cmd/hello: split server into helloserver package

Move the template, request handler, and HTTP/HTTPS server wiring out of package main and into a new cmd/hello/helloserver package so the server can be embedded in other binaries. The main package now only constructs a helloserver.Server with the production addresses and calls Run. While here, drop the -http, -https, and -test-ip flags along with the dev-mode template and fake-data fallbacks they enabled; the binary is only run in production. Updates tailscale/corp#32398 Change-Id: Id1d38b981733334cafc596021130f36e1c1eed67 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2026-04-29 23:58:48 +00:00
parent 644c3224e9
commit 92179b1fc7
3 changed files with 151 additions and 180 deletions
@@ -0,0 +1,146 @@
+// Copyright (c) Tailscale Inc & contributors
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package helloserver implements the HTTP server behind hello.ts.net.
+package helloserver
+
+import (
+	"crypto/tls"
+	_ "embed"
+	"html/template"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"tailscale.com/client/local"
+	"tailscale.com/client/tailscale/apitype"
+	"tailscale.com/tailcfg"
+)
+
+//go:embed hello.tmpl.html
+var embeddedTemplate string
+
+var tmpl = template.Must(template.New("home").Parse(embeddedTemplate))
+
+// Server is an HTTP server for hello.ts.net.
+//
+// The zero value is not valid; populate at least one of HTTPAddr or HTTPSAddr
+// before calling Run.
+type Server struct {
+	// HTTPAddr is the address to run an HTTP server on, or empty for none.
+	HTTPAddr string
+
+	// HTTPSAddr is the address to run an HTTPS server on, or empty for none.
+	HTTPSAddr string
+
+	// LocalClient is used to look up the identity of incoming requests and
+	// to obtain TLS certificates. If nil, the zero value of local.Client is
+	// used.
+	LocalClient *local.Client
+}
+
+func (s *Server) localClient() *local.Client {
+	if s.LocalClient != nil {
+		return s.LocalClient
+	}
+	return &local.Client{}
+}
+
+// Run starts the configured HTTP and HTTPS servers and blocks until one of
+// them returns an error.
+func (s *Server) Run() error {
+	errc := make(chan error, 1)
+	if s.HTTPAddr != "" {
+		log.Printf("running HTTP server on %s", s.HTTPAddr)
+		go func() {
+			errc <- http.ListenAndServe(s.HTTPAddr, s)
+		}()
+	}
+	if s.HTTPSAddr != "" {
+		log.Printf("running HTTPS server on %s", s.HTTPSAddr)
+		go func() {
+			hs := &http.Server{
+				Addr:    s.HTTPSAddr,
+				Handler: s,
+				TLSConfig: &tls.Config{
+					GetCertificate: s.localClient().GetCertificate,
+				},
+				IdleTimeout:       30 * time.Second,
+				ReadHeaderTimeout: 20 * time.Second,
+				MaxHeaderBytes:    10 << 10,
+			}
+			errc <- hs.ListenAndServeTLS("", "")
+		}()
+	}
+	return <-errc
+}
+
+type tmplData struct {
+	DisplayName   string // "Foo Barberson"
+	LoginName     string // "foo@bar.com"
+	ProfilePicURL string // "https://..."
+	MachineName   string // "imac5k"
+	MachineOS     string // "Linux"
+	IP            string // "100.2.3.4"
+}
+
+func tailscaleIP(who *apitype.WhoIsResponse) string {
+	if who == nil {
+		return ""
+	}
+	vals, err := tailcfg.UnmarshalNodeCapJSON[string](who.Node.CapMap, tailcfg.NodeAttrNativeIPV4)
+	if err == nil && len(vals) > 0 {
+		return vals[0]
+	}
+	for _, nodeIP := range who.Node.Addresses {
+		if nodeIP.Addr().Is4() && nodeIP.IsSingleIP() {
+			return nodeIP.Addr().String()
+		}
+	}
+	for _, nodeIP := range who.Node.Addresses {
+		if nodeIP.IsSingleIP() {
+			return nodeIP.Addr().String()
+		}
+	}
+	return ""
+}
+
+// ServeHTTP implements http.Handler.
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.TLS == nil && s.HTTPSAddr != "" {
+		host := r.Host
+		if strings.Contains(r.Host, "100.101.102.103") {
+			host = "hello.ts.net"
+		}
+		http.Redirect(w, r, "https://"+host, http.StatusFound)
+		return
+	}
+	if r.RequestURI != "/" {
+		http.Redirect(w, r, "/", http.StatusFound)
+		return
+	}
+
+	who, err := s.localClient().WhoIs(r.Context(), r.RemoteAddr)
+	if err != nil {
+		log.Printf("whois(%q) error: %v", r.RemoteAddr, err)
+		http.Error(w, "Your Tailscale works, but we failed to look you up.", 500)
+		return
+	}
+	data := tmplData{
+		DisplayName:   who.UserProfile.DisplayName,
+		LoginName:     who.UserProfile.LoginName,
+		ProfilePicURL: who.UserProfile.ProfilePicURL,
+		MachineName:   firstLabel(who.Node.ComputedName),
+		MachineOS:     who.Node.Hostinfo.OS(),
+		IP:            tailscaleIP(who),
+	}
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	tmpl.Execute(w, data)
+}
+
+// firstLabel returns s up until the first period, if any.
+func firstLabel(s string) string {
+	s, _, _ = strings.Cut(s, ".")
+	return s
+}