From ffd81678d941d72cd508f08aa771fce180f4c5c7 Mon Sep 17 00:00:00 2001 From: Will Norris Date: Mon, 3 Jun 2024 12:14:50 -0700 Subject: [PATCH] set correct tailnet name in authentication provider The MagicDNS suffix is what we now refer to as the "Tailnet Name": https://tailscale.com/kb/1217/tailnet-name. This code was previously using what we now call the org name, which used to be embedded in the MagicDNS name before we used ts.net cert domains. Also add tailnet name to the output in the proxyauth example config. Fixes #29 Signed-off-by: Will Norris --- auth.go | 5 +---- examples/proxyauth.caddyfile | 4 +++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/auth.go b/auth.go index d6270ed..976d061 100644 --- a/auth.go +++ b/auth.go @@ -98,10 +98,7 @@ func (ta Auth) Authenticate(w http.ResponseWriter, r *http.Request) (caddyauth.U var tailnet string if !info.Node.Hostinfo.ShareeNode() { if s, found := strings.CutPrefix(info.Node.Name, info.Node.ComputedName+"."); found { - // TODO(will): Update this for current ts.net magicdns hostnames. - if s, found := strings.CutSuffix(s, ".beta.tailscale.net."); found { - tailnet = s - } + tailnet = strings.TrimSuffix(s, ".") } } diff --git a/examples/proxyauth.caddyfile b/examples/proxyauth.caddyfile index 5f53622..82cbbbb 100644 --- a/examples/proxyauth.caddyfile +++ b/examples/proxyauth.caddyfile @@ -25,6 +25,7 @@ tailscale_auth reverse_proxy localhost:3333 { header_up X-Webauth-User {http.auth.user.tailscale_login} + header_up X-Tailscale-Tailnet {http.auth.user.tailscale_tailnet} } } @@ -37,6 +38,7 @@ tailscale_auth reverse_proxy localhost:3333 { header_up X-Webauth-User {http.auth.user.tailscale_login} + header_up X-Tailscale-Tailnet {http.auth.user.tailscale_tailnet} } } @@ -47,5 +49,5 @@ # But for an actual application, this could immediately log the user in. :3333 { templates - respond `Hello, {{.Req.Header.Get "X-Webauth-User"}}` + respond `Hello, {{.Req.Header.Get "X-Webauth-User"}} from {{.Req.Header.Get "X-Tailscale-Tailnet"}}` }