Split code into modules

This is a massive commit that restructures the code into modules:

db/
    All functions related to modifying the Database

types/
    All type definitions and methods that can be exclusivly used on
    these types without dependencies

policy/
    All Policy related code, now without dependencies on the Database.

policy/matcher/
    Dedicated code to match machines in a list of FilterRules

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

hscontrol/types/api_key.go

@@ -0,0 +1,41 @@
+package types
+
+import (
+	"time"
+
+	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// APIKey describes the datamodel for API keys used to remotely authenticate with
+// headscale.
+type APIKey struct {
+	ID     uint64 `gorm:"primary_key"`
+	Prefix string `gorm:"uniqueIndex"`
+	Hash   []byte
+
+	CreatedAt  *time.Time
+	Expiration *time.Time
+	LastSeen   *time.Time
+}
+
+func (key *APIKey) Proto() *v1.ApiKey {
+	protoKey := v1.ApiKey{
+		Id:     key.ID,
+		Prefix: key.Prefix,
+	}
+
+	if key.Expiration != nil {
+		protoKey.Expiration = timestamppb.New(*key.Expiration)
+	}
+
+	if key.CreatedAt != nil {
+		protoKey.CreatedAt = timestamppb.New(*key.CreatedAt)
+	}
+
+	if key.LastSeen != nil {
+		protoKey.LastSeen = timestamppb.New(*key.LastSeen)
+	}
+
+	return &protoKey
+}

hscontrol/types/common.go

@@ -0,0 +1,108 @@
+package types
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/netip"
+
+	"tailscale.com/tailcfg"
+)
+
+var ErrCannotParsePrefix = errors.New("cannot parse prefix")
+
+// This is a "wrapper" type around tailscales
+// Hostinfo to allow us to add database "serialization"
+// methods. This allows us to use a typed values throughout
+// the code and not have to marshal/unmarshal and error
+// check all over the code.
+type HostInfo tailcfg.Hostinfo
+
+func (hi *HostInfo) Scan(destination interface{}) error {
+	switch value := destination.(type) {
+	case []byte:
+		return json.Unmarshal(value, hi)
+
+	case string:
+		return json.Unmarshal([]byte(value), hi)
+
+	default:
+		return fmt.Errorf("%w: unexpected data type %T", ErrMachineAddressesInvalid, destination)
+	}
+}
+
+// Value return json value, implement driver.Valuer interface.
+func (hi HostInfo) Value() (driver.Value, error) {
+	bytes, err := json.Marshal(hi)
+
+	return string(bytes), err
+}
+
+type IPPrefix netip.Prefix
+
+func (i *IPPrefix) Scan(destination interface{}) error {
+	switch value := destination.(type) {
+	case string:
+		prefix, err := netip.ParsePrefix(value)
+		if err != nil {
+			return err
+		}
+		*i = IPPrefix(prefix)
+
+		return nil
+	default:
+		return fmt.Errorf("%w: unexpected data type %T", ErrCannotParsePrefix, destination)
+	}
+}
+
+// Value return json value, implement driver.Valuer interface.
+func (i IPPrefix) Value() (driver.Value, error) {
+	prefixStr := netip.Prefix(i).String()
+
+	return prefixStr, nil
+}
+
+type IPPrefixes []netip.Prefix
+
+func (i *IPPrefixes) Scan(destination interface{}) error {
+	switch value := destination.(type) {
+	case []byte:
+		return json.Unmarshal(value, i)
+
+	case string:
+		return json.Unmarshal([]byte(value), i)
+
+	default:
+		return fmt.Errorf("%w: unexpected data type %T", ErrMachineAddressesInvalid, destination)
+	}
+}
+
+// Value return json value, implement driver.Valuer interface.
+func (i IPPrefixes) Value() (driver.Value, error) {
+	bytes, err := json.Marshal(i)
+
+	return string(bytes), err
+}
+
+type StringList []string
+
+func (i *StringList) Scan(destination interface{}) error {
+	switch value := destination.(type) {
+	case []byte:
+		return json.Unmarshal(value, i)
+
+	case string:
+		return json.Unmarshal([]byte(value), i)
+
+	default:
+		return fmt.Errorf("%w: unexpected data type %T", ErrMachineAddressesInvalid, destination)
+	}
+}
+
+// Value return json value, implement driver.Valuer interface.
+func (i StringList) Value() (driver.Value, error) {
+	bytes, err := json.Marshal(i)
+
+	return string(bytes), err
+}

hscontrol/types/machine.go

@@ -0,0 +1,254 @@
+package types
+
+import (
+	"database/sql/driver"
+	"errors"
+	"fmt"
+	"net/netip"
+	"strings"
+	"time"
+
+	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"github.com/juanfont/headscale/hscontrol/policy/matcher"
+	"go4.org/netipx"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"tailscale.com/tailcfg"
+)
+
+const (
+	// TODO(kradalby): Move out of here when we got circdeps under control.
+	keepAliveInterval = 60 * time.Second
+)
+
+var ErrMachineAddressesInvalid = errors.New("failed to parse machine addresses")
+
+// Machine is a Headscale client.
+type Machine struct {
+	ID          uint64 `gorm:"primary_key"`
+	MachineKey  string `gorm:"type:varchar(64);unique_index"`
+	NodeKey     string
+	DiscoKey    string
+	IPAddresses MachineAddresses
+
+	// Hostname represents the name given by the Tailscale
+	// client during registration
+	Hostname string
+
+	// Givenname represents either:
+	// a DNS normalized version of Hostname
+	// a valid name set by the User
+	//
+	// GivenName is the name used in all DNS related
+	// parts of headscale.
+	GivenName string `gorm:"type:varchar(63);unique_index"`
+	UserID    uint
+	User      User `gorm:"foreignKey:UserID"`
+
+	RegisterMethod string
+
+	ForcedTags StringList
+
+	// TODO(kradalby): This seems like irrelevant information?
+	AuthKeyID uint
+	AuthKey   *PreAuthKey
+
+	LastSeen             *time.Time
+	LastSuccessfulUpdate *time.Time
+	Expiry               *time.Time
+
+	HostInfo  HostInfo
+	Endpoints StringList
+
+	CreatedAt time.Time
+	UpdatedAt time.Time
+	DeletedAt *time.Time
+}
+
+type (
+	Machines  []Machine
+	MachinesP []*Machine
+)
+
+type MachineAddresses []netip.Addr
+
+func (ma MachineAddresses) ToStringSlice() []string {
+	strSlice := make([]string, 0, len(ma))
+	for _, addr := range ma {
+		strSlice = append(strSlice, addr.String())
+	}
+
+	return strSlice
+}
+
+// AppendToIPSet adds the individual ips in MachineAddresses to a
+// given netipx.IPSetBuilder.
+func (ma MachineAddresses) AppendToIPSet(build *netipx.IPSetBuilder) {
+	for _, ip := range ma {
+		build.Add(ip)
+	}
+}
+
+func (ma *MachineAddresses) Scan(destination interface{}) error {
+	switch value := destination.(type) {
+	case string:
+		addresses := strings.Split(value, ",")
+		*ma = (*ma)[:0]
+		for _, addr := range addresses {
+			if len(addr) < 1 {
+				continue
+			}
+			parsed, err := netip.ParseAddr(addr)
+			if err != nil {
+				return err
+			}
+			*ma = append(*ma, parsed)
+		}
+
+		return nil
+
+	default:
+		return fmt.Errorf("%w: unexpected data type %T", ErrMachineAddressesInvalid, destination)
+	}
+}
+
+// Value return json value, implement driver.Valuer interface.
+func (ma MachineAddresses) Value() (driver.Value, error) {
+	addresses := strings.Join(ma.ToStringSlice(), ",")
+
+	return addresses, nil
+}
+
+// IsExpired returns whether the machine registration has expired.
+func (machine Machine) IsExpired() bool {
+	// If Expiry is not set, the client has not indicated that
+	// it wants an expiry time, it is therefor considered
+	// to mean "not expired"
+	if machine.Expiry == nil || machine.Expiry.IsZero() {
+		return false
+	}
+
+	return time.Now().UTC().After(*machine.Expiry)
+}
+
+// IsOnline returns if the machine is connected to Headscale.
+// This is really a naive implementation, as we don't really see
+// if there is a working connection between the client and the server.
+func (machine *Machine) IsOnline() bool {
+	if machine.LastSeen == nil {
+		return false
+	}
+
+	if machine.IsExpired() {
+		return false
+	}
+
+	return machine.LastSeen.After(time.Now().Add(-keepAliveInterval))
+}
+
+// IsEphemeral returns if the machine is registered as an Ephemeral node.
+// https://tailscale.com/kb/1111/ephemeral-nodes/
+func (machine *Machine) IsEphemeral() bool {
+	return machine.AuthKey != nil && machine.AuthKey.Ephemeral
+}
+
+func (machine *Machine) CanAccess(filter []tailcfg.FilterRule, machine2 *Machine) bool {
+	for _, rule := range filter {
+		// TODO(kradalby): Cache or pregen this
+		matcher := matcher.MatchFromFilterRule(rule)
+
+		if !matcher.SrcsContainsIPs([]netip.Addr(machine.IPAddresses)) {
+			continue
+		}
+
+		if matcher.DestsContainsIP([]netip.Addr(machine2.IPAddresses)) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (machines Machines) FilterByIP(ip netip.Addr) Machines {
+	found := make(Machines, 0)
+
+	for _, machine := range machines {
+		for _, mIP := range machine.IPAddresses {
+			if ip == mIP {
+				found = append(found, machine)
+			}
+		}
+	}
+
+	return found
+}
+
+func (machine *Machine) Proto() *v1.Machine {
+	machineProto := &v1.Machine{
+		Id:         machine.ID,
+		MachineKey: machine.MachineKey,
+
+		NodeKey:     machine.NodeKey,
+		DiscoKey:    machine.DiscoKey,
+		IpAddresses: machine.IPAddresses.ToStringSlice(),
+		Name:        machine.Hostname,
+		GivenName:   machine.GivenName,
+		User:        machine.User.Proto(),
+		ForcedTags:  machine.ForcedTags,
+		Online:      machine.IsOnline(),
+
+		// TODO(kradalby): Implement register method enum converter
+		// RegisterMethod: ,
+
+		CreatedAt: timestamppb.New(machine.CreatedAt),
+	}
+
+	if machine.AuthKey != nil {
+		machineProto.PreAuthKey = machine.AuthKey.Proto()
+	}
+
+	if machine.LastSeen != nil {
+		machineProto.LastSeen = timestamppb.New(*machine.LastSeen)
+	}
+
+	if machine.LastSuccessfulUpdate != nil {
+		machineProto.LastSuccessfulUpdate = timestamppb.New(
+			*machine.LastSuccessfulUpdate,
+		)
+	}
+
+	if machine.Expiry != nil {
+		machineProto.Expiry = timestamppb.New(*machine.Expiry)
+	}
+
+	return machineProto
+}
+
+// GetHostInfo returns a Hostinfo struct for the machine.
+func (machine *Machine) GetHostInfo() tailcfg.Hostinfo {
+	return tailcfg.Hostinfo(machine.HostInfo)
+}
+
+func (machine Machine) String() string {
+	return machine.Hostname
+}
+
+func (machines Machines) String() string {
+	temp := make([]string, len(machines))
+
+	for index, machine := range machines {
+		temp[index] = machine.Hostname
+	}
+
+	return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
+}
+
+// TODO(kradalby): Remove when we have generics...
+func (machines MachinesP) String() string {
+	temp := make([]string, len(machines))
+
+	for index, machine := range machines {
+		temp[index] = machine.Hostname
+	}
+
+	return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
+}

hscontrol/types/machine_test.go

@@ -0,0 +1 @@
+package types

hscontrol/types/preauth_key.go

@@ -0,0 +1,58 @@
+package types
+
+import (
+	"strconv"
+	"time"
+
+	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"github.com/juanfont/headscale/hscontrol/util"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// PreAuthKey describes a pre-authorization key usable in a particular user.
+type PreAuthKey struct {
+	ID        uint64 `gorm:"primary_key"`
+	Key       string
+	UserID    uint
+	User      User
+	Reusable  bool
+	Ephemeral bool `gorm:"default:false"`
+	Used      bool `gorm:"default:false"`
+	ACLTags   []PreAuthKeyACLTag
+
+	CreatedAt  *time.Time
+	Expiration *time.Time
+}
+
+// PreAuthKeyACLTag describes an autmatic tag applied to a node when registered with the associated PreAuthKey.
+type PreAuthKeyACLTag struct {
+	ID           uint64 `gorm:"primary_key"`
+	PreAuthKeyID uint64
+	Tag          string
+}
+
+func (key *PreAuthKey) Proto() *v1.PreAuthKey {
+	protoKey := v1.PreAuthKey{
+		User:      key.User.Name,
+		Id:        strconv.FormatUint(key.ID, util.Base10),
+		Key:       key.Key,
+		Ephemeral: key.Ephemeral,
+		Reusable:  key.Reusable,
+		Used:      key.Used,
+		AclTags:   make([]string, len(key.ACLTags)),
+	}
+
+	if key.Expiration != nil {
+		protoKey.Expiration = timestamppb.New(*key.Expiration)
+	}
+
+	if key.CreatedAt != nil {
+		protoKey.CreatedAt = timestamppb.New(*key.CreatedAt)
+	}
+
+	for idx := range key.ACLTags {
+		protoKey.AclTags[idx] = key.ACLTags[idx].Tag
+	}
+
+	return &protoKey
+}

hscontrol/types/routes.go

@@ -0,0 +1,71 @@
+package types
+
+import (
+	"fmt"
+	"net/netip"
+
+	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"gorm.io/gorm"
+)
+
+var (
+	ExitRouteV4 = netip.MustParsePrefix("0.0.0.0/0")
+	ExitRouteV6 = netip.MustParsePrefix("::/0")
+)
+
+type Route struct {
+	gorm.Model
+
+	MachineID uint64
+	Machine   Machine
+	Prefix    IPPrefix
+
+	Advertised bool
+	Enabled    bool
+	IsPrimary  bool
+}
+
+type Routes []Route
+
+func (r *Route) String() string {
+	return fmt.Sprintf("%s:%s", r.Machine, netip.Prefix(r.Prefix).String())
+}
+
+func (r *Route) IsExitRoute() bool {
+	return netip.Prefix(r.Prefix) == ExitRouteV4 || netip.Prefix(r.Prefix) == ExitRouteV6
+}
+
+func (rs Routes) Prefixes() []netip.Prefix {
+	prefixes := make([]netip.Prefix, len(rs))
+	for i, r := range rs {
+		prefixes[i] = netip.Prefix(r.Prefix)
+	}
+
+	return prefixes
+}
+
+func (rs Routes) Proto() []*v1.Route {
+	protoRoutes := []*v1.Route{}
+
+	for _, route := range rs {
+		protoRoute := v1.Route{
+			Id:         uint64(route.ID),
+			Machine:    route.Machine.Proto(),
+			Prefix:     netip.Prefix(route.Prefix).String(),
+			Advertised: route.Advertised,
+			Enabled:    route.Enabled,
+			IsPrimary:  route.IsPrimary,
+			CreatedAt:  timestamppb.New(route.CreatedAt),
+			UpdatedAt:  timestamppb.New(route.UpdatedAt),
+		}
+
+		if route.DeletedAt.Valid {
+			protoRoute.DeletedAt = timestamppb.New(route.DeletedAt.Time)
+		}
+
+		protoRoutes = append(protoRoutes, &protoRoute)
+	}
+
+	return protoRoutes
+}

hscontrol/types/users.go

@@ -0,0 +1,55 @@
+package types
+
+import (
+	"strconv"
+	"time"
+
+	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"github.com/juanfont/headscale/hscontrol/util"
+	"google.golang.org/protobuf/types/known/timestamppb"
+	"gorm.io/gorm"
+	"tailscale.com/tailcfg"
+)
+
+// User is the way Headscale implements the concept of users in Tailscale
+//
+// At the end of the day, users in Tailscale are some kind of 'bubbles' or users
+// that contain our machines.
+type User struct {
+	gorm.Model
+	Name string `gorm:"unique"`
+}
+
+func (n *User) TailscaleUser() *tailcfg.User {
+	user := tailcfg.User{
+		ID:            tailcfg.UserID(n.ID),
+		LoginName:     n.Name,
+		DisplayName:   n.Name,
+		ProfilePicURL: "",
+		Domain:        "headscale.net",
+		Logins:        []tailcfg.LoginID{},
+		Created:       time.Time{},
+	}
+
+	return &user
+}
+
+func (n *User) TailscaleLogin() *tailcfg.Login {
+	login := tailcfg.Login{
+		ID:            tailcfg.LoginID(n.ID),
+		LoginName:     n.Name,
+		DisplayName:   n.Name,
+		ProfilePicURL: "",
+		Domain:        "headscale.net",
+	}
+
+	return &login
+}
+
+func (n *User) Proto() *v1.User {
+	return &v1.User{
+		Id:        strconv.FormatUint(uint64(n.ID), util.Base10),
+		Name:      n.Name,
+		CreatedAt: timestamppb.New(n.CreatedAt),
+	}
+}