tailscale-derp-verifier

According to the Tailscale OAuth client, the corresponding nodekey is authorized to pass the Tailscale --verify-client-url check.

Deploy this on Cloudflare Workers.

Note: Only the nodekey will be verified; IP addresses will not be checked.

Usage

Copy the wrangler.template.jsonc to wrangler.jsonc and fill the kv namespace id.
Create a secret named TAILSCALE_OAUTH_APPS, which is a JSON string containing the organization name and the oauth client id and secret. Example:
```
[
  {
    "organizationName": "xxx",
    "clientId": "xxx",
    "clientSecret": "xxx"
  }
]
```
Run wrangler publish to deploy the worker.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
src		src
.editorconfig		.editorconfig
.gitignore		.gitignore
.prettierrc		.prettierrc
.prettierrc.cjs		.prettierrc.cjs
LICENSE		LICENSE
README.md		README.md
package.json		package.json
pnpm-lock.yaml		pnpm-lock.yaml
tsconfig.json		tsconfig.json
vitest.config.mts		vitest.config.mts
worker-configuration.d.ts		worker-configuration.d.ts
wrangler.template.jsonc		wrangler.template.jsonc