From cfbbcf6d071dd13addbc1b38ef993a08d557ba22 Mon Sep 17 00:00:00 2001
From: nyghtowl <warrick@tailscale.com>
Date: Wed, 31 Aug 2022 17:44:22 -0700
Subject: [PATCH] cmd/nginx-auth/nginx-auth: update auth to allow for new
 domains

With MagicDNS GA, we are giving every tailnet a tailnet-<hex>.ts.net name.
We will only parse out if legacy domains include beta.tailscale.net; otherwise,
set tailnet to the full domain format going forward.

Signed-off-by: nyghtowl <warrick@tailscale.com>
---
 cmd/nginx-auth/nginx-auth.go | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/cmd/nginx-auth/nginx-auth.go b/cmd/nginx-auth/nginx-auth.go
index ee55ca74f..53dcb9596 100644
--- a/cmd/nginx-auth/nginx-auth.go
+++ b/cmd/nginx-auth/nginx-auth.go
@@ -75,12 +75,7 @@ func main() {
 				log.Printf("can't extract tailnet name from hostname %q", info.Node.Name)
 				return
 			}
-			tailnet, _, ok = strings.Cut(tailnet, ".beta.tailscale.net")
-			if !ok {
-				w.WriteHeader(http.StatusUnauthorized)
-				log.Printf("can't extract tailnet name from hostname %q", info.Node.Name)
-				return
-			}
+			tailnet = strings.TrimSuffix(tailnet, ".beta.tailscale.net")
 		}
 
 		if expectedTailnet := r.Header.Get("Expected-Tailnet"); expectedTailnet != "" && expectedTailnet != tailnet {