mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-01 14:05:39 +00:00
7e00100a0a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
209 lines
5.3 KiB
Go
209 lines
5.3 KiB
Go
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// The hello binary runs hello.ipn.dev.
|
|
package main // import "tailscale.com/cmd/hello"
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"flag"
|
|
"fmt"
|
|
"html/template"
|
|
"io/ioutil"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"tailscale.com/safesocket"
|
|
"tailscale.com/tailcfg"
|
|
)
|
|
|
|
var (
|
|
httpAddr = flag.String("http", ":80", "address to run an HTTP server on, or empty for none")
|
|
httpsAddr = flag.String("https", ":443", "address to run an HTTPS server on, or empty for none")
|
|
testIP = flag.String("test-ip", "", "if non-empty, look up IP and exit before running a server")
|
|
)
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
if *testIP != "" {
|
|
res, err := whoIs(*testIP)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
e := json.NewEncoder(os.Stdout)
|
|
e.SetIndent("", "\t")
|
|
e.Encode(res)
|
|
return
|
|
}
|
|
if !devMode() {
|
|
tmpl = template.Must(template.New("home").Parse(slurpHTML()))
|
|
}
|
|
|
|
http.HandleFunc("/", root)
|
|
log.Printf("Starting hello server.")
|
|
|
|
errc := make(chan error, 1)
|
|
if *httpAddr != "" {
|
|
log.Printf("running HTTP server on %s", *httpAddr)
|
|
go func() {
|
|
errc <- http.ListenAndServe(*httpAddr, nil)
|
|
}()
|
|
}
|
|
if *httpsAddr != "" {
|
|
log.Printf("running HTTPS server on %s", *httpsAddr)
|
|
go func() {
|
|
errc <- http.ListenAndServeTLS(*httpsAddr,
|
|
"/etc/hello/hello.ipn.dev.crt",
|
|
"/etc/hello/hello.ipn.dev.key",
|
|
nil,
|
|
)
|
|
}()
|
|
}
|
|
log.Fatal(<-errc)
|
|
}
|
|
|
|
func slurpHTML() string {
|
|
slurp, err := ioutil.ReadFile("hello.tmpl.html")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
return string(slurp)
|
|
}
|
|
|
|
func devMode() bool { return *httpsAddr == "" && *httpAddr != "" }
|
|
|
|
func getTmpl() (*template.Template, error) {
|
|
if devMode() {
|
|
return template.New("home").Parse(slurpHTML())
|
|
}
|
|
return tmpl, nil
|
|
}
|
|
|
|
var tmpl *template.Template // not used in dev mode, initialized by main after flag parse
|
|
|
|
type tmplData struct {
|
|
DisplayName string // "Foo Barberson"
|
|
LoginName string // "foo@bar.com"
|
|
ProfilePicURL string // "https://..."
|
|
MachineName string // "imac5k"
|
|
MachineOS string // "Linux"
|
|
IP string // "100.2.3.4"
|
|
}
|
|
|
|
func root(w http.ResponseWriter, r *http.Request) {
|
|
if r.TLS == nil && *httpsAddr != "" {
|
|
host := r.Host
|
|
if strings.Contains(r.Host, "100.101.102.103") {
|
|
host = "hello.ipn.dev"
|
|
}
|
|
http.Redirect(w, r, "https://"+host, http.StatusFound)
|
|
return
|
|
}
|
|
if r.RequestURI != "/" {
|
|
http.Redirect(w, r, "/", http.StatusFound)
|
|
return
|
|
}
|
|
ip, _, err := net.SplitHostPort(r.RemoteAddr)
|
|
if err != nil {
|
|
http.Error(w, "no remote addr", 500)
|
|
return
|
|
}
|
|
tmpl, err := getTmpl()
|
|
if err != nil {
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
http.Error(w, "template error: "+err.Error(), 500)
|
|
return
|
|
}
|
|
|
|
who, err := whoIs(ip)
|
|
var data tmplData
|
|
if err != nil {
|
|
if devMode() {
|
|
log.Printf("warning: using fake data in dev mode due to whois lookup error: %v", err)
|
|
data = tmplData{
|
|
DisplayName: "Taily Scalerson",
|
|
LoginName: "taily@scaler.son",
|
|
ProfilePicURL: "https://placekitten.com/200/200",
|
|
MachineName: "scaled",
|
|
MachineOS: "Linux",
|
|
IP: "100.1.2.3",
|
|
}
|
|
} else {
|
|
log.Printf("whois(%q) error: %v", ip, err)
|
|
http.Error(w, "Your Tailscale works, but we failed to look you up.", 500)
|
|
return
|
|
}
|
|
} else {
|
|
data = tmplData{
|
|
DisplayName: who.UserProfile.DisplayName,
|
|
LoginName: who.UserProfile.LoginName,
|
|
ProfilePicURL: who.UserProfile.ProfilePicURL,
|
|
MachineName: firstLabel(who.Node.ComputedName),
|
|
MachineOS: who.Node.Hostinfo.OS,
|
|
IP: ip,
|
|
}
|
|
}
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
tmpl.Execute(w, data)
|
|
}
|
|
|
|
// firstLabel s up until the first period, if any.
|
|
func firstLabel(s string) string {
|
|
if i := strings.Index(s, "."); i != -1 {
|
|
return s[:i]
|
|
}
|
|
return s
|
|
}
|
|
|
|
// tsSockClient does HTTP requests to the local Tailscale daemon.
|
|
// The hostname in the HTTP request is ignored.
|
|
var tsSockClient = &http.Client{
|
|
Transport: &http.Transport{
|
|
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
|
|
// On macOS, when dialing from non-sandboxed program to sandboxed GUI running
|
|
// a TCP server on a random port, find the random port. For HTTP connections,
|
|
// we don't send the token. It gets added in an HTTP Basic-Auth header.
|
|
if port, _, err := safesocket.LocalTCPPortAndToken(); err == nil {
|
|
var d net.Dialer
|
|
return d.DialContext(ctx, "tcp", "localhost:"+strconv.Itoa(port))
|
|
}
|
|
return safesocket.ConnectDefault()
|
|
},
|
|
},
|
|
}
|
|
|
|
func whoIs(ip string) (*tailcfg.WhoIsResponse, error) {
|
|
ctx := context.Background()
|
|
req, err := http.NewRequestWithContext(ctx, "GET", "http://local-tailscaled.sock/localapi/v0/whois?ip="+url.QueryEscape(ip), nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if _, token, err := safesocket.LocalTCPPortAndToken(); err == nil {
|
|
req.SetBasicAuth("", token)
|
|
}
|
|
res, err := tsSockClient.Do(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
slurp, _ := ioutil.ReadAll(res.Body)
|
|
if res.StatusCode != 200 {
|
|
return nil, fmt.Errorf("HTTP %s: %s", res.Status, slurp)
|
|
}
|
|
r := new(tailcfg.WhoIsResponse)
|
|
if err := json.Unmarshal(slurp, r); err != nil {
|
|
if max := 200; len(slurp) > max {
|
|
slurp = slurp[:max]
|
|
}
|
|
return nil, fmt.Errorf("failed to parse JSON WhoIsResponse from %q", slurp)
|
|
}
|
|
return r, nil
|
|
}
|