cmd/tsconnect: initial scaffolding for Tailscale Connect browser client

Runs a Tailscale client in the browser (via a WebAssembly build of the
wasm package) and allows SSH access to machines. The wasm package exports
a newIPN function, which returns a simple JS object with methods like
start(), login(), logout() and ssh(). The golang.org/x/crypto/ssh
package is used for the SSH client.

Terminal emulation and QR code renedring is done via NPM packages (xterm
and qrcode respectively), thus we also need a JS toolchain that can
install and bundle them. Yarn is used for installation, and esbuild
handles loading them and bundling for production serving.

Updates #3157

Signed-off-by: Mihai Parparita <mihai@tailscale.com>

cmd/tsconnect/src/index.css

@@ -0,0 +1,91 @@
+/* Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved. */
+/* Use of this source code is governed by a BSD-style */
+/* license that can be found in the LICENSE file. */
+
+@import "xterm/css/xterm.css";
+
+html {
+    background: #fff;
+    font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif,  "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+}
+
+body {
+    margin: 0;
+}
+
+button {
+    font-family: inherit;
+    border: solid 1px #ccc;
+    background: #fff;
+    color: #000;
+    padding: 4px 8px;
+    border-radius: 4px;
+}
+
+#header {
+    background: #f7f5f4;
+    border-bottom: 1px solid #eeebea;
+    padding: 12px;
+    display: flex;
+    align-items: center;
+}
+
+#header h1 {
+    margin: 0;
+    flex-grow: 1;
+}
+
+#header #state {
+    padding: 0 8px;
+    color: #444342;
+}
+
+#peers {
+    box-sizing: border-box;
+    width: 100%;
+    padding: 12px;
+}
+
+.login {
+    text-align: center;
+}
+
+.logout {
+    font-weight: bold;
+}
+
+.peer {
+    display: flex;
+    justify-content: space-between;
+    padding: 2px;
+}
+
+.peer:hover {
+    background: #eee;
+}
+
+.peer .name {
+    font-family: monospace;
+}
+
+.peer .ssh {
+    background-color: #cbf4c9;
+}
+
+.term-container {
+    padding: 12px;
+}
+
+.xterm-viewport.xterm-viewport {
+    scrollbar-width: thin;
+}
+.xterm-viewport::-webkit-scrollbar {
+    width: 10px;
+}
+.xterm-viewport::-webkit-scrollbar-track {
+    opacity: 0;
+}
+.xterm-viewport::-webkit-scrollbar-thumb {
+    min-height: 20px;
+    background-color: #ffffff20;
+}

cmd/tsconnect/src/index.js

@@ -0,0 +1,26 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+import "./wasm_exec"
+import wasmUrl from "./main.wasm"
+import { notifyState, notifyNetMap, notifyBrowseToURL } from "./notifier"
+import { sessionStateStorage } from "./js-state-store"
+
+const go = new window.Go()
+WebAssembly.instantiateStreaming(
+  fetch(`./dist/${wasmUrl}`),
+  go.importObject
+).then((result) => {
+  go.run(result.instance)
+  const ipn = newIPN({
+    // Persist IPN state in sessionStorage in development, so that we don't need
+    // to re-authorize every time we reload the page.
+    stateStorage: DEBUG ? sessionStateStorage : undefined,
+  })
+  ipn.run({
+    notifyState: notifyState.bind(null, ipn),
+    notifyNetMap: notifyNetMap.bind(null, ipn),
+    notifyBrowseToURL: notifyBrowseToURL.bind(null, ipn),
+  })
+})

cmd/tsconnect/src/js-state-store.js

@@ -0,0 +1,16 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/**
+ * @fileoverview Callbacks used by jsStateStore to persist IPN state.
+ */
+
+export const sessionStateStorage = {
+  setState(id, value) {
+    window.sessionStorage[`ipn-state-${id}`] = value
+  },
+  getState(id) {
+    return window.sessionStorage[`ipn-state-${id}`] || ""
+  },
+}

cmd/tsconnect/src/login.js

@@ -0,0 +1,71 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+import QRCode from "qrcode"
+
+export async function showLoginURL(url) {
+  if (loginNode) {
+    loginNode.remove()
+  }
+  loginNode = document.createElement("div")
+  loginNode.className = "login"
+  const linkNode = document.createElement("a")
+  linkNode.href = url
+  linkNode.target = "_blank"
+  loginNode.appendChild(linkNode)
+
+  try {
+    const dataURL = await QRCode.toDataURL(url, { width: 512 })
+    const imageNode = document.createElement("img")
+    imageNode.src = dataURL
+    imageNode.width = 256
+    imageNode.height = 256
+    imageNode.border = "0"
+    linkNode.appendChild(imageNode)
+  } catch (err) {
+    console.error("Could not generate QR code:", err)
+  }
+
+  linkNode.appendChild(document.createElement("br"))
+  linkNode.appendChild(document.createTextNode(url))
+
+  document.body.appendChild(loginNode)
+}
+
+export function hideLoginURL() {
+  if (!loginNode) {
+    return
+  }
+  loginNode.remove()
+  loginNode = undefined
+}
+
+let loginNode
+
+export function showLogoutButton(ipn) {
+  if (logoutButtonNode) {
+    logoutButtonNode.remove()
+  }
+  logoutButtonNode = document.createElement("button")
+  logoutButtonNode.className = "logout"
+  logoutButtonNode.textContent = "Logout"
+  logoutButtonNode.addEventListener(
+    "click",
+    () => {
+      ipn.logout()
+    },
+    { once: true }
+  )
+  document.getElementById("header").appendChild(logoutButtonNode)
+}
+
+export function hideLogoutButton() {
+  if (!logoutButtonNode) {
+    return
+  }
+  logoutButtonNode.remove()
+  logoutButtonNode = undefined
+}
+
+let logoutButtonNode

cmd/tsconnect/src/notifier.js

@@ -0,0 +1,75 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+import {
+  showLoginURL,
+  hideLoginURL,
+  showLogoutButton,
+  hideLogoutButton,
+} from "./login"
+import { showSSHPeers, hideSSHPeers } from "./ssh"
+
+/**
+ * @fileoverview Notification callback functions (bridged from ipn.Notify)
+ */
+
+/** Mirrors values from ipn/backend.go */
+const State = {
+  NoState: 0,
+  InUseOtherUser: 1,
+  NeedsLogin: 2,
+  NeedsMachineAuth: 3,
+  Stopped: 4,
+  Starting: 5,
+  Running: 6,
+}
+
+export function notifyState(ipn, state) {
+  let stateLabel
+  switch (state) {
+    case State.NoState:
+      stateLabel = "Initializing…"
+      break
+    case State.InUseOtherUser:
+      stateLabel = "In-use by another user"
+      break
+    case State.NeedsLogin:
+      stateLabel = "Needs Login"
+      hideLogoutButton()
+      hideSSHPeers()
+      ipn.login()
+      break
+    case State.NeedsMachineAuth:
+      stateLabel = "Needs authorization"
+      break
+    case State.Stopped:
+      stateLabel = "Stopped"
+      hideLogoutButton()
+      hideSSHPeers()
+      break
+    case State.Starting:
+      stateLabel = "Starting…"
+      break
+    case State.Running:
+      stateLabel = "Running"
+      hideLoginURL()
+      showLogoutButton(ipn)
+      break
+  }
+  const stateNode = document.getElementById("state")
+  stateNode.textContent = stateLabel ?? ""
+}
+
+export function notifyNetMap(ipn, netMapStr) {
+  const netMap = JSON.parse(netMapStr)
+  if (DEBUG) {
+    console.log("Received net map: " + JSON.stringify(netMap, null, 2))
+  }
+
+  showSSHPeers(netMap.peers, ipn)
+}
+
+export function notifyBrowseToURL(ipn, url) {
+  showLoginURL(url)
+}

cmd/tsconnect/src/ssh.js

@@ -0,0 +1,77 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+import { Terminal } from "xterm"
+
+export function showSSHPeers(peers, ipn) {
+  const peersNode = document.getElementById("peers")
+  peersNode.innerHTML = ""
+
+  const sshPeers = peers.filter((p) => p.tailscaleSSHEnabled)
+  if (!sshPeers.length) {
+    peersNode.textContent = "No machines have Tailscale SSH installed."
+    return
+  }
+
+  for (const peer of sshPeers) {
+    const peerNode = document.createElement("div")
+    peerNode.className = "peer"
+    const nameNode = document.createElement("div")
+    nameNode.className = "name"
+    nameNode.textContent = peer.name
+    peerNode.appendChild(nameNode)
+
+    const sshButtonNode = document.createElement("button")
+    sshButtonNode.className = "ssh"
+    sshButtonNode.addEventListener("click", function () {
+      ssh(peer.name, ipn)
+    })
+    sshButtonNode.textContent = "SSH"
+    peerNode.appendChild(sshButtonNode)
+
+    peersNode.appendChild(peerNode)
+  }
+}
+
+export function hideSSHPeers() {
+  const peersNode = document.getElementById("peers")
+  peersNode.innerHTML = ""
+}
+
+function ssh(hostname, ipn) {
+  const termContainerNode = document.createElement("div")
+  termContainerNode.className = "term-container"
+  document.body.appendChild(termContainerNode)
+
+  const term = new Terminal({
+    cursorBlink: true,
+  })
+  term.open(termContainerNode)
+
+  // Cancel wheel events from scrolling the page if the terminal has scrollback
+  termContainerNode.addEventListener("wheel", (e) => {
+    if (term.buffer.active.baseY > 0) {
+      e.preventDefault()
+    }
+  })
+
+  let onDataHook
+  term.onData((e) => {
+    onDataHook?.(e)
+  })
+
+  term.focus()
+
+  ipn.ssh(
+    hostname,
+    (input) => term.write(input),
+    (hook) => (onDataHook = hook),
+    term.rows,
+    term.cols,
+    () => {
+      term.dispose()
+      termContainerNode.remove()
+    }
+  )
+}