ipn,tailfs: tie TailFS share configuration to user profile

Previously, the configuration of which folders to share persisted across profile changes. Now, it is tied to the user's profile. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>
2025-10-11 03:12:30 +00:00 · 2024-03-07 10:56:11 -06:00
parent 16ae0f65c0
commit 6c160e6321
16 changed files with 330 additions and 120 deletions
--- a/tailfs/remote.go
+++ b/tailfs/remote.go
@@ -3,8 +3,12 @@

 package tailfs

+//go:generate go run tailscale.com/cmd/viewer --type=Share --clonefunc
+
 import (
+	"bytes"
 	"net/http"
+	"strings"
 )

 var (
@@ -41,6 +45,39 @@ type Share struct {
 	BookmarkData []byte `json:"bookmarkData,omitempty"`
 }

+func ShareViewsEqual(a, b ShareView) bool {
+	if !a.Valid() && !b.Valid() {
+		return true
+	}
+	if !a.Valid() || !b.Valid() {
+		return false
+	}
+	return a.Name() == b.Name() && a.Path() == b.Path() && a.As() == b.As() && a.BookmarkData().Equal(b.ж.BookmarkData)
+}
+
+func SharesEqual(a, b *Share) bool {
+	if a == nil && b == nil {
+		return true
+	}
+	if a == nil || b == nil {
+		return false
+	}
+	return a.Name == b.Name && a.Path == b.Path && a.As == b.As && bytes.Equal(a.BookmarkData, b.BookmarkData)
+}
+
+func CompareShares(a, b *Share) int {
+	if a == nil && b == nil {
+		return 0
+	}
+	if a == nil {
+		return -1
+	}
+	if b == nil {
+		return 1
+	}
+	return strings.Compare(a.Name, b.Name)
+}
+
 // FileSystemForRemote is the TailFS filesystem exposed to remote nodes. It
 // provides a unified WebDAV interface to local directories that have been
 // shared.
@@ -56,7 +93,7 @@ type FileSystemForRemote interface {
 	// AllowShareAs() reports true, we will use one subprocess per user to
 	// access the filesystem (see userServer). Otherwise, we will use the file
 	// server configured via SetFileServerAddr.
-	SetShares(shares map[string]*Share)
+	SetShares(shares []*Share)

 	// ServeHTTPWithPerms behaves like the similar method from http.Handler but
 	// also accepts a Permissions map that captures the permissions of the
--- a/tailfs/tailfs_clone.go
+++ b/tailfs/tailfs_clone.go
@@ -0,0 +1,44 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by tailscale.com/cmd/cloner; DO NOT EDIT.
+
+package tailfs
+
+// Clone makes a deep copy of Share.
+// The result aliases no memory with the original.
+func (src *Share) Clone() *Share {
+	if src == nil {
+		return nil
+	}
+	dst := new(Share)
+	*dst = *src
+	dst.BookmarkData = append(src.BookmarkData[:0:0], src.BookmarkData...)
+	return dst
+}
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _ShareCloneNeedsRegeneration = Share(struct {
+	Name         string
+	Path         string
+	As           string
+	BookmarkData []byte
+}{})
+
+// Clone duplicates src into dst and reports whether it succeeded.
+// To succeed, <src, dst> must be of types <*T, *T> or <*T, **T>,
+// where T is one of Share.
+func Clone(dst, src any) bool {
+	switch src := src.(type) {
+	case *Share:
+		switch dst := dst.(type) {
+		case *Share:
+			*dst = *src.Clone()
+			return true
+		case **Share:
+			*dst = src.Clone()
+			return true
+		}
+	}
+	return false
+}
--- a/tailfs/tailfs_view.go
+++ b/tailfs/tailfs_view.go
@@ -0,0 +1,75 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by tailscale/cmd/viewer; DO NOT EDIT.
+
+package tailfs
+
+import (
+	"encoding/json"
+	"errors"
+
+	"tailscale.com/types/views"
+)
+
+//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type=Share
+
+// View returns a readonly view of Share.
+func (p *Share) View() ShareView {
+	return ShareView{ж: p}
+}
+
+// ShareView provides a read-only view over Share.
+//
+// Its methods should only be called if `Valid()` returns true.
+type ShareView struct {
+	// ж is the underlying mutable value, named with a hard-to-type
+	// character that looks pointy like a pointer.
+	// It is named distinctively to make you think of how dangerous it is to escape
+	// to callers. You must not let callers be able to mutate it.
+	ж *Share
+}
+
+// Valid reports whether underlying value is non-nil.
+func (v ShareView) Valid() bool { return v.ж != nil }
+
+// AsStruct returns a clone of the underlying value which aliases no memory with
+// the original.
+func (v ShareView) AsStruct() *Share {
+	if v.ж == nil {
+		return nil
+	}
+	return v.ж.Clone()
+}
+
+func (v ShareView) MarshalJSON() ([]byte, error) { return json.Marshal(v.ж) }
+
+func (v *ShareView) UnmarshalJSON(b []byte) error {
+	if v.ж != nil {
+		return errors.New("already initialized")
+	}
+	if len(b) == 0 {
+		return nil
+	}
+	var x Share
+	if err := json.Unmarshal(b, &x); err != nil {
+		return err
+	}
+	v.ж = &x
+	return nil
+}
+
+func (v ShareView) Name() string { return v.ж.Name }
+func (v ShareView) Path() string { return v.ж.Path }
+func (v ShareView) As() string   { return v.ж.As }
+func (v ShareView) BookmarkData() views.ByteSlice[[]byte] {
+	return views.ByteSliceOf(v.ж.BookmarkData)
+}
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _ShareViewNeedsRegeneration = Share(struct {
+	Name         string
+	Path         string
+	As           string
+	BookmarkData []byte
+}{})
--- a/tailfs/tailfsimpl/remote_impl.go
+++ b/tailfs/tailfsimpl/remote_impl.go
@@ -17,6 +17,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -52,7 +53,7 @@ type FileSystemForRemote struct {
 	// them, acquire a read lock before reading any of them.
 	mu             sync.RWMutex
 	fileServerAddr string
-	shares         map[string]*tailfs.Share
+	shares         []*tailfs.Share
 	children       map[string]*compositedav.Child
 	userServers    map[string]*userServer
 }
@@ -64,8 +65,9 @@ func (s *FileSystemForRemote) SetFileServerAddr(addr string) {
 	s.mu.Unlock()
 }

-// SetShares implements tailfs.FileSystemForRemote.
-func (s *FileSystemForRemote) SetShares(shares map[string]*tailfs.Share) {
+// SetShares implements tailfs.FileSystemForRemote. Shares must be sorted
+// according to tailfs.CompareShares.
+func (s *FileSystemForRemote) SetShares(shares []*tailfs.Share) {
 	userServers := make(map[string]*userServer)
 	if tailfs.AllowShareAs() {
 		// Set up per-user server by running the current executable as an
@@ -131,7 +133,13 @@ func (s *FileSystemForRemote) buildChild(share *tailfs.Share) *compositedav.Chil
 				shareName := string(shareNameBytes)

 				s.mu.RLock()
-				share, shareFound := s.shares[shareName]
+				var share *tailfs.Share
+				i, shareFound := slices.BinarySearchFunc(s.shares, shareName, func(s *tailfs.Share, name string) int {
+					return strings.Compare(s.Name, name)
+				})
+				if shareFound {
+					share = s.shares[i]
+				}
 				userServers := s.userServers
 				fileServerAddr := s.fileServerAddr
 				s.mu.RUnlock()
--- a/tailfs/tailfsimpl/tailfs_test.go
+++ b/tailfs/tailfsimpl/tailfs_test.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"slices"
 	"sync"
 	"testing"
 	"time"
@@ -206,13 +207,14 @@ func (s *system) addShare(remoteName, shareName string, permission tailfs.Permis
 	r.shares[shareName] = f
 	r.permissions[shareName] = permission

-	shares := make(map[string]*tailfs.Share, len(r.shares))
+	shares := make([]*tailfs.Share, 0, len(r.shares))
 	for shareName, folder := range r.shares {
-		shares[shareName] = &tailfs.Share{
+		shares = append(shares, &tailfs.Share{
 			Name: shareName,
 			Path: folder,
-		}
+		})
 	}
+	slices.SortFunc(shares, tailfs.CompareShares)
 	r.fs.SetShares(shares)
 	r.fileServer.SetShares(r.shares)
 }