mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-11 18:54:25 +00:00
7e62031444
* replace ephemeral deletion logic this commit replaces the way we remove ephemeral nodes, currently they are deleted in a loop and we look at last seen time. This time is now only set when a node disconnects and there was a bug (#2006) where nodes that had never disconnected was deleted since they did not have a last seen. The new logic will start an expiry timer when the node disconnects and delete the node from the database when the timer is up. If the node reconnects within the expiry, the timer is cancelled. Fixes #2006 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * use uint64 as authekyid and ptr helper in tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add test db helper Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add list ephemeral node func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * schedule ephemeral nodes for removal on startup Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * fix gorm query for postgres Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add godoc Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
174 lines
4.7 KiB
Go
174 lines
4.7 KiB
Go
package db
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/juanfont/headscale/hscontrol/types"
|
|
"github.com/juanfont/headscale/hscontrol/util"
|
|
"gopkg.in/check.v1"
|
|
"tailscale.com/types/ptr"
|
|
)
|
|
|
|
func (*Suite) TestCreatePreAuthKey(c *check.C) {
|
|
_, err := db.CreatePreAuthKey("bogus", true, false, nil, nil)
|
|
|
|
c.Assert(err, check.NotNil)
|
|
|
|
user, err := db.CreateUser("test")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
key, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
// Did we get a valid key?
|
|
c.Assert(key.Key, check.NotNil)
|
|
c.Assert(len(key.Key), check.Equals, 48)
|
|
|
|
// Make sure the User association is populated
|
|
c.Assert(key.User.Name, check.Equals, user.Name)
|
|
|
|
_, err = db.ListPreAuthKeys("bogus")
|
|
c.Assert(err, check.NotNil)
|
|
|
|
keys, err := db.ListPreAuthKeys(user.Name)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(len(keys), check.Equals, 1)
|
|
|
|
// Make sure the User association is populated
|
|
c.Assert((keys)[0].User.Name, check.Equals, user.Name)
|
|
}
|
|
|
|
func (*Suite) TestExpiredPreAuthKey(c *check.C) {
|
|
user, err := db.CreateUser("test2")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
now := time.Now().Add(-5 * time.Second)
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, &now, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
|
c.Assert(key, check.IsNil)
|
|
}
|
|
|
|
func (*Suite) TestPreAuthKeyDoesNotExist(c *check.C) {
|
|
key, err := db.ValidatePreAuthKey("potatoKey")
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyNotFound)
|
|
c.Assert(key, check.IsNil)
|
|
}
|
|
|
|
func (*Suite) TestValidateKeyOk(c *check.C) {
|
|
user, err := db.CreateUser("test3")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
|
}
|
|
|
|
func (*Suite) TestAlreadyUsedKey(c *check.C) {
|
|
user, err := db.CreateUser("test4")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
node := types.Node{
|
|
ID: 0,
|
|
Hostname: "testest",
|
|
UserID: user.ID,
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
|
AuthKeyID: ptr.To(pak.ID),
|
|
}
|
|
trx := db.DB.Save(&node)
|
|
c.Assert(trx.Error, check.IsNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
|
c.Assert(key, check.IsNil)
|
|
}
|
|
|
|
func (*Suite) TestReusableBeingUsedKey(c *check.C) {
|
|
user, err := db.CreateUser("test5")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
node := types.Node{
|
|
ID: 1,
|
|
Hostname: "testest",
|
|
UserID: user.ID,
|
|
RegisterMethod: util.RegisterMethodAuthKey,
|
|
AuthKeyID: ptr.To(pak.ID),
|
|
}
|
|
trx := db.DB.Save(&node)
|
|
c.Assert(trx.Error, check.IsNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
|
}
|
|
|
|
func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
|
|
user, err := db.CreateUser("test6")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(key.ID, check.Equals, pak.ID)
|
|
}
|
|
|
|
func (*Suite) TestExpirePreauthKey(c *check.C) {
|
|
user, err := db.CreateUser("test3")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(pak.Expiration, check.IsNil)
|
|
|
|
err = db.ExpirePreAuthKey(pak)
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(pak.Expiration, check.NotNil)
|
|
|
|
key, err := db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.Equals, ErrPreAuthKeyExpired)
|
|
c.Assert(key, check.IsNil)
|
|
}
|
|
|
|
func (*Suite) TestNotReusableMarkedAsUsed(c *check.C) {
|
|
user, err := db.CreateUser("test6")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
|
|
c.Assert(err, check.IsNil)
|
|
pak.Used = true
|
|
db.DB.Save(&pak)
|
|
|
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
|
c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
|
|
}
|
|
|
|
func (*Suite) TestPreAuthKeyACLTags(c *check.C) {
|
|
user, err := db.CreateUser("test8")
|
|
c.Assert(err, check.IsNil)
|
|
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, []string{"badtag"})
|
|
c.Assert(err, check.NotNil) // Confirm that malformed tags are rejected
|
|
|
|
tags := []string{"tag:test1", "tag:test2"}
|
|
tagsWithDuplicate := []string{"tag:test1", "tag:test2", "tag:test2"}
|
|
_, err = db.CreatePreAuthKey(user.Name, false, false, nil, tagsWithDuplicate)
|
|
c.Assert(err, check.IsNil)
|
|
|
|
listedPaks, err := db.ListPreAuthKeys("test8")
|
|
c.Assert(err, check.IsNil)
|
|
c.Assert(listedPaks[0].Proto().GetAclTags(), check.DeepEquals, tags)
|
|
}
|