public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-05-25 03:28:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
66a5f99bfaa95fb42e28ac390a258207972621ea
headscale/hscontrol/util/zlog/maprequest.go
Kristoffer Dalby 4cca63155d all: apply godoc [Name] link conventions across comments 
Every Go-identifier reference in // and /* */ comments now uses
godoc's [Name] linking syntax so pkg.go.dev and `go doc` render
them as clickable cross-references. No behaviour change.

Pattern applied across the tree:
  In-package         [Foo], [Foo.Bar]
  Cross-package      [pkg.Foo], [pkg.Foo.Bar]
  Stdlib             [netip.Prefix], [errors.Is], [context.Context]
  Tailscale          [tailcfg.MapResponse], [tailcfg.Node.CapMap],
                     [tailcfg.NodeAttrSuggestExitNode]

Skip rules:
  - File:line refs left as plain text
  - HuJSON wire keys inside backtick raw strings untouched
  - ACL/policy syntax tokens (tag:foo, autogroup:self, ...) not Go
    symbols, left as plain text
  - JSON/OIDC wire keys, gorm tags, RFC IPv6 placeholders, markdown
    link tags, decorative dividers — all left as-is
2026-05-19 09:55:22 +02:00

52 lines
1.6 KiB
Go
Raw Blame History

package zlog
import (
"github.com/juanfont/headscale/hscontrol/util/zlog/zf"
"github.com/rs/zerolog"
"tailscale.com/tailcfg"
)
// SafeMapRequest wraps [tailcfg.MapRequest] for safe logging.
//
// SECURITY: This wrapper does not log sensitive information:
// - Endpoints: Client IP addresses and ports
// - Hostinfo: Device fingerprinting data (handled by [SafeHostinfo])
// - DERPForceWebsockets: Network configuration details
//
// Only safe fields are logged:
// - stream: Whether this is a streaming request
// - omit_peers: Whether peers should be omitted
// - version: Client capability version
// - node.key: Short form of the node key
// - endpoints_count: Number of endpoints (not the actual endpoints)
type SafeMapRequest struct {
req *tailcfg.MapRequest
}
// MapRequest creates a [SafeMapRequest] wrapper for safe logging.
func MapRequest(req *tailcfg.MapRequest) SafeMapRequest {
return SafeMapRequest{req: req}
}
// MarshalZerologObject implements [zerolog.LogObjectMarshaler].
func (s SafeMapRequest) MarshalZerologObject(e *zerolog.Event) {
if s.req == nil {
return
}
e.Bool(zf.Stream, s.req.Stream)
e.Bool(zf.OmitPeers, s.req.OmitPeers)
e.Int(zf.Version, int(s.req.Version))
e.Str(zf.NodeKey, s.req.NodeKey.ShortString())
// Log counts only, NOT actual endpoints/IPs.
if len(s.req.Endpoints) > 0 {
e.Int(zf.EndpointsCount, len(s.req.Endpoints))
}
// SECURITY: The following fields are intentionally NOT logged:
// - Endpoints: Client IP addresses and ports
// - Hostinfo: Device fingerprinting data (use [SafeHostinfo] separately if needed)
// - DERPForceWebsockets: Network configuration details
}
Reference in New Issue View Git Blame Copy Permalink