diff options
| author | Fran Bull <fran@tailscale.com> | 2025-02-20 10:50:25 -0800 |
|---|---|---|
| committer | Fran Bull <fran@tailscale.com> | 2025-02-20 10:50:25 -0800 |
| commit | 6d78f27d730a2ed953149364a93a836aee19cd5c (patch) | |
| tree | 4380a22b8010faf896b2f59c2341b5f9f6712be3 /tsconsensus/http.go | |
| parent | 95131102df3c800a2328cf0658d5f298085f7afd (diff) | |
| download | tailscale-fran/franwip2.tar.xz tailscale-fran/franwip2.zip | |
allowedPeers -> auth objfran/franwip2
Diffstat (limited to 'tsconsensus/http.go')
| -rw-r--r-- | tsconsensus/http.go | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/tsconsensus/http.go b/tsconsensus/http.go index 301127687..7570e2936 100644 --- a/tsconsensus/http.go +++ b/tsconsensus/http.go @@ -9,8 +9,6 @@ import ( "io" "net/http" "time" - - "tailscale.com/tsnet" ) type joinRequest struct { @@ -79,13 +77,19 @@ func (rac *commandClient) ExecuteCommand(host string, bs []byte) (CommandResult, return cr, nil } -func taggedOnly(ts *tsnet.Server, tag string, fx func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { +func authorized(auth *authorization, fx func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { - allowed, err := allowedPeer(r.RemoteAddr, tag, ts) + err := auth.refresh(r.Context()) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + a, err := addrFromServerAddress(r.RemoteAddr) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } + allowed := auth.allowsHost(a) if !allowed { http.Error(w, "peer not allowed", http.StatusBadRequest) return @@ -94,9 +98,9 @@ func taggedOnly(ts *tsnet.Server, tag string, fx func(http.ResponseWriter, *http } } -func (c *Consensus) makeCommandMux(ts *tsnet.Server, tag string) *http.ServeMux { +func (c *Consensus) makeCommandMux(auth *authorization) *http.ServeMux { mux := http.NewServeMux() - mux.HandleFunc("/join", taggedOnly(ts, tag, func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc("/join", authorized(auth, func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Bad Request", http.StatusBadRequest) return @@ -122,7 +126,7 @@ func (c *Consensus) makeCommandMux(ts *tsnet.Server, tag string) *http.ServeMux return } })) - mux.HandleFunc("/executeCommand", taggedOnly(ts, tag, func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc("/executeCommand", authorized(auth, func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Bad Request", http.StatusBadRequest) return |