client/tailscale, tsnet, ipn/ipnlocal: prove nodekey ownership over noise

Fixes #5972 Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-09 08:01:31 +00:00 · 2022-11-01 20:37:13 -07:00
parent 8c790207a0
commit 910db02652
7 changed files with 117 additions and 45 deletions
--- a/client/tailscale/tailscale.go
+++ b/client/tailscale/tailscale.go
@@ -18,9 +18,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
-
-	"tailscale.com/types/key"
 )

 // I_Acknowledge_This_API_Is_Unstable must be set true to use this package
@@ -93,29 +90,6 @@ func (c *Client) setAuth(r *http.Request) {
 	}
 }

-// nodeKeyAuth is an AuthMethod for NewClient that authenticates requests
-// using a node key over the Noise protocol.
-type nodeKeyAuth key.NodePublic
-
-func (k nodeKeyAuth) modifyRequest(req *http.Request) {
-	// QueryEscape the node key since it has a colon in it.
-	nk := url.QueryEscape(key.NodePublic(k).String())
-	req.SetBasicAuth(nk, "")
-}
-
-// NewNoiseClient is a convenience method for instantiating a new Client
-// that uses the Noise protocol for authentication.
-//
-// tailnet is the globally unique identifier for a Tailscale network, such
-// as "example.com" or "user@gmail.com".
-func NewNoiseClient(tailnet string, noiseRoundTripper http.RoundTripper, nk key.NodePublic) *Client {
-	return &Client{
-		tailnet:    tailnet,
-		auth:       nodeKeyAuth(nk),
-		HTTPClient: &http.Client{Transport: noiseRoundTripper},
-	}
-}
-
 // NewClient is a convenience method for instantiating a new Client.
 //
 // tailnet is the globally unique identifier for a Tailscale network, such