tailscale

Commit Graph

Author	SHA1	Message	Date
Sonia Appasamy	bd534b971a	{client/web},{ipn/ipnlocal}: replace localapi debug-web-client endpoint This change removes the existing debug-web-client localapi endpoint and replaces it with functions passed directly to the web.ServerOpts when constructing a web.ManageServerMode client. The debug-web-client endpoint previously handled making noise requests to the control server via the /machine/webclient/ endpoints. The noise requests must be made from tailscaled, which has the noise connection open. But, now that the full client is served from tailscaled, we no longer need to proxy this request over the localapi. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	7238586652	client/web: fix margins on login popover Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	4f409012c5	client/web: when readonly, add check for TS connection When the viewing user is accessing a webclient not over Tailscale, they must connect over Tailscale before being able to log into the full management client, which is served over TS. This change adds a check that the user is able to access the node's tailscale IP. If not able to, the signin button is disabled. We'll also be adding Copy here to help explain to the user that they must connect to Tailscale before proceeding. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Will Norris	d01fa857b1	client/web: allow login client to still run tailscale up I don't believe this has ever worked, since we didn't allow POST requests in the login client. But previously, we were primarily using the legacy client, so it didn't really matter. Now that we've removed the legacy client, we have no way to login. This fixes the login client, allowing it to login, but it still needs to be refactored to expose a dedicated login method, without exposing all the node update functionality. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Sonia Appasamy	96ad9b6138	client/web: remove legacy-client-view.tsx Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	2dbd546766	client/web: remove DebugMode from GET /api/data No longer using this! Readonly state fully managed via auth endpoint. Also getting rid of old Legacy server mode. A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Naman Sood	d5c460e83c	client/{tailscale,web}: add initial webUI frontend for self-updates (#10191 ) Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in>	7 months ago
Will Norris	03e780e9af	client/web: disable the "disable" button when disabled We currently disable the exit-node drop down selector when the user is in read-only mode, but we missed disabling the "Disable" button also. Previously, it would display an error when clicked. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Will Norris	60957e1077	client/web: fix back button on devices with URL prefix Move Header component inside Router so that links are relative to the router base URL. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	fb984c2b71	client/web: server /index.html on 404 requests In production, the asset handler is receiving requests for pages like /details, which results in a 404. Instead, if we know the requested file does not exist, serve the main index page and let wouter route it appropriately on the frontend. Updates tailscale/corp/#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	74947ce459	client/web: only trigger check mode if not authed After logging in, the `?check=now` query string is still present if it was passed. Reloading the page causes a new check mode to be triggered, even though the user has an active session. Only trigger the automatic check mode if the user is not already able to manage the device. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	7c99a1763b	client/web: fix panic on logout Fix panic due to `CurrentTailnet` being nil. Fixes tailscale/corp#15791 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	c9bfb7c683	client/web: add Tailscale SSH view Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	86c8ab7502	client/web: add readonly/manage toggle Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	8 months ago
Sonia Appasamy	d544e80fc1	client/web: populate device details view Fills /details page with real values, passed back from the /data endpoint. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	623f669239	client/web: pass URL prefix to frontend This allows wouter to route URLs properly when running in CGI mode. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	0753ad6cf8	client/web: move useNodeData out of App component Only loading data once auth request has completed. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	5e095ddc20	client/web: add initial framework for exit node selector Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	de2af54ffc	client/web: pipe newSession through to readonly view Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	d73e923b73	client/web: add device details view Initial addition of device details view on the frontend. A little more backend piping work to come to fill all of the detail fields, for now using placeholders. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	3e9026efda	client/web: show manage button in readonly view We render the readonly view in two situations: - the client is in login mode, and the device is connected - the client is in manage mode, but the user does not yet have a session If the user is not authenticated, and they are not currently on the Tailscale IP address, render a "Manage" button that will take them to the Tailcale IP of the device and immediately start check mode. Still to do is detecting if they have connectivity to the Tailscale IP, and disabling the button if not. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	3269b36bd0	client/web: fix hotreload proxy Previously had HMR websocket set to run from a different port than the http proxy server. This was an old setting carried over from the corp repo admin panel config. It's messing with hot reloads when run from the tailscaled web client, as it keeps causing the full page to refresh each time a connection is made. Switching back to the default config here fixes things. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	7df2c5d6b1	client/web: add route management for ui pages Using wouter, a lightweight React routing library. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	f2a4c4fa55	client/web: build out client home page Hooks up more of the home page UI. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Matt Layher	1a1e0f460a	client/tailscale: remove redundant error check Signed-off-by: Matt Layher <mdlayher@gmail.com>	8 months ago
Will Norris	e537d304ef	client/web: relax CSP restrictions for manage client Don't return CSP headers in dev mode, since that includes a bunch of extra things like the vite server. Allow images from any source, which is needed to load user profile images. Allow 'unsafe-inline' for various inline scripts and style react uses. We can eliminate this by using CSP nonce or hash values, but we'll need to look into the best way to handle that. There appear to be several react plugins for this, but I haven't evaluated any of them. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	a05ab9f3bc	client/web: check r.Host rather than r.URL.Host r.URL.Host is not typically populated on server requests. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	6b956b49e0	client/web: add some security checks for full client Require that requests to servers in manage mode are made to the Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various security headers on those responses. These might be too restrictive, but we can relax them as needed. Allow requests to /ok (even in manage mode) with no checks. This will be used for the connectivity check from a login client to see if the management client is reachable. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	e5dcf7bdde	client/web: move auth session creation out of /api/auth Splits auth session creation into two new endpoints: /api/auth/session/new - to request a new auth session /api/auth/session/wait - to block until user has completed auth url Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	0ecfc1d5c3	client/web: fill devMode from an env var Avoids the need to pipe a web client dev flag through the tailscaled command. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	191e2ce719	client/web: add ServerMode to web.Server Adds a new Mode to the web server, indicating the specific scenario the constructed server is intended to be run in. Also starts filling this from the cli/web and ipn/ipnlocal callers. From cli/web this gets filled conditionally based on whether the preview web client node cap is set. If not set, the existing "legacy" client is served. If set, both a login/lobby and full management client are started (in "login" and "manage" modes respectively). Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	4ce4bb6271	client/web: limit authorization checks to API calls This completes the migration to setting up authentication state in the client first before fetching any node data or rendering the client view. Notable changes: - `authorizeRequest` is now only enforced on `/api/*` calls (with the exception of /api/auth, which is handled early because it's needed to initially setup auth, particularly for synology) - re-separate the App and WebClient components to ensure that auth is completed before moving on - refactor platform auth (synology and QNAP) to fit into this new structure. Synology no longer returns redirect for auth, but returns authResponse instructing the client to fetch a SynoToken Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	7a725bb4f0	client/web: move more session logic to auth.go Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
dependabot[bot]	f2bc54ba15	build(deps-dev): bump postcss from 8.4.27 to 8.4.31 in /client/web Bumps [postcss](https://github.com/postcss/postcss) from 8.4.27 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.27...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
dependabot[bot]	6cc81a6d3e	build(deps): bump get-func-name from 2.0.0 to 2.0.2 in /client/web Bumps [get-func-name](https://github.com/chaijs/get-func-name) from 2.0.0 to 2.0.2. - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) --- updated-dependencies: - dependency-name: get-func-name dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
dependabot[bot]	80fc32588c	build(deps): bump @babel/traverse from 7.22.10 to 7.23.2 in /client/web Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.10 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
Will Norris	e5fbe57908	web/client: update synology token from /api/auth call When the /api/auth response indicates that synology auth is needed, fetch the SynoToken and store it for future API calls. This doesn't yet update the server-side code to set the new SynoAuth field. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	237c6c44cd	client/web: call /api/auth before rendering any client views For now this is effectively a noop, since only the ManagementClientView uses the auth data. That will change soon. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	32ebc03591	client/web: move session logic to auth.go Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	6f214dec48	client/web: split out UI components This commit makes the following structural changes to the web client interface. No user-visible changes. 1. Splits login, legacy, readonly, and full management clients into their own components, and pulls them out into their own view files. 2. Renders the same Login component for all scenarios when the client is not logged in, regardless of legacy or debug mode. Styling comes from the existing legacy login, which is removed from legacy.tsx now that it is shared. 3. Adds a ui folder to hold non-Tailscale-specific components, starting with ProfilePic, previously housed in app.tsx. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	89953b015b	ipn/ipnlocal,client/web: add web client to tailscaled Allows for serving the web interface from tailscaled, with the ability to start and stop the server via localapi endpoints (/web/start and /web/stop). This will be used to run the new full management web client, which will only be accessible over Tailscale (with an extra auth check step over noise) from the daemon. This switch also allows us to run the web interface as a long-lived service in environments where the CLI version is restricted to CGI, allowing us to manage certain auth state in memory. ipn/ipnlocal/web is stubbed out in ipn/ipnlocal/web_stub for ios builds to satisfy ios restriction from adding "text/template" and "html/template" dependencies. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	93aa8a8cff	client/web: allow providing logger implementation Also report metrics in separate go routine with a 5 second timeout. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	d79e0fde9c	client/web: split errTaggedSelf resp from getTailscaleBrowserSession Previously returned errTaggedSource in the case that of any tagged source. Now distinguishing whether the source was local or remote. We'll be presenting the two cases with varying copy on the frontend. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	e0a4a02b35	client/web: pipe Server.timeNow() through session funcs Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	62d08d26b6	client/web: set Server.cgiMode field Updates tailscale/corp#15373 Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Co-authored-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	68da15516f	ipn/localapi,client/web: clean up auth error handling This commit makes two changes to the web client auth flow error handling: 1. Properly passes back the error code from the noise request from the localapi. Previously we were using io.Copy, which was always setting a 200 response status code. 2. Clean up web client browser sessions on any /wait endpoint error. This avoids the user getting in a stuck state if something goes wrong with their auth path. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	1df2d14c8f	client/web: use auth ID in browser sessions Stores ID from tailcfg.WebClientAuthResponse in browser session data, and uses ID to hit control server /wait endpoint. No longer need the control url cached, so removed that from Server. Also added optional timeNow field, initially to manage time from tests. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	73bbf941f8	client/web: hook up auth flow Connects serveTailscaleAuth to the localapi webclient endpoint and pipes auth URLs and session cookies back to the browser to redirect users from the frontend. All behind debug flags for now. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	851536044a	client/web: add tests for authorizeRequest Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago

1 2 3 4 5

226 Commits (kradalby-keys-db-interface)