From b29047bcf048edebaf2a193ec46b99aae3d35a1d Mon Sep 17 00:00:00 2001 From: Sonia Appasamy Date: Wed, 4 Oct 2023 10:35:19 -0400 Subject: [PATCH] client/web: add browser session cache to web.Server Adds browser session cache, to be used to store sessions for the full management web client. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy --- client/web/web.go | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/client/web/web.go b/client/web/web.go index 302cf5d1a..d62c7fd40 100644 --- a/client/web/web.go +++ b/client/web/web.go @@ -17,6 +17,8 @@ import ( "path/filepath" "slices" "strings" + "sync" + "time" "github.com/gorilla/csrf" "tailscale.com/client/tailscale" @@ -43,6 +45,33 @@ type Server struct { assetsHandler http.Handler // serves frontend assets apiHandler http.Handler // serves api endpoints; csrf-protected + + // browserSessions is an in-memory cache of browser sessions for the + // full management web client, which is only accessible over Tailscale. + // + // Users obtain a valid browser session by connecting to the web client + // over Tailscale and verifying their identity by authenticating on the + // control server. + // + // browserSessions get reset on every Server restart. + // + // The map provides a lookup of the session by cookie value + // (browserSession.ID => browserSession). + browserSessions sync.Map +} + +const tsWebCookieName = "TS-Web-Session" + +// browserSession holds data about a user's browser session +// on the full management web client. +type browserSession struct { + // ID is the unique identifier for the session. + // It is passed in the user's "TS-Web-Session" browser cookie. + ID string + SrcNode tailcfg.StableNodeID + SrcUser tailcfg.UserID + AuthPath string // control server path for user to authenticate the session + Authenticated time.Time // when zero, authentication not complete } // ServerOpts contains options for constructing a new Server.