Refactor Tailscale service to streamline OAuth configuration and remove custom transport

- Simplified OAuth setup by utilizing the built-in OAuth support from the Tailscale client.
- Removed the custom HTTP transport for setting headers, enhancing code clarity.
- Updated deployment configuration to maintain Tailscale tailnet reference.

Author: rajsinghtech

backend/internal/services/tailscale.go

@@ -13,28 +13,15 @@ import (
 	"github.com/rajsinghtech/tsflow/backend/internal/config"
 	"github.com/rajsinghtech/tsflow/backend/internal/utils"
 	tailscale "tailscale.com/client/tailscale/v2"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/clientcredentials"
 )
 
-type secFetchSiteTransport struct {
-	rt http.RoundTripper
-}
-
-func (t *secFetchSiteTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	req.Header.Set("Sec-Fetch-Site", "cross-site")
-	req.Header.Set("Sec-Fetch-Mode", "cors")
-	return t.rt.RoundTrip(req)
-}
-
 type TailscaleService struct {
-	apiKey      string
-	oauthConfig *clientcredentials.Config
-	tailnet     string
-	baseURL     string
-	client      *http.Client
-	useOAuth    bool
-	tsClient    *tailscale.Client
+	apiKey   string
+	tailnet  string
+	baseURL  string
+	client   *http.Client
+	useOAuth bool
+	tsClient *tailscale.Client
 }
 
 type Device struct {
@@ -83,29 +70,18 @@ func NewTailscaleService(cfg *config.Config) *TailscaleService {
 	}
 
 	if cfg.TailscaleOAuthClientID != "" && cfg.TailscaleOAuthClientSecret != "" {
-		ts.oauthConfig = &clientcredentials.Config{
+		// Use the Tailscale client's built-in OAuth support
+		oauthConfig := tailscale.OAuthConfig{
 			ClientID:     cfg.TailscaleOAuthClientID,
 			ClientSecret: cfg.TailscaleOAuthClientSecret,
 			Scopes:       cfg.TailscaleOAuthScopes,
-			TokenURL:     cfg.TailscaleAPIURL + "/oauth/token",
 		}
 
-		// Create custom transport to add required headers
-		transport := &http.Transport{}
-		httpClient := &http.Client{
-			Transport: &secFetchSiteTransport{rt: transport},
-			Timeout:   5 * time.Minute,
-		}
-		
-		// Create context with custom HTTP client
-		ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
-		oauthClient := ts.oauthConfig.Client(ctx)
-		
 		ts.tsClient = &tailscale.Client{
-			HTTP:     oauthClient,
+			HTTP:     oauthConfig.HTTPClient(),
 			Tailnet:  cfg.TailscaleTailnet,
 		}
-		ts.client = oauthClient
+		ts.client = oauthConfig.HTTPClient()
 		ts.useOAuth = true
 	} else if cfg.TailscaleAPIKey != "" {
 		ts.apiKey = cfg.TailscaleAPIKey

k8s/deployment.yaml

@@ -32,6 +32,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: tsflow
-                  key: TAILSCALE_TAILNET
-            - name: ENVIRONMENT
-              value: production
+                  key: TAILSCALE_TAILNET