lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 932d1d28e8 into 075abd8ec1

pull/5507/merge
Jamie Greeff 2023-06-28 16:51:56 -05:00 committed by GitHub
parent 075abd8ec1 932d1d28e8
commit 9e2bfc00de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/nginx-auth/nginx-auth.go
View File

@ -20,6 +20,7 @@ import (
"os"
"strings"
"golang.org/x/exp/slices"
"github.com/coreos/go-systemd/activation"
"tailscale.com/client/tailscale"
)
@ -83,6 +84,20 @@ func main() {
return
}
if expectedCap := r.Header.Get("Expected-Cap"); expectedCap != "" {
if info.Caps == nil {
w.WriteHeader(http.StatusForbidden)
log.Printf("user does not have any caps, wanted: %s", url.QueryEscape(expectedCap))
return
}
if !slices.Contains(info.Caps, expectedCap) {
w.WriteHeader(http.StatusForbidden)
log.Printf("user is missing expected cap, has: %s, wanted: %s", strings.Join(info.Caps[:], ","), url.QueryEscape(expectedCap))
return
}
}
h := w.Header()
h.Set("Tailscale-Login", strings.Split(info.UserProfile.LoginName, "@")[0])
h.Set("Tailscale-User", info.UserProfile.LoginName)