cmd/tailscale: add web subcommand

Used as an app frontend UI on Synology.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
This commit is contained in:
David Crawshaw 2021-03-25 08:21:31 -07:00
parent 35596ae5ce
commit e4d17d074f
5 changed files with 275 additions and 4 deletions

View File

@ -68,6 +68,7 @@ change in the future.
statusCmd,
pingCmd,
versionCmd,
webCmd,
},
FlagSet: rootfs,
Exec: func(context.Context, []string) error { return flag.ErrHelp },

212
cmd/tailscale/cli/web.go Normal file
View File

@ -0,0 +1,212 @@
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package cli
import (
"bytes"
"context"
_ "embed"
"encoding/json"
"flag"
"fmt"
"html/template"
"log"
"net/http"
"net/http/cgi"
"os/exec"
"runtime"
"github.com/peterbourgon/ff/v2/ffcli"
"tailscale.com/client/tailscale"
"tailscale.com/ipn"
"tailscale.com/types/preftype"
"tailscale.com/version/distro"
)
//go:embed web.html
var webHTML string
var tmpl = template.Must(template.New("html").Parse(webHTML))
type tmplData struct {
SynologyUser string
Status string
DeviceName string
IP string
}
var webCmd = &ffcli.Command{
Name: "web",
ShortUsage: "web [flags]",
ShortHelp: "Run a web server for controlling Tailscale",
FlagSet: (func() *flag.FlagSet {
webf := flag.NewFlagSet("web", flag.ExitOnError)
webf.StringVar(&webArgs.listen, "listen", "localhost:8088", "listen address; use port 0 for automatic")
webf.BoolVar(&webArgs.cgi, "cgi", false, "run as CGI script")
return webf
})(),
Exec: runWeb,
}
var webArgs struct {
listen string
cgi bool
}
func runWeb(ctx context.Context, args []string) error {
if len(args) > 0 {
log.Fatalf("too many non-flag arguments: %q", args)
}
if webArgs.cgi {
return cgi.Serve(http.HandlerFunc(webHandler))
}
return http.ListenAndServe(webArgs.listen, http.HandlerFunc(webHandler))
}
func auth() (string, error) {
if distro.Get() == distro.Synology {
cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
out, err := cmd.CombinedOutput()
if err != nil {
return "", fmt.Errorf("auth: %v: %s", err, out)
}
return string(out), nil
}
return "", nil
}
func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
if distro.Get() != distro.Synology {
return false
}
if r.Header.Get("X-Syno-Token") != "" {
return false
}
if r.URL.Query().Get("SynoToken") != "" {
return false
}
if r.Method == "POST" && r.FormValue("SynoToken") != "" {
return false
}
// We need a SynoToken for authenticate.cgi.
// So we tell the client to get one.
serverURL := r.URL.Scheme + "://" + r.URL.Host
fmt.Fprintf(w, synoTokenRedirectHTML, serverURL)
return true
}
const synoTokenRedirectHTML = `<html><body>
Redirecting with session token...
<script>
var serverURL = %q;
var req = new XMLHttpRequest();
req.overrideMimeType("application/json");
req.open("GET", serverURL + "/webman/login.cgi", true);
req.onload = function() {
var jsonResponse = JSON.parse(req.responseText);
var token = jsonResponse["SynoToken"];
document.location.href = serverURL + "/webman/3rdparty/Tailscale/?SynoToken=" + token;
};
req.send(null);
</script>
</body></html>
`
func webHandler(w http.ResponseWriter, r *http.Request) {
if synoTokenRedirect(w, r) {
return
}
user, err := auth()
if err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
if r.Method == "POST" {
type mi map[string]interface{}
w.Header().Set("Content-Type", "application/json")
url, err := tailscaleUp(r.Context())
if err != nil {
json.NewEncoder(w).Encode(mi{"error": err})
return
}
json.NewEncoder(w).Encode(mi{"url": url})
return
}
st, err := tailscale.Status(r.Context())
if err != nil {
http.Error(w, err.Error(), 500)
}
data := tmplData{
SynologyUser: user,
Status: st.BackendState,
DeviceName: st.Self.DNSName,
}
if len(st.TailscaleIPs) != 0 {
data.IP = st.TailscaleIPs[0].String()
}
buf := new(bytes.Buffer)
if err := tmpl.Execute(buf, data); err != nil {
http.Error(w, err.Error(), 500)
return
}
w.Write(buf.Bytes())
}
// TODO(crawshaw): some of this is very similar to the code in 'tailscale up', can we share anything?
func tailscaleUp(ctx context.Context) (authURL string, retErr error) {
prefs := ipn.NewPrefs()
prefs.ControlURL = "https://login.tailscale.com"
prefs.WantRunning = true
prefs.CorpDNS = true
prefs.AllowSingleHosts = true
prefs.ForceDaemon = (runtime.GOOS == "windows")
if distro.Get() == distro.Synology {
prefs.NetfilterMode = preftype.NetfilterOff
}
c, bc, ctx, cancel := connect(ctx)
defer cancel()
bc.SetPrefs(prefs)
opts := ipn.Options{
StateKey: ipn.GlobalDaemonStateKey,
Notify: func(n ipn.Notify) {
if n.ErrMessage != nil {
msg := *n.ErrMessage
if msg == ipn.ErrMsgPermissionDenied {
switch runtime.GOOS {
case "windows":
msg += " (Tailscale service in use by other user?)"
default:
msg += " (try 'sudo tailscale up [...]')"
}
}
retErr = fmt.Errorf("backend error: %v", msg)
cancel()
} else if url := n.BrowseToURL; url != nil {
authURL = *url
cancel()
}
},
}
bc.Start(opts)
bc.StartLoginInteractive()
pump(ctx, bc, c)
if authURL == "" && retErr == nil {
return "", fmt.Errorf("login failed with no backend error message")
}
return authURL, retErr
}

View File

@ -0,0 +1,47 @@
<!doctype html>
<html><title>Tailscale Client</title><body>
<h1>Tailscale</h1>
<div style="float:right;">{{.SynologyUser}}</div>
<table>
<tr><th>Status:</th><td>{{.Status}}</td></tr>
<tr><th>Device Name:</th><td>{{.DeviceName}}</td></tr>
<tr><th>Tailscale IP:</th><td>{{.IP}}</td></tr>
</table>
<p><input id="login" type="button" value="Log in…"></p>
<script>
login.onclick = function() {
const urlParams = new URLSearchParams(window.location.search);
const token = urlParams.get("SynoToken");
var params = new URLSearchParams("up=true");
if (token) {
params.set("SynoToken", token)
}
var req = new XMLHttpRequest();
const url = [location.protocol, '//', location.host, location.pathname, "?", params.toString()].join('');
req.overrideMimeType("application/json");
req.open("POST", url, true);
req.onload = function() {
var jsonResponse = JSON.parse(req.responseText);
const err = jsonResponse["error"];
if (err) {
document.body.innerText = err;
return
}
var url = jsonResponse["url"];
console.log("jsonResponse: ", jsonResponse);
if (url) {
document.location.href = url;
} else {
//location.reload();
}
};
req.send(null);
}
</script>
</body>
</html>

View File

@ -67,7 +67,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
golang.org/x/net/dns/dnsmessage from net
golang.org/x/net/http/httpguts from net/http
golang.org/x/net/http/httpguts from net/http+
golang.org/x/net/http/httpproxy from net/http
golang.org/x/net/http2/hpack from net/http
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
@ -115,6 +115,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
debug/elf from rsc.io/goversion/version
debug/macho from rsc.io/goversion/version
debug/pe from rsc.io/goversion/version
embed from tailscale.com/cmd/tailscale/cli
encoding from encoding/json
encoding/asn1 from crypto/x509+
encoding/base64 from encoding/json+
@ -130,7 +131,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
hash/adler32 from compress/zlib
hash/crc32 from compress/gzip+
hash/maphash from go4.org/mem
html from tailscale.com/ipn/ipnstate
html from tailscale.com/ipn/ipnstate+
html/template from tailscale.com/cmd/tailscale/cli
io from bufio+
io/fs from crypto/rand+
io/ioutil from golang.org/x/sys/cpu+
@ -144,6 +146,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
net/http/cgi from tailscale.com/cmd/tailscale/cli
net/http/httptrace from github.com/tcnksm/go-httpstat+
net/http/internal from net/http
net/textproto from golang.org/x/net/http/httpguts+
@ -154,7 +157,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
path from debug/dwarf+
path/filepath from crypto/x509+
reflect from crypto/x509+
regexp from rsc.io/goversion/version
regexp from rsc.io/goversion/version+
regexp/syntax from regexp
runtime/debug from golang.org/x/sync/singleflight
sort from compress/flate+
@ -164,6 +167,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
sync/atomic from context+
syscall from crypto/rand+
text/tabwriter from github.com/peterbourgon/ff/v2/ffcli+
text/template from html/template
text/template/parse from html/template+
time from compress/gzip+
unicode from bytes+
unicode/utf16 from encoding/asn1+

View File

@ -9,12 +9,18 @@ package main // import "tailscale.com/cmd/tailscale"
import (
"fmt"
"os"
"path/filepath"
"strings"
"tailscale.com/cmd/tailscale/cli"
)
func main() {
if err := cli.Run(os.Args[1:]); err != nil {
args := os.Args[1:]
if name, _ := os.Executable(); strings.HasSuffix(filepath.Base(name), ".cgi") {
args = []string{"web", "-cgi"}
}
if err := cli.Run(args); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}