Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headscale: Added an option to set an Access-Control-Allow-Origin resp… #1

Open
wants to merge 45 commits into
base: updated
Choose a base branch
from
Open

Headscale: Added an option to set an Access-Control-Allow-Origin resp… #1

wants to merge 45 commits into from

Conversation

Jisse-Meruma
Copy link

  • [ x ] read the CONTRIBUTING guidelines
  • raised a GitHub issue or discussed it on the projects chat beforehand
  • added unit tests
  • added integration tests
  • [ x ] updated documentation if needed
  • updated CHANGELOG.md

@Jisse-Meruma Jisse-Meruma requested a review from yuri91 December 12, 2024 15:50
@kradalby
Add worker reading extra_records_path from file (juanfont#2271)
380fcdb 
* consolidate scheduled tasks into one goroutine

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* rename Tailcfg dns struct

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add dns.extra_records_path option

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* prettier lint

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* go-fmt

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
update oidc part of changelog for 0.24.0 (juanfont#2285)
76d26a7
yuri91
yuri91 requested changes Dec 13, 2024
View reviewed changes
Copy link
Member

@yuri91 yuri91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

squash the commits together. other than that it looks clean to me.
Make the PR to upstream first thing on Monday (so you don't get potentially pinged on the weekend).

@Jisse-Meruma Jisse-Meruma force-pushed the enable-cors-with-config branch from 2c2085a to 39bd024 Compare December 13, 2024 14:22
@Jisse-Meruma Jisse-Meruma added bug Something isn't working and removed bug Something isn't working labels Dec 13, 2024
kradalby and others added 3 commits December 13, 2024 20:15
@kradalby
fix deletion of exit routes without nodes (juanfont#2286)
58d089c 
Fixes juanfont#2259

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@github-actions
flake.lock: Update (juanfont#2294)
e00b9d9
@kradalby
fix sighup issue with empty acl (juanfont#2296)
ec8729b 
Fixes juanfont#2291

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@Jisse-Meruma Jisse-Meruma requested a review from yuri91 December 16, 2024 09:24
@kradalby
fix issue where some oidc claim bools are sent as string (juanfont#2297)
5345f19 
Jumpcloud send invalid json, so we need to handle it.

Fixes juanfont#2293

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
fixes to extra-record file watcher (juanfont#2298)
ccc895b 
* Fix excess error message during writes

Fixes juanfont#2290

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* retry filewatcher on removed files

This should handled if files are deleted and added again, and for rename
scenarios.

Fixes juanfont#2289

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* test more write and remove in filewatcher

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@Jisse-Meruma Jisse-Meruma force-pushed the enable-cors-with-config branch from 39bd024 to 4183039 Compare December 16, 2024 11:02
showier-drastic and others added 9 commits December 17, 2024 12:11
@showier-drastic
Correct macOS GUI connect guide because there's no ALT key on a mac (j…
7d937c6 
…uanfont#2306)

* Correct macOS GUI connect guide because there's no ALT key on a mac
* also correct macOS GUI connect in hscontrol text
@nadongjun
Add -race Flag to GitHub Action and Fix Data Race in CreateTailscaleN…
e270169 
…odesInUser (juanfont#2038)

* Add -race flag to Makefile and integration tests; fix data race in CreateTailscaleNodesInUser

* Fix data race in ExecuteCommand by using local buffers and mutex

Signed-off-by: Dongjun Na <kmu5544616@gmail.com>

* lint

Signed-off-by: Dongjun Na <kmu5544616@gmail.com>

---------

Signed-off-by: Dongjun Na <kmu5544616@gmail.com>
@nblock
Remove sealos documentation
65304a0 
The referenced version is outdated (0.23.0-beta1) and seems
unmaintained.
@nblock
Changelog: support client verify for DERP
47b405d 
and fix some links

Ref: juanfont#2304
@nblock
Update DNS documentation for dns.extra_records_path
319ce67 
* Describe both ways to add extra DNS records
* Use "extra" instead of "custom" to align with the configuration file
* Include dns.extra_records_path in the configuration file
@nblock
Mention reload and SIGHUP when editing the ACL policy file
3269cfd 
Fixes: juanfont#2284
@nblock
Misc doc updates
0acb2b5
@nblock
Set title for code listings
bbc93a9
@kradalby
bump deps (juanfont#2308)
af4508b 
* Bump go crypto

Closes juanfont#2281

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* upgrade tailscale

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* upgrade rest

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* nix: flake update

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@Jisse-Meruma Jisse-Meruma force-pushed the enable-cors-with-config branch 2 times, most recently from e07c42b to dfad6a1 Compare December 18, 2024 16:27
kradalby and others added 4 commits December 19, 2024 13:10
@kradalby
fix tags not resolving to username if email is present (juanfont#2309)
770f3dc 
* ensure valid tags is populated on user gets too

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* ensure forced tags are added

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* remove unused envvar in test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* debug log auth/unauth tags in policy man

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* defer shutdown in tags test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add tag test with groups

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add email, display name, picture to create user

Updates juanfont#2166

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add ability to set display and email to cli

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add email to test users in integration

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix issue where tags were only assigned to email, not username

Fixes juanfont#2300
Fixes juanfont#2307

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* expand principles to correct login name

and if fix an issue where nodeip principles might not expand to all
relevant IPs instead of taking the first in a prefix.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix ssh unit test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update cli and oauth tests for users with email

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* index by test email

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix last test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@github-actions
flake.lock: Update (juanfont#2313)
9313e5b
@Rorical
feat: Add PKCE Verifier for OIDC (juanfont#2314)
b81420b 
* feat: add PKCE verifier for OIDC

* Update CHANGELOG.md
@github-actions
flake.lock: Update (juanfont#2320)
f9bbfa5
github-actions bot and others added 24 commits January 5, 2025 07:35
@github-actions
flake.lock: Update (juanfont#2324)
41bad2b
@kradalby
Set CSRF cookies for OIDC (juanfont#2328)
fa641e3 
* set state and nounce in oidc to prevent csrf

Fixes juanfont#2276

* try to fix new postgres issue

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@majst01 @nblock
Fix typos
ede4f97
@github-actions
flake.lock: Update (juanfont#2342)
610597b
@gordinmitya
Update apple.md for latest version of iOS (juanfont#2321)
1ab7b31 
The official iOS app now has a simpler login process for custom instances, directly within the app.
@kradalby
allow @ and Log if OIDC username is not consider valid (juanfont#2340)
38aef77
@kradalby
fix nil pointer deref (juanfont#2339)
caad5c6
@kradalby
use headscale server url as domain instead of base_domain (juanfont#2338
e4a3dcc 
)
@kradalby
set changelog date (juanfont#2347)
e88406e
@kradalby
Release docs 0.24 (juanfont#2349)
8076c94 
* correct changelog date

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update docs version and copyright

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* fix deprecated goreleaser key and DRY

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
set oidc.map_legacy_users false (juanfont#2350)
5b986ed
@github-actions
flake.lock: Update (juanfont#2353)
aa76980
@kradalby
relax user validation to allow emails, add tests from various oidc pr…
c1f42cd 
…oviders (juanfont#2364)

* relax user validation to allow emails, add tests from various oidc providers

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
make it harder to insert invalid routes (juanfont#2371)
615ee5d 
* make it harder to insert invalid routes

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* dont panic if node is not available for route

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
fix postgres migration issue with 0.24 (juanfont#2367)
9e3f945 
* fix postgres migration issue with 0.24

Fixes juanfont#2351

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add postgres migration test for 2351

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
fix panic if derp update is 0 (juanfont#2368)
d1dbe4e 
* fix panic if derp update is 0

Fixes juanfont#2362

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@github-actions
flake.lock: Update (juanfont#2378)
97e5d95
@kradalby
use dedicated registration ID for auth flow (juanfont#2337)
4c8e847
@kradalby
create and rename usernames validated by new func (juanfont#2381)
2c279e0 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
simplify findUserByToken in ACL, add missing testcases (juanfont#2388)
7ba6ad3 
* update users doc on unique constraints

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* simplify finduser func

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add initial tests for findUserFromToken

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* add changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@nblock
Remove routes without a node_id (juanfont#2386)
f44b1d3 
The routes table has a NOT NULL constraint on node_id.

Fixes: juanfont#2376
@kradalby
clean up handler methods, common logging (juanfont#2384)
cd3b8e6 
* clean up handler methods, common logging

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* streamline http.Error calls

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@kradalby
initial capver packet tracking version (juanfont#2391)
e172c29 
* initial capver packet tracking version

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Log the minimum version as client version, not only capver

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* remove old versions

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* use capver for integration tests

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* patch through m and n key

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

---------

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
@Jisse-Meruma
Headscale: Added an option to set an Access-Control-Allow-Origin resp…
68ce697 
…onse header to enable Cross-Origin Resource Sharing (CORS)
@Jisse-Meruma Jisse-Meruma force-pushed the enable-cors-with-config branch from dfad6a1 to 68ce697 Compare February 5, 2025 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuri91 yuri91 yuri91 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@Jisse-Meruma @yuri91 @kradalby @showier-drastic @nadongjun @nblock @Rorical @majst01 @gordinmitya