From 323a7d9c2edd5b5205705f41f118f95759ac4e8b Mon Sep 17 00:00:00 2001
From: Juan Font Alonso <juanfontalonso@gmail.com>
Date: Sun, 27 Mar 2022 21:33:31 +0200
Subject: [PATCH] Do not expose the general API router over the Noise
 connection

And do not expose the Noise API over the regular connection. Plus,
there are (more) changes coming to the API... so let's have different
API codebases.
---
 app.go       | 18 +++++++++++++++---
 noise.go     |  2 +-
 noise_api.go |  1 +
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 noise_api.go

diff --git a/app.go b/app.go
index 092e5b29..9d18b779 100644
--- a/app.go
+++ b/app.go
@@ -152,7 +152,7 @@ type Headscale struct {
 	privateKey      *key.MachinePrivate
 	noisePrivateKey *key.MachinePrivate
 
-	router *gin.Engine
+	noiseRouter *gin.Engine
 
 	DERPMap    *tailcfg.DERPMap
 	DERPServer *DERPServer
@@ -510,6 +510,12 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
 	return router
 }
 
+func (h *Headscale) createNoiseRouter() *gin.Engine {
+	router := gin.Default()
+
+	return router
+}
+
 // Serve launches a GIN server with the Headscale API.
 func (h *Headscale) Serve() error {
 	var err error
@@ -675,11 +681,17 @@ func (h *Headscale) Serve() error {
 	// HTTP setup
 	//
 
-	h.router = h.createRouter(grpcGatewayMux)
+	// This is the regular router that we expose
+	// over our main Addr. It also serves the legacy Tailcale API
+	router := h.createRouter(grpcGatewayMux)
+
+	// This router is only served over the Noise connection,
+	// and exposes only the new API
+	h.noiseRouter = h.createNoiseRouter()
 
 	httpServer := &http.Server{
 		Addr:        h.cfg.Addr,
-		Handler:     h.router,
+		Handler:     router,
 		ReadTimeout: HTTPReadTimeout,
 		// Go does not handle timeouts in HTTP very well, and there is
 		// no good way to handle streaming timeouts, therefore we need to
diff --git a/noise.go b/noise.go
index 1a9d1192..88d42901 100644
--- a/noise.go
+++ b/noise.go
@@ -62,7 +62,7 @@ func (h *Headscale) NoiseUpgradeHandler(ctx *gin.Context) {
 	}
 
 	server := http.Server{}
-	server.Handler = h2c.NewHandler(h.router, &http2.Server{})
+	server.Handler = h2c.NewHandler(h.noiseRouter, &http2.Server{})
 	server.Serve(netutil.NewOneConnListener(noiseConn, nil))
 }
 
diff --git a/noise_api.go b/noise_api.go
new file mode 100644
index 00000000..0b4262b0
--- /dev/null
+++ b/noise_api.go
@@ -0,0 +1 @@
+package headscale