Return the correct error on cache miss

OIDC code cleanup and harmonize with regular web auth
2025-12-16 02:11:48 +00:00 · 2022-11-14 16:50:43 +01:00 · 2022-11-14 16:50:43 +01:00
6 changed files with 103 additions and 21 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -65,6 +65,7 @@ jobs:
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
+            type=raw,value=latest
            type=sha
      - name: Login to DockerHub
        uses: docker/login-action@v1
@@ -124,12 +125,13 @@ jobs:
            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
            ghcr.io/${{ github.repository_owner }}/headscale
          flavor: |
-            suffix=-debug,onlatest=true
+            latest=false
          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
+            type=semver,pattern={{version}}-debug
+            type=semver,pattern={{major}}.{{minor}}-debug
+            type=semver,pattern={{major}}-debug
+            type=raw,value=latest-debug
+            type=sha,suffix=-debug
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
@@ -159,3 +161,69 @@ jobs:
        run: |
          rm -rf /tmp/.buildx-cache-debug
          mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug
+
+  docker-alpine-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Set up QEMU for multiple platforms
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: arm64,amd64
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache-alpine
+          key: ${{ runner.os }}-buildx-alpine-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-alpine-
+      - name: Docker meta
+        id: meta-alpine
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
+            ghcr.io/${{ github.repository_owner }}/headscale
+          flavor: |
+            latest=false
+          tags: |
+            type=semver,pattern={{version}}-alpine
+            type=semver,pattern={{major}}.{{minor}}-alpine
+            type=semver,pattern={{major}}-alpine
+            type=raw,value=latest-alpine
+            type=sha,suffix=-alpine
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GHCR
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: .
+          file: Dockerfile.alpine
+          tags: ${{ steps.meta-alpine.outputs.tags }}
+          labels: ${{ steps.meta-alpine.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=local,src=/tmp/.buildx-cache-alpine
+          cache-to: type=local,dest=/tmp/.buildx-cache-alpine-new
+          build-args: |
+            VERSION=${{ steps.meta-alpine.outputs.version }}
+      - name: Prepare cache for next build
+        run: |
+          rm -rf /tmp/.buildx-cache-alpine
+          mv /tmp/.buildx-cache-alpine-new /tmp/.buildx-cache-alpine
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,6 @@
 ### BREAKING

 - Log level option `log_level` was moved to a distinct `log` config section and renamed to `level` [#768](https://github.com/juanfont/headscale/pull/768)
- Removed Alpine Linux container image [#962](https://github.com/juanfont/headscale/pull/962)

 ### Changes

@@ -26,7 +25,6 @@
 - Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
 - Fix some DNS config issues [#660](https://github.com/juanfont/headscale/issues/660)
 - Make it possible to disable TS2019 with build flag [#928](https://github.com/juanfont/headscale/pull/928)
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)

 ## 0.16.4 (2022-08-21)

--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -0,0 +1,24 @@
+# Builder image
+FROM docker.io/golang:1.19.0-alpine AS build
+ARG VERSION=dev
+ENV GOPATH /go
+WORKDIR /go/src/headscale
+
+COPY go.mod go.sum /go/src/headscale/
+RUN apk add gcc musl-dev
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
+RUN strip /go/bin/headscale
+RUN test -e /go/bin/headscale
+
+# Production image
+FROM docker.io/alpine:latest
+
+COPY --from=build /go/bin/headscale /bin/headscale
+ENV TZ UTC
+
+EXPOSE 8080/tcp
+CMD ["headscale"]
--- a/integration/scenario.go
+++ b/integration/scenario.go
@@ -26,19 +26,16 @@ const (
 var (
 	errNoHeadscaleAvailable = errors.New("no headscale available")
 	errNoNamespaceAvailable = errors.New("no namespace available")
-
-	// Tailscale started adding TS2021 support in CapabilityVersion>=28 (v1.24.0), but
-	// proper support in Headscale was only added for CapabilityVersion>=39 clients (v1.30.0).
-	tailscaleVersions2021 = []string{
+	tailscaleVersions2021   = []string{
 		"head",
 		"unstable",
 		"1.32.1",
 		"1.30.2",
+		"1.28.0",
+		"1.26.2",
 	}

 	tailscaleVersions2019 = []string{
-		"1.28.0",
-		"1.26.2",
 		"1.24.2",
 		"1.22.2",
 		"1.20.4",
--- a/oidc.go
+++ b/oidc.go
@@ -77,10 +77,9 @@ func (h *Headscale) RegisterOIDC(
 	vars := mux.Vars(req)
 	nodeKeyStr, ok := vars["nkey"]

-	log.Debug().
+	log.Trace().
 		Caller().
 		Str("node_key", nodeKeyStr).
-		Bool("ok", ok).
 		Msg("Received oidc register call")

 	if !NodePublicKeyRegex.Match([]byte(nodeKeyStr)) {
@@ -108,9 +107,7 @@ func (h *Headscale) RegisterOIDC(
 	)

 	if !ok || nodeKeyStr == "" || err != nil {
-		log.Warn().
-			Err(err).
-			Msg("Failed to parse incoming nodekey in OIDC registration")
+		log.Warn().Err(err).Msg("Failed to parse incoming nodekey")

 		writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		writer.WriteHeader(http.StatusBadRequest)
--- a/protocol_common.go
+++ b/protocol_common.go
@@ -490,7 +490,6 @@ func (h *Headscale) handleNewMachineCommon(
 		Bool("noise", machineKey.IsZero()).
 		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("The node seems to be new, sending auth url")
-
 	if h.oauth2Config != nil {
 		resp.AuthURL = fmt.Sprintf(
 			"%s/oidc/register/%s",
@@ -529,7 +528,6 @@ func (h *Headscale) handleNewMachineCommon(
 	log.Info().
 		Caller().
 		Bool("noise", machineKey.IsZero()).
-		Str("AuthURL", resp.AuthURL).
 		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("Successfully sent auth url")
 }
@@ -728,7 +726,7 @@ func (h *Headscale) handleMachineExpiredCommon(
 	if h.oauth2Config != nil {
 		resp.AuthURL = fmt.Sprintf("%s/oidc/register/%s",
 			strings.TrimSuffix(h.cfg.ServerURL, "/"),
-			registerRequest.NodeKey)
+			NodePublicKeyStripPrefix(registerRequest.NodeKey))
 	} else {
 		resp.AuthURL = fmt.Sprintf("%s/register/%s",
 			strings.TrimSuffix(h.cfg.ServerURL, "/"),
Author	SHA1	Message	Date
Juan Font	613d29478d	Return the correct error on cache miss	2022-11-14 16:50:43 +01:00
Juan Font	4034fbc6e9	OIDC code cleanup and harmonize with regular web auth	2022-11-14 16:50:43 +01:00