summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDavid Crawshaw <crawshaw@tailscale.com>2021-03-25 08:21:31 -0700
committerDavid Crawshaw <crawshaw@tailscale.com>2021-03-29 15:07:13 -0400
commite4d17d074f1d88f36d1590c18aa874c4f46aea81 (patch)
tree842cf1095bea742a54161c60b31fa0ac94ca6cff
parent35596ae5ce2bba182e19d39f7e5f96416ba620e0 (diff)
downloadtailscale-crawshaw/cgi.tar.xz
tailscale-crawshaw/cgi.zip
cmd/tailscale: add web subcommandcrawshaw/cgi
Used as an app frontend UI on Synology. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
Diffstat
-rw-r--r--cmd/tailscale/cli/cli.go1
-rw-r--r--cmd/tailscale/cli/web.go212
-rw-r--r--cmd/tailscale/cli/web.html47
-rw-r--r--cmd/tailscale/depaware.txt11
-rw-r--r--cmd/tailscale/tailscale.go8
5 files changed, 275 insertions, 4 deletions
diff --git a/cmd/tailscale/cli/cli.go b/cmd/tailscale/cli/cli.go
index 1d7f95766..99d533484 100644
--- a/cmd/tailscale/cli/cli.go
+++ b/cmd/tailscale/cli/cli.go
@@ -68,6 +68,7 @@ change in the future.
statusCmd,
pingCmd,
versionCmd,
+ webCmd,
},
FlagSet: rootfs,
Exec: func(context.Context, []string) error { return flag.ErrHelp },
diff --git a/cmd/tailscale/cli/web.go b/cmd/tailscale/cli/web.go
new file mode 100644
index 000000000..a3046efdb
--- /dev/null
+++ b/cmd/tailscale/cli/web.go
@@ -0,0 +1,212 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cli
+
+import (
+ "bytes"
+ "context"
+ _ "embed"
+ "encoding/json"
+ "flag"
+ "fmt"
+ "html/template"
+ "log"
+ "net/http"
+ "net/http/cgi"
+ "os/exec"
+ "runtime"
+
+ "github.com/peterbourgon/ff/v2/ffcli"
+ "tailscale.com/client/tailscale"
+ "tailscale.com/ipn"
+ "tailscale.com/types/preftype"
+ "tailscale.com/version/distro"
+)
+
+//go:embed web.html
+var webHTML string
+
+var tmpl = template.Must(template.New("html").Parse(webHTML))
+
+type tmplData struct {
+ SynologyUser string
+ Status string
+ DeviceName string
+ IP string
+}
+
+var webCmd = &ffcli.Command{
+ Name: "web",
+ ShortUsage: "web [flags]",
+ ShortHelp: "Run a web server for controlling Tailscale",
+
+ FlagSet: (func() *flag.FlagSet {
+ webf := flag.NewFlagSet("web", flag.ExitOnError)
+ webf.StringVar(&webArgs.listen, "listen", "localhost:8088", "listen address; use port 0 for automatic")
+ webf.BoolVar(&webArgs.cgi, "cgi", false, "run as CGI script")
+ return webf
+ })(),
+ Exec: runWeb,
+}
+
+var webArgs struct {
+ listen string
+ cgi bool
+}
+
+func runWeb(ctx context.Context, args []string) error {
+ if len(args) > 0 {
+ log.Fatalf("too many non-flag arguments: %q", args)
+ }
+
+ if webArgs.cgi {
+ return cgi.Serve(http.HandlerFunc(webHandler))
+ }
+ return http.ListenAndServe(webArgs.listen, http.HandlerFunc(webHandler))
+}
+
+func auth() (string, error) {
+ if distro.Get() == distro.Synology {
+ cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ return "", fmt.Errorf("auth: %v: %s", err, out)
+ }
+ return string(out), nil
+ }
+
+ return "", nil
+}
+
+func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
+ if distro.Get() != distro.Synology {
+ return false
+ }
+ if r.Header.Get("X-Syno-Token") != "" {
+ return false
+ }
+ if r.URL.Query().Get("SynoToken") != "" {
+ return false
+ }
+ if r.Method == "POST" && r.FormValue("SynoToken") != "" {
+ return false
+ }
+ // We need a SynoToken for authenticate.cgi.
+ // So we tell the client to get one.
+ serverURL := r.URL.Scheme + "://" + r.URL.Host
+ fmt.Fprintf(w, synoTokenRedirectHTML, serverURL)
+ return true
+}
+
+const synoTokenRedirectHTML = `<html><body>
+Redirecting with session token...
+<script>
+var serverURL = %q;
+var req = new XMLHttpRequest();
+req.overrideMimeType("application/json");
+req.open("GET", serverURL + "/webman/login.cgi", true);
+req.onload = function() {
+ var jsonResponse = JSON.parse(req.responseText);
+ var token = jsonResponse["SynoToken"];
+ document.location.href = serverURL + "/webman/3rdparty/Tailscale/?SynoToken=" + token;
+};
+req.send(null);
+</script>
+</body></html>
+`
+
+func webHandler(w http.ResponseWriter, r *http.Request) {
+ if synoTokenRedirect(w, r) {
+ return
+ }
+
+ user, err := auth()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusForbidden)
+ return
+ }
+
+ if r.Method == "POST" {
+ type mi map[string]interface{}
+ w.Header().Set("Content-Type", "application/json")
+ url, err := tailscaleUp(r.Context())
+ if err != nil {
+ json.NewEncoder(w).Encode(mi{"error": err})
+ return
+ }
+ json.NewEncoder(w).Encode(mi{"url": url})
+ return
+ }
+
+ st, err := tailscale.Status(r.Context())
+ if err != nil {
+ http.Error(w, err.Error(), 500)
+ }
+
+ data := tmplData{
+ SynologyUser: user,
+ Status: st.BackendState,
+ DeviceName: st.Self.DNSName,
+ }
+ if len(st.TailscaleIPs) != 0 {
+ data.IP = st.TailscaleIPs[0].String()
+ }
+
+ buf := new(bytes.Buffer)
+ if err := tmpl.Execute(buf, data); err != nil {
+ http.Error(w, err.Error(), 500)
+ return
+ }
+ w.Write(buf.Bytes())
+}
+
+// TODO(crawshaw): some of this is very similar to the code in 'tailscale up', can we share anything?
+func tailscaleUp(ctx context.Context) (authURL string, retErr error) {
+ prefs := ipn.NewPrefs()
+ prefs.ControlURL = "https://login.tailscale.com"
+ prefs.WantRunning = true
+ prefs.CorpDNS = true
+ prefs.AllowSingleHosts = true
+ prefs.ForceDaemon = (runtime.GOOS == "windows")
+
+ if distro.Get() == distro.Synology {
+ prefs.NetfilterMode = preftype.NetfilterOff
+ }
+
+ c, bc, ctx, cancel := connect(ctx)
+ defer cancel()
+
+ bc.SetPrefs(prefs)
+
+ opts := ipn.Options{
+ StateKey: ipn.GlobalDaemonStateKey,
+ Notify: func(n ipn.Notify) {
+ if n.ErrMessage != nil {
+ msg := *n.ErrMessage
+ if msg == ipn.ErrMsgPermissionDenied {
+ switch runtime.GOOS {
+ case "windows":
+ msg += " (Tailscale service in use by other user?)"
+ default:
+ msg += " (try 'sudo tailscale up [...]')"
+ }
+ }
+ retErr = fmt.Errorf("backend error: %v", msg)
+ cancel()
+ } else if url := n.BrowseToURL; url != nil {
+ authURL = *url
+ cancel()
+ }
+ },
+ }
+ bc.Start(opts)
+ bc.StartLoginInteractive()
+ pump(ctx, bc, c)
+
+ if authURL == "" && retErr == nil {
+ return "", fmt.Errorf("login failed with no backend error message")
+ }
+ return authURL, retErr
+}
diff --git a/cmd/tailscale/cli/web.html b/cmd/tailscale/cli/web.html
new file mode 100644
index 000000000..99f54561f
--- /dev/null
+++ b/cmd/tailscale/cli/web.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html><title>Tailscale Client</title><body>
+<h1>Tailscale</h1>
+<div style="float:right;">{{.SynologyUser}}</div>
+<table>
+<tr><th>Status:</th><td>{{.Status}}</td></tr>
+<tr><th>Device Name:</th><td>{{.DeviceName}}</td></tr>
+<tr><th>Tailscale IP:</th><td>{{.IP}}</td></tr>
+</table>
+
+<p><input id="login" type="button" value="Log in…"></p>
+
+<script>
+login.onclick = function() {
+ const urlParams = new URLSearchParams(window.location.search);
+ const token = urlParams.get("SynoToken");
+
+ var params = new URLSearchParams("up=true");
+ if (token) {
+ params.set("SynoToken", token)
+ }
+
+ var req = new XMLHttpRequest();
+ const url = [location.protocol, '//', location.host, location.pathname, "?", params.toString()].join('');
+ req.overrideMimeType("application/json");
+ req.open("POST", url, true);
+ req.onload = function() {
+ var jsonResponse = JSON.parse(req.responseText);
+ const err = jsonResponse["error"];
+ if (err) {
+ document.body.innerText = err;
+ return
+ }
+ var url = jsonResponse["url"];
+ console.log("jsonResponse: ", jsonResponse);
+ if (url) {
+ document.location.href = url;
+ } else {
+ //location.reload();
+ }
+ };
+ req.send(null);
+}
+</script>
+
+</body>
+</html>
diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt
index 74ae1d54e..52bd2fefc 100644
--- a/cmd/tailscale/depaware.txt
+++ b/cmd/tailscale/depaware.txt
@@ -67,7 +67,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
golang.org/x/net/dns/dnsmessage from net
- golang.org/x/net/http/httpguts from net/http
+ golang.org/x/net/http/httpguts from net/http+
golang.org/x/net/http/httpproxy from net/http
golang.org/x/net/http2/hpack from net/http
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
@@ -115,6 +115,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
debug/elf from rsc.io/goversion/version
debug/macho from rsc.io/goversion/version
debug/pe from rsc.io/goversion/version
+ embed from tailscale.com/cmd/tailscale/cli
encoding from encoding/json
encoding/asn1 from crypto/x509+
encoding/base64 from encoding/json+
@@ -130,7 +131,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
hash/adler32 from compress/zlib
hash/crc32 from compress/gzip+
hash/maphash from go4.org/mem
- html from tailscale.com/ipn/ipnstate
+ html from tailscale.com/ipn/ipnstate+
+ html/template from tailscale.com/cmd/tailscale/cli
io from bufio+
io/fs from crypto/rand+
io/ioutil from golang.org/x/sys/cpu+
@@ -144,6 +146,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
+ net/http/cgi from tailscale.com/cmd/tailscale/cli
net/http/httptrace from github.com/tcnksm/go-httpstat+
net/http/internal from net/http
net/textproto from golang.org/x/net/http/httpguts+
@@ -154,7 +157,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
path from debug/dwarf+
path/filepath from crypto/x509+
reflect from crypto/x509+
- regexp from rsc.io/goversion/version
+ regexp from rsc.io/goversion/version+
regexp/syntax from regexp
runtime/debug from golang.org/x/sync/singleflight
sort from compress/flate+
@@ -164,6 +167,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
sync/atomic from context+
syscall from crypto/rand+
text/tabwriter from github.com/peterbourgon/ff/v2/ffcli+
+ text/template from html/template
+ text/template/parse from html/template+
time from compress/gzip+
unicode from bytes+
unicode/utf16 from encoding/asn1+
diff --git a/cmd/tailscale/tailscale.go b/cmd/tailscale/tailscale.go
index 39d8bf955..c69c86f64 100644
--- a/cmd/tailscale/tailscale.go
+++ b/cmd/tailscale/tailscale.go
@@ -9,12 +9,18 @@ package main // import "tailscale.com/cmd/tailscale"
import (
"fmt"
"os"
+ "path/filepath"
+ "strings"
"tailscale.com/cmd/tailscale/cli"
)
func main() {
- if err := cli.Run(os.Args[1:]); err != nil {
+ args := os.Args[1:]
+ if name, _ := os.Executable(); strings.HasSuffix(filepath.Base(name), ".cgi") {
+ args = []string{"web", "-cgi"}
+ }
+ if err := cli.Run(args); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.