TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-08-11 15:27:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add verify client config for embedded DERP (#2260)

Browse Source 
* feat: add verify client config for embedded DERP

* refactor: embedded DERP no longer verify clients via HTTP

- register the `headscale://` protocol in `http.DefaultTransport` to intercept network requests
- update configuration to use a single boolean option `verify_clients`

* refactor: use `http.HandlerFunc` for type definition

* refactor: some renaming and restructuring

* chore: some renaming and fix lint

* test: fix TestDERPVerifyEndpoint

- `tailscale debug derp` use random node private key

* test: add verify clients integration test for embedded DERP server

* fix: apply code review suggestions

* chore: merge upstream changes

* fix: apply code review suggestions

---------

Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
This commit is contained in:
seiuneko
2025-06-18 15:24:53 +08:00
committed by GitHub
parent bad783321e
commit d325211617
10 changed files with 182 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
integration/tsic/tsic.go
View File

@@ -26,7 +26,10 @@ import (
"github.com/ory/dockertest/v3/docker"
"tailscale.com/ipn"
"tailscale.com/ipn/ipnstate"
"tailscale.com/ipn/store/mem"
"tailscale.com/net/netcheck"
"tailscale.com/paths"
"tailscale.com/types/key"
"tailscale.com/types/netmap"
)
@@ -1228,3 +1231,29 @@ func (t *TailscaleInContainer) ReadFile(path string) ([]byte, error) {
return out.Bytes(), nil
}
func (t *TailscaleInContainer) GetNodePrivateKey() (*key.NodePrivate, error) {
state, err := t.ReadFile(paths.DefaultTailscaledStateFile())
if err != nil {
return nil, fmt.Errorf("failed to read state file: %w", err)
}
store := &mem.Store{}
if err = store.LoadFromJSON(state); err != nil {
return nil, fmt.Errorf("failed to unmarshal state file: %w", err)
}
currentProfileKey, err := store.ReadState(ipn.CurrentProfileStateKey)
if err != nil {
return nil, fmt.Errorf("failed to read current profile state key: %w", err)
}
currentProfile, err := store.ReadState(ipn.StateKey(currentProfileKey))
if err != nil {
return nil, fmt.Errorf("failed to read current profile state: %w", err)
}
p := &ipn.Prefs{}
if err = json.Unmarshal(currentProfile, &p); err != nil {
return nil, fmt.Errorf("failed to unmarshal current profile state: %w", err)
}
return &p.Persist.PrivateNodeKey, nil
}