netbird/management/server/config.go

package server

import (
	"github.com/netbirdio/netbird/management/server/idp"
	"github.com/netbirdio/netbird/util"
	"net/url"
)

type Protocol string

const (
	UDP   Protocol = "udp"
	DTLS  Protocol = "dtls"
	TCP   Protocol = "tcp"
	HTTP  Protocol = "http"
	HTTPS Protocol = "https"
)

// Config of the Management service
type Config struct {
	Stuns      []*Host
	TURNConfig *TURNConfig
	Signal     *Host

	Datadir string

	HttpConfig *HttpServerConfig

	IdpManagerConfig *idp.Config
}

// TURNConfig is a config of the TURNCredentialsManager
type TURNConfig struct {
	TimeBasedCredentials bool
	CredentialsTTL       util.Duration
	Secret               string
	Turns                []*Host
}

// HttpServerConfig is a config of the HTTP Management service server
type HttpServerConfig struct {
	LetsEncryptDomain string
	//CertFile is the location of the certificate
	CertFile string
	//CertKey is the location of the certificate private key
	CertKey string
	Address string
	// AuthAudience identifies the recipients that the JWT is intended for (aud in JWT)
	AuthAudience string
	// AuthIssuer identifies principal that issued the JWT.
	AuthIssuer string
	// AuthKeysLocation is a location of JWT key set containing the public keys used to verify JWT
	AuthKeysLocation string
}

// Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)
type Host struct {
	Proto Protocol
	// URI e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000
	URI      string
	Username string
	Password string
}

// validateURL validates input http url
func validateURL(httpURL string) bool {
	_, err := url.ParseRequestURI(httpURL)
	if err != nil {
		return false
	}
	return true
}
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00			`package server`

Turn credentials generation (#102) * abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> 2021-09-02 14:41:54 +02:00			`import (`
Rename module to netbirdio/netbird (#288) rename the go module to netbirdio/netbird as part of our rebranding. 2022-03-26 12:08:54 +01:00			`"github.com/netbirdio/netbird/management/server/idp"`
			`"github.com/netbirdio/netbird/util"`
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field 2022-05-05 20:02:15 +02:00			`"net/url"`
Turn credentials generation (#102) * abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> 2021-09-02 14:41:54 +02:00			`)`

Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00			`type Protocol string`

			`const (`
			`UDP Protocol = "udp"`
			`DTLS Protocol = "dtls"`
			`TCP Protocol = "tcp"`
			`HTTP Protocol = "http"`
			`HTTPS Protocol = "https"`
			`)`

			`// Config of the Management service`
			`type Config struct {`
Turn credentials generation (#102) * abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> 2021-09-02 14:41:54 +02:00			`Stuns []*Host`
			`TURNConfig *TURNConfig`
			`Signal *Host`
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00
refactor: move LetsEncryptDomain to HttpServer config 2021-08-07 13:35:52 +02:00			`Datadir string`
feature: basic auth0 support (#78) * feature: basic auth0 support * refactor: improve auth flow * refactor: extract HttpServer config * feature: merge HTTP API layer with Let's Encrypt 2021-08-07 12:26:07 +02:00
			`HttpConfig *HttpServerConfig`
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix 2022-01-24 11:21:30 +01:00
			`IdpManagerConfig *idp.Config`
feature: basic auth0 support (#78) * feature: basic auth0 support * refactor: improve auth flow * refactor: extract HttpServer config * feature: merge HTTP API layer with Let's Encrypt 2021-08-07 12:26:07 +02:00			`}`

Turn credentials generation (#102) * abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> 2021-09-02 14:41:54 +02:00			`// TURNConfig is a config of the TURNCredentialsManager`
			`type TURNConfig struct {`
			`TimeBasedCredentials bool`
			`CredentialsTTL util.Duration`
client update of TURNs and STUNs (#106) * feature: update STUNs and TURNs in engine * fix: setup TURN credentials request only when refresh enabled * feature: update TURNs and STUNs in teh client app on Management update * chore: disable peer reflexive candidates in ICE * chore: relocate management.json * chore: make TURN secret and pwd plain text in config 2021-09-03 17:47:40 +02:00			`Secret string`
Turn credentials generation (#102) * abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> 2021-09-02 14:41:54 +02:00			`Turns []*Host`
			`}`

refactor: move LetsEncryptDomain to HttpServer config 2021-08-07 13:35:52 +02:00			`// HttpServerConfig is a config of the HTTP Management service server`
feature: basic auth0 support (#78) * feature: basic auth0 support * refactor: improve auth flow * refactor: extract HttpServer config * feature: merge HTTP API layer with Let's Encrypt 2021-08-07 12:26:07 +02:00			`type HttpServerConfig struct {`
refactor: move LetsEncryptDomain to HttpServer config 2021-08-07 13:35:52 +02:00			`LetsEncryptDomain string`
management/support cert from file (#122) * feature: support cert file in management service * docs: add new management commands 2021-09-25 19:22:49 +02:00			`//CertFile is the location of the certificate`
			`CertFile string`
			`//CertKey is the location of the certificate private key`
			`CertKey string`
			`Address string`
peer management HTTP API (#81) * feature: create account for a newly registered user * feature: finalize user auth flow * feature: create protected API with JWT * chore: cleanup http server * feature: add UI assets * chore: update react UI * refactor: move account not exists -> create to AccountManager * chore: update UI * chore: return only peers on peers endpoint * chore: add UI path to the config * chore: remove ui from management * chore: remove unused Docker comamnds * docs: update management config sample * fix: store creation * feature: introduce peer response to the HTTP api * fix: lint errors * feature: add setup-keys HTTP endpoint * fix: return empty json arrays in HTTP API * feature: add new peer response fields 2021-08-12 12:49:10 +02:00			`// AuthAudience identifies the recipients that the JWT is intended for (aud in JWT)`
			`AuthAudience string`
			`// AuthIssuer identifies principal that issued the JWT.`
			`AuthIssuer string`
			`// AuthKeysLocation is a location of JWT key set containing the public keys used to verify JWT`
			`AuthKeysLocation string`
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00			`}`

			`// Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)`
			`type Host struct {`
			`Proto Protocol`
			`// URI e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000`
			`URI string`
			`Username string`
client update of TURNs and STUNs (#106) * feature: update STUNs and TURNs in engine * fix: setup TURN credentials request only when refresh enabled * feature: update TURNs and STUNs in teh client app on Management update * chore: disable peer reflexive candidates in ICE * chore: relocate management.json * chore: make TURN secret and pwd plain text in config 2021-09-03 17:47:40 +02:00			`Password string`
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00			`}`
Adding peer registration support to JWT (#305) The management will validate the JWT as it does in the API and will register the Peer to the user's account. New fields were added to grpc messages in management and client daemon and its clients were updated Peer has one new field, UserID, that will hold the id of the user that registered it JWT middleware CheckJWT got a splitter and renamed to support validation for non HTTP requests Added test for adding new Peer with UserID Lots of tests update because of a new field 2022-05-05 20:02:15 +02:00
			`// validateURL validates input http url`
			`func validateURL(httpURL string) bool {`
			`_, err := url.ParseRequestURI(httpURL)`
			`if err != nil {`
			`return false`
			`}`
			`return true`
			`}`