Authenicating with auth-key does not set node expiry

[dustinblackman]

Bug description

Possibly related to https://github.com/juanfont/headscale/issues/1579

With adding new nodes using authentication keys, the expiry of the node is set to 0 on the authentication request, resulting in headscale nodes list outputting entries like this where expiry is 0001-01-01 00:00:00.

45 | machine-1                  | machine-1-qgg83fyw         | [RiUAc]    | [pDq5E] | machine-1                       | 100.64.0.4, fd7a:115c:a1e0::4   | false     | 2024-02-02 19:49:17 | 0001-01-01 00:00:00 | offline   | no

I'm unsure if there's logic somewhere else that handles this, but it doesn't quite feel right. I would have thought there to be some default expiry, such as when logging in with a GUI client and OIDC where it sets the expiry based on your OIDC config.

My "I have no idea what I'm doing" patch looks like this to resolve it for my preference.

https://github.com/dustinblackman/headscale/commit/ad745bee3f98d4f52590ca8374ffbb7cb450e51a

Should there be a config and functionality to set a default expiry when an authentication request does not have one set?

Environment

• Version of headscale used: v0.23.0-alpha2

• Version of tailscale client: 1.58.2

• OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version: Debian 11

• Kernel version: Not relevant.

• The relevant config parameters you used: Not relevant.

• Log output: headscale nodes list output shown above.

• [ ] Headscale is behind a (reverse) proxy - No

• [ ] Headscale runs in a container - No

To Reproduce

1. On your headscale machine, run the following to create a user, and a preauthkey.

headscale users create machine-1
headscale preauthkeys create -u machine-1 -e 1h --tags tag:myawesomemachine

2. On your machine (dubbed machine-1), login.

sudo tailscale up --login-server https://my-headscale-server.xyz --accept-dns=false --auth-key KEY-FROM-STEP-1

3. Back on your headscale machine, look at the node expiry.

headscale nodes list | grep machine-1

[sword-jin]

Let me answer this question, the authkey's expiration has no relation with node's expiration.

The only way is use tailscale debug set-expire --in=1m to expire a node, just for debugging.

[github-actions[bot]]

This issue is stale because it has been open for 90 days with no activity.