tailscale

Commit Graph

Author	SHA1	Message	Date
Sonia Appasamy	7aa981ba49	client/web: remove duplicate WhoIs call Fixes a TODO in web.authorizeRequest. `getSession` calls `WhoIs` already. Call `getSession` earlier in `authorizeRequest` so we can avoid the duplicate `WhoIs` check on the same request. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Will Norris	26db9775f8	client/web: skip check mode for non-tailscale.com control servers (#10413 ) client/web: skip check mode for non-tailscale.com control servers Only enforce check mode if the control server URL ends in ".tailscale.com". This allows the web client to be used with headscale (or other) control servers while we work with the project to add check mode support (tracked in juanfont/headscale#1623). Updates #10261 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Sonia Appasamy	ab0e25beaa	client/web: fix Vite dev server build error `6e30c9d1f` added eslint to the web client. As a part of that change, the existing yarn.lock file was removed and yarn install run to build with a clean yarn dependencies set with latest versions. This caused a change in the "vite-plugin-rewrite-all" package that fails at build time with our existing vite config. This is a known bug with some suggested fixes: https://vitejs.dev/guide/troubleshooting.html#this-package-is-esm-only Rather than editing our package.json type, this commit reverts back the yarn.lock file to it's contents at the commit just before `6e30c9d1f` and then only runs yarn install to add the new eslint packages, rather than installing the latest versions of all packages. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	6e30c9d1fe	client/web: add eslint Add eslint to require stricter typescript rules, particularly around required hook dependencies. This commit also updates any files that were now throwing errors with eslint. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	5f40b8a0bc	scripts/check_license_headers: enforce license on ts/tsx files Enforcing inclusion of our OSS license at the top of .ts and .tsx files. Also updates any relevant files in the repo that were previously missing the license comment. An additional `@license` comment is added to client/web/src/index.tsx to preserve the license in generated Javascript. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	b247435d66	client/web: scroll exit node dropdown to top on search When search input changes, reset the scroll to the top of the dropdown list. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Will Norris	42dc843a87	client/web: add advanced login options This adds an expandable section of the login view to allow users to specify an auth key and an alternate control URL. Input and Collapsible components and accompanying styles were brought over from the adminpanel. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	38ea8f8c9c	client/web: add Inter font Adds Inter font and uses it as the default for the web UI. Creates a new /assets folder to house the /fonts, and moves /icons to live here too. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	e75be017e4	client/web: add exit node selector Add exit node selector (in full management client only) that allows for advertising as an exit node, or selecting another exit node on the Tailnet for use. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	f880c77df0	client/web: split login from nodeUpdate This creates a new /api/up endpoint which is exposed in the login client, and is solely focused on logging in. Login has been removed from the nodeUpdate endpoint. This also adds support in the LoginClientView for a stopped node that just needs to reconnect, but not necessarily reauthenticate. This follows the same pattern in `tailscale up` of just setting the WantRunning user pref. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	980f1f28ce	client/web: hide unimplemented links Hiding links to unimplemented settings pages. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	bd534b971a	{client/web},{ipn/ipnlocal}: replace localapi debug-web-client endpoint This change removes the existing debug-web-client localapi endpoint and replaces it with functions passed directly to the web.ServerOpts when constructing a web.ManageServerMode client. The debug-web-client endpoint previously handled making noise requests to the control server via the /machine/webclient/ endpoints. The noise requests must be made from tailscaled, which has the noise connection open. But, now that the full client is served from tailscaled, we no longer need to proxy this request over the localapi. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	7238586652	client/web: fix margins on login popover Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	4f409012c5	client/web: when readonly, add check for TS connection When the viewing user is accessing a webclient not over Tailscale, they must connect over Tailscale before being able to log into the full management client, which is served over TS. This change adds a check that the user is able to access the node's tailscale IP. If not able to, the signin button is disabled. We'll also be adding Copy here to help explain to the user that they must connect to Tailscale before proceeding. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	d01fa857b1	client/web: allow login client to still run tailscale up I don't believe this has ever worked, since we didn't allow POST requests in the login client. But previously, we were primarily using the legacy client, so it didn't really matter. Now that we've removed the legacy client, we have no way to login. This fixes the login client, allowing it to login, but it still needs to be refactored to expose a dedicated login method, without exposing all the node update functionality. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	96ad9b6138	client/web: remove legacy-client-view.tsx Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	2dbd546766	client/web: remove DebugMode from GET /api/data No longer using this! Readonly state fully managed via auth endpoint. Also getting rid of old Legacy server mode. A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Naman Sood	d5c460e83c	client/{tailscale,web}: add initial webUI frontend for self-updates (#10191 ) Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in>	8 months ago
Will Norris	03e780e9af	client/web: disable the "disable" button when disabled We currently disable the exit-node drop down selector when the user is in read-only mode, but we missed disabling the "Disable" button also. Previously, it would display an error when clicked. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	60957e1077	client/web: fix back button on devices with URL prefix Move Header component inside Router so that links are relative to the router base URL. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	fb984c2b71	client/web: server /index.html on 404 requests In production, the asset handler is receiving requests for pages like /details, which results in a 404. Instead, if we know the requested file does not exist, serve the main index page and let wouter route it appropriately on the frontend. Updates tailscale/corp/#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	74947ce459	client/web: only trigger check mode if not authed After logging in, the `?check=now` query string is still present if it was passed. Reloading the page causes a new check mode to be triggered, even though the user has an active session. Only trigger the automatic check mode if the user is not already able to manage the device. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	7c99a1763b	client/web: fix panic on logout Fix panic due to `CurrentTailnet` being nil. Fixes tailscale/corp#15791 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	c9bfb7c683	client/web: add Tailscale SSH view Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	86c8ab7502	client/web: add readonly/manage toggle Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	8 months ago
Sonia Appasamy	d544e80fc1	client/web: populate device details view Fills /details page with real values, passed back from the /data endpoint. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	623f669239	client/web: pass URL prefix to frontend This allows wouter to route URLs properly when running in CGI mode. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	0753ad6cf8	client/web: move useNodeData out of App component Only loading data once auth request has completed. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	5e095ddc20	client/web: add initial framework for exit node selector Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	de2af54ffc	client/web: pipe newSession through to readonly view Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	d73e923b73	client/web: add device details view Initial addition of device details view on the frontend. A little more backend piping work to come to fill all of the detail fields, for now using placeholders. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	3e9026efda	client/web: show manage button in readonly view We render the readonly view in two situations: - the client is in login mode, and the device is connected - the client is in manage mode, but the user does not yet have a session If the user is not authenticated, and they are not currently on the Tailscale IP address, render a "Manage" button that will take them to the Tailcale IP of the device and immediately start check mode. Still to do is detecting if they have connectivity to the Tailscale IP, and disabling the button if not. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	3269b36bd0	client/web: fix hotreload proxy Previously had HMR websocket set to run from a different port than the http proxy server. This was an old setting carried over from the corp repo admin panel config. It's messing with hot reloads when run from the tailscaled web client, as it keeps causing the full page to refresh each time a connection is made. Switching back to the default config here fixes things. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	7df2c5d6b1	client/web: add route management for ui pages Using wouter, a lightweight React routing library. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	f2a4c4fa55	client/web: build out client home page Hooks up more of the home page UI. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Matt Layher	1a1e0f460a	client/tailscale: remove redundant error check Signed-off-by: Matt Layher <mdlayher@gmail.com>	8 months ago
Will Norris	e537d304ef	client/web: relax CSP restrictions for manage client Don't return CSP headers in dev mode, since that includes a bunch of extra things like the vite server. Allow images from any source, which is needed to load user profile images. Allow 'unsafe-inline' for various inline scripts and style react uses. We can eliminate this by using CSP nonce or hash values, but we'll need to look into the best way to handle that. There appear to be several react plugins for this, but I haven't evaluated any of them. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	a05ab9f3bc	client/web: check r.Host rather than r.URL.Host r.URL.Host is not typically populated on server requests. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	6b956b49e0	client/web: add some security checks for full client Require that requests to servers in manage mode are made to the Tailscale IP (either ipv4 or ipv6) or quad-100. Also set various security headers on those responses. These might be too restrictive, but we can relax them as needed. Allow requests to /ok (even in manage mode) with no checks. This will be used for the connectivity check from a login client to see if the management client is reachable. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	e5dcf7bdde	client/web: move auth session creation out of /api/auth Splits auth session creation into two new endpoints: /api/auth/session/new - to request a new auth session /api/auth/session/wait - to block until user has completed auth url Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	0ecfc1d5c3	client/web: fill devMode from an env var Avoids the need to pipe a web client dev flag through the tailscaled command. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	191e2ce719	client/web: add ServerMode to web.Server Adds a new Mode to the web server, indicating the specific scenario the constructed server is intended to be run in. Also starts filling this from the cli/web and ipn/ipnlocal callers. From cli/web this gets filled conditionally based on whether the preview web client node cap is set. If not set, the existing "legacy" client is served. If set, both a login/lobby and full management client are started (in "login" and "manage" modes respectively). Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	4ce4bb6271	client/web: limit authorization checks to API calls This completes the migration to setting up authentication state in the client first before fetching any node data or rendering the client view. Notable changes: - `authorizeRequest` is now only enforced on `/api/*` calls (with the exception of /api/auth, which is handled early because it's needed to initially setup auth, particularly for synology) - re-separate the App and WebClient components to ensure that auth is completed before moving on - refactor platform auth (synology and QNAP) to fit into this new structure. Synology no longer returns redirect for auth, but returns authResponse instructing the client to fetch a SynoToken Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	7a725bb4f0	client/web: move more session logic to auth.go Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
dependabot[bot]	f2bc54ba15	build(deps-dev): bump postcss from 8.4.27 to 8.4.31 in /client/web Bumps [postcss](https://github.com/postcss/postcss) from 8.4.27 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.27...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
dependabot[bot]	6cc81a6d3e	build(deps): bump get-func-name from 2.0.0 to 2.0.2 in /client/web Bumps [get-func-name](https://github.com/chaijs/get-func-name) from 2.0.0 to 2.0.2. - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) --- updated-dependencies: - dependency-name: get-func-name dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
dependabot[bot]	80fc32588c	build(deps): bump @babel/traverse from 7.22.10 to 7.23.2 in /client/web Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.10 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	8 months ago
Will Norris	e5fbe57908	web/client: update synology token from /api/auth call When the /api/auth response indicates that synology auth is needed, fetch the SynoToken and store it for future API calls. This doesn't yet update the server-side code to set the new SynoAuth field. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	237c6c44cd	client/web: call /api/auth before rendering any client views For now this is effectively a noop, since only the ManagementClientView uses the auth data. That will change soon. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago

1 2 3 4 5

237 Commits (7aa981ba4987aa389396b4096b7a9fa990cdab1a)