feat: add optional authkey for each service

almeidapaulopt · Nov 8, 2024 · 9f5fbde · 9f5fbde
1 parent 1ad9d04
commit 9f5fbde
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 4 deletions.
diff --git a/dev/docker-compose-local.yaml b/dev/docker-compose-local.yaml
@@ -8,6 +8,7 @@ services:
       - tsdproxy.name=testeff
       - tsdproxy.ephemeral=true
       - tsdproxy.funnel=true
+      - tsdproxy.authkeyfile=./dev/KEY_FILE
     networks:
       - c1
 

diff --git a/internal/containers/containers.go b/internal/containers/containers.go
@@ -24,6 +24,8 @@ const (
 	LabelWebClient     = LabelPrefix + "webclient"
 	LabelTsnetVerbose  = LabelPrefix + "tsnet_verbose"
 	LabelFunnel        = LabelPrefix + "funnel"
+	LabelAuthKey       = LabelPrefix + "authkey"
+	LabelAuthKeyFile   = LabelPrefix + "authkeyfile"
 )
 
 type Container struct {
@@ -34,13 +36,14 @@ type Container struct {
 }
 
 type labels struct {
+	Authkey      string
 	Ephemeral    bool
 	WebClient    bool
 	TsnetVerbose bool
 	Funnel       bool
 }
 
-func NewContainer(ctx context.Context, containerID string, docker *client.Client, hostname string) (*Container, error) {
+func NewContainer(ctx context.Context, containerID string, docker *client.Client, hostname string, defaultAuthkey string) (*Container, error) {
 	// Get the container info
 	containerInfo, err := docker.ContainerInspect(ctx, containerID)
 	if err != nil {
@@ -58,7 +61,10 @@ func NewContainer(ctx context.Context, containerID string, docker *client.Client
 	container.Labels.WebClient = container.getLabelBool(LabelWebClient, false)
 	container.Labels.TsnetVerbose = container.getLabelBool(LabelTsnetVerbose, false)
 	container.Labels.Funnel = container.getLabelBool(LabelFunnel, false)
-
+	container.Labels.Authkey = container.getLabelString(LabelAuthKey, defaultAuthkey)
+	if err := container.setAuthKeyFromAuthFile(); err != nil {
+		return nil, fmt.Errorf("error setting auth key from file : %w", err)
+	}
 	return container, nil
 }
 
@@ -141,3 +147,26 @@ func (c *Container) getLabelBool(label string, defaultValue bool) bool {
 	}
 	return value
 }
+
+func (c *Container) getLabelString(label string, defaultValue string) string {
+	// Set default value
+	value := defaultValue
+	if valueString, ok := c.Info.Config.Labels[label]; ok {
+		value = valueString
+	}
+	return value
+}
+
+func (c *Container) setAuthKeyFromAuthFile() error {
+	authKeyFile, ok := c.Info.Config.Labels[LabelAuthKeyFile]
+	if !ok || authKeyFile == "" {
+		// authkeyfile label not defined
+		return nil
+	}
+	authKey, err := os.ReadFile(authKeyFile)
+	if err != nil {
+		return fmt.Errorf("read auth key from file: %w", err)
+	}
+	c.Labels.Authkey = strings.TrimSpace(string(authKey))
+	return nil
+}
diff --git a/internal/proxymanager/proxymanager.go b/internal/proxymanager/proxymanager.go
@@ -113,7 +113,7 @@ func (pm *ProxyManager) SetupProxy(ctx context.Context, containerID string) {
 
 	// Create a new container
 	//
-	container, err := containers.NewContainer(ctx, containerID, pm.docker, pm.config.Hostname)
+	container, err := containers.NewContainer(ctx, containerID, pm.docker, pm.config.Hostname, pm.config.AuthKey)
 	if err != nil {
 		pm.Log.Error().Err(err).Str("containerID", containerID).Msg("Error creating container")
 		return

diff --git a/internal/tailscale/tailscale.go b/internal/tailscale/tailscale.go
@@ -28,7 +28,7 @@ func NewTsNetServer(hostname string, config *core.Config, logger *core.Logger, c
 
 	tserver := &tsnet.Server{
 		Hostname:     hostname,
-		AuthKey:      config.AuthKey,
+		AuthKey:      ct.Labels.Authkey,
 		Dir:          filepath.Join(config.DataDir, hostname),
 		Ephemeral:    ct.Labels.Ephemeral,
 		RunWebClient: ct.Labels.WebClient,