lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tsweb: add /debug/ access via &debugkey + TS_DEBUG_KEY_PATH

crawshaw/magicsock
Brad Fitzpatrick 2020-03-04 13:49:18 -08:00
parent d580157921
commit 57de94c7aa
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tsweb/tsweb.go
View File

@ -6,9 +6,11 @@
package tsweb package tsweb
import ( import (
"bytes"
"expvar" "expvar"
_ "expvar" _ "expvar"
"fmt" "fmt"
"io/ioutil"
"net" "net"
"net/http" "net/http"
_ "net/http/pprof" _ "net/http/pprof"
@ -65,7 +67,20 @@ func AllowDebugAccess(r *http.Request) bool {
return false return false
} }
ip := net.ParseIP(ipStr) ip := net.ParseIP(ipStr)
return interfaces.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("ALLOW_DEBUG_IP") if interfaces.IsTailscaleIP(ip) || ip.IsLoopback() || ipStr == os.Getenv("TS_ALLOW_DEBUG_IP") {
return true
}
if r.Method == "GET" {
urlKey := r.FormValue("debugkey")
keyPath := os.Getenv("TS_DEBUG_KEY_PATH")
if urlKey != "" && keyPath != "" {
slurp, err := ioutil.ReadFile(keyPath)
if err == nil && string(bytes.TrimSpace(slurp)) == urlKey {
return true
}
}
}
return false
} }
// Protected wraps a provided debug handler, h, returning a Handler // Protected wraps a provided debug handler, h, returning a Handler
@ -77,7 +92,7 @@ func Protected(h http.Handler) http.Handler {
msg := "debug access denied" msg := "debug access denied"
if DevMode { if DevMode {
ipStr, _, _ := net.SplitHostPort(r.RemoteAddr) ipStr, _, _ := net.SplitHostPort(r.RemoteAddr)
msg += fmt.Sprintf("; to permit access, set ALLOW_DEBUG_IP=%v", ipStr) msg += fmt.Sprintf("; to permit access, set TS_ALLOW_DEBUG_IP=%v", ipStr)
} }
http.Error(w, msg, http.StatusForbidden) http.Error(w, msg, http.StatusForbidden)
return return