search

csmith / centauri

TLS-terminating reverse proxy in Go
MIT License
1 stars 1 forks source link

Tailscale identity headers #79

Closed ShaneMcC closed 7 months ago

ShaneMcC commented 7 months ago

Centauri should add tailscale identity headers similar to tailscale serve

https://tailscale.com/kb/1312/serve describes 3 headers:

When using Serve to proxy traffic to a local service running on your machine, a few Tailscale identity headers are added to the request sent to your backend. These can be used by your destination service to identify the Tailscale user associated with the request.

Tailscale-User-Login: Filled with the requester’s login name (for example, alice@example.com) Tailscale-User-Name: Filled with the requester’s display name (for example, Alice Architect) Tailscale-User-Profile-Pic: Filled with the requester’s profile picture URL, if their identity provider provides one (for example, https://example.com/photo.jpg)

It would be nice if centauri did the same.

Looking at https://github.com/tailscale/tailscale/blob/main/cmd/hello/hello.go#175 these can be obtained with something like:

var localClient tailscale.LocalClient
who, err := localClient.WhoIs(r.Context(), r.RemoteAddr)

// Tailscale-User-Login:   who.UserProfile.DisplayName,
// Tailscale-User-Name:     who.UserProfile.LoginName,
// Tailscale-User-Profile-Pic: who.UserProfile.ProfilePicURL,

/cc @Greboid

csmith commented 7 months ago

Added in 8f4ec79d5f4ef89b3f2f43e48cbe3bccfc98126d (will be in v0.5.0). Thanks for the detailed issue!