headscale icon indicating copy to clipboard operation
headscale copied to clipboard
verified publisher icon juanfont

API interface for start preauthkeys not set expiration properly

Open proitlab opened this issue 2 years ago • 7 comments

I am trying to integrate Headscale API v1 into our internal application. In creation new preauth keys, I noticed something in preauth expiration field.

Bug description

I created preauthkeys via HTTPS with POST method to https://apiurl/api/preauthkeys with json body

body = { 'user': 'admin', 'reusable': false, 'ephemeral': false }

The respond:

{'preAuthKey': {'user': 'admins', 'id': '3', 'key': '0a7e0ebbf68709168fb4f53fa61f82c10e70437ee4e21a6c', 'reusable': False, 'ephemeral': False, 'used': False, 'expiration': '0001-01-01T00:00:00Z', 'createdAt': '2023-10-18T07:58:12.643916467Z', 'aclTags': []}}

I noticed: 'expiration': '0001-01-01T00:00:00Z'

When I created preauthkeys using headscale command in container, the expiration field is properly populated, which is 60 minutes later, even without specifying expiration paramater in command line:

headscale preauthkeys create -u admins

These are all my preauthkeys: {'preAuthKeys': [{'user': 'admins', 'id': '1', 'key': '44f5dce35262edd4780f05b40968205c83b9a5a3743f3c82', 'reusable': False, 'ephemeral': False, 'used': True, 'expiration': '2023-10-17T10:47:13.729136Z', 'createdAt': '2023-10-17T09:47:13.731139Z', 'aclTags': []}, {'user': 'admins', 'id': '2', 'key': '38dea3a1f04b83db9dfc22ec6d19f9d9d3ff7dcfc488723c', 'reusable': True, 'ephemeral': False, 'used': True, 'expiration': '2023-10-17T10:54:53.951718Z', 'createdAt': '2023-10-17T09:54:53.954325Z', 'aclTags': []}, {'user': 'admins', 'id': '3', 'key': '0a7e0ebbf68709168fb4f53fa61f82c10e70437ee4e21a6c', 'reusable': False, 'ephemeral': False, 'used': False, 'expiration': '0001-01-01T00:00:00Z', 'createdAt': '2023-10-18T07:58:12.643916Z', 'aclTags': []}]}

Environment

  • postgresdb

  • docker

  • OS: Ubuntu 22.04

  • Headscale version: 0.23.0-alpha

To Reproduce

  • Create preauthkeys via API with body not including expiration field.

proitlab avatar Oct 18 '23 08:10 proitlab

Can confirm.

An updated version of Headscale has been found (0.23.0-alpha2 vs. your current v0.22.3). Check it out https://github.com/juanfont/headscale/releases
ID | Hostname           | Name                        | MachineKey | NodeKey | User    | IP addresses                  | Ephemeral | Last seen           | Expiration          | Online  | Expired
1  | adguard.domain.net | adguard.domain.net          | [Q1UzQ]    | [YUdWe] | adguard | 100.64.0.1, fd7a:115c:a1e0::1 | false     | 2024-01-02 01:08:36 | 2024-01-02 01:08:37 | offline | yes
2  | adguard.domain.net | adguard.domain.net-smqnci6a | [rDYHo]    | [CCf4Y] | adguard | 100.64.0.2, fd7a:115c:a1e0::2 | false     | 2024-01-02 01:38:04 | 0001-01-01 00:00:00 | online  | no

Key was created with: headscale preauthkeys create --user adguard --expiration 2d --reusable

Command that was run (both times):

> tailscale up \
  --advertise-routes=${private_cidr} \
  --authkey="$${auth_key}" \
  --hostname="adguard.domain.net" \
  --login-server="https://headscale.domain.net"

I would've expected the node to be replaced, and not added.

Happy to share more information upon request.

BeyondEvil avatar Jan 02 '24 01:01 BeyondEvil

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Apr 02 '24 01:04 github-actions[bot]

I believe this is still relevant.

BeyondEvil avatar Apr 07 '24 21:04 BeyondEvil

Seems relevant to me

fluential avatar Apr 12 '24 01:04 fluential

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Jul 11 '24 01:07 github-actions[bot]

Still relevant afaict.

BeyondEvil avatar Jul 12 '24 11:07 BeyondEvil