headscale/hscontrol
Kristoffer Dalby 622e08f5e6
Some checks are pending
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Check Generated Files / check-generated (push) Waiting to run
Build (main) / container (push) Waiting to run
Build (main) / binaries (amd64, darwin) (push) Waiting to run
Build (main) / binaries (amd64, linux) (push) Waiting to run
Build (main) / binaries (arm64, darwin) (push) Waiting to run
Build (main) / binaries (arm64, linux) (push) Waiting to run
Nix Flake Checks / build (push) Waiting to run
Nix Flake Checks / gotest (push) Waiting to run
Nix Flake Checks / golangci-lint (push) Waiting to run
Nix Flake Checks / formatting (push) Waiting to run
NixOS Module Tests / nix-module-check (push) Waiting to run
Server Tests / servertest (push) Waiting to run
oidc: harden callback CSRF cookies, state reuse, and issuer config
Defence-in-depth fixes to the OIDC login flow.

Set the state/nonce cookie Secure flag from the configured server_url
scheme rather than req.TLS, so the cookies stay Secure behind a
TLS-terminating reverse proxy where the proxy-to-Headscale hop is plain
HTTP. Deriving it from config avoids trusting a spoofable
X-Forwarded-Proto header.

Make the OIDC state single-use: consume it from the cache on the
callback and clear the state/nonce cookies once validated, so a replayed
callback cannot resolve the same session and the cookies do not linger
until expiry.

Bound OIDC discovery to the caller's context so a slow or unreachable
issuer fails startup within the timeout instead of hanging, and validate
the issuer URL and required client_id/client_secret at config load so an
unworkable setup fails fast.
2026-06-26 09:18:06 +02:00
..
api hscontrol, integration: test OAuth scope enforcement and the oauth-clients CLI 2026-06-26 09:18:06 +02:00
assets assets: fix logo alignment and error icon centering 2026-04-13 17:23:47 +01:00
capver all: adopt slices helpers 2026-06-17 16:12:19 +02:00
db hscontrol: add the OAuth client and access-token model 2026-06-26 09:18:06 +02:00
derp all: fix full-tree golangci-lint findings 2026-06-20 21:08:01 +02:00
dns dns, change, noise, auth, capver: misc consolidation 2026-06-17 16:12:19 +02:00
mapper all: fix full-tree golangci-lint findings 2026-06-20 21:08:01 +02:00
policy hscontrol: add the OAuth client and access-token model 2026-06-26 09:18:06 +02:00
scope api/v2: add OAuth client-credentials auth and scope enforcement 2026-06-26 09:18:06 +02:00
servertest hscontrol, integration: test OAuth scope enforcement and the oauth-clients CLI 2026-06-26 09:18:06 +02:00
state hscontrol: add the OAuth client and access-token model 2026-06-26 09:18:06 +02:00
templates templates: consolidate shared page and component helpers 2026-06-17 16:12:19 +02:00
testdata/apiv1_golden test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
types oidc: harden callback CSRF cookies, state reuse, and issuer config 2026-06-26 09:18:06 +02:00
util all: fix full-tree golangci-lint findings 2026-06-20 21:08:01 +02:00
apiv1_apikeys_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_auth_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_authmw_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_client_test.go gen/client/v1: add the generated HTTP client 2026-06-19 15:21:00 +02:00
apiv1_harness_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_health_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_nodes_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_policy_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_preauthkeys_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv1_socket_test.go gen/client/v1: add the generated HTTP client 2026-06-19 15:21:00 +02:00
apiv1_users_test.go test: add golden parity tests for the v1 API 2026-06-19 15:21:00 +02:00
apiv2_acl_test.go hscontrol: add v2 API contract tests 2026-06-21 04:17:03 +02:00
apiv2_devices_test.go hscontrol: add v2 API contract tests 2026-06-21 04:17:03 +02:00
apiv2_keys_test.go api/v2: add OAuth client-credentials auth and scope enforcement 2026-06-26 09:18:06 +02:00
apiv2_oauth_matrix_test.go hscontrol, integration: test OAuth scope enforcement and the oauth-clients CLI 2026-06-26 09:18:06 +02:00
apiv2_oauth_test.go hscontrol, integration: test OAuth scope enforcement and the oauth-clients CLI 2026-06-26 09:18:06 +02:00
apiv2_settings_test.go hscontrol: collapse key and settings asserts into cmp.Diff 2026-06-24 18:41:06 +02:00
apiv2_users_test.go hscontrol: contract-test the v2 users endpoint 2026-06-24 18:41:06 +02:00
app.go hscontrol, cli: serve the v2 API on the local socket and add the oauth-clients command 2026-06-26 09:18:06 +02:00
app_test.go app: add security headers middleware 2026-04-17 16:31:49 +01:00
auth.go dns, change, noise, auth, capver: misc consolidation 2026-06-17 16:12:19 +02:00
auth_tags_test.go hscontrol: remove the proto, gRPC and grpc-gateway stack 2026-06-19 15:21:00 +02:00
auth_test.go state: return all nodes for a machine key, reject ambiguous ownership 2026-06-15 20:29:15 +02:00
debug.go all: adopt slices helpers 2026-06-17 16:12:19 +02:00
handlers.go handlers: set verify Content-Type before writing the body 2026-06-17 16:12:19 +02:00
handlers_test.go handlers: set verify Content-Type before writing the body 2026-06-17 16:12:19 +02:00
metrics.go metrics, policy/v2: drop unused scaffolding + nil-error returns 2026-05-19 09:55:22 +02:00
noise.go dns, change, noise, auth, capver: misc consolidation 2026-06-17 16:12:19 +02:00
noise_test.go noise: re-delegate SSH check when the auth session is missing (#3306) 2026-06-10 11:48:02 +02:00
oidc.go oidc: harden callback CSRF cookies, state reuse, and issuer config 2026-06-26 09:18:06 +02:00
oidc_confirm_test.go all: annotate gosec false positives with rationale 2026-05-19 09:55:22 +02:00
oidc_cookiename_test.go oidc: avoid slice panic in getCookieName for short values 2026-06-08 10:04:49 +02:00
oidc_template_test.go oidc: render HTML error pages for browser-facing failures 2026-04-13 17:23:47 +01:00
oidc_test.go oidc: harden callback CSRF cookies, state reuse, and issuer config 2026-06-26 09:18:06 +02:00
platform_config.go hscontrol: consolidate debug-endpoint and template helpers 2026-06-17 16:12:19 +02:00
platform_config_test.go hscontrol: read Apple platform via chi.URLParam, not mux.Vars 2026-06-05 15:00:59 +02:00
poll.go state, poll: refcount poll sessions, mark offline only on last release 2026-06-11 16:28:25 +02:00
poll_test.go all: apply godoc [Name] link conventions across comments 2026-05-19 09:55:22 +02:00
realip.go all: adopt slices helpers 2026-06-17 16:12:19 +02:00
realip_test.go hscontrol: gate proxy header trust on trusted_proxies 2026-05-18 17:17:55 +02:00
tailsql.go policy, mapper, capver, hscontrol: remove dead code 2026-06-17 16:12:19 +02:00
templates_consistency_test.go Update links to Tailscale documentation 2026-04-18 09:33:41 +02:00