Remove expiry logic, this needs to be redone

This commit is contained in:
Kristoffer Dalby 2021-11-19 09:02:29 +00:00
parent 106b1e7e8d
commit 9aac1fb255
5 changed files with 22 additions and 55 deletions

16
api.go
View File

@ -369,13 +369,9 @@ func (h *Headscale) handleMachineExpired(
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString()) strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
} }
// When a client connects, it may request a specific expiry time in its if !reqisterRequest.Expiry.IsZero() {
// RegisterRequest (https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L634) machine.Expiry = &reqisterRequest.Expiry
// RequestedExpiry is used to store the clients requested expiry time since the authentication flow is broken }
// into two steps (which cant pass arbitrary data between them easily) and needs to be
// retrieved again after the user has authenticated. After the authentication flow
// completes, RequestedExpiry is copied into Expiry.
machine.RequestedExpiry = &reqisterRequest.Expiry
h.db.Save(&machine) h.db.Save(&machine)
@ -450,8 +446,10 @@ func (h *Headscale) handleMachineRegistrationNew(
strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString()) strings.TrimSuffix(h.cfg.ServerURL, "/"), idKey.HexString())
} }
// save the requested expiry time for retrieval later in the authentication flow if !reqisterRequest.Expiry.IsZero() {
machine.RequestedExpiry = &reqisterRequest.Expiry machine.Expiry = &reqisterRequest.Expiry
}
machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey machine.NodeKey = wgkey.Key(reqisterRequest.NodeKey).HexString() // save the NodeKey
h.db.Save(&machine) h.db.Save(&machine)

3
app.go
View File

@ -96,9 +96,6 @@ type Config struct {
OIDC OIDCConfig OIDC OIDCConfig
CLI CLIConfig CLI CLIConfig
MaxMachineRegistrationDuration time.Duration
DefaultMachineRegistrationDuration time.Duration
} }
type OIDCConfig struct { type OIDCConfig struct {

View File

@ -13,15 +13,14 @@ func (s *Suite) TestRegisterMachine(c *check.C) {
now := time.Now().UTC() now := time.Now().UTC()
machine := Machine{ machine := Machine{
ID: 0, ID: 0,
MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e", MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e",
NodeKey: "bar", NodeKey: "bar",
DiscoKey: "faa", DiscoKey: "faa",
Name: "testmachine", Name: "testmachine",
NamespaceID: namespace.ID, NamespaceID: namespace.ID,
IPAddress: "10.0.0.1", IPAddress: "10.0.0.1",
Expiry: &now, Expiry: &now,
RequestedExpiry: &now,
} }
app.db.Save(&machine) app.db.Save(&machine)

View File

@ -45,7 +45,6 @@ type Machine struct {
LastSeen *time.Time LastSeen *time.Time
LastSuccessfulUpdate *time.Time LastSuccessfulUpdate *time.Time
Expiry *time.Time Expiry *time.Time
RequestedExpiry *time.Time
HostInfo datatypes.JSON HostInfo datatypes.JSON
Endpoints datatypes.JSON Endpoints datatypes.JSON
@ -68,38 +67,14 @@ func (machine Machine) isAlreadyRegistered() bool {
// isExpired returns whether the machine registration has expired. // isExpired returns whether the machine registration has expired.
func (machine Machine) isExpired() bool { func (machine Machine) isExpired() bool {
return time.Now().UTC().After(*machine.Expiry) // If Expiry is not set, the client has not indicated that
} // it wants an expiry time, it is therefor considered
// to mean "not expired"
// If the Machine is expired, updateMachineExpiry updates the Machine Expiry time to the maximum allowed duration, if machine.Expiry.IsZero() {
// or the default duration if no Expiry time was requested by the client. The expiry time here does not (yet) cause return false
// a client to be disconnected, however they will have to re-auth the machine if they attempt to reconnect after the
// expiry time.
func (h *Headscale) updateMachineExpiry(machine *Machine) {
if machine.isExpired() {
now := time.Now().UTC()
maxExpiry := now.Add(
h.cfg.MaxMachineRegistrationDuration,
) // calculate the maximum expiry
defaultExpiry := now.Add(
h.cfg.DefaultMachineRegistrationDuration,
) // calculate the default expiry
// clamp the expiry time of the machine registration to the maximum allowed, or use the default if none supplied
if maxExpiry.Before(*machine.RequestedExpiry) {
log.Debug().
Msgf("Clamping registration expiry time to maximum: %v (%v)", maxExpiry, h.cfg.MaxMachineRegistrationDuration)
machine.Expiry = &maxExpiry
} else if machine.RequestedExpiry.IsZero() {
log.Debug().Msgf("Using default machine registration expiry time: %v (%v)", defaultExpiry, h.cfg.DefaultMachineRegistrationDuration)
machine.Expiry = &defaultExpiry
} else {
log.Debug().Msgf("Using requested machine registration expiry time: %v", machine.RequestedExpiry)
machine.Expiry = machine.RequestedExpiry
}
h.db.Save(&machine)
} }
return time.Now().UTC().After(*machine.Expiry)
} }
func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) { func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) {

View File

@ -228,8 +228,6 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
h.db.Save(&machine) h.db.Save(&machine)
} }
h.updateMachineExpiry(machine)
ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(` ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
<html> <html>
<body> <body>