allow links to be saved without known owner

If the current user can't be determined (either because of a legitimate
error within the localapi client, or the user is coming through a subnet
router and doesn't have a Tailscale IP address), and the
-allow-unknown-users flag is set, then go ahead and save new links
without an owner.

By saving links without an owner, these unknown users can continue to
modify the link, and actual Tailscale users can take ownership. Once the
link is owned, it can no longer be modified by anyone other than the
owner.

Links that use the current user by having `{{ .User }}` in their long
URL cannot be resolved by unknown users and will return an error.

Fixes #60

Signed-off-by: Will Norris <[email protected]>

Author: willnorris

golink.go

@@ -48,6 +48,7 @@ var (
 	snapshot          = flag.String("snapshot", "", "file path of snapshot file")
 	hostname          = flag.String("hostname", defaultHostname, "service name")
 	resolveFromBackup = flag.String("resolve-from-backup", "", "resolve a link from snapshot file and exit")
+	allowUnknownUsers = flag.Bool("allow-unknown-users", false, "allow unknown users to save links")
 )
 
 var stats struct {
@@ -391,11 +392,14 @@ func serveGo(w http.ResponseWriter, r *http.Request) {
 	stats.dirty[link.Short]++
 	stats.mu.Unlock()
 
-	currentUser, _ := currentUser(r)
-
-	target, err := expandLink(link.Long, expandEnv{Now: time.Now().UTC(), Path: remainder, User: currentUser})
+	login, _ := currentUser(r)
+	target, err := expandLink(link.Long, expandEnv{Now: time.Now().UTC(), Path: remainder, user: login})
 	if err != nil {
 		log.Printf("expanding %q: %v", link.Long, err)
+		if errors.Is(err, errNoUser) {
+			http.Error(w, "link requires a valid user", http.StatusUnauthorized)
+			return
+		}
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@@ -464,9 +468,19 @@ type expandEnv struct {
 	// "http://go/who/amelie", Path is "amelie".
 	Path string
 
-	// User is the current user, if any.
+	// user is the current user, if any.
 	// For example, "[email protected]" or "foo@github".
-	User string
+	user string
+}
+
+var errNoUser = errors.New("no user")
+
+// User returns the current user, or errNoUser if there is no user.
+func (e expandEnv) User() (string, error) {
+	if e.user == "" {
+		return "", errNoUser
+	}
+	return e.user, nil
 }
 
 var expandFuncMap = texttemplate.FuncMap{
@@ -511,12 +525,18 @@ func devMode() bool { return *dev != "" }
 // currentUser returns the Tailscale user associated with the request.
 // In most cases, this will be the user that owns the device that made the request.
 // For tagged devices, the value "tagged-devices" is returned.
+// If the user can't be determined (such as requests coming through a subnet router),
+// an error is returned unless the -allow-unknown-users flag is set.
 var currentUser = func(r *http.Request) (string, error) {
 	if devMode() {
 		return "[email protected]", nil
 	}
 	whois, err := localClient.WhoIs(r.Context(), r.RemoteAddr)
 	if err != nil {
+		if *allowUnknownUsers {
+			// Don't report the error if we are allowing unknown users.
+			return "", nil
+		}
 		return "", err
 	}
 	return whois.UserProfile.LoginName, nil

golink_test.go

@@ -66,6 +66,12 @@ func TestServeGo(t *testing.T) {
 			link:       "/invalid-var",
 			wantStatus: http.StatusInternalServerError,
 		},
+		{
+			name:        "user link, anonymous request",
+			link:        "/me",
+			currentUser: func(*http.Request) (string, error) { return "", nil },
+			wantStatus:  http.StatusUnauthorized,
+		},
 	}
 
 	for _, tt := range tests {
@@ -100,11 +106,12 @@ func TestServeSave(t *testing.T) {
 	}
 
 	tests := []struct {
-		name        string
-		short       string
-		long        string
-		currentUser func(*http.Request) (string, error)
-		wantStatus  int
+		name              string
+		short             string
+		long              string
+		allowUnknownUsers bool
+		currentUser       func(*http.Request) (string, error)
+		wantStatus        int
 	}{
 		{
 			name:       "missing short",
@@ -138,6 +145,14 @@ func TestServeSave(t *testing.T) {
 			currentUser: func(*http.Request) (string, error) { return "", errors.New("") },
 			wantStatus:  http.StatusInternalServerError,
 		},
+		{
+			name:              "allow unknown users",
+			short:             "who2",
+			long:              "http://who/",
+			allowUnknownUsers: true,
+			currentUser:       func(*http.Request) (string, error) { return "", nil },
+			wantStatus:        http.StatusOK,
+		},
 	}
 
 	for _, tt := range tests {
@@ -150,6 +165,10 @@ func TestServeSave(t *testing.T) {
 				})
 			}
 
+			oldAllowUnknownUsers := *allowUnknownUsers
+			*allowUnknownUsers = tt.allowUnknownUsers
+			t.Cleanup(func() { *allowUnknownUsers = oldAllowUnknownUsers })
+
 			r := httptest.NewRequest("POST", "/", strings.NewReader(url.Values{
 				"short": {tt.short},
 				"long":  {tt.long},
@@ -283,6 +302,11 @@ func TestExpandLink(t *testing.T) {
 			user: "[email protected]",
 			want: "http://host.com/[email protected]",
 		},
+		{
+			name:    "var-expansions-no-user",
+			long:    `http://host.com/{{.User}}`,
+			wantErr: true,
+		},
 		{
 			name:    "unknown-field",
 			long:    `http://host.com/{{.Foo}}`,
@@ -320,7 +344,7 @@ func TestExpandLink(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := expandLink(tt.long, expandEnv{Now: tt.now, Path: tt.remainder, User: tt.user})
+			got, err := expandLink(tt.long, expandEnv{Now: tt.now, Path: tt.remainder, user: tt.user})
 			if (err != nil) != tt.wantErr {
 				t.Fatalf("expandLink(%q) returned error %v; want %v", tt.long, err, tt.wantErr)
 			}