Add logging of device management type for the web client auth flow. Namely,
this differentiates between viewing a node you do not own, viewing a local
tagged node, viewing a remote tagged node, managing a local node, and
managing a remote node.
Updates https://github.com/tailscale/tailscale/issues/10261
Signed-off-by: Mario Minardi <mario@tailscale.com>
Even if connected to the login client over tailscale, still check
platform auth so the browser can obtain the tokens it needs to make
platform requests complete successfully.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Updates:
* Card component used throughout instead of custom card class
* SSH toggle changed to non-editable text/status icon in readonly
* Red error text on subnet route input when route post failed
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Precompress webclient assets with precompress util. This cuts our
css and js build sizes to about 1/3 of non-compressed size. Similar
compression done on tsconnect and adminhttp assets.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
This commit makes some restructural changes to how we handle api
posting from the web client frontend.
Now that we're using SWR, we have less of a need for hooks like
useNodeData that return a useSWR response alongside some mutation
callbacks. SWR makes it easy to mutate throughout the UI without
needing access to the original data state in order to reflect
updates. So, we can fetch data without having to tie it to post
callbacks that have to be passed around through components.
In an effort to consolidate our posting endpoints, and make it
easier to add more api handlers cleanly in the future, this change
introduces a new `useAPI` hook that returns a single `api` callback
that can make any changes from any component in the UI. The hook
itself handles using SWR to mutate the relevant data keys, which
get globally reflected throughout the UI.
As a concurrent cleanup, node types are also moved to their own
types.ts file, to consolidate data types across the app.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Remove padding on top of search bar, remove rounded corners of
bottom border of earch bar, and add auto focus.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Adds a footer to the device details page that mirrors license and
policy content on other Tailscale clients.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Add workflow to run yarn lint/test/format-check against the web
client on pull requests.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
The IP property in node data was renamed to IPv4 but refactoring the usage
of the property was missed in this file.
Updates https://github.com/tailscale/tailscale/issues/10261
Signed-off-by: Mario Minardi <mario@tailscale.com>
Updates the IP address on home view to open a copyable list of node
addresses on click. And makes various values on the details view
copyable text items, mirroring the machine admin panel table.
As part of these changes, pulls the AddressCard, NiceIP and QuickCopy
components from the admin panel, with the AddressCard slightly modified
to avoid needing to also pull in the CommandLine component.
A new toaster interface is also added, allowing us to display success
and failure toasts throughout the UI. The toaster code is slightly
modified from it's admin form to avoid the need for some excess
libraries.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Add left and right padding around entire client so that the cards don't
run into the side of the screen. Also tighten up vertical spacing in
couple of places.
Updates #10261
Signed-off-by: Will Norris <will@tailscale.com>
Add metric logging logic for the web client frontend. This is an initial
pass of adding the base logic, plus a single point where it is used for
validation that the logging is working correctly. More metric logging
calls will follow in subsquent PRs.
Updates https://github.com/tailscale/tailscale/issues/10261
Signed-off-by: Mario Minardi <mario@tailscale.com>
If the login client is inside an iframe, open the management client in a
new window, since it can't be loaded in the frame.
Updates #10261
Signed-off-by: Will Norris <will@tailscale.com>
If the currently selected exit node is offline, render the exit node
selector in red with an error message. Update exit nodes in the dropdown
to indicate if they are offline, and don't allow them to be selected.
This also updates some older color values to use the new colors.
Updates #10261
Signed-off-by: Will Norris <will@tailscale.com>
Makes the following changes:
* Use “link” class in various spots
* Remove button appearance on Exit Node dropdown in readonly mode
* Update `-stone-` colors to `-gray-` (couple spots missed by
original color config commit)
* Pull full ui/button component from admin panel, and update
buttons throughout UI to use this component
* Remove various buttons in readonly view to match mocks
* Add route (and “pending approval”) highlights to Subnet router
settings card
* Delete legacy client button styles from index.css
* Fix overflow of IPv6 address on device details view
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Use the packet filter rules to determine if any device is allowed to
connect on port 5252. This does not check whether a specific device can
connect (since we typically don't know the source device when this is
used). Nor does it specifically check for wide-open ACLs, which is
something we may provide a warning about in the future.
Update the login popover content to display information when the src
device is unable to connect to the dst device over its Tailscale IP. If
we know it's an ACL issue, mention that, otherwise list a couple of
things to check. In both cases, link to a placeholder URL to get more
information about web client connection issues.
Updates #10261
Signed-off-by: Will Norris <will@tailscale.com>
Fixes a TODO in web.authorizeRequest.
`getSession` calls `WhoIs` already. Call `getSession` earlier in
`authorizeRequest` so we can avoid the duplicate `WhoIs` check on
the same request.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
client/web: skip check mode for non-tailscale.com control servers
Only enforce check mode if the control server URL ends in
".tailscale.com". This allows the web client to be used with headscale
(or other) control servers while we work with the project to add check
mode support (tracked in juanfont/headscale#1623).
Updates #10261
Co-authored-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Will Norris <will@tailscale.com>
6e30c9d1f added eslint to the web client. As a part of that change,
the existing yarn.lock file was removed and yarn install run to build
with a clean yarn dependencies set with latest versions. This caused
a change in the "vite-plugin-rewrite-all" package that fails at build
time with our existing vite config. This is a known bug with some
suggested fixes:
https://vitejs.dev/guide/troubleshooting.html#this-package-is-esm-only
Rather than editing our package.json type, this commit reverts back
the yarn.lock file to it's contents at the commit just before 6e30c9d1f
and then only runs yarn install to add the new eslint packages, rather
than installing the latest versions of all packages.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Add eslint to require stricter typescript rules, particularly around
required hook dependencies. This commit also updates any files that
were now throwing errors with eslint.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Enforcing inclusion of our OSS license at the top of .ts and .tsx
files. Also updates any relevant files in the repo that were
previously missing the license comment. An additional `@license`
comment is added to client/web/src/index.tsx to preserve the
license in generated Javascript.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
This adds an expandable section of the login view to allow users to
specify an auth key and an alternate control URL.
Input and Collapsible components and accompanying styles were brought
over from the adminpanel.
Updates #10261
Signed-off-by: Will Norris <will@tailscale.com>
Adds Inter font and uses it as the default for the web UI.
Creates a new /assets folder to house the /fonts, and moves /icons
to live here too.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Add exit node selector (in full management client only) that allows
for advertising as an exit node, or selecting another exit node on
the Tailnet for use.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
This creates a new /api/up endpoint which is exposed in the login
client, and is solely focused on logging in. Login has been removed from
the nodeUpdate endpoint.
This also adds support in the LoginClientView for a stopped node that
just needs to reconnect, but not necessarily reauthenticate. This
follows the same pattern in `tailscale up` of just setting the
WantRunning user pref.
Updates tailscale/corp#14335
Signed-off-by: Will Norris <will@tailscale.com>
This change removes the existing debug-web-client localapi endpoint
and replaces it with functions passed directly to the web.ServerOpts
when constructing a web.ManageServerMode client.
The debug-web-client endpoint previously handled making noise
requests to the control server via the /machine/webclient/ endpoints.
The noise requests must be made from tailscaled, which has the noise
connection open. But, now that the full client is served from
tailscaled, we no longer need to proxy this request over the localapi.
Updates tailscale/corp#14335
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
When the viewing user is accessing a webclient not over Tailscale,
they must connect over Tailscale before being able to log into the
full management client, which is served over TS. This change adds
a check that the user is able to access the node's tailscale IP.
If not able to, the signin button is disabled. We'll also be adding
Copy here to help explain to the user that they must connect to
Tailscale before proceeding.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
I don't believe this has ever worked, since we didn't allow POST
requests in the login client. But previously, we were primarily using
the legacy client, so it didn't really matter. Now that we've removed
the legacy client, we have no way to login.
This fixes the login client, allowing it to login, but it still needs to
be refactored to expose a dedicated login method, without exposing all
the node update functionality.
Updates tailscale/corp#14335
Signed-off-by: Will Norris <will@tailscale.com>
No longer using this! Readonly state fully managed via auth endpoint.
Also getting rid of old Legacy server mode.
A #cleanup
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
We currently disable the exit-node drop down selector when the user is
in read-only mode, but we missed disabling the "Disable" button also.
Previously, it would display an error when clicked.
Updates tailscale/corp#14335
Signed-off-by: Will Norris <will@tailscale.com>
Move Header component inside Router so that links are relative to the
router base URL.
Updates tailscale/corp#14335
Signed-off-by: Will Norris <will@tailscale.com>