From f0863346c2ee9f314da4ef3612ea59bc9e0072f6 Mon Sep 17 00:00:00 2001 From: David Crawshaw Date: Thu, 25 Mar 2021 08:21:31 -0700 Subject: [PATCH] cmd/tailscale: add web subcommand Used as an app frontend UI on Synology. Signed-off-by: David Crawshaw --- cmd/tailscale/cli/cli.go | 1 + cmd/tailscale/cli/web.go | 212 +++++++++++++++++++++++++++++++++++++ cmd/tailscale/cli/web.html | 47 ++++++++ cmd/tailscale/depaware.txt | 11 +- cmd/tailscale/tailscale.go | 8 +- 5 files changed, 275 insertions(+), 4 deletions(-) create mode 100644 cmd/tailscale/cli/web.go create mode 100644 cmd/tailscale/cli/web.html diff --git a/cmd/tailscale/cli/cli.go b/cmd/tailscale/cli/cli.go index 1d7f95766..99d533484 100644 --- a/cmd/tailscale/cli/cli.go +++ b/cmd/tailscale/cli/cli.go @@ -68,6 +68,7 @@ change in the future. statusCmd, pingCmd, versionCmd, + webCmd, }, FlagSet: rootfs, Exec: func(context.Context, []string) error { return flag.ErrHelp }, diff --git a/cmd/tailscale/cli/web.go b/cmd/tailscale/cli/web.go new file mode 100644 index 000000000..a3046efdb --- /dev/null +++ b/cmd/tailscale/cli/web.go @@ -0,0 +1,212 @@ +// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cli + +import ( + "bytes" + "context" + _ "embed" + "encoding/json" + "flag" + "fmt" + "html/template" + "log" + "net/http" + "net/http/cgi" + "os/exec" + "runtime" + + "github.com/peterbourgon/ff/v2/ffcli" + "tailscale.com/client/tailscale" + "tailscale.com/ipn" + "tailscale.com/types/preftype" + "tailscale.com/version/distro" +) + +//go:embed web.html +var webHTML string + +var tmpl = template.Must(template.New("html").Parse(webHTML)) + +type tmplData struct { + SynologyUser string + Status string + DeviceName string + IP string +} + +var webCmd = &ffcli.Command{ + Name: "web", + ShortUsage: "web [flags]", + ShortHelp: "Run a web server for controlling Tailscale", + + FlagSet: (func() *flag.FlagSet { + webf := flag.NewFlagSet("web", flag.ExitOnError) + webf.StringVar(&webArgs.listen, "listen", "localhost:8088", "listen address; use port 0 for automatic") + webf.BoolVar(&webArgs.cgi, "cgi", false, "run as CGI script") + return webf + })(), + Exec: runWeb, +} + +var webArgs struct { + listen string + cgi bool +} + +func runWeb(ctx context.Context, args []string) error { + if len(args) > 0 { + log.Fatalf("too many non-flag arguments: %q", args) + } + + if webArgs.cgi { + return cgi.Serve(http.HandlerFunc(webHandler)) + } + return http.ListenAndServe(webArgs.listen, http.HandlerFunc(webHandler)) +} + +func auth() (string, error) { + if distro.Get() == distro.Synology { + cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi") + out, err := cmd.CombinedOutput() + if err != nil { + return "", fmt.Errorf("auth: %v: %s", err, out) + } + return string(out), nil + } + + return "", nil +} + +func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool { + if distro.Get() != distro.Synology { + return false + } + if r.Header.Get("X-Syno-Token") != "" { + return false + } + if r.URL.Query().Get("SynoToken") != "" { + return false + } + if r.Method == "POST" && r.FormValue("SynoToken") != "" { + return false + } + // We need a SynoToken for authenticate.cgi. + // So we tell the client to get one. + serverURL := r.URL.Scheme + "://" + r.URL.Host + fmt.Fprintf(w, synoTokenRedirectHTML, serverURL) + return true +} + +const synoTokenRedirectHTML = ` +Redirecting with session token... + + +` + +func webHandler(w http.ResponseWriter, r *http.Request) { + if synoTokenRedirect(w, r) { + return + } + + user, err := auth() + if err != nil { + http.Error(w, err.Error(), http.StatusForbidden) + return + } + + if r.Method == "POST" { + type mi map[string]interface{} + w.Header().Set("Content-Type", "application/json") + url, err := tailscaleUp(r.Context()) + if err != nil { + json.NewEncoder(w).Encode(mi{"error": err}) + return + } + json.NewEncoder(w).Encode(mi{"url": url}) + return + } + + st, err := tailscale.Status(r.Context()) + if err != nil { + http.Error(w, err.Error(), 500) + } + + data := tmplData{ + SynologyUser: user, + Status: st.BackendState, + DeviceName: st.Self.DNSName, + } + if len(st.TailscaleIPs) != 0 { + data.IP = st.TailscaleIPs[0].String() + } + + buf := new(bytes.Buffer) + if err := tmpl.Execute(buf, data); err != nil { + http.Error(w, err.Error(), 500) + return + } + w.Write(buf.Bytes()) +} + +// TODO(crawshaw): some of this is very similar to the code in 'tailscale up', can we share anything? +func tailscaleUp(ctx context.Context) (authURL string, retErr error) { + prefs := ipn.NewPrefs() + prefs.ControlURL = "https://login.tailscale.com" + prefs.WantRunning = true + prefs.CorpDNS = true + prefs.AllowSingleHosts = true + prefs.ForceDaemon = (runtime.GOOS == "windows") + + if distro.Get() == distro.Synology { + prefs.NetfilterMode = preftype.NetfilterOff + } + + c, bc, ctx, cancel := connect(ctx) + defer cancel() + + bc.SetPrefs(prefs) + + opts := ipn.Options{ + StateKey: ipn.GlobalDaemonStateKey, + Notify: func(n ipn.Notify) { + if n.ErrMessage != nil { + msg := *n.ErrMessage + if msg == ipn.ErrMsgPermissionDenied { + switch runtime.GOOS { + case "windows": + msg += " (Tailscale service in use by other user?)" + default: + msg += " (try 'sudo tailscale up [...]')" + } + } + retErr = fmt.Errorf("backend error: %v", msg) + cancel() + } else if url := n.BrowseToURL; url != nil { + authURL = *url + cancel() + } + }, + } + bc.Start(opts) + bc.StartLoginInteractive() + pump(ctx, bc, c) + + if authURL == "" && retErr == nil { + return "", fmt.Errorf("login failed with no backend error message") + } + return authURL, retErr +} diff --git a/cmd/tailscale/cli/web.html b/cmd/tailscale/cli/web.html new file mode 100644 index 000000000..99f54561f --- /dev/null +++ b/cmd/tailscale/cli/web.html @@ -0,0 +1,47 @@ + +Tailscale Client +

Tailscale

+
{{.SynologyUser}}
+ + + + +
Status:{{.Status}}
Device Name:{{.DeviceName}}
Tailscale IP:{{.IP}}
+ +

+ + + + + diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index 74ae1d54e..52bd2fefc 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -67,7 +67,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305+ golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+ golang.org/x/net/dns/dnsmessage from net - golang.org/x/net/http/httpguts from net/http + golang.org/x/net/http/httpguts from net/http+ golang.org/x/net/http/httpproxy from net/http golang.org/x/net/http2/hpack from net/http golang.org/x/net/idna from golang.org/x/net/http/httpguts+ @@ -115,6 +115,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep debug/elf from rsc.io/goversion/version debug/macho from rsc.io/goversion/version debug/pe from rsc.io/goversion/version + embed from tailscale.com/cmd/tailscale/cli encoding from encoding/json encoding/asn1 from crypto/x509+ encoding/base64 from encoding/json+ @@ -130,7 +131,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep hash/adler32 from compress/zlib hash/crc32 from compress/gzip+ hash/maphash from go4.org/mem - html from tailscale.com/ipn/ipnstate + html from tailscale.com/ipn/ipnstate+ + html/template from tailscale.com/cmd/tailscale/cli io from bufio+ io/fs from crypto/rand+ io/ioutil from golang.org/x/sys/cpu+ @@ -144,6 +146,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep mime/quotedprintable from mime/multipart net from crypto/tls+ net/http from expvar+ + net/http/cgi from tailscale.com/cmd/tailscale/cli net/http/httptrace from github.com/tcnksm/go-httpstat+ net/http/internal from net/http net/textproto from golang.org/x/net/http/httpguts+ @@ -154,7 +157,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep path from debug/dwarf+ path/filepath from crypto/x509+ reflect from crypto/x509+ - regexp from rsc.io/goversion/version + regexp from rsc.io/goversion/version+ regexp/syntax from regexp runtime/debug from golang.org/x/sync/singleflight sort from compress/flate+ @@ -164,6 +167,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep sync/atomic from context+ syscall from crypto/rand+ text/tabwriter from github.com/peterbourgon/ff/v2/ffcli+ + text/template from html/template + text/template/parse from html/template+ time from compress/gzip+ unicode from bytes+ unicode/utf16 from encoding/asn1+ diff --git a/cmd/tailscale/tailscale.go b/cmd/tailscale/tailscale.go index 39d8bf955..c69c86f64 100644 --- a/cmd/tailscale/tailscale.go +++ b/cmd/tailscale/tailscale.go @@ -9,12 +9,18 @@ package main // import "tailscale.com/cmd/tailscale" import ( "fmt" "os" + "path/filepath" + "strings" "tailscale.com/cmd/tailscale/cli" ) func main() { - if err := cli.Run(os.Args[1:]); err != nil { + args := os.Args[1:] + if name, _ := os.Executable(); strings.HasSuffix(filepath.Base(name), ".cgi") { + args = []string{"web", "-cgi"} + } + if err := cli.Run(args); err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) }