From d9027601f984913d6b199688ddc5909bb8d3ccdb Mon Sep 17 00:00:00 2001
From: AKP <abi@tdpain.net>
Date: Sat, 12 Oct 2024 18:49:01 +0100
Subject: [PATCH] Handle non-Tailnet connections

---
 tailscaleAuth.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tailscaleAuth.go b/tailscaleAuth.go
index a60408b..794554a 100644
--- a/tailscaleAuth.go
+++ b/tailscaleAuth.go
@@ -2,6 +2,7 @@ package caddy_tailscale
 
 import (
 	"context"
+	"errors"
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth"
 	"net/http"
@@ -45,6 +46,9 @@ func (ta *TailscaleAuth) Authenticate(_ http.ResponseWriter, req *http.Request)
 	defer cancel()
 	whois, err := ta.lc.WhoIs(ctx, req.RemoteAddr)
 	if err != nil {
+		if errors.Is(err, tailscale.ErrPeerNotFound) { // happens when a non-tailnet IP is tested, eg. from the wider internet
+			return caddyauth.User{}, false, nil
+		}
 		return caddyauth.User{}, false, err
 	}