TS2021: Use NodeKey for everything, as MachineKey is deprecated in TS2021

oidc.go

@@ -62,10 +62,10 @@ func (h *Headscale) initOIDC() error {
 
 // RegisterOIDC redirects to the OIDC provider for authentication
 // Puts machine key in cache so the callback can retrieve it using the oidc state param
-// Listens in /oidc/register/:mKey.
+// Listens in /oidc/register/:nKey.
 func (h *Headscale) RegisterOIDC(ctx *gin.Context) {
-	machineKeyStr := ctx.Param("mkey")
-	if machineKeyStr == "" {
+	nodeKeyStr := ctx.Param("nkey")
+	if nodeKeyStr == "" {
 		ctx.String(http.StatusBadRequest, "Wrong params")
 
 		return
@@ -73,7 +73,7 @@ func (h *Headscale) RegisterOIDC(ctx *gin.Context) {
 
 	log.Trace().
 		Caller().
-		Str("machine_key", machineKeyStr).
+		Str("node_key", nodeKeyStr).
 		Msg("Received oidc register call")
 
 	randomBlob := make([]byte, randomByteSize)
@@ -89,7 +89,7 @@ func (h *Headscale) RegisterOIDC(ctx *gin.Context) {
 	stateStr := hex.EncodeToString(randomBlob)[:32]
 
 	// place the machine key into the state cache, so it can be retrieved later
-	h.registrationCache.Set(stateStr, machineKeyStr, registerCacheExpiration)
+	h.registrationCache.Set(stateStr, nodeKeyStr, registerCacheExpiration)
 
 	// Add any extra parameter provided in the configuration to the Authorize Endpoint request
 	extras := make([]oauth2.AuthCodeOption, 0, len(h.cfg.OIDC.ExtraParams))
@@ -217,10 +217,10 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 		return
 	}
 
-	// retrieve machinekey from state cache
-	machineKeyIf, machineKeyFound := h.registrationCache.Get(state)
+	// retrieve nodekey from state cache
+	nodeKeyIf, nodeKeyFound := h.registrationCache.Get(state)
 
-	if !machineKeyFound {
+	if !nodeKeyFound {
 		log.Error().
 			Msg("requested machine state key expired before authorisation completed")
 		ctx.String(http.StatusBadRequest, "state has expired")
@@ -228,22 +228,22 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 		return
 	}
 
-	machineKeyFromCache, machineKeyOK := machineKeyIf.(string)
+	nodeKeyFromCache, nodeKeyOK := nodeKeyIf.(string)
 
-	var machineKey key.MachinePublic
-	err = machineKey.UnmarshalText(
-		[]byte(MachinePublicKeyEnsurePrefix(machineKeyFromCache)),
+	var nodeKey key.NodePublic
+	err = nodeKey.UnmarshalText(
+		[]byte(MachinePublicKeyEnsurePrefix(nodeKeyFromCache)),
 	)
 	if err != nil {
 		log.Error().
-			Msg("could not parse machine public key")
+			Msg("could not parse node public key")
 		ctx.String(http.StatusBadRequest, "could not parse public key")
 
 		return
 	}
 
-	if !machineKeyOK {
-		log.Error().Msg("could not get machine key from cache")
+	if !nodeKeyOK {
+		log.Error().Msg("could not get node key from cache")
 		ctx.String(
 			http.StatusInternalServerError,
 			"could not get machine key from cache",
@@ -256,7 +256,7 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 	// The error is not important, because if it does not
 	// exist, then this is a new machine and we will move
 	// on to registration.
-	machine, _ := h.GetMachineByMachineKey(machineKey)
+	machine, _ := h.GetMachineByNodeKeys(nodeKey, key.NodePublic{})
 
 	if machine != nil {
 		log.Trace().
@@ -335,10 +335,10 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) {
 		return
 	}
 
-	machineKeyStr := MachinePublicKeyStripPrefix(machineKey)
+	nodeKeyStr := NodePublicKeyStripPrefix(nodeKey)
 
 	_, err = h.RegisterMachineFromAuthCallback(
-		machineKeyStr,
+		nodeKeyStr,
 		namespace.Name,
 		RegisterMethodOIDC,
 	)