-8") writer.WriteHeader(http.StatusBadRequest) _, err := writer.Write([]byte("Wrong params")) @@ -206,8 +207,6 @@ func (h *Headscale) RegistrationHandler( now := time.Now().UTC() machine, err := h.GetMachineByMachineKey(machineKey) if errors.Is(err, gorm.ErrRecordNotFound) { - log.Info().Str("machine", registerRequest.Hostinfo.Hostname).Msg("New machine") - machineKeyStr := MachinePublicKeyStripPrefix(machineKey) // If the machine has AuthKey set, handle registration via PreAuthKeys @@ -217,6 +216,38 @@ func (h *Headscale) RegistrationHandler( return } + // Check if the node is waiting for interactive login + // + // TODO(juan): We could use this field to improve our protocol implementation, + // and hold the request until the client closes it, or the interactive + // login is completed (i.e., the user registers the machine). + // This is not implemented yet, as it is no strictly required. The only side-effect + // is that the client will hammer headscale with requests until it gets a + // successful RegisterResponse. + if registerRequest.Followup != "" { + if _, ok := h.registrationCache.Get(NodePublicKeyStripPrefix(registerRequest.NodeKey)); ok { + log.Debug(). + Caller(). + Str("machine", registerRequest.Hostinfo.Hostname). + Str("NodeKey", registerRequest.NodeKey.ShortString()). + Str("OldNodeKey", registerRequest.OldNodeKey.ShortString()). + Str("Followup", registerRequest.Followup). + Msg("Machine is waiting for interactive login") + + h.handleMachineRegistrationNew(writer, req, machineKey, registerRequest) + + return + } + } + + log.Info(). + Caller(). + Str("machine", registerRequest.Hostinfo.Hostname). + Str("NodeKey", registerRequest.NodeKey.ShortString()). + Str("OldNodeKey", registerRequest.OldNodeKey.ShortString()). + Str("Followup", registerRequest.Followup). + Msg("New machine not yet in the database") + givenName, err := h.GenerateGivenName(registerRequest.Hostinfo.Hostname) if err != nil { log.Error(). @@ -645,7 +676,7 @@ func (h *Headscale) handleMachineRegistrationNew( // The machine registration is new, redirect the client to the registration URL log.Debug(). Str("machine", registerRequest.Hostinfo.Hostname). - Msg("The node is sending us a new NodeKey, sending auth url") + Msg("The node seems to be new, sending auth url") if h.cfg.OIDC.Issuer != "" { resp.AuthURL = fmt.Sprintf( "%s/oidc/register/%s", @@ -653,8 +684,8 @@ func (h *Headscale) handleMachineRegistrationNew( machineKey.String(), ) } else { - resp.AuthURL = fmt.Sprintf("%s/register?key=%s", - strings.TrimSuffix(h.cfg.ServerURL, "/"), MachinePublicKeyStripPrefix(machineKey)) + resp.AuthURL = fmt.Sprintf("%s/register/%s", + strings.TrimSuffix(h.cfg.ServerURL, "/"), NodePublicKeyStripPrefix(registerRequest.NodeKey)) } respBody, err := encode(resp, &machineKey, h.privateKey) diff --git a/app.go b/app.go index bd88dedf..60258e6e 100644 --- a/app.go +++ b/app.go @@ -417,7 +417,7 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router { router.HandleFunc("/health", h.HealthHandler).Methods(http.MethodGet) router.HandleFunc("/key", h.KeyHandler).Methods(http.MethodGet) - router.HandleFunc("/register", h.RegisterWebAPI).Methods(http.MethodGet) + router.HandleFunc("/register/{nkey}", h.RegisterWebAPI).Methods(http.MethodGet) router.HandleFunc("/machine/{mkey}/map", h.PollNetMapHandler).Methods(http.MethodPost) router.HandleFunc("/machine/{mkey}", h.RegistrationHandler).Methods(http.MethodPost) router.HandleFunc("/oidc/register/{mkey}", h.RegisterOIDC).Methods(http.MethodGet) From 804d70386d126e4c0b5b77a9410feaba7bcc75e3 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Thu, 11 Aug 2022 12:15:16 +0200 Subject: [PATCH 05/12] Switch to nodekey in urls --- app.go | 2 +- oidc.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app.go b/app.go index 60258e6e..50676679 100644 --- a/app.go +++ b/app.go @@ -420,7 +420,7 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router { router.HandleFunc("/register/{nkey}", h.RegisterWebAPI).Methods(http.MethodGet) router.HandleFunc("/machine/{mkey}/map", h.PollNetMapHandler).Methods(http.MethodPost) router.HandleFunc("/machine/{mkey}", h.RegistrationHandler).Methods(http.MethodPost) - router.HandleFunc("/oidc/register/{mkey}", h.RegisterOIDC).Methods(http.MethodGet) + router.HandleFunc("/oidc/register/{nkey}", h.RegisterOIDC).Methods(http.MethodGet) router.HandleFunc("/oidc/callback", h.OIDCCallback).Methods(http.MethodGet) router.HandleFunc("/apple", h.AppleConfigMessage).Methods(http.MethodGet) router.HandleFunc("/apple/{platform}", h.ApplePlatformConfig).Methods(http.MethodGet) diff --git a/oidc.go b/oidc.go index a9309191..553bb788 100644 --- a/oidc.go +++ b/oidc.go @@ -68,8 +68,8 @@ func (h *Headscale) initOIDC() error { } // RegisterOIDC redirects to the OIDC provider for authentication -// Puts node key in cache so the callback can retrieve it using the oidc state param -// Listens in /oidc/register/:mKey. +// Puts NodeKey in cache so the callback can retrieve it using the oidc state param +// Listens in /oidc/register/:nKey. func (h *Headscale) RegisterOIDC( writer http.ResponseWriter, req *http.Request, @@ -135,7 +135,7 @@ var oidcCallbackTemplate = template.Must( ) // OIDCCallback handles the callback from the OIDC endpoint -// Retrieves the mkey from the state cache and adds the machine to the users email namespace +// Retrieves the nkey from the state cache and adds the machine to the users email namespace // TODO: A confirmation page for new machines should be added to avoid phishing vulnerabilities // TODO: Add groups information from OIDC tokens into machine HostInfo // Listens in /oidc/callback. From d586b9d2856c9974c27c14d9fc64a6e3aa003494 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Thu, 11 Aug 2022 12:16:50 +0200 Subject: [PATCH 06/12] Added comment clarifying registration API --- api.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api.go b/api.go index a9711e0e..9b711855 100644 --- a/api.go +++ b/api.go @@ -108,6 +108,9 @@ var registerWebAPITemplate = template.Must( // RegisterWebAPI shows a simple message in the browser to point to the CLI // Listens in /register/:nkey. +// +// This is not part of the Tailscale control API, as we could send whatever URL +// in the RegisterResponse.AuthURL field. func (h *Headscale) RegisterWebAPI( writer http.ResponseWriter, req *http.Request, From e1e3feb6a810664c43ba5096c476a32a1dcab87c Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Thu, 11 Aug 2022 13:37:25 +0200 Subject: [PATCH 07/12] Add a sleep to reduce the impact of #727 --- api.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/api.go b/api.go index 8c400122..dcccea35 100644 --- a/api.go +++ b/api.go @@ -21,6 +21,7 @@ import ( ) const ( + registrationHoldoff = time.Second * 5 // TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed reservedResponseHeaderSize = 4 RegisterMethodAuthKey = "authkey" RegisterMethodOIDC = "oidc" @@ -237,9 +238,15 @@ func (h *Headscale) RegistrationHandler( Str("Followup", registerRequest.Followup). Msg("Machine is waiting for interactive login") - h.handleMachineRegistrationNew(writer, req, machineKey, registerRequest) + ticker := time.NewTicker(registrationHoldoff) + select { + case <-req.Context().Done(): + return + case <-ticker.C: + h.handleMachineRegistrationNew(writer, req, machineKey, registerRequest) - return + return + } } } From 739e11e1ee48ab07414b2bea091470f4563e0598 Mon Sep 17 00:00:00 2001 From: Juan Font Date: Fri, 12 Aug 2022 09:02:58 +0200 Subject: [PATCH 08/12] Update api.go Co-authored-by: Kristoffer Dalby --- api.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api.go b/api.go index dcccea35..ec89e895 100644 --- a/api.go +++ b/api.go @@ -21,7 +21,8 @@ import ( ) const ( - registrationHoldoff = time.Second * 5 // TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed + // TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed + registrationHoldoff = time.Second * 5 reservedResponseHeaderSize = 4 RegisterMethodAuthKey = "authkey" RegisterMethodOIDC = "oidc" From f01a33491b955b189143522c0eb52f160d264ca1 Mon Sep 17 00:00:00 2001 From: Juan Font Date: Fri, 12 Aug 2022 09:03:11 +0200 Subject: [PATCH 09/12] Update api.go Co-authored-by: Kristoffer Dalby --- api.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api.go b/api.go index ec89e895..dce1ad86 100644 --- a/api.go +++ b/api.go @@ -254,9 +254,9 @@ func (h *Headscale) RegistrationHandler( log.Info(). Caller(). Str("machine", registerRequest.Hostinfo.Hostname). - Str("NodeKey", registerRequest.NodeKey.ShortString()). - Str("OldNodeKey", registerRequest.OldNodeKey.ShortString()). - Str("Followup", registerRequest.Followup). + Str("node_key", registerRequest.NodeKey.ShortString()). + Str("node_key_old", registerRequest.OldNodeKey.ShortString()). + Str("follow_up", registerRequest.Followup). Msg("New machine not yet in the database") givenName, err := h.GenerateGivenName(registerRequest.Hostinfo.Hostname) From a261e271131c469e4db9ad0a2b0565da47150e88 Mon Sep 17 00:00:00 2001 From: Juan Font Date: Fri, 12 Aug 2022 09:03:32 +0200 Subject: [PATCH 10/12] Update api.go Co-authored-by: Kristoffer Dalby --- api.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api.go b/api.go index dce1ad86..a5c23486 100644 --- a/api.go +++ b/api.go @@ -234,9 +234,9 @@ func (h *Headscale) RegistrationHandler( log.Debug(). Caller(). Str("machine", registerRequest.Hostinfo.Hostname). - Str("NodeKey", registerRequest.NodeKey.ShortString()). - Str("OldNodeKey", registerRequest.OldNodeKey.ShortString()). - Str("Followup", registerRequest.Followup). + Str("node_key", registerRequest.NodeKey.ShortString()). + Str("node_key_old", registerRequest.OldNodeKey.ShortString()). + Str("follow_up", registerRequest.Followup). Msg("Machine is waiting for interactive login") ticker := time.NewTicker(registrationHoldoff) From a9b9a2942dd156e975af3bcd6334485216f1e52d Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Fri, 12 Aug 2022 09:31:11 +0200 Subject: [PATCH 11/12] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8505e5a5..7b63a234 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722) - Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563) +- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725) ## 0.16.0 (2022-07-25) From 77bf1e81ecb58a9e981b148b12719563f9e25994 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Fri, 12 Aug 2022 09:36:17 +0200 Subject: [PATCH 12/12] Added missing dot in comment --- api.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api.go b/api.go index a5c23486..561545b8 100644 --- a/api.go +++ b/api.go @@ -21,7 +21,7 @@ import ( ) const ( - // TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed + // TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed. registrationHoldoff = time.Second * 5 reservedResponseHeaderSize = 4 RegisterMethodAuthKey = "authkey" @@ -221,7 +221,7 @@ func (h *Headscale) RegistrationHandler( return } - // Check if the node is waiting for interactive login + // Check if the node is waiting for interactive login. // // TODO(juan): We could use this field to improve our protocol implementation, // and hold the request until the client closes it, or the interactive