tailscale/tsconsensus/http.go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

package tsconsensus

import (
	"bytes"
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"log"
	"net/http"
	"time"

	"tailscale.com/util/httpm"
)

type joinRequest struct {
	RemoteHost string
	RemoteID   string
}

type commandClient struct {
	port       uint16
	httpClient *http.Client
}

func (rac *commandClient) url(host string, path string) string {
	return fmt.Sprintf("http://%s:%d%s", host, rac.port, path)
}

func (rac *commandClient) join(host string, jr joinRequest) error {
	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
	defer cancel()
	rBs, err := json.Marshal(jr)
	if err != nil {
		return err
	}
	url := rac.url(host, "/join")
	req, err := http.NewRequestWithContext(ctx, httpm.POST, url, bytes.NewReader(rBs))
	if err != nil {
		return err
	}
	resp, err := rac.httpClient.Do(req)
	if err != nil {
		return err
	}
	defer resp.Body.Close()
	respBs, err := io.ReadAll(resp.Body)
	if err != nil {
		return err
	}
	if resp.StatusCode != 200 {
		return fmt.Errorf("remote responded %d: %s", resp.StatusCode, string(respBs))
	}
	return nil
}

func (rac *commandClient) executeCommand(host string, bs []byte) (CommandResult, error) {
	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
	defer cancel()
	url := rac.url(host, "/executeCommand")
	req, err := http.NewRequestWithContext(ctx, httpm.POST, url, bytes.NewReader(bs))
	if err != nil {
		return CommandResult{}, err
	}
	resp, err := rac.httpClient.Do(req)
	if err != nil {
		return CommandResult{}, err
	}
	defer resp.Body.Close()
	respBs, err := io.ReadAll(resp.Body)
	if err != nil {
		return CommandResult{}, err
	}
	if resp.StatusCode != 200 {
		return CommandResult{}, fmt.Errorf("remote responded %d: %s", resp.StatusCode, string(respBs))
	}
	var cr CommandResult
	if err = json.Unmarshal(respBs, &cr); err != nil {
		return CommandResult{}, err
	}
	return cr, nil
}

type authedHandler struct {
	auth *authorization
	mux  *http.ServeMux
}

func (h authedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	err := h.auth.Refresh(r.Context())
	if err != nil {
		log.Printf("error authedHandler ServeHTTP refresh auth: %v", err)
		http.Error(w, "", http.StatusInternalServerError)
		return
	}
	a, err := addrFromServerAddress(r.RemoteAddr)
	if err != nil {
		log.Printf("error authedHandler ServeHTTP refresh auth: %v", err)
		http.Error(w, "", http.StatusInternalServerError)
		return
	}
	allowed := h.auth.AllowsHost(a)
	if !allowed {
		http.Error(w, "peer not allowed", http.StatusForbidden)
		return
	}
	h.mux.ServeHTTP(w, r)
}

func (c *Consensus) makeCommandMux() *http.ServeMux {
	mux := http.NewServeMux()
	mux.HandleFunc("/join", func(w http.ResponseWriter, r *http.Request) {
		if r.Method != httpm.POST {
			http.Error(w, "Method must be POST", http.StatusMethodNotAllowed)
			return
		}
		defer r.Body.Close()
		decoder := json.NewDecoder(http.MaxBytesReader(w, r.Body, 1024*1024))
		var jr joinRequest
		err := decoder.Decode(&jr)
		if err != nil {
			http.Error(w, err.Error(), http.StatusBadRequest)
			return
		}
		_, err = decoder.Token()
		if !errors.Is(err, io.EOF) {
			http.Error(w, "Request body must only contain a single JSON object", http.StatusBadRequest)
			return
		}
		if jr.RemoteHost == "" {
			http.Error(w, "Required: remoteAddr", http.StatusBadRequest)
			return
		}
		if jr.RemoteID == "" {
			http.Error(w, "Required: remoteID", http.StatusBadRequest)
			return
		}
		err = c.handleJoin(jr)
		if err != nil {
			log.Printf("join handler error: %v", err)
			http.Error(w, "", http.StatusInternalServerError)
			return
		}
	})
	mux.HandleFunc("/executeCommand", func(w http.ResponseWriter, r *http.Request) {
		if r.Method != httpm.POST {
			http.Error(w, "Bad Request", http.StatusBadRequest)
			return
		}
		defer r.Body.Close()
		decoder := json.NewDecoder(r.Body)
		var cmd Command
		err := decoder.Decode(&cmd)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		result, err := c.executeCommandLocally(cmd)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		if err := json.NewEncoder(w).Encode(result); err != nil {
			log.Printf("error encoding execute command result: %v", err)
			return
		}
	})
	return mux
}

func (c *Consensus) makeCommandHandler(auth *authorization) http.Handler {
	return authedHandler{
		mux:  c.makeCommandMux(),
		auth: auth,
	}
}
add copyright headers 2025-02-21 13:10:59 -08:00			`// Copyright (c) Tailscale Inc & AUTHORS`
			`// SPDX-License-Identifier: BSD-3-Clause`

tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`package tsconsensus`

			`import (`
			`"bytes"`
			`"context"`
			`"encoding/json"`
command mux robustness 2025-02-27 08:47:24 -08:00			`"errors"`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`"fmt"`
			`"io"`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`"log"`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`"net/http"`
			`"time"`
use httpm i guess? 2025-02-21 13:38:53 -08:00
			`"tailscale.com/util/httpm"`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`)`

			`type joinRequest struct {`
			`RemoteHost string`
			`RemoteID string`
			`}`

			`type commandClient struct {`
			`port uint16`
			`httpClient *http.Client`
			`}`

unnecessary export 2025-02-26 15:03:37 -08:00			`func (rac *commandClient) url(host string, path string) string {`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return fmt.Sprintf("http://%s:%d%s", host, rac.port, path)`
			`}`

			`func (rac *commandClient) join(host string, jr joinRequest) error {`
			`ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)`
			`defer cancel()`
			`rBs, err := json.Marshal(jr)`
			`if err != nil {`
			`return err`
			`}`
unnecessary export 2025-02-26 15:03:37 -08:00			`url := rac.url(host, "/join")`
use httpm i guess? 2025-02-21 13:38:53 -08:00			`req, err := http.NewRequestWithContext(ctx, httpm.POST, url, bytes.NewReader(rBs))`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`if err != nil {`
			`return err`
			`}`
			`resp, err := rac.httpClient.Do(req)`
			`if err != nil {`
			`return err`
			`}`
			`defer resp.Body.Close()`
			`respBs, err := io.ReadAll(resp.Body)`
			`if err != nil {`
			`return err`
			`}`
			`if resp.StatusCode != 200 {`
			`return fmt.Errorf("remote responded %d: %s", resp.StatusCode, string(respBs))`
			`}`
			`return nil`
			`}`

			`func (rac *commandClient) executeCommand(host string, bs []byte) (CommandResult, error) {`
			`ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)`
			`defer cancel()`
unnecessary export 2025-02-26 15:03:37 -08:00			`url := rac.url(host, "/executeCommand")`
use httpm i guess? 2025-02-21 13:38:53 -08:00			`req, err := http.NewRequestWithContext(ctx, httpm.POST, url, bytes.NewReader(bs))`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`if err != nil {`
			`return CommandResult{}, err`
			`}`
			`resp, err := rac.httpClient.Do(req)`
			`if err != nil {`
			`return CommandResult{}, err`
			`}`
			`defer resp.Body.Close()`
			`respBs, err := io.ReadAll(resp.Body)`
			`if err != nil {`
			`return CommandResult{}, err`
			`}`
			`if resp.StatusCode != 200 {`
			`return CommandResult{}, fmt.Errorf("remote responded %d: %s", resp.StatusCode, string(respBs))`
			`}`
			`var cr CommandResult`
			`if err = json.Unmarshal(respBs, &cr); err != nil {`
			`return CommandResult{}, err`
			`}`
			`return cr, nil`
			`}`

centralize cmd http auth 2025-02-27 05:15:49 -08:00			`type authedHandler struct {`
			`auth *authorization`
			`mux *http.ServeMux`
			`}`

			`func (h authedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {`
Export functions in authorization file 2025-02-27 13:23:26 -08:00			`err := h.auth.Refresh(r.Context())`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`if err != nil {`
			`log.Printf("error authedHandler ServeHTTP refresh auth: %v", err)`
			`http.Error(w, "", http.StatusInternalServerError)`
			`return`
			`}`
			`a, err := addrFromServerAddress(r.RemoteAddr)`
			`if err != nil {`
			`log.Printf("error authedHandler ServeHTTP refresh auth: %v", err)`
			`http.Error(w, "", http.StatusInternalServerError)`
			`return`
to squash: restrict communication to tagged nodes 2025-02-20 15:14:22 -08:00			`}`
Export functions in authorization file 2025-02-27 13:23:26 -08:00			`allowed := h.auth.AllowsHost(a)`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`if !allowed {`
401 -> 403 2025-02-27 07:39:16 -08:00			`http.Error(w, "peer not allowed", http.StatusForbidden)`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`return`
			`}`
			`h.mux.ServeHTTP(w, r)`
to squash: restrict communication to tagged nodes 2025-02-20 15:14:22 -08:00			`}`

centralize cmd http auth 2025-02-27 05:15:49 -08:00			`func (c Consensus) makeCommandMux() http.ServeMux {`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`mux := http.NewServeMux()`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`mux.HandleFunc("/join", func(w http.ResponseWriter, r *http.Request) {`
use httpm i guess? 2025-02-21 13:38:53 -08:00			`if r.Method != httpm.POST {`
badrequest -> methodnotallowed 2025-02-27 08:01:23 -08:00			`http.Error(w, "Method must be POST", http.StatusMethodNotAllowed)`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return`
			`}`
			`defer r.Body.Close()`
command mux robustness 2025-02-27 08:47:24 -08:00			`decoder := json.NewDecoder(http.MaxBytesReader(w, r.Body, 1024*1024))`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`var jr joinRequest`
			`err := decoder.Decode(&jr)`
			`if err != nil {`
command mux robustness 2025-02-27 08:47:24 -08:00			`http.Error(w, err.Error(), http.StatusBadRequest)`
			`return`
			`}`
			`_, err = decoder.Token()`
			`if !errors.Is(err, io.EOF) {`
			`http.Error(w, "Request body must only contain a single JSON object", http.StatusBadRequest)`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return`
			`}`
			`if jr.RemoteHost == "" {`
			`http.Error(w, "Required: remoteAddr", http.StatusBadRequest)`
			`return`
			`}`
			`if jr.RemoteID == "" {`
			`http.Error(w, "Required: remoteID", http.StatusBadRequest)`
			`return`
			`}`
			`err = c.handleJoin(jr)`
			`if err != nil {`
command mux robustness 2025-02-27 08:47:24 -08:00			`log.Printf("join handler error: %v", err)`
			`http.Error(w, "", http.StatusInternalServerError)`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return`
			`}`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`})`
			`mux.HandleFunc("/executeCommand", func(w http.ResponseWriter, r *http.Request) {`
use httpm i guess? 2025-02-21 13:38:53 -08:00			`if r.Method != httpm.POST {`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`http.Error(w, "Bad Request", http.StatusBadRequest)`
			`return`
			`}`
			`defer r.Body.Close()`
			`decoder := json.NewDecoder(r.Body)`
			`var cmd Command`
			`err := decoder.Decode(&cmd)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`result, err := c.executeCommandLocally(cmd)`
use the error value 2025-02-21 13:02:05 -08:00			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`if err := json.NewEncoder(w).Encode(result); err != nil {`
don't try to http.Error after trying to encode to w 2025-02-27 10:18:30 -08:00			`log.Printf("error encoding execute command result: %v", err)`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return`
			`}`
centralize cmd http auth 2025-02-27 05:15:49 -08:00			`})`
tsconsensus: add a tsconsensus package tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com> 2025-01-13 13:29:41 -08:00			`return mux`
			`}`
centralize cmd http auth 2025-02-27 05:15:49 -08:00
			`func (c Consensus) makeCommandHandler(auth authorization) http.Handler {`
			`return authedHandler{`
			`mux: c.makeCommandMux(),`
			`auth: auth,`
			`}`
			`}`