tailscale

Commit Graph

Author	SHA1	Message	Date
Maisem Ali	fb632036e3	cmd/k8s-operator: drop https:// in capName Add the new format but keep respecting the old one. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	6 months ago
Mario Minardi	4e012794fc	client/web: add metric logging when viewing local / remote node (#10555 ) Add metric logging for the case where a user is viewing a local or remote node. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Mario Minardi	763b9daa84	client/web: add visual indication for exit node pending approval (#10532 ) Add visual indication when running as an exit node prior to receiving admin approval. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com> Co-authored-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Will Norris	e9f203d747	client/web: open new window if iframed Previously, we were only breaking out of iframes when accessing the login client over a local IP address (where viewerIdentity is not set). We need to also handle the case where the user is accessing the login client over the Tailscale IP, and similarly break out of the iframe when logging into the management client. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
OSS Updater	501478dcdc	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Will Norris	970dc2a976	client/web: remove 'unsafe-inline' from CSP I seem to recall I needed this for things to work properly with the vite dev server, but that doesn't seem to be the case anymore? Everything seems to work fine without it. If we still have issues, we'll need to look into using a nonce or integrity attribute. Updates #10261 Fixes tailscale/corp#16266 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	c2fe123232	cmd/tailscaled: update ConfigureWebClient's UseSocketOnly value Previously were always setting `UseSocketOnly` because we were comparing `args.socketpath != ""`, but `args.socketpath` flag always gets filled with `paths.DefaultTailscaledSocket()` when not provided. Rather than comparing to the empty string, compare to the default value to determine if `UseSocketOnly` should be set. Should fix issue with web client being unreachable for Mac App Store variant of the mac build. Updates #16054 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Mario Minardi	109929d110	client/web: add endpoint for logging device detail click metric (#10505 ) Add an endpoint for logging the device detail click metric to allow for this metric to be logged without having a valid session which is the case when in readonly mode. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Andrew Lytvynov	d8493d4bd5	clientupdate: add explicit Track to Arguments (#10548 ) Instead of overloading the Version field, add an explicit Track field. This fixes a bug where passing a track name in `args.Version` would keep the track name in `updater.Version` and pass it down the code path to commands like `apt-get install`. Now, `updater.Version` should always be a version (or empty string). Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Irbe Krumina	1b1b6bb634	ALPINE.txt,Dockerfile{.base},build_docker.sh: bump alpine (#10543 ) Bump alpine base image version used to build tailscale/tailscale and tailscale/k8s-operator images 3.16 -> 3.18 Updates #cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	6 months ago
License Updater	bac0df6949	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	6 months ago
Will Norris	5a2e6a6f7d	client/web: use Home Assistant's X-Ingress-Path header When running on Home Assistant, use the X-Ingress-Path header to set the URLPrefix that is passed to the frontend. Also fix handling of errNotUsingTailscale in the auth handler (previously it falling through to a later case and returning a 500). Instead, it's just a terminal state with no auth needed. Also disable SSH on Home Assistant, since it causes problems on startup and doesn't make much sense anyway for that platform. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	a4c7b0574a	client/web: add confirmation dialogs Add confirmation dialogs for disconnecting and stopping advertisement of a subnet route. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Will Norris	69b56462fc	client/web: check content-type on PATCH requests Updates #10261 Fixes tailscale/corp#16267 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	c615fe2296	client/web: add security attributes on session cookie Limit cookies to HTTP requests (not accessible from javascript). Set SameSite to "Lax", which is similar to "Strict" but allows for cookies to be included in requests that come from offsite links. This will be necessary when we link to the web client from the admin console. Updates #10261 Fixes tailscale/corp#16265 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	261b6f1e9f	client/web: limit updates ui to unstable builds The updates view still needs a final design pass, limit to unstable track for now. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Will Norris	33de922d57	client/web: only enforce path prefix in CGI mode The client has changed a bit since we introduced the path prefix. It is now used for two things: - its original purpose, of ensuring that when the client is run in CGI mode at arbitrary paths, then relative paths for assets continue to work - we also now pass the path to the frontend and use wouter to manage routes for the various subpages of the client. When the client is run behind a reverse proxy (as it is in Home Assistant), it is common for the proxy to rewrite the request so that the backend application doesn't see the path it's being served at. In this case, we don't need to call enforcePrefix, since it's already stripped before it reaches us. However, wouter (or react router library) still sees the original path in the browser, and needs to know what part of it is the prefix that needs to be stripped off. We're handling this by now only calling enforcePrefix when run in CGI mode. For Home Assistant, or any other platform that runs the client behind a reverse proxy with a custom path, they will still need to pass the `-prefix` flag to `tailscale web`, but we will only use it for route handling in the frontend. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	c2319f0dfa	client/web: fix serveAPIAuth in Login mode In Login mode, must first run system auth. But once authorized, should be able to reach rest of auth logic to check whether the user can manage the node. This results in showing/hiding the sign in button in the frontend login toggle. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	7c172df791	client/web: fix 500 error after logout Calling DebugPacketFilterRules fails when the node is not logged in, which was causing 500 errors on the node data endpoint after logging the node out. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Adrian Dewhurst	86aa0485a6	ipn/ipnlocal, util/syspolicy: make run exit node a preference option Previously, the "RunExitNode" policy merely controlled the visibility of the "run as exit node" menu item, not the setting itself. This migrates that setting to a preference option named "AdvertiseExitNode". Updates ENG-2138 Change-Id: Ia6a125beb6b4563d380c6162637ce4088f1117a0 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Mario Minardi	21958d2934	client/web: add logging of device management type for web client (#10492 ) Add logging of device management type for the web client auth flow. Namely, this differentiates between viewing a node you do not own, viewing a local tagged node, viewing a remote tagged node, managing a local node, and managing a remote node. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Maisem Ali	7bdea283bd	cmd/containerboot: symlink TS_SOCKET to socket expected by CLI `tailscaled` and `tailscale` expect the socket to be at `/var/run/tailscale/tailscaled.sock`, however containerboot would set up the socket at `/tmp/tailscaled.sock`. This leads to a poor UX when users try to use any `tailscale` command as they have to prefix everything with `--socket /tmp/tailscaled.sock`. To improve the UX, this adds a symlink to `/var/run/tailscale/tailscaled.sock` to point to `/tmp/tailscaled.sock`. This approach has two benefits, 1 users are able to continue to use existing scripts without this being a breaking change. 2. users are able to use the `tailscale` CLI without having to add the `--socket` flag. Fixes tailscale/corp#15902 Fixes #6849 Fixes #10027 Signed-off-by: Maisem Ali <maisem@tailscale.com>	6 months ago
Sonia Appasamy	ddb4b51122	client/web: always run platform auth for login mode Even if connected to the login client over tailscale, still check platform auth so the browser can obtain the tokens it needs to make platform requests complete successfully. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Andrew Lytvynov	e25f114916	ipn,cmd/tailscale/cli: support hierarchical MaskedPrefs (#10507 ) Some fields if `ipn.Prefs` are structs. `ipn.MaskedPrefs` has a single level of boolean `*Set` flags, which doesn't map well to nested structs within `ipn.Prefs`. Change `MaskedPrefs` and `ApplyEdits` to support `FooSet` struct fields that map to a nested struct of `ipn.Prefs` like `AutoUpdates`. Each struct field in `MaskedPrefs` is just a bundle of more `Set` bool fields or other structs. This allows you to have a `Set` flag for any arbitrarily-nested field of `ipn.Prefs`. Also, make `ApplyEdits` match fields between `Prefs` and `MaskedPrefs` by name instead of order, to make it a bit less finicky. It's probably slower but `ipn.ApplyEdits` should not be in any hot path. As a result, `AutoUpdate.Check` and `AutoUpdate.Apply` fields don't clobber each other when set individually. Updates #16247 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Flakes Updater	2f01d5e3da	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	6 months ago
OSS Updater	6389322619	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Aaron Klotz	0f646937e9	clientupdate: remove TS_NOLAUNCH and GUI restart hacks from autoupdate We've fixed the underlying issue in github.com/tailscale/corp/issues/13998. Fixes #10513 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	6 months ago
Andrea Gottardo	646d17ac8d	util/syspolicy: rename client metric keys (#10516 ) Updates ENG-2513. Renames client metrics keys used on Windows for consistency with Apple platforms. Signed-off-by: Andrea Gottardo <andrea@tailscale.com>	6 months ago
Sonia Appasamy	d5d42d0293	client/web: small UI cleanups Updates: * Card component used throughout instead of custom card class * SSH toggle changed to non-editable text/status icon in readonly * Red error text on subnet route input when route post failed Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	e5e5ebda44	client/web: precompress assets Precompress webclient assets with precompress util. This cuts our css and js build sizes to about 1/3 of non-compressed size. Similar compression done on tsconnect and adminhttp assets. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	97f8577ad2	client/web: restructure api mutations into hook This commit makes some restructural changes to how we handle api posting from the web client frontend. Now that we're using SWR, we have less of a need for hooks like useNodeData that return a useSWR response alongside some mutation callbacks. SWR makes it easy to mutate throughout the UI without needing access to the original data state in order to reflect updates. So, we can fetch data without having to tie it to post callbacks that have to be passed around through components. In an effort to consolidate our posting endpoints, and make it easier to add more api handlers cleanly in the future, this change introduces a new `useAPI` hook that returns a single `api` callback that can make any changes from any component in the UI. The hook itself handles using SWR to mutate the relevant data keys, which get globally reflected throughout the UI. As a concurrent cleanup, node types are also moved to their own types.ts file, to consolidate data types across the app. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Andrew Dunham	9fd29f15c7	util/cache: add package for general-purpose caching This package allows caching arbitrary key/value pairs in-memory, along with an interface implemented by the cache types. Extracted from #7493 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ic8ca820927c456721cf324a0c8f3882a57752cc9	6 months ago
Adrian Dewhurst	f706a3abd0	ipn/ipnlocal, util/syspolicy: add auto update policy Due to the Sparkle preference naming convention, macsys already has a policy key named "ApplyUpdates" that merely shows or hides the menu item that controls if auto updates are installed, rather than directly controlling the setting. For other platforms, we are going to use "InstallUpdates" instead because it seemed better than the other options that were considered. Updates ENG-2127 Updates tailscale/corp#16247 Change-Id: Ia6a125beb6b4563d380c6162637ce4088f1117a0 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Sonia Appasamy	ef4f1e3a0b	client/web: add loading state to app Displays animated loading dots while initial auth and data endpoints are fetching. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Andrew Dunham	3f576fc4ca	ci: run 'go vet' in golangci-lint; fix errors in tests Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ice78fc907bad24c1de749a1595e212ef2db4b8bb	6 months ago
Mario Minardi	f5f21c213c	client/web: add additional web client metrics logging (#10462 ) Add additional web client metric logging. Namely, add logging events for auth / deauth, enable / disable using exit node, enable / disable SSH, enable / disable advertise routes, and click events on the device details button. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Naman Sood	97f84200ac	wgengine/router: implement UpdateMagicsockPort for CallbackRouter (#10494 ) Updates #9084. Signed-off-by: Naman Sood <mail@nsood.in>	6 months ago
Sonia Appasamy	95655405b8	client/web: start using swr for some fetching Adds swr to the web client, and starts by using it from the useNodeData hook. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	014ae98297	client/web: style tweaks Style changes made in live pairing session. Updates #10261 Co-authored-by: Will Norris <will@tailscale.com> Co-authored-by: Alessandro Mingione <alessandro@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Adrian Dewhurst	1a4d423328	ipn/ipnlocal: add additional syspolicy enforcement This adds support for enforcing exit node LAN access, DNS and subnet routes. Adding new preference policies was getting repetitive, so this turns some of the boilerplate into a table. Updates tailscale/corp#15585 Updates ENG-2240 Change-Id: Iabd3c42b0ae120b3145fac066c5caa7fc4d67824 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Sonia Appasamy	2731a9da36	client/web: fix exit node selector styling Remove padding on top of search bar, remove rounded corners of bottom border of earch bar, and add auto focus. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Adrian Dewhurst	af32d1c120	ipn/ipnlocal: better enforce system policies Previously, policies affected the default prefs for a new profile, but that does not affect existing profiles. This change ensures that policies are applied whenever preferences are loaded or changed, so a CLI or GUI client that does not respect the policies will still be overridden. Exit node IP is dropped from this PR as it was implemented elsewhere in #10172. Fixes tailscale/corp#15585 Change-Id: Ide4c3a4b00a64e43f506fa1fab70ef591407663f Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Sonia Appasamy	ac6f671c54	ipn/localapi: use clientupdate.CanAutoUpdate from serveUpdateCheck Fixes #10486 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	a54a4f757b	client/web: add licenses and policies links Adds a footer to the device details page that mirrors license and policy content on other Tailscale clients. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	cc6729a0bc	.github/workflows: add webclient workflow Add workflow to run yarn lint/test/format-check against the web client on pull requests. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Mario Minardi	4a24db852a	client/web: use IPv4 instead of IP in login view (#10483 ) The IP property in node data was renamed to IPv4 but refactoring the usage of the property was missed in this file. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Denton Gentry	137e9f4c46	net/portmap: add test of Mikrotik Root Desc XML. Unfortunately in the test we can't reproduce the failure seen in the real system ("SOAP fault: UPnPError") Updates https://github.com/tailscale/tailscale/issues/8364 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	6 months ago
Naman Sood	d46a4eced5	util/linuxfw, wgengine: allow ingress to magicsock UDP port on Linux (#10370 ) * util/linuxfw, wgengine: allow ingress to magicsock UDP port on Linux Updates #9084. Currently, we have to tell users to manually open UDP ports on Linux when certain firewalls (like ufw) are enabled. This change automates the process of adding and updating those firewall rules as magicsock changes what port it listens on. Signed-off-by: Naman Sood <mail@nsood.in>	6 months ago
Andrew Lytvynov	aad5fb28b1	go.toolchain.rev: bump to 1.21.5 (#10475 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Claire Wang	47db67fef5	util/syspolicy: add policy counters (#10471 ) Fixes tailscale/corp#16138 Signed-off-by: Claire Wang <claire@tailscale.com>	6 months ago

... 2 3 4 5 6 ...

7079 Commits (13f8a669d5cd3bd2af39c693f4878ecbbb4d56d1) All Branches Search

7079 Commits (13f8a669d5cd3bd2af39c693f4878ecbbb4d56d1)

All Branches