TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-02-21 12:28:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

tsnet: provide AuthenticatedAPITransport for use with tailscale.com/client/tailscale/v2

Browse Source 
This allows use of the officially supported control server API,
authenticated with the tsnet node's nodekey.

Updates tailscale/corp#22748

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann 2025-02-07 09:28:09 -06:00 committed by Percy Wegmann
parent 4f0222388a
commit 8a792ab540
1 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
tsnet/tsnet.go
View File

@ -931,8 +931,7 @@ func getTSNetDir(logf logger.Logf, confDir, prog string) (string, error) {
// requests to the Tailscale control server.
// It requires the user to set tailscale.I_Acknowledge_This_API_Is_Unstable.
//
// TODO: (percy) provide a way to use Noise for the official API at
// tailscale.com/client/tailscale/v2.
// Deprecated: use AuthenticatedAPITransport with tailscale.com/client/tailscale/v2 instead.
func (s *Server) APIClient() (*tailscale.Client, error) {
if !tailscale.I_Acknowledge_This_API_Is_Unstable {
return nil, errors.New("use of Client without setting I_Acknowledge_This_API_Is_Unstable")
@ -947,6 +946,32 @@ func (s *Server) APIClient() (*tailscale.Client, error) {
return c, nil
}
// AuthenticatedAPITransport provides an HTTP transport that can be used with
// the control server API without needing additional authentication details. It
// authenticates using the current client's nodekey.
//
// For example:
//
// import "net/http"
// import "tailscale.com/client/tailscale/v2"
// import "tailscale.com/tsnet"
//
// var s *tsnet.Server
// ...
// rt, err := s.AuthenticatedAPITransport()
// // handler err ...
// var client tailscale.Client{HTTP: http.Client{
// Timeout: 1*time.Minute,
// UserAgent: "your-useragent-here",
// Transport: rt,
// }}
func (s *Server) AuthenticatedAPITransport() (http.RoundTripper, error) {
if err := s.Start(); err != nil {
return nil, err
}
return s.lb.KeyProvingNoiseRoundTripper(), nil
}
// Listen announces only on the Tailscale network.
// It will start the server if it has not been started yet.
//