refactoring

cmd/headscale/cli/utils.go

@@ -30,6 +30,7 @@ const (
 )
 
 func LoadConfig(path string) error {
+
 	viper.SetConfigName("config")
 	if path == "" {
 		viper.AddConfigPath("/etc/headscale/")
@@ -87,9 +88,15 @@ func LoadConfig(path string) error {
 		errorText += "Fatal config error: server_url must start with https:// or http://\n"
 	}
 
-	clientAuthMode := viper.GetString("tls_client_auth_mode")
-	if clientAuthMode != "disabled" && clientAuthMode != "relaxed" && clientAuthMode != "enforced" {
-		errorText += "Invalid tls_client_auth_mode supplied. Accepted values: disabled, relaxed, enforced."
+	_, authModeValid := headscale.LookupTLSClientAuthMode(viper.GetString("tls_client_auth_mode"))
+
+	if !authModeValid {
+        errorText += fmt.Sprintf(
+            "Invalid tls_client_auth_mode supplied: %s. Accepted values: %s, %s, %s.",
+            viper.GetString("tls_client_auth_mode"),
+            headscale.DisabledClientAuth,
+            headscale.RelaxedClientAuth,
+            headscale.EnforcedClientAuth)
 	}
 
 	if errorText != "" {
@@ -280,6 +287,8 @@ func getHeadscaleConfig() headscale.Config {
 		log.Warn().Msgf("'ip_prefixes' not configured, falling back to default: %v", prefixes)
 	}
 
+    tlsClientAuthMode, _ := headscale.LookupTLSClientAuthMode(viper.GetString("tls_client_auth_mode"))
+
 	return headscale.Config{
 		ServerURL:      viper.GetString("server_url"),
 		Addr:           viper.GetString("listen_addr"),
@@ -310,7 +319,7 @@ func getHeadscaleConfig() headscale.Config {
 
 		TLSCertPath:       absPath(viper.GetString("tls_cert_path")),
 		TLSKeyPath:        absPath(viper.GetString("tls_key_path")),
-		TLSClientAuthMode: viper.GetString("tls_client_auth_mode"),
+		TLSClientAuthMode: tlsClientAuthMode,
 
 		DNSConfig: dnsConfig,