Blame - core/headscale/main.go - pcloud

blob: 43e63b7ea94711ebc5429af0ef738fc6c02a9797 [file] [log] [blame]

Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	1	package main
				2
				3	import (
				4	"encoding/json"
				5	"flag"
				6	"fmt"
				7	"log"
Giorgi Lekveishvili	9d5e3f5	2024-03-13 15:02:50 +0400	[diff] [blame]	8	"net"
Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	9	"net/http"
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	10	"os"
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	11	"strings"
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	12	"text/template"
Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	13
				14	"github.com/labstack/echo/v4"
				15	)
				16
				17	var port = flag.Int("port", 3000, "Port to listen on")
				18	var config = flag.String("config", "", "Path to headscale config")
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	19	var acls = flag.String("acls", "", "Path to the headscale acls file")
Giorgi Lekveishvili	9d5e3f5	2024-03-13 15:02:50 +0400	[diff] [blame]	20	var ipSubnet = flag.String("ip-subnet", "10.1.0.0/24", "IP subnet of the private network")
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	21
Giorgi Lekveishvili	2dbce6c	2023-12-05 15:16:27 +0400	[diff] [blame]	22	// TODO(gio): make internal network cidr and proxy user configurable
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	23	const defaultACLs = `
				24	{
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	25	"autoApprovers": {
				26	"routes": {
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	27	{{- range .cidrs }}
				28	"{{ . }}": ["*"],
				29	{{- end }}
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	30	},
				31	},
				32	"acls": [
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	33	{{- range .cidrs }}
Giorgi Lekveishvili	2dbce6c	2023-12-05 15:16:27 +0400	[diff] [blame]	34	{ // Everyone has passthough access to private-network-proxy node
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	35	"action": "accept",
				36	"src": ["*"],
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	37	"dst": ["{{ . }}:*", "private-network-proxy:0"],
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	38	},
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	39	{{- end }}
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	40	],
				41	}
				42	`
Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	43
				44	type server struct {
				45	port int
				46	client *client
				47	}
				48
				49	func newServer(port int, client client) server {
				50	return &server{
				51	port,
				52	client,
				53	}
				54	}
				55
				56	func (s *server) start() {
				57	e := echo.New()
				58	e.POST("/user/:user/preauthkey", s.createReusablePreAuthKey)
				59	e.POST("/user", s.createUser)
				60	e.POST("/routes/:id/enable", s.enableRoute)
				61	log.Fatal(e.Start(fmt.Sprintf(":%d", s.port)))
				62	}
				63
				64	type createUserReq struct {
				65	Name string `json:"name"`
				66	}
				67
				68	func (s *server) createUser(c echo.Context) error {
				69	var req createUserReq
				70	if err := json.NewDecoder(c.Request().Body).Decode(&req); err != nil {
				71	return err
				72	}
				73	if err := s.client.createUser(req.Name); err != nil {
				74	return err
				75	} else {
				76	return c.String(http.StatusOK, "")
				77	}
				78	}
				79
				80	func (s *server) createReusablePreAuthKey(c echo.Context) error {
				81	if key, err := s.client.createPreAuthKey(c.Param("user")); err != nil {
				82	return err
				83	} else {
				84	return c.String(http.StatusOK, key)
				85	}
				86	}
				87
				88	func (s *server) enableRoute(c echo.Context) error {
				89	if err := s.client.enableRoute(c.Param("id")); err != nil {
				90	return err
				91	} else {
				92	return c.String(http.StatusOK, "")
				93	}
				94	}
				95
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	96	func updateACLs(cidrs []string, aclsPath string) error {
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	97	tmpl, err := template.New("acls").Parse(defaultACLs)
				98	if err != nil {
				99	return err
				100	}
Giorgi Lekveishvili	9d5e3f5	2024-03-13 15:02:50 +0400	[diff] [blame]	101	out, err := os.Create(aclsPath)
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	102	if err != nil {
				103	return err
				104	}
				105	defer out.Close()
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	106	tmpl.Execute(os.Stdout, map[string]any{
				107	"cidrs": cidrs,
				108	})
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	109	return tmpl.Execute(out, map[string]any{
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	110	"cidrs": cidrs,
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	111	})
				112	}
				113
Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	114	func main() {
				115	flag.Parse()
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	116	var cidrs []string
				117	for _, ips := range strings.Split(*ipSubnet, ",") {
				118	_, cidr, err := net.ParseCIDR(ips)
				119	if err != nil {
				120	panic(err)
				121	}
				122	cidrs = append(cidrs, cidr.String())
Giorgi Lekveishvili	9d5e3f5	2024-03-13 15:02:50 +0400	[diff] [blame]	123	}
gio	c23530e	2024-05-01 11:06:09 +0400	[diff] [blame]	124	updateACLs(cidrs, *acls)
Giorgi Lekveishvili	52814d9	2023-06-15 19:30:32 +0400	[diff] [blame]	125	c := newClient(*config)
				126	s := newServer(*port, c)
				127	s.start()
				128	}