UNPKG

express-tailscale-auth

Version:

Express middleware for Tailscale authentication

71 lines (68 loc) 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { Request, Response, NextFunction } from 'express'; import { WhoIsResponse } from 'tailscale-local-api'; import { TailscaleCapabilitySchema } from './tailscale/schema.js'; import 'zod'; declare module "express-serve-static-core" { interface Request { tailscaleUser?: WhoIsResponse["userProfile"] & { capabilities: TailscaleCapabilitySchema; }; } } type RequestWithTailscaleUser = Request & { tailscaleUser?: WhoIsResponse["userProfile"] & { capabilities: TailscaleCapabilitySchema; }; }; interface TailscaleAuthMiddlewareOptions { /** * The path to the tailscaled unix socket. * By default will look for common location on specific platforms. * * Unless you're running tailscale in a special way, you probably don't need to set this. * @example '/var/run/tailscale/tailscaled.sock' */ socketPath?: string; /** * If true, will only use the unix socket to connect to tailscaled. * If false, will use the localhost TCP port to connect to tailscaled. * * Unless you're running tailscale in a special way, you probably don't need to set this. * * @default false */ useSocketOnly?: boolean; /** * Whether to enable debug mode. * If enabled, the middleware will log debug information to the console. * * @default false */ debug?: boolean; /** * The capabilities namespace to use for the Tailscale Grants. * If not set, the middleware will assume the user has access to every method on every route. * * @example * Set capabilitiesNamespace as "test.com/cap/express" for grants: * ```json * "grants": [{ * "src": ["user@example.com"], * "dst": ["*"], * "app": { * "test.com/cap/express": [ * { * "routes": [ * {"route": "/api", "methods": ["*"]}, * {"route": "/api/**", "methods": ["GET", "POST"]} * ] * } * ] * } * }] * ``` */ capabilitiesNamespace?: string; } declare const createTailscaleAuthMw: (options?: TailscaleAuthMiddlewareOptions) => (req: Request, res: Response, next: NextFunction) => Promise<void>; export { type RequestWithTailscaleUser, type TailscaleAuthMiddlewareOptions, createTailscaleAuthMw };