Merge branch 'netbirdio:main' into main

.github/workflows/golang-test-darwin.yml

@@ -21,6 +21,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: "1.23.x"
+          cache: false
       - name: Checkout code
         uses: actions/checkout@v4
 
@@ -28,8 +29,9 @@ jobs:
         uses: actions/cache@v4
         with:
           path: ~/go/pkg/mod
-          key: macos-go-${{ hashFiles('**/go.sum') }}
+          key: macos-gotest-${{ hashFiles('**/go.sum') }}
           restore-keys: |
+            macos-gotest-
             macos-go-
 
       - name: Install libpcap
@@ -42,4 +44,4 @@ jobs:
         run: git --no-pager diff --exit-code
 
       - name: Test
-        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 ./...
+        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 $(go list ./... | grep -v /management)

.github/workflows/golang-test-linux.yml

@@ -11,7 +11,133 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  build-cache:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23.x"
+          cache: false
+
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV     
+
+      - name: Cache Go modules
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+            
+
+      - name: Install dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
+
+      - name: Install 32-bit libpcap
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: sudo dpkg --add-architecture i386 && sudo apt update && sudo apt-get install -y libpcap0.8-dev:i386
+
+      - name: Build client
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: client
+        run: CGO_ENABLED=1 go build .
+
+      - name: Build client 386
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: client
+        run: CGO_ENABLED=1 GOARCH=386 go build -o client-386 .
+
+      - name: Build management
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: management
+        run: CGO_ENABLED=1 go build .
+
+      - name: Build management 386
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: management
+        run: CGO_ENABLED=1 GOARCH=386 go build -o management-386 .
+
+      - name: Build signal
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: signal
+        run: CGO_ENABLED=1 go build .
+
+      - name: Build signal 386
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: signal
+        run: CGO_ENABLED=1 GOARCH=386 go build -o signal-386 .
+
+      - name: Build relay
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: relay
+        run: CGO_ENABLED=1 go build .
+
+      - name: Build relay 386
+        if: steps.cache.outputs.cache-hit != 'true'
+        working-directory: relay
+        run: CGO_ENABLED=1 GOARCH=386 go build -o relay-386 .
+
   test:
+    needs: [build-cache]
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: [ '386','amd64' ]
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23.x"
+          cache: false
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV     
+
+      - name: Cache Go modules
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-cache-
+
+      - name: Install dependencies
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
+
+      - name: Install 32-bit libpcap
+        if: matrix.arch == '386'
+        run: sudo dpkg --add-architecture i386 && sudo apt update && sudo apt-get install -y libpcap0.8-dev:i386
+
+      - name: Install modules
+        run: go mod tidy
+
+      - name: check git status
+        run: git --no-pager diff --exit-code
+
+      - name: Test
+        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} CI=true go test -exec 'sudo' -timeout 10m -p 1 $(go list ./... | grep -v /management)
+
+  test_management:
+    needs: [ build-cache ]
     strategy:
       fail-fast: false
       matrix:
@@ -23,19 +149,26 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: "1.23.x"
-
+          cache: false
-
-      - name: Cache Go modules
-        uses: actions/cache@v4
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
 
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV     
+
+      - name: Cache Go modules
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-cache-
+
       - name: Install dependencies
         run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
 
@@ -50,9 +183,10 @@ jobs:
         run: git --no-pager diff --exit-code
 
       - name: Test
-        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 10m -p 1 ./...
+        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 10m $(go list ./... | grep /management)
 
   benchmark:
+    needs: [ build-cache ]
     strategy:
       fail-fast: false
       matrix:
@@ -64,19 +198,26 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: "1.23.x"
-
+          cache: false
-
-      - name: Cache Go modules
-        uses: actions/cache@v4
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
 
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV     
+
+      - name: Cache Go modules
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-cache-
+
       - name: Install dependencies
         run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
 
@@ -91,27 +232,36 @@ jobs:
         run: git --no-pager diff --exit-code
 
       - name: Test
-        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -run=^$ -bench=. -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 10m -p 1 ./...
+        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -run=^$ -bench=. -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 10m ./...
 
   test_client_on_docker:
+    needs: [ build-cache ]
     runs-on: ubuntu-20.04
     steps:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.23.x"
-
+          cache: false
-      - name: Cache Go modules
-        uses: actions/cache@v4
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
 
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV     
+
+      - name: Cache Go modules
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-cache-
+
       - name: Install dependencies
         run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
 

.github/workflows/golang-test-windows.yml

@@ -24,6 +24,23 @@ jobs:
         id: go
         with:
           go-version: "1.23.x"
+          cache: false
+
+      - name: Get Go environment
+        run: |
+          echo "cache=$(go env GOCACHE)" >> $env:GITHUB_ENV
+          echo "modcache=$(go env GOMODCACHE)" >> $env:GITHUB_ENV
+
+      - name: Cache Go modules
+        uses: actions/cache@v4
+        with:
+          path: |
+            ${{ env.cache }}
+            ${{ env.modcache }}
+          key: ${{ runner.os }}-gotest-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-gotest-
+            ${{ runner.os }}-go-
 
       - name: Download wintun
         uses: carlosperate/download-file-action@v2
@@ -42,11 +59,13 @@ jobs:
       - run: choco install -y sysinternals --ignore-checksums
       - run: choco install -y mingw
 
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=C:\Users\runneradmin\go\pkg\mod
+      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=${{ env.cache }}
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=C:\Users\runneradmin\AppData\Local\go-build
+      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=${{ env.modcache }}
+      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe mod tidy
+      - run: echo "files=$(go list ./... | ForEach-Object { $_ } | Where-Object { $_ -notmatch '/management' })" >> $env:GITHUB_ENV
 
       - name: test
-        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 10m -p 1 ./... > test-out.txt 2>&1"
+        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 10m -p 1 ${{ env.files }} > test-out.txt 2>&1"
       - name: test output
         if: ${{ always() }}
         run: Get-Content test-out.txt

client/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.21.0
 RUN apk add --no-cache ca-certificates iptables ip6tables
 ENV NB_FOREGROUND_MODE=true
 ENTRYPOINT [ "/usr/local/bin/netbird","up"]

client/iface/device/kernel_module_linux.go

@@ -27,13 +27,13 @@ import (
 type status int
 
 const (
+	unknown                   status = 1
+	unloaded                  status = 2
+	unloading                 status = 3
+	loading                   status = 4
+	live                      status = 5
+	inuse                     status = 6
 	defaultModuleDir                 = "/lib/modules"
-	unknown          status = iota
-	unloaded
-	unloading
-	loading
-	live
-	inuse
 	envDisableWireGuardKernel        = "NB_WG_KERNEL_DISABLED"
 )
 

client/internal/peer/worker_ice.go

@@ -264,7 +264,13 @@ func (w *WorkerICE) closeAgent(cancel context.CancelFunc) {
 func (w *WorkerICE) punchRemoteWGPort(pair *ice.CandidatePair, remoteWgPort int) {
 	// wait local endpoint configuration
 	time.Sleep(time.Second)
-	addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", pair.Remote.Address(), remoteWgPort))
+	addrString := pair.Remote.Address()
+	parsed, err := netip.ParseAddr(addrString)
+	if (err == nil) && (parsed.Is6()) {
+		addrString = fmt.Sprintf("[%s]", addrString)
+		//IPv6 Literals need to be wrapped in brackets for Resolve*Addr()
+	}
+	addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", addrString, remoteWgPort))
 	if err != nil {
 		w.log.Warnf("got an error while resolving the udp address, err: %s", err)
 		return

client/ui/client_ui.go

@@ -572,6 +572,7 @@ func (s *serviceClient) onTrayReady() {
 	s.update.SetOnUpdateListener(s.onUpdateAvailable)
 	go func() {
 		s.getSrvConfig()
+		time.Sleep(100 * time.Millisecond) // To prevent race condition caused by systray not being fully initialized and ignoring setIcon
 		for {
 			err := s.updateStatus()
 			if err != nil {

go.mod

@@ -19,8 +19,8 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/vishvananda/netlink v1.2.1-beta.2
-	golang.org/x/crypto v0.28.0
+	golang.org/x/crypto v0.31.0
-	golang.org/x/sys v0.26.0
+	golang.org/x/sys v0.28.0
 	golang.zx2c4.com/wireguard v0.0.0-20230704135630-469159ecf7d1
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
 	golang.zx2c4.com/wireguard/windows v0.5.3
@@ -93,8 +93,8 @@ require (
 	golang.org/x/mobile v0.0.0-20231127183840-76ac6878050a
 	golang.org/x/net v0.30.0
 	golang.org/x/oauth2 v0.19.0
-	golang.org/x/sync v0.8.0
+	golang.org/x/sync v0.10.0
-	golang.org/x/term v0.25.0
+	golang.org/x/term v0.27.0
 	google.golang.org/api v0.177.0
 	gopkg.in/yaml.v3 v3.0.1
 	gorm.io/driver/mysql v1.5.7
@@ -223,7 +223,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/image v0.18.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect

go.sum

@@ -782,8 +782,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -909,8 +909,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -982,8 +982,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -991,8 +991,8 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1007,8 +1007,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

infrastructure_files/getting-started-with-zitadel.sh

@@ -530,7 +530,7 @@ renderCaddyfile() {
 {
   debug
 	servers :80,:443 {
-    protocols h1 h2c h3
+    protocols h1 h2c h2 h3
   }
 }
 

management/cmd/management.go

@@ -42,6 +42,7 @@ import (
 	nbContext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/management/server/geolocation"
 	httpapi "github.com/netbirdio/netbird/management/server/http"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/metrics"
@@ -257,7 +258,7 @@ var (
 				return fmt.Errorf("failed creating JWT validator: %v", err)
 			}
 
-			httpAPIAuthCfg := httpapi.AuthCfg{
+			httpAPIAuthCfg := configs.AuthCfg{
 				Issuer:       config.HttpConfig.AuthIssuer,
 				Audience:     config.HttpConfig.AuthAudience,
 				UserIDClaim:  config.HttpConfig.AuthUserIDClaim,

management/server/http/configs/auth.go

@@ -0,0 +1,9 @@
+package configs
+
+// AuthCfg contains parameters for authentication middleware
+type AuthCfg struct {
+	Issuer       string
+	Audience     string
+	UserIDClaim  string
+	KeysLocation string
+}

management/server/http/handler.go

@@ -12,6 +12,16 @@ import (
 
 	s "github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/geolocation"
+	"github.com/netbirdio/netbird/management/server/http/configs"
+	"github.com/netbirdio/netbird/management/server/http/handlers/accounts"
+	"github.com/netbirdio/netbird/management/server/http/handlers/dns"
+	"github.com/netbirdio/netbird/management/server/http/handlers/events"
+	"github.com/netbirdio/netbird/management/server/http/handlers/groups"
+	"github.com/netbirdio/netbird/management/server/http/handlers/peers"
+	"github.com/netbirdio/netbird/management/server/http/handlers/policies"
+	"github.com/netbirdio/netbird/management/server/http/handlers/routes"
+	"github.com/netbirdio/netbird/management/server/http/handlers/setup_keys"
+	"github.com/netbirdio/netbird/management/server/http/handlers/users"
 	"github.com/netbirdio/netbird/management/server/http/middleware"
 	"github.com/netbirdio/netbird/management/server/integrated_validator"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
@@ -20,27 +30,15 @@ import (
 
 const apiPrefix = "/api"
 
-// AuthCfg contains parameters for authentication middleware
-type AuthCfg struct {
-	Issuer       string
-	Audience     string
-	UserIDClaim  string
-	KeysLocation string
-}
-
 type apiHandler struct {
 	Router             *mux.Router
 	AccountManager     s.AccountManager
 	geolocationManager *geolocation.Geolocation
-	AuthCfg            AuthCfg
+	AuthCfg            configs.AuthCfg
-}
-
-// EmptyObject is an empty struct used to return empty JSON object
-type emptyObject struct {
 }
 
 // APIHandler creates the Management service HTTP API handler registering all the available endpoints.
-func APIHandler(ctx context.Context, accountManager s.AccountManager, LocationManager *geolocation.Geolocation, jwtValidator jwtclaims.JWTValidator, appMetrics telemetry.AppMetrics, authCfg AuthCfg, integratedValidator integrated_validator.IntegratedValidator) (http.Handler, error) {
+func APIHandler(ctx context.Context, accountManager s.AccountManager, LocationManager *geolocation.Geolocation, jwtValidator jwtclaims.JWTValidator, appMetrics telemetry.AppMetrics, authCfg configs.AuthCfg, integratedValidator integrated_validator.IntegratedValidator) (http.Handler, error) {
 	claimsExtractor := jwtclaims.NewClaimsExtractor(
 		jwtclaims.WithAudience(authCfg.Audience),
 		jwtclaims.WithUserIDClaim(authCfg.UserIDClaim),
@@ -86,122 +84,15 @@ func APIHandler(ctx context.Context, accountManager s.AccountManager, LocationMa
 		return nil, fmt.Errorf("register integrations endpoints: %w", err)
 	}
 
-	api.addAccountsEndpoint()
+	accounts.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addPeersEndpoint()
+	peers.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addUsersEndpoint()
+	users.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addUsersTokensEndpoint()
+	setup_keys.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addSetupKeysEndpoint()
+	policies.AddEndpoints(api.AccountManager, api.geolocationManager, authCfg, router)
-	api.addPoliciesEndpoint()
+	groups.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addGroupsEndpoint()
+	routes.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addRoutesEndpoint()
+	dns.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addDNSNameserversEndpoint()
+	events.AddEndpoints(api.AccountManager, authCfg, router)
-	api.addDNSSettingEndpoint()
-	api.addEventsEndpoint()
-	api.addPostureCheckEndpoint()
-	api.addLocationsEndpoint()
 
 	return rootRouter, nil
 }
-
-func (apiHandler *apiHandler) addAccountsEndpoint() {
-	accountsHandler := NewAccountsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/accounts/{accountId}", accountsHandler.UpdateAccount).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/accounts/{accountId}", accountsHandler.DeleteAccount).Methods("DELETE", "OPTIONS")
-	apiHandler.Router.HandleFunc("/accounts", accountsHandler.GetAllAccounts).Methods("GET", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addPeersEndpoint() {
-	peersHandler := NewPeersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/peers", peersHandler.GetAllPeers).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/peers/{peerId}", peersHandler.HandlePeer).
-		Methods("GET", "PUT", "DELETE", "OPTIONS")
-	apiHandler.Router.HandleFunc("/peers/{peerId}/accessible-peers", peersHandler.GetAccessiblePeers).Methods("GET", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addUsersEndpoint() {
-	userHandler := NewUsersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/users", userHandler.GetAllUsers).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}", userHandler.DeleteUser).Methods("DELETE", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users", userHandler.CreateUser).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}/invite", userHandler.InviteUser).Methods("POST", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addUsersTokensEndpoint() {
-	tokenHandler := NewPATsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/users/{userId}/tokens", tokenHandler.GetAllTokens).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}/tokens", tokenHandler.CreateToken).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}/tokens/{tokenId}", tokenHandler.GetToken).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}/tokens/{tokenId}", tokenHandler.DeleteToken).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addSetupKeysEndpoint() {
-	keysHandler := NewSetupKeysHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.GetAllSetupKeys).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.CreateSetupKey).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys/{keyId}", keysHandler.GetSetupKey).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys/{keyId}", keysHandler.UpdateSetupKey).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys/{keyId}", keysHandler.DeleteSetupKey).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addPoliciesEndpoint() {
-	policiesHandler := NewPoliciesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/policies", policiesHandler.GetAllPolicies).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies", policiesHandler.CreatePolicy).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.UpdatePolicy).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.GetPolicy).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.DeletePolicy).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addGroupsEndpoint() {
-	groupsHandler := NewGroupsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/groups", groupsHandler.GetAllGroups).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups", groupsHandler.CreateGroup).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.UpdateGroup).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.GetGroup).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.DeleteGroup).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addRoutesEndpoint() {
-	routesHandler := NewRoutesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/routes", routesHandler.GetAllRoutes).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes", routesHandler.CreateRoute).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.UpdateRoute).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.GetRoute).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.DeleteRoute).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addDNSNameserversEndpoint() {
-	nameserversHandler := NewNameserversHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.GetAllNameservers).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.CreateNameserverGroup).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.UpdateNameserverGroup).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.GetNameserverGroup).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.DeleteNameserverGroup).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addDNSSettingEndpoint() {
-	dnsSettingsHandler := NewDNSSettingsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/dns/settings", dnsSettingsHandler.GetDNSSettings).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/settings", dnsSettingsHandler.UpdateDNSSettings).Methods("PUT", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addEventsEndpoint() {
-	eventsHandler := NewEventsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/events", eventsHandler.GetAllEvents).Methods("GET", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addPostureCheckEndpoint() {
-	postureCheckHandler := NewPostureChecksHandler(apiHandler.AccountManager, apiHandler.geolocationManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/posture-checks", postureCheckHandler.GetAllPostureChecks).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/posture-checks", postureCheckHandler.CreatePostureCheck).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.UpdatePostureCheck).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.GetPostureCheck).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.DeletePostureCheck).Methods("DELETE", "OPTIONS")
-}
-
-func (apiHandler *apiHandler) addLocationsEndpoint() {
-	locationHandler := NewGeolocationsHandlerHandler(apiHandler.AccountManager, apiHandler.geolocationManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/locations/countries", locationHandler.GetAllCountries).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/locations/countries/{country}/cities", locationHandler.GetCitiesByCountry).Methods("GET", "OPTIONS")
-}

management/server/http/handlers/accounts/accounts_handler.go

@@ -1,4 +1,4 @@
-package http
+package accounts
 
 import (
 	"encoding/json"
@@ -10,20 +10,28 @@ import (
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// AccountsHandler is a handler that handles the server.Account HTTP endpoints
+// handler is a handler that handles the server.Account HTTP endpoints
-type AccountsHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewAccountsHandler creates a new AccountsHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewAccountsHandler(accountManager server.AccountManager, authCfg AuthCfg) *AccountsHandler {
+	accountsHandler := newHandler(accountManager, authCfg)
-	return &AccountsHandler{
+	router.HandleFunc("/accounts/{accountId}", accountsHandler.updateAccount).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/accounts/{accountId}", accountsHandler.deleteAccount).Methods("DELETE", "OPTIONS")
+	router.HandleFunc("/accounts", accountsHandler.getAllAccounts).Methods("GET", "OPTIONS")
+}
+
+// newHandler creates a new handler HTTP handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -32,8 +40,8 @@ func NewAccountsHandler(accountManager server.AccountManager, authCfg AuthCfg) *
 	}
 }
 
-// GetAllAccounts is HTTP GET handler that returns a list of accounts. Effectively returns just a single account.
+// getAllAccounts is HTTP GET handler that returns a list of accounts. Effectively returns just a single account.
-func (h *AccountsHandler) GetAllAccounts(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllAccounts(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -51,8 +59,8 @@ func (h *AccountsHandler) GetAllAccounts(w http.ResponseWriter, r *http.Request)
 	util.WriteJSONObject(r.Context(), w, []*api.Account{resp})
 }
 
-// UpdateAccount is HTTP PUT handler that updates the provided account. Updates only account settings (server.Settings)
+// updateAccount is HTTP PUT handler that updates the provided account. Updates only account settings (server.Settings)
-func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updateAccount(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	_, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -111,8 +119,8 @@ func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request)
 	util.WriteJSONObject(r.Context(), w, &resp)
 }
 
-// DeleteAccount is a HTTP DELETE handler to delete an account
+// deleteAccount is a HTTP DELETE handler to delete an account
-func (h *AccountsHandler) DeleteAccount(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deleteAccount(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	vars := mux.Vars(r)
 	targetAccountID := vars["accountId"]
@@ -127,7 +135,7 @@ func (h *AccountsHandler) DeleteAccount(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
 func toAccountResponse(accountID string, settings *server.Settings) *api.Account {

management/server/http/handlers/accounts/accounts_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package accounts
 
 import (
 	"bytes"
@@ -20,8 +20,8 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-func initAccountsTestData(account *server.Account, admin *server.User) *AccountsHandler {
+func initAccountsTestData(account *server.Account, admin *server.User) *handler {
-	return &AccountsHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountIDFromTokenFunc: func(ctx context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error) {
 				return account.Id, admin.Id, nil
@@ -89,7 +89,7 @@ func TestAccounts_AccountsHandler(t *testing.T) {
 		requestBody      io.Reader
 	}{
 		{
-			name:           "GetAllAccounts OK",
+			name:           "getAllAccounts OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/accounts",
@@ -189,8 +189,8 @@ func TestAccounts_AccountsHandler(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/accounts", handler.GetAllAccounts).Methods("GET")
+			router.HandleFunc("/api/accounts", handler.getAllAccounts).Methods("GET")
-			router.HandleFunc("/api/accounts/{accountId}", handler.UpdateAccount).Methods("PUT")
+			router.HandleFunc("/api/accounts/{accountId}", handler.updateAccount).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/dns/dns_settings_handler.go

@@ -1,26 +1,39 @@
-package http
+package dns
 
 import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/gorilla/mux"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
-// DNSSettingsHandler is a handler that returns the DNS settings of the account
+// dnsSettingsHandler is a handler that returns the DNS settings of the account
-type DNSSettingsHandler struct {
+type dnsSettingsHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewDNSSettingsHandler returns a new instance of DNSSettingsHandler handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewDNSSettingsHandler(accountManager server.AccountManager, authCfg AuthCfg) *DNSSettingsHandler {
+	addDNSSettingEndpoint(accountManager, authCfg, router)
-	return &DNSSettingsHandler{
+	addDNSNameserversEndpoint(accountManager, authCfg, router)
+}
+
+func addDNSSettingEndpoint(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
+	dnsSettingsHandler := newDNSSettingsHandler(accountManager, authCfg)
+	router.HandleFunc("/dns/settings", dnsSettingsHandler.getDNSSettings).Methods("GET", "OPTIONS")
+	router.HandleFunc("/dns/settings", dnsSettingsHandler.updateDNSSettings).Methods("PUT", "OPTIONS")
+}
+
+// newDNSSettingsHandler returns a new instance of dnsSettingsHandler handler
+func newDNSSettingsHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *dnsSettingsHandler {
+	return &dnsSettingsHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,8 +42,8 @@ func NewDNSSettingsHandler(accountManager server.AccountManager, authCfg AuthCfg
 	}
 }
 
-// GetDNSSettings returns the DNS settings for the account
+// getDNSSettings returns the DNS settings for the account
-func (h *DNSSettingsHandler) GetDNSSettings(w http.ResponseWriter, r *http.Request) {
+func (h *dnsSettingsHandler) getDNSSettings(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -52,8 +65,8 @@ func (h *DNSSettingsHandler) GetDNSSettings(w http.ResponseWriter, r *http.Reque
 	util.WriteJSONObject(r.Context(), w, apiDNSSettings)
 }
 
-// UpdateDNSSettings handles update to DNS settings of an account
+// updateDNSSettings handles update to DNS settings of an account
-func (h *DNSSettingsHandler) UpdateDNSSettings(w http.ResponseWriter, r *http.Request) {
+func (h *dnsSettingsHandler) updateDNSSettings(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/dns/dns_settings_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package dns
 
 import (
 	"bytes"
@@ -40,8 +40,8 @@ var testingDNSSettingsAccount = &server.Account{
 	DNSSettings: baseExistingDNSSettings,
 }
 
-func initDNSSettingsTestData() *DNSSettingsHandler {
+func initDNSSettingsTestData() *dnsSettingsHandler {
-	return &DNSSettingsHandler{
+	return &dnsSettingsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetDNSSettingsFunc: func(ctx context.Context, accountID string, userID string) (*server.DNSSettings, error) {
 				return &testingDNSSettingsAccount.DNSSettings, nil
@@ -120,8 +120,8 @@ func TestDNSSettingsHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/dns/settings", p.GetDNSSettings).Methods("GET")
+			router.HandleFunc("/api/dns/settings", p.getDNSSettings).Methods("GET")
-			router.HandleFunc("/api/dns/settings", p.UpdateDNSSettings).Methods("PUT")
+			router.HandleFunc("/api/dns/settings", p.updateDNSSettings).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/dns/nameservers_handler.go

@@ -1,4 +1,4 @@
-package http
+package dns
 
 import (
 	"encoding/json"
@@ -11,20 +11,30 @@ import (
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// NameserversHandler is the nameserver group handler of the account
+// nameserversHandler is the nameserver group handler of the account
-type NameserversHandler struct {
+type nameserversHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewNameserversHandler returns a new instance of NameserversHandler handler
+func addDNSNameserversEndpoint(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewNameserversHandler(accountManager server.AccountManager, authCfg AuthCfg) *NameserversHandler {
+	nameserversHandler := newNameserversHandler(accountManager, authCfg)
-	return &NameserversHandler{
+	router.HandleFunc("/dns/nameservers", nameserversHandler.getAllNameservers).Methods("GET", "OPTIONS")
+	router.HandleFunc("/dns/nameservers", nameserversHandler.createNameserverGroup).Methods("POST", "OPTIONS")
+	router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.updateNameserverGroup).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.getNameserverGroup).Methods("GET", "OPTIONS")
+	router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.deleteNameserverGroup).Methods("DELETE", "OPTIONS")
+}
+
+// newNameserversHandler returns a new instance of nameserversHandler handler
+func newNameserversHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *nameserversHandler {
+	return &nameserversHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -33,8 +43,8 @@ func NewNameserversHandler(accountManager server.AccountManager, authCfg AuthCfg
 	}
 }
 
-// GetAllNameservers returns the list of nameserver groups for the account
+// getAllNameservers returns the list of nameserver groups for the account
-func (h *NameserversHandler) GetAllNameservers(w http.ResponseWriter, r *http.Request) {
+func (h *nameserversHandler) getAllNameservers(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -57,8 +67,8 @@ func (h *NameserversHandler) GetAllNameservers(w http.ResponseWriter, r *http.Re
 	util.WriteJSONObject(r.Context(), w, apiNameservers)
 }
 
-// CreateNameserverGroup handles nameserver group creation request
+// createNameserverGroup handles nameserver group creation request
-func (h *NameserversHandler) CreateNameserverGroup(w http.ResponseWriter, r *http.Request) {
+func (h *nameserversHandler) createNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -90,8 +100,8 @@ func (h *NameserversHandler) CreateNameserverGroup(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(r.Context(), w, &resp)
 }
 
-// UpdateNameserverGroup handles update to a nameserver group identified by a given ID
+// updateNameserverGroup handles update to a nameserver group identified by a given ID
-func (h *NameserversHandler) UpdateNameserverGroup(w http.ResponseWriter, r *http.Request) {
+func (h *nameserversHandler) updateNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -141,8 +151,8 @@ func (h *NameserversHandler) UpdateNameserverGroup(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(r.Context(), w, &resp)
 }
 
-// DeleteNameserverGroup handles nameserver group deletion request
+// deleteNameserverGroup handles nameserver group deletion request
-func (h *NameserversHandler) DeleteNameserverGroup(w http.ResponseWriter, r *http.Request) {
+func (h *nameserversHandler) deleteNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -162,11 +172,11 @@ func (h *NameserversHandler) DeleteNameserverGroup(w http.ResponseWriter, r *htt
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
-// GetNameserverGroup handles a nameserver group Get request identified by ID
+// getNameserverGroup handles a nameserver group Get request identified by ID
-func (h *NameserversHandler) GetNameserverGroup(w http.ResponseWriter, r *http.Request) {
+func (h *nameserversHandler) getNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/dns/nameservers_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package dns
 
 import (
 	"bytes"
@@ -50,8 +50,8 @@ var baseExistingNSGroup = &nbdns.NameServerGroup{
 	Enabled: true,
 }
 
-func initNameserversTestData() *NameserversHandler {
+func initNameserversTestData() *nameserversHandler {
-	return &NameserversHandler{
+	return &nameserversHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetNameServerGroupFunc: func(_ context.Context, accountID, userID, nsGroupID string) (*nbdns.NameServerGroup, error) {
 				if nsGroupID == existingNSGroupID {
@@ -206,10 +206,10 @@ func TestNameserversHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.GetNameserverGroup).Methods("GET")
+			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.getNameserverGroup).Methods("GET")
-			router.HandleFunc("/api/dns/nameservers", p.CreateNameserverGroup).Methods("POST")
+			router.HandleFunc("/api/dns/nameservers", p.createNameserverGroup).Methods("POST")
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.DeleteNameserverGroup).Methods("DELETE")
+			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.deleteNameserverGroup).Methods("DELETE")
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.UpdateNameserverGroup).Methods("PUT")
+			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.updateNameserverGroup).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/events/events_handler.go

@@ -1,28 +1,35 @@
-package http
+package events
 
 import (
 	"context"
 	"fmt"
 	"net/http"
 
+	"github.com/gorilla/mux"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
-// EventsHandler HTTP handler
+// handler HTTP handler
-type EventsHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewEventsHandler creates a new EventsHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewEventsHandler(accountManager server.AccountManager, authCfg AuthCfg) *EventsHandler {
+	eventsHandler := newHandler(accountManager, authCfg)
-	return &EventsHandler{
+	router.HandleFunc("/events", eventsHandler.getAllEvents).Methods("GET", "OPTIONS")
+}
+
+// newHandler creates a new events handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -31,8 +38,8 @@ func NewEventsHandler(accountManager server.AccountManager, authCfg AuthCfg) *Ev
 	}
 }
 
-// GetAllEvents list of the given account
+// getAllEvents list of the given account
-func (h *EventsHandler) GetAllEvents(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllEvents(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -60,7 +67,7 @@ func (h *EventsHandler) GetAllEvents(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, events)
 }
 
-func (h *EventsHandler) fillEventsWithUserInfo(ctx context.Context, events []*api.Event, accountId, userId string) error {
+func (h *handler) fillEventsWithUserInfo(ctx context.Context, events []*api.Event, accountId, userId string) error {
 	// build email, name maps based on users
 	userInfos, err := h.accountManager.GetUsersFromAccount(ctx, accountId, userId)
 	if err != nil {

management/server/http/handlers/events/events_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package events
 
 import (
 	"context"
@@ -20,8 +20,8 @@ import (
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
 
-func initEventsTestData(account string, events ...*activity.Event) *EventsHandler {
+func initEventsTestData(account string, events ...*activity.Event) *handler {
-	return &EventsHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetEventsFunc: func(_ context.Context, accountID, userID string) ([]*activity.Event, error) {
 				if accountID == account {
@@ -183,7 +183,7 @@ func TestEvents_GetEvents(t *testing.T) {
 		requestBody    io.Reader
 	}{
 		{
-			name:           "GetAllEvents OK",
+			name:           "getAllEvents OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/events/",
@@ -201,7 +201,7 @@ func TestEvents_GetEvents(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/events/", handler.GetAllEvents).Methods("GET")
+			router.HandleFunc("/api/events/", handler.getAllEvents).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/groups/groups_handler.go

@@ -1,13 +1,15 @@
-package http
+package groups
 
 import (
 	"encoding/json"
 	"net/http"
 
 	"github.com/gorilla/mux"
-	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	log "github.com/sirupsen/logrus"
 
+	"github.com/netbirdio/netbird/management/server/http/configs"
+	nbpeer "github.com/netbirdio/netbird/management/server/peer"
+
 	"github.com/netbirdio/netbird/management/server"
 	nbgroup "github.com/netbirdio/netbird/management/server/group"
 	"github.com/netbirdio/netbird/management/server/http/api"
@@ -16,15 +18,24 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// GroupsHandler is a handler that returns groups of the account
+// handler is a handler that returns groups of the account
-type GroupsHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewGroupsHandler creates a new GroupsHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewGroupsHandler(accountManager server.AccountManager, authCfg AuthCfg) *GroupsHandler {
+	groupsHandler := newHandler(accountManager, authCfg)
-	return &GroupsHandler{
+	router.HandleFunc("/groups", groupsHandler.getAllGroups).Methods("GET", "OPTIONS")
+	router.HandleFunc("/groups", groupsHandler.createGroup).Methods("POST", "OPTIONS")
+	router.HandleFunc("/groups/{groupId}", groupsHandler.updateGroup).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/groups/{groupId}", groupsHandler.getGroup).Methods("GET", "OPTIONS")
+	router.HandleFunc("/groups/{groupId}", groupsHandler.deleteGroup).Methods("DELETE", "OPTIONS")
+}
+
+// newHandler creates a new groups handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -33,8 +44,8 @@ func NewGroupsHandler(accountManager server.AccountManager, authCfg AuthCfg) *Gr
 	}
 }
 
-// GetAllGroups list for the account
+// getAllGroups list for the account
-func (h *GroupsHandler) GetAllGroups(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllGroups(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -63,8 +74,8 @@ func (h *GroupsHandler) GetAllGroups(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, groupsResponse)
 }
 
-// UpdateGroup handles update to a group identified by a given ID
+// updateGroup handles update to a group identified by a given ID
-func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updateGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -141,8 +152,8 @@ func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toGroupResponse(accountPeers, &group))
 }
 
-// CreateGroup handles group creation request
+// createGroup handles group creation request
-func (h *GroupsHandler) CreateGroup(w http.ResponseWriter, r *http.Request) {
+func (h *handler) createGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -189,8 +200,8 @@ func (h *GroupsHandler) CreateGroup(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toGroupResponse(accountPeers, &group))
 }
 
-// DeleteGroup handles group deletion request
+// deleteGroup handles group deletion request
-func (h *GroupsHandler) DeleteGroup(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deleteGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -215,11 +226,11 @@ func (h *GroupsHandler) DeleteGroup(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
-// GetGroup returns a group
+// getGroup returns a group
-func (h *GroupsHandler) GetGroup(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/groups/groups_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package groups
 
 import (
 	"bytes"
@@ -31,8 +31,8 @@ var TestPeers = map[string]*nbpeer.Peer{
 	"B": {Key: "B", ID: "peer-B-ID", IP: net.ParseIP("200.200.200.200")},
 }
 
-func initGroupTestData(initGroups ...*nbgroup.Group) *GroupsHandler {
+func initGroupTestData(initGroups ...*nbgroup.Group) *handler {
-	return &GroupsHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			SaveGroupFunc: func(_ context.Context, accountID, userID string, group *nbgroup.Group) error {
 				if !strings.HasPrefix(group.ID, "id-") {
@@ -106,14 +106,14 @@ func TestGetGroup(t *testing.T) {
 		requestBody    io.Reader
 	}{
 		{
-			name:           "GetGroup OK",
+			name:           "getGroup OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/groups/idofthegroup",
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetGroup not found",
+			name:           "getGroup not found",
 			requestType:    http.MethodGet,
 			requestPath:    "/api/groups/notexists",
 			expectedStatus: http.StatusNotFound,
@@ -133,7 +133,7 @@ func TestGetGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups/{groupId}", p.GetGroup).Methods("GET")
+			router.HandleFunc("/api/groups/{groupId}", p.getGroup).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -254,8 +254,8 @@ func TestWriteGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups", p.CreateGroup).Methods("POST")
+			router.HandleFunc("/api/groups", p.createGroup).Methods("POST")
-			router.HandleFunc("/api/groups/{groupId}", p.UpdateGroup).Methods("PUT")
+			router.HandleFunc("/api/groups/{groupId}", p.updateGroup).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -331,7 +331,7 @@ func TestDeleteGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups/{groupId}", p.DeleteGroup).Methods("DELETE")
+			router.HandleFunc("/api/groups/{groupId}", p.deleteGroup).Methods("DELETE")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/peers/peers_handler.go

@@ -1,4 +1,4 @@
-package http
+package peers
 
 import (
 	"context"
@@ -12,21 +12,30 @@ import (
 	"github.com/netbirdio/netbird/management/server"
 	nbgroup "github.com/netbirdio/netbird/management/server/group"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// PeersHandler is a handler that returns peers of the account
+// Handler is a handler that returns peers of the account
-type PeersHandler struct {
+type Handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewPeersHandler creates a new PeersHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewPeersHandler(accountManager server.AccountManager, authCfg AuthCfg) *PeersHandler {
+	peersHandler := NewHandler(accountManager, authCfg)
-	return &PeersHandler{
+	router.HandleFunc("/peers", peersHandler.GetAllPeers).Methods("GET", "OPTIONS")
+	router.HandleFunc("/peers/{peerId}", peersHandler.HandlePeer).
+		Methods("GET", "PUT", "DELETE", "OPTIONS")
+	router.HandleFunc("/peers/{peerId}/accessible-peers", peersHandler.GetAccessiblePeers).Methods("GET", "OPTIONS")
+}
+
+// NewHandler creates a new peers Handler
+func NewHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *Handler {
+	return &Handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -35,7 +44,7 @@ func NewPeersHandler(accountManager server.AccountManager, authCfg AuthCfg) *Pee
 	}
 }
 
-func (h *PeersHandler) checkPeerStatus(peer *nbpeer.Peer) (*nbpeer.Peer, error) {
+func (h *Handler) checkPeerStatus(peer *nbpeer.Peer) (*nbpeer.Peer, error) {
 	peerToReturn := peer.Copy()
 	if peer.Status.Connected {
 		// Although we have online status in store we do not yet have an updated channel so have to show it as disconnected
@@ -48,7 +57,7 @@ func (h *PeersHandler) checkPeerStatus(peer *nbpeer.Peer) (*nbpeer.Peer, error)
 	return peerToReturn, nil
 }
 
-func (h *PeersHandler) getPeer(ctx context.Context, account *server.Account, peerID, userID string, w http.ResponseWriter) {
+func (h *Handler) getPeer(ctx context.Context, account *server.Account, peerID, userID string, w http.ResponseWriter) {
 	peer, err := h.accountManager.GetPeer(ctx, account.Id, peerID, userID)
 	if err != nil {
 		util.WriteError(ctx, err, w)
@@ -75,7 +84,7 @@ func (h *PeersHandler) getPeer(ctx context.Context, account *server.Account, pee
 	util.WriteJSONObject(ctx, w, toSinglePeerResponse(peerToReturn, groupsInfo, dnsDomain, valid))
 }
 
-func (h *PeersHandler) updatePeer(ctx context.Context, account *server.Account, userID, peerID string, w http.ResponseWriter, r *http.Request) {
+func (h *Handler) updatePeer(ctx context.Context, account *server.Account, userID, peerID string, w http.ResponseWriter, r *http.Request) {
 	req := &api.PeerRequest{}
 	err := json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
@@ -120,18 +129,18 @@ func (h *PeersHandler) updatePeer(ctx context.Context, account *server.Account,
 	util.WriteJSONObject(r.Context(), w, toSinglePeerResponse(peer, groupMinimumInfo, dnsDomain, valid))
 }
 
-func (h *PeersHandler) deletePeer(ctx context.Context, accountID, userID string, peerID string, w http.ResponseWriter) {
+func (h *Handler) deletePeer(ctx context.Context, accountID, userID string, peerID string, w http.ResponseWriter) {
 	err := h.accountManager.DeletePeer(ctx, accountID, peerID, userID)
 	if err != nil {
 		log.WithContext(ctx).Errorf("failed to delete peer: %v", err)
 		util.WriteError(ctx, err, w)
 		return
 	}
-	util.WriteJSONObject(ctx, w, emptyObject{})
+	util.WriteJSONObject(ctx, w, util.EmptyObject{})
 }
 
 // HandlePeer handles all peer requests for GET, PUT and DELETE operations
-func (h *PeersHandler) HandlePeer(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) HandlePeer(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -168,7 +177,7 @@ func (h *PeersHandler) HandlePeer(w http.ResponseWriter, r *http.Request) {
 }
 
 // GetAllPeers returns a list of all peers associated with a provided account
-func (h *PeersHandler) GetAllPeers(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) GetAllPeers(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -219,7 +228,7 @@ func (h *PeersHandler) GetAllPeers(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, respBody)
 }
 
-func (h *PeersHandler) setApprovalRequiredFlag(respBody []*api.PeerBatch, approvedPeersMap map[string]struct{}) {
+func (h *Handler) setApprovalRequiredFlag(respBody []*api.PeerBatch, approvedPeersMap map[string]struct{}) {
 	for _, peer := range respBody {
 		_, ok := approvedPeersMap[peer.Id]
 		if !ok {
@@ -229,7 +238,7 @@ func (h *PeersHandler) setApprovalRequiredFlag(respBody []*api.PeerBatch, approv
 }
 
 // GetAccessiblePeers returns a list of all peers that the specified peer can connect to within the network.
-func (h *PeersHandler) GetAccessiblePeers(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) GetAccessiblePeers(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/peers/peers_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package peers
 
 import (
 	"bytes"
@@ -38,8 +38,8 @@ const (
 	userIDKey   ctxKey = "user_id"
 )
 
-func initTestMetaData(peers ...*nbpeer.Peer) *PeersHandler {
+func initTestMetaData(peers ...*nbpeer.Peer) *Handler {
-	return &PeersHandler{
+	return &Handler{
 		accountManager: &mock_server.MockAccountManager{
 			UpdatePeerFunc: func(_ context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error) {
 				var p *nbpeer.Peer

management/server/http/handlers/policies/geolocation_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"context"
@@ -11,9 +11,9 @@ import (
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/netbirdio/netbird/management/server"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/geolocation"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
@@ -21,12 +21,12 @@ import (
 	"github.com/netbirdio/netbird/util"
 )
 
-func initGeolocationTestData(t *testing.T) *GeolocationsHandler {
+func initGeolocationTestData(t *testing.T) *geolocationsHandler {
 	t.Helper()
 
 	var (
-		mmdbPath       = "../testdata/GeoLite2-City_20240305.mmdb"
+		mmdbPath       = "../../../testdata/GeoLite2-City_20240305.mmdb"
-		geonamesdbPath = "../testdata/geonames_20240305.db"
+		geonamesdbPath = "../../../testdata/geonames_20240305.db"
 	)
 
 	tempDir := t.TempDir()
@@ -41,7 +41,7 @@ func initGeolocationTestData(t *testing.T) *GeolocationsHandler {
 	assert.NoError(t, err)
 	t.Cleanup(func() { _ = geo.Stop() })
 
-	return &GeolocationsHandler{
+	return &geolocationsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountIDFromTokenFunc: func(_ context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error) {
 				return claims.AccountId, claims.UserId, nil
@@ -114,7 +114,7 @@ func TestGetCitiesByCountry(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/locations/countries/{country}/cities", geolocationHandler.GetCitiesByCountry).Methods("GET")
+			router.HandleFunc("/api/locations/countries/{country}/cities", geolocationHandler.getCitiesByCountry).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -202,7 +202,7 @@ func TestGetAllCountries(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/locations/countries", geolocationHandler.GetAllCountries).Methods("GET")
+			router.HandleFunc("/api/locations/countries", geolocationHandler.getAllCountries).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/policies/geolocations_handler.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"net/http"
@@ -9,6 +9,7 @@ import (
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/geolocation"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
@@ -18,16 +19,22 @@ var (
 	countryCodeRegex = regexp.MustCompile("^[a-zA-Z]{2}$")
 )
 
-// GeolocationsHandler is a handler that returns locations.
+// geolocationsHandler is a handler that returns locations.
-type GeolocationsHandler struct {
+type geolocationsHandler struct {
 	accountManager     server.AccountManager
 	geolocationManager *geolocation.Geolocation
 	claimsExtractor    *jwtclaims.ClaimsExtractor
 }
 
-// NewGeolocationsHandlerHandler creates a new Geolocations handler
+func addLocationsEndpoint(accountManager server.AccountManager, locationManager *geolocation.Geolocation, authCfg configs.AuthCfg, router *mux.Router) {
-func NewGeolocationsHandlerHandler(accountManager server.AccountManager, geolocationManager *geolocation.Geolocation, authCfg AuthCfg) *GeolocationsHandler {
+	locationHandler := newGeolocationsHandlerHandler(accountManager, locationManager, authCfg)
-	return &GeolocationsHandler{
+	router.HandleFunc("/locations/countries", locationHandler.getAllCountries).Methods("GET", "OPTIONS")
+	router.HandleFunc("/locations/countries/{country}/cities", locationHandler.getCitiesByCountry).Methods("GET", "OPTIONS")
+}
+
+// newGeolocationsHandlerHandler creates a new Geolocations handler
+func newGeolocationsHandlerHandler(accountManager server.AccountManager, geolocationManager *geolocation.Geolocation, authCfg configs.AuthCfg) *geolocationsHandler {
+	return &geolocationsHandler{
 		accountManager:     accountManager,
 		geolocationManager: geolocationManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
@@ -37,8 +44,8 @@ func NewGeolocationsHandlerHandler(accountManager server.AccountManager, geoloca
 	}
 }
 
-// GetAllCountries retrieves a list of all countries
+// getAllCountries retrieves a list of all countries
-func (l *GeolocationsHandler) GetAllCountries(w http.ResponseWriter, r *http.Request) {
+func (l *geolocationsHandler) getAllCountries(w http.ResponseWriter, r *http.Request) {
 	if err := l.authenticateUser(r); err != nil {
 		util.WriteError(r.Context(), err, w)
 		return
@@ -63,8 +70,8 @@ func (l *GeolocationsHandler) GetAllCountries(w http.ResponseWriter, r *http.Req
 	util.WriteJSONObject(r.Context(), w, countries)
 }
 
-// GetCitiesByCountry retrieves a list of cities based on the given country code
+// getCitiesByCountry retrieves a list of cities based on the given country code
-func (l *GeolocationsHandler) GetCitiesByCountry(w http.ResponseWriter, r *http.Request) {
+func (l *geolocationsHandler) getCitiesByCountry(w http.ResponseWriter, r *http.Request) {
 	if err := l.authenticateUser(r); err != nil {
 		util.WriteError(r.Context(), err, w)
 		return
@@ -96,7 +103,7 @@ func (l *GeolocationsHandler) GetCitiesByCountry(w http.ResponseWriter, r *http.
 	util.WriteJSONObject(r.Context(), w, cities)
 }
 
-func (l *GeolocationsHandler) authenticateUser(r *http.Request) error {
+func (l *geolocationsHandler) authenticateUser(r *http.Request) error {
 	claims := l.claimsExtractor.FromRequestContext(r)
 	_, userID, err := l.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/policies/policies_handler.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"encoding/json"
@@ -6,23 +6,36 @@ import (
 	"strconv"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/geolocation"
 	nbgroup "github.com/netbirdio/netbird/management/server/group"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// Policies is a handler that returns policy of the account
+// handler is a handler that returns policy of the account
-type Policies struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewPoliciesHandler creates a new Policies handler
+func AddEndpoints(accountManager server.AccountManager, locationManager *geolocation.Geolocation, authCfg configs.AuthCfg, router *mux.Router) {
-func NewPoliciesHandler(accountManager server.AccountManager, authCfg AuthCfg) *Policies {
+	policiesHandler := newHandler(accountManager, authCfg)
-	return &Policies{
+	router.HandleFunc("/policies", policiesHandler.getAllPolicies).Methods("GET", "OPTIONS")
+	router.HandleFunc("/policies", policiesHandler.createPolicy).Methods("POST", "OPTIONS")
+	router.HandleFunc("/policies/{policyId}", policiesHandler.updatePolicy).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/policies/{policyId}", policiesHandler.getPolicy).Methods("GET", "OPTIONS")
+	router.HandleFunc("/policies/{policyId}", policiesHandler.deletePolicy).Methods("DELETE", "OPTIONS")
+	addPostureCheckEndpoint(accountManager, locationManager, authCfg, router)
+}
+
+// newHandler creates a new policies handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -31,8 +44,8 @@ func NewPoliciesHandler(accountManager server.AccountManager, authCfg AuthCfg) *
 	}
 }
 
-// GetAllPolicies list for the account
+// getAllPolicies list for the account
-func (h *Policies) GetAllPolicies(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllPolicies(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -65,8 +78,8 @@ func (h *Policies) GetAllPolicies(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, policies)
 }
 
-// UpdatePolicy handles update to a policy identified by a given ID
+// updatePolicy handles update to a policy identified by a given ID
-func (h *Policies) UpdatePolicy(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updatePolicy(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -90,8 +103,8 @@ func (h *Policies) UpdatePolicy(w http.ResponseWriter, r *http.Request) {
 	h.savePolicy(w, r, accountID, userID, policyID)
 }
 
-// CreatePolicy handles policy creation request
+// createPolicy handles policy creation request
-func (h *Policies) CreatePolicy(w http.ResponseWriter, r *http.Request) {
+func (h *handler) createPolicy(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -103,7 +116,7 @@ func (h *Policies) CreatePolicy(w http.ResponseWriter, r *http.Request) {
 }
 
 // savePolicy handles policy creation and update
-func (h *Policies) savePolicy(w http.ResponseWriter, r *http.Request, accountID string, userID string, policyID string) {
+func (h *handler) savePolicy(w http.ResponseWriter, r *http.Request, accountID string, userID string, policyID string) {
 	var req api.PutApiPoliciesPolicyIdJSONRequestBody
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -245,8 +258,8 @@ func (h *Policies) savePolicy(w http.ResponseWriter, r *http.Request, accountID
 	util.WriteJSONObject(r.Context(), w, resp)
 }
 
-// DeletePolicy handles policy deletion request
+// deletePolicy handles policy deletion request
-func (h *Policies) DeletePolicy(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deletePolicy(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -266,11 +279,11 @@ func (h *Policies) DeletePolicy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
-// GetPolicy handles a group Get request identified by ID
+// getPolicy handles a group Get request identified by ID
-func (h *Policies) GetPolicy(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getPolicy(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/policies/policies_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"bytes"
@@ -24,12 +24,12 @@ import (
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
 
-func initPoliciesTestData(policies ...*server.Policy) *Policies {
+func initPoliciesTestData(policies ...*server.Policy) *handler {
 	testPolicies := make(map[string]*server.Policy, len(policies))
 	for _, policy := range policies {
 		testPolicies[policy.ID] = policy
 	}
-	return &Policies{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetPolicyFunc: func(_ context.Context, _, policyID, _ string) (*server.Policy, error) {
 				policy, ok := testPolicies[policyID]
@@ -91,14 +91,14 @@ func TestPoliciesGetPolicy(t *testing.T) {
 		requestBody    io.Reader
 	}{
 		{
-			name:           "GetPolicy OK",
+			name:           "getPolicy OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/policies/idofthepolicy",
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetPolicy not found",
+			name:           "getPolicy not found",
 			requestType:    http.MethodGet,
 			requestPath:    "/api/policies/notexists",
 			expectedStatus: http.StatusNotFound,
@@ -121,7 +121,7 @@ func TestPoliciesGetPolicy(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/policies/{policyId}", p.GetPolicy).Methods("GET")
+			router.HandleFunc("/api/policies/{policyId}", p.getPolicy).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -269,8 +269,8 @@ func TestPoliciesWritePolicy(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/policies", p.CreatePolicy).Methods("POST")
+			router.HandleFunc("/api/policies", p.createPolicy).Methods("POST")
-			router.HandleFunc("/api/policies/{policyId}", p.UpdatePolicy).Methods("PUT")
+			router.HandleFunc("/api/policies/{policyId}", p.updatePolicy).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/policies/posture_checks_handler.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"encoding/json"
@@ -9,22 +9,33 @@ import (
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/geolocation"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/posture"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// PostureChecksHandler is a handler that returns posture checks of the account.
+// postureChecksHandler is a handler that returns posture checks of the account.
-type PostureChecksHandler struct {
+type postureChecksHandler struct {
 	accountManager     server.AccountManager
 	geolocationManager *geolocation.Geolocation
 	claimsExtractor    *jwtclaims.ClaimsExtractor
 }
 
-// NewPostureChecksHandler creates a new PostureChecks handler
+func addPostureCheckEndpoint(accountManager server.AccountManager, locationManager *geolocation.Geolocation, authCfg configs.AuthCfg, router *mux.Router) {
-func NewPostureChecksHandler(accountManager server.AccountManager, geolocationManager *geolocation.Geolocation, authCfg AuthCfg) *PostureChecksHandler {
+	postureCheckHandler := newPostureChecksHandler(accountManager, locationManager, authCfg)
-	return &PostureChecksHandler{
+	router.HandleFunc("/posture-checks", postureCheckHandler.getAllPostureChecks).Methods("GET", "OPTIONS")
+	router.HandleFunc("/posture-checks", postureCheckHandler.createPostureCheck).Methods("POST", "OPTIONS")
+	router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.updatePostureCheck).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.getPostureCheck).Methods("GET", "OPTIONS")
+	router.HandleFunc("/posture-checks/{postureCheckId}", postureCheckHandler.deletePostureCheck).Methods("DELETE", "OPTIONS")
+	addLocationsEndpoint(accountManager, locationManager, authCfg, router)
+}
+
+// newPostureChecksHandler creates a new PostureChecks handler
+func newPostureChecksHandler(accountManager server.AccountManager, geolocationManager *geolocation.Geolocation, authCfg configs.AuthCfg) *postureChecksHandler {
+	return &postureChecksHandler{
 		accountManager:     accountManager,
 		geolocationManager: geolocationManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
@@ -34,8 +45,8 @@ func NewPostureChecksHandler(accountManager server.AccountManager, geolocationMa
 	}
 }
 
-// GetAllPostureChecks list for the account
+// getAllPostureChecks list for the account
-func (p *PostureChecksHandler) GetAllPostureChecks(w http.ResponseWriter, r *http.Request) {
+func (p *postureChecksHandler) getAllPostureChecks(w http.ResponseWriter, r *http.Request) {
 	claims := p.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := p.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -57,8 +68,8 @@ func (p *PostureChecksHandler) GetAllPostureChecks(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(r.Context(), w, postureChecks)
 }
 
-// UpdatePostureCheck handles update to a posture check identified by a given ID
+// updatePostureCheck handles update to a posture check identified by a given ID
-func (p *PostureChecksHandler) UpdatePostureCheck(w http.ResponseWriter, r *http.Request) {
+func (p *postureChecksHandler) updatePostureCheck(w http.ResponseWriter, r *http.Request) {
 	claims := p.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := p.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -82,8 +93,8 @@ func (p *PostureChecksHandler) UpdatePostureCheck(w http.ResponseWriter, r *http
 	p.savePostureChecks(w, r, accountID, userID, postureChecksID)
 }
 
-// CreatePostureCheck handles posture check creation request
+// createPostureCheck handles posture check creation request
-func (p *PostureChecksHandler) CreatePostureCheck(w http.ResponseWriter, r *http.Request) {
+func (p *postureChecksHandler) createPostureCheck(w http.ResponseWriter, r *http.Request) {
 	claims := p.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := p.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -94,8 +105,8 @@ func (p *PostureChecksHandler) CreatePostureCheck(w http.ResponseWriter, r *http
 	p.savePostureChecks(w, r, accountID, userID, "")
 }
 
-// GetPostureCheck handles a posture check Get request identified by ID
+// getPostureCheck handles a posture check Get request identified by ID
-func (p *PostureChecksHandler) GetPostureCheck(w http.ResponseWriter, r *http.Request) {
+func (p *postureChecksHandler) getPostureCheck(w http.ResponseWriter, r *http.Request) {
 	claims := p.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := p.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -119,8 +130,8 @@ func (p *PostureChecksHandler) GetPostureCheck(w http.ResponseWriter, r *http.Re
 	util.WriteJSONObject(r.Context(), w, postureChecks.ToAPIResponse())
 }
 
-// DeletePostureCheck handles posture check deletion request
+// deletePostureCheck handles posture check deletion request
-func (p *PostureChecksHandler) DeletePostureCheck(w http.ResponseWriter, r *http.Request) {
+func (p *postureChecksHandler) deletePostureCheck(w http.ResponseWriter, r *http.Request) {
 	claims := p.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := p.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -140,11 +151,11 @@ func (p *PostureChecksHandler) DeletePostureCheck(w http.ResponseWriter, r *http
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
 // savePostureChecks handles posture checks create and update
-func (p *PostureChecksHandler) savePostureChecks(w http.ResponseWriter, r *http.Request, accountID, userID, postureChecksID string) {
+func (p *postureChecksHandler) savePostureChecks(w http.ResponseWriter, r *http.Request, accountID, userID, postureChecksID string) {
 	var (
 		err error
 		req api.PostureCheckUpdate

management/server/http/handlers/policies/posture_checks_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package policies
 
 import (
 	"bytes"
@@ -25,13 +25,13 @@ import (
 var berlin = "Berlin"
 var losAngeles = "Los Angeles"
 
-func initPostureChecksTestData(postureChecks ...*posture.Checks) *PostureChecksHandler {
+func initPostureChecksTestData(postureChecks ...*posture.Checks) *postureChecksHandler {
 	testPostureChecks := make(map[string]*posture.Checks, len(postureChecks))
 	for _, postureCheck := range postureChecks {
 		testPostureChecks[postureCheck.ID] = postureCheck
 	}
 
-	return &PostureChecksHandler{
+	return &postureChecksHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetPostureChecksFunc: func(_ context.Context, accountID, postureChecksID, userID string) (*posture.Checks, error) {
 				p, ok := testPostureChecks[postureChecksID]
@@ -147,35 +147,35 @@ func TestGetPostureCheck(t *testing.T) {
 		requestBody    io.Reader
 	}{
 		{
-			name:           "GetPostureCheck NBVersion OK",
+			name:           "getPostureCheck NBVersion OK",
 			expectedBody:   true,
 			id:             postureCheck.ID,
 			checkName:      postureCheck.Name,
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetPostureCheck OSVersion OK",
+			name:           "getPostureCheck OSVersion OK",
 			expectedBody:   true,
 			id:             osPostureCheck.ID,
 			checkName:      osPostureCheck.Name,
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetPostureCheck GeoLocation OK",
+			name:           "getPostureCheck GeoLocation OK",
 			expectedBody:   true,
 			id:             geoPostureCheck.ID,
 			checkName:      geoPostureCheck.Name,
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetPostureCheck PrivateNetwork OK",
+			name:           "getPostureCheck PrivateNetwork OK",
 			expectedBody:   true,
 			id:             privateNetworkCheck.ID,
 			checkName:      privateNetworkCheck.Name,
 			expectedStatus: http.StatusOK,
 		},
 		{
-			name:           "GetPostureCheck Not Found",
+			name:           "getPostureCheck Not Found",
 			id:             "not-exists",
 			expectedStatus: http.StatusNotFound,
 		},
@@ -189,7 +189,7 @@ func TestGetPostureCheck(t *testing.T) {
 			req := httptest.NewRequest(http.MethodGet, "/api/posture-checks/"+tc.id, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/posture-checks/{postureCheckId}", p.GetPostureCheck).Methods("GET")
+			router.HandleFunc("/api/posture-checks/{postureCheckId}", p.getPostureCheck).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -231,7 +231,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 		requestType          string
 		requestPath          string
 		requestBody          io.Reader
-		setupHandlerFunc     func(handler *PostureChecksHandler)
+		setupHandlerFunc     func(handler *postureChecksHandler)
 	}{
 		{
 			name:        "Create Posture Checks NB version",
@@ -286,7 +286,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 					},
 				},
 			},
-			setupHandlerFunc: func(handler *PostureChecksHandler) {
+			setupHandlerFunc: func(handler *postureChecksHandler) {
 				handler.geolocationManager = nil
 			},
 		},
@@ -427,7 +427,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 				}`)),
 			expectedStatus: http.StatusPreconditionFailed,
 			expectedBody:   false,
-			setupHandlerFunc: func(handler *PostureChecksHandler) {
+			setupHandlerFunc: func(handler *postureChecksHandler) {
 				handler.geolocationManager = nil
 			},
 		},
@@ -614,7 +614,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 					},
 				},
 			},
-			setupHandlerFunc: func(handler *PostureChecksHandler) {
+			setupHandlerFunc: func(handler *postureChecksHandler) {
 				handler.geolocationManager = nil
 			},
 		},
@@ -677,7 +677,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 					}`)),
 			expectedStatus: http.StatusPreconditionFailed,
 			expectedBody:   false,
-			setupHandlerFunc: func(handler *PostureChecksHandler) {
+			setupHandlerFunc: func(handler *postureChecksHandler) {
 				handler.geolocationManager = nil
 			},
 		},
@@ -842,8 +842,8 @@ func TestPostureCheckUpdate(t *testing.T) {
 			}
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/posture-checks", defaultHandler.CreatePostureCheck).Methods("POST")
+			router.HandleFunc("/api/posture-checks", defaultHandler.createPostureCheck).Methods("POST")
-			router.HandleFunc("/api/posture-checks/{postureCheckId}", defaultHandler.UpdatePostureCheck).Methods("PUT")
+			router.HandleFunc("/api/posture-checks/{postureCheckId}", defaultHandler.updatePostureCheck).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/routes/routes_handler.go

@@ -1,4 +1,4 @@
-package http
+package routes
 
 import (
 	"encoding/json"
@@ -14,6 +14,7 @@ import (
 	"github.com/netbirdio/netbird/management/domain"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
@@ -23,15 +24,24 @@ import (
 const maxDomains = 32
 const failedToConvertRoute = "failed to convert route to response: %v"
 
-// RoutesHandler is the routes handler of the account
+// handler is the routes handler of the account
-type RoutesHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewRoutesHandler returns a new instance of RoutesHandler handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewRoutesHandler(accountManager server.AccountManager, authCfg AuthCfg) *RoutesHandler {
+	routesHandler := newHandler(accountManager, authCfg)
-	return &RoutesHandler{
+	router.HandleFunc("/routes", routesHandler.getAllRoutes).Methods("GET", "OPTIONS")
+	router.HandleFunc("/routes", routesHandler.createRoute).Methods("POST", "OPTIONS")
+	router.HandleFunc("/routes/{routeId}", routesHandler.updateRoute).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/routes/{routeId}", routesHandler.getRoute).Methods("GET", "OPTIONS")
+	router.HandleFunc("/routes/{routeId}", routesHandler.deleteRoute).Methods("DELETE", "OPTIONS")
+}
+
+// newHandler returns a new instance of routes handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -40,8 +50,8 @@ func NewRoutesHandler(accountManager server.AccountManager, authCfg AuthCfg) *Ro
 	}
 }
 
-// GetAllRoutes returns the list of routes for the account
+// getAllRoutes returns the list of routes for the account
-func (h *RoutesHandler) GetAllRoutes(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllRoutes(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -67,8 +77,8 @@ func (h *RoutesHandler) GetAllRoutes(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, apiRoutes)
 }
 
-// CreateRoute handles route creation request
+// createRoute handles route creation request
-func (h *RoutesHandler) CreateRoute(w http.ResponseWriter, r *http.Request) {
+func (h *handler) createRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -139,7 +149,7 @@ func (h *RoutesHandler) CreateRoute(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, routes)
 }
 
-func (h *RoutesHandler) validateRoute(req api.PostApiRoutesJSONRequestBody) error {
+func (h *handler) validateRoute(req api.PostApiRoutesJSONRequestBody) error {
 	if req.Network != nil && req.Domains != nil {
 		return status.Errorf(status.InvalidArgument, "only one of 'network' or 'domains' should be provided")
 	}
@@ -164,8 +174,8 @@ func (h *RoutesHandler) validateRoute(req api.PostApiRoutesJSONRequestBody) erro
 	return nil
 }
 
-// UpdateRoute handles update to a route identified by a given ID
+// updateRoute handles update to a route identified by a given ID
-func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updateRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -257,8 +267,8 @@ func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, routes)
 }
 
-// DeleteRoute handles route deletion request
+// deleteRoute handles route deletion request
-func (h *RoutesHandler) DeleteRoute(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deleteRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -278,11 +288,11 @@ func (h *RoutesHandler) DeleteRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
-// GetRoute handles a route Get request identified by ID
+// getRoute handles a route Get request identified by ID
-func (h *RoutesHandler) GetRoute(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {

management/server/http/handlers/routes/routes_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package routes
 
 import (
 	"bytes"
@@ -87,8 +87,8 @@ var testingAccount = &server.Account{
 	},
 }
 
-func initRoutesTestData() *RoutesHandler {
+func initRoutesTestData() *handler {
-	return &RoutesHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetRouteFunc: func(_ context.Context, _ string, routeID route.ID, _ string) (*route.Route, error) {
 				if routeID == existingRouteID {
@@ -152,7 +152,7 @@ func initRoutesTestData() *RoutesHandler {
 				return nil
 			},
 			GetAccountIDFromTokenFunc: func(_ context.Context, _ jwtclaims.AuthorizationClaims) (string, string, error) {
-				//return testingAccount, testingAccount.Users["test_user"], nil
+				// return testingAccount, testingAccount.Users["test_user"], nil
 				return testingAccount.Id, testingAccount.Users["test_user"].Id, nil
 			},
 		},
@@ -521,10 +521,10 @@ func TestRoutesHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/routes/{routeId}", p.GetRoute).Methods("GET")
+			router.HandleFunc("/api/routes/{routeId}", p.getRoute).Methods("GET")
-			router.HandleFunc("/api/routes/{routeId}", p.DeleteRoute).Methods("DELETE")
+			router.HandleFunc("/api/routes/{routeId}", p.deleteRoute).Methods("DELETE")
-			router.HandleFunc("/api/routes", p.CreateRoute).Methods("POST")
+			router.HandleFunc("/api/routes", p.createRoute).Methods("POST")
-			router.HandleFunc("/api/routes/{routeId}", p.UpdateRoute).Methods("PUT")
+			router.HandleFunc("/api/routes/{routeId}", p.updateRoute).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/setup_keys/setupkeys_handler.go

@@ -1,4 +1,4 @@
-package http
+package setup_keys
 
 import (
 	"context"
@@ -10,20 +10,30 @@ import (
 
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// SetupKeysHandler is a handler that returns a list of setup keys of the account
+// handler is a handler that returns a list of setup keys of the account
-type SetupKeysHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewSetupKeysHandler creates a new SetupKeysHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewSetupKeysHandler(accountManager server.AccountManager, authCfg AuthCfg) *SetupKeysHandler {
+	keysHandler := newHandler(accountManager, authCfg)
-	return &SetupKeysHandler{
+	router.HandleFunc("/setup-keys", keysHandler.getAllSetupKeys).Methods("GET", "OPTIONS")
+	router.HandleFunc("/setup-keys", keysHandler.createSetupKey).Methods("POST", "OPTIONS")
+	router.HandleFunc("/setup-keys/{keyId}", keysHandler.getSetupKey).Methods("GET", "OPTIONS")
+	router.HandleFunc("/setup-keys/{keyId}", keysHandler.updateSetupKey).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/setup-keys/{keyId}", keysHandler.deleteSetupKey).Methods("DELETE", "OPTIONS")
+}
+
+// newHandler creates a new setup key handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -32,8 +42,8 @@ func NewSetupKeysHandler(accountManager server.AccountManager, authCfg AuthCfg)
 	}
 }
 
-// CreateSetupKey is a POST requests that creates a new SetupKey
+// createSetupKey is a POST requests that creates a new SetupKey
-func (h *SetupKeysHandler) CreateSetupKey(w http.ResponseWriter, r *http.Request) {
+func (h *handler) createSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -89,8 +99,8 @@ func (h *SetupKeysHandler) CreateSetupKey(w http.ResponseWriter, r *http.Request
 	util.WriteJSONObject(r.Context(), w, apiSetupKeys)
 }
 
-// GetSetupKey is a GET request to get a SetupKey by ID
+// getSetupKey is a GET request to get a SetupKey by ID
-func (h *SetupKeysHandler) GetSetupKey(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -114,8 +124,8 @@ func (h *SetupKeysHandler) GetSetupKey(w http.ResponseWriter, r *http.Request) {
 	writeSuccess(r.Context(), w, key)
 }
 
-// UpdateSetupKey is a PUT request to update server.SetupKey
+// updateSetupKey is a PUT request to update server.SetupKey
-func (h *SetupKeysHandler) UpdateSetupKey(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updateSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -155,8 +165,8 @@ func (h *SetupKeysHandler) UpdateSetupKey(w http.ResponseWriter, r *http.Request
 	writeSuccess(r.Context(), w, newKey)
 }
 
-// GetAllSetupKeys is a GET request that returns a list of SetupKey
+// getAllSetupKeys is a GET request that returns a list of SetupKey
-func (h *SetupKeysHandler) GetAllSetupKeys(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllSetupKeys(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -178,7 +188,7 @@ func (h *SetupKeysHandler) GetAllSetupKeys(w http.ResponseWriter, r *http.Reques
 	util.WriteJSONObject(r.Context(), w, apiSetupKeys)
 }
 
-func (h *SetupKeysHandler) DeleteSetupKey(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deleteSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -199,7 +209,7 @@ func (h *SetupKeysHandler) DeleteSetupKey(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
 func writeSuccess(ctx context.Context, w http.ResponseWriter, key *server.SetupKey) {

management/server/http/handlers/setup_keys/setupkeys_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package setup_keys
 
 import (
 	"bytes"
@@ -26,12 +26,13 @@ const (
 	newSetupKeyName     = "New Setup Key"
 	updatedSetupKeyName = "KKKey"
 	notFoundSetupKeyID  = "notFoundSetupKeyID"
+	testAccountID       = "test_id"
 )
 
 func initSetupKeysTestMetaData(defaultKey *server.SetupKey, newKey *server.SetupKey, updatedSetupKey *server.SetupKey,
 	user *server.User,
-) *SetupKeysHandler {
+) *handler {
-	return &SetupKeysHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountIDFromTokenFunc: func(_ context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error) {
 				return claims.AccountId, claims.UserId, nil
@@ -178,11 +179,11 @@ func TestSetupKeysHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/setup-keys", handler.GetAllSetupKeys).Methods("GET", "OPTIONS")
+			router.HandleFunc("/api/setup-keys", handler.getAllSetupKeys).Methods("GET", "OPTIONS")
-			router.HandleFunc("/api/setup-keys", handler.CreateSetupKey).Methods("POST", "OPTIONS")
+			router.HandleFunc("/api/setup-keys", handler.createSetupKey).Methods("POST", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{keyId}", handler.GetSetupKey).Methods("GET", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{keyId}", handler.getSetupKey).Methods("GET", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{keyId}", handler.UpdateSetupKey).Methods("PUT", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{keyId}", handler.updateSetupKey).Methods("PUT", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{keyId}", handler.DeleteSetupKey).Methods("DELETE", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{keyId}", handler.deleteSetupKey).Methods("DELETE", "OPTIONS")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/users/pat_handler.go

@@ -1,4 +1,4 @@
-package http
+package users
 
 import (
 	"encoding/json"
@@ -9,20 +9,29 @@ import (
 
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// PATHandler is the nameserver group handler of the account
+// patHandler is the nameserver group handler of the account
-type PATHandler struct {
+type patHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewPATsHandler creates a new PATHandler HTTP handler
+func addUsersTokensEndpoint(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewPATsHandler(accountManager server.AccountManager, authCfg AuthCfg) *PATHandler {
+	tokenHandler := newPATsHandler(accountManager, authCfg)
-	return &PATHandler{
+	router.HandleFunc("/users/{userId}/tokens", tokenHandler.getAllTokens).Methods("GET", "OPTIONS")
+	router.HandleFunc("/users/{userId}/tokens", tokenHandler.createToken).Methods("POST", "OPTIONS")
+	router.HandleFunc("/users/{userId}/tokens/{tokenId}", tokenHandler.getToken).Methods("GET", "OPTIONS")
+	router.HandleFunc("/users/{userId}/tokens/{tokenId}", tokenHandler.deleteToken).Methods("DELETE", "OPTIONS")
+}
+
+// newPATsHandler creates a new patHandler HTTP handler
+func newPATsHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *patHandler {
+	return &patHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -31,8 +40,8 @@ func NewPATsHandler(accountManager server.AccountManager, authCfg AuthCfg) *PATH
 	}
 }
 
-// GetAllTokens is HTTP GET handler that returns a list of all personal access tokens for the given user
+// getAllTokens is HTTP GET handler that returns a list of all personal access tokens for the given user
-func (h *PATHandler) GetAllTokens(w http.ResponseWriter, r *http.Request) {
+func (h *patHandler) getAllTokens(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -61,8 +70,8 @@ func (h *PATHandler) GetAllTokens(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, patResponse)
 }
 
-// GetToken is HTTP GET handler that returns a personal access token for the given user
+// getToken is HTTP GET handler that returns a personal access token for the given user
-func (h *PATHandler) GetToken(w http.ResponseWriter, r *http.Request) {
+func (h *patHandler) getToken(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -92,8 +101,8 @@ func (h *PATHandler) GetToken(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toPATResponse(pat))
 }
 
-// CreateToken is HTTP POST handler that creates a personal access token for the given user
+// createToken is HTTP POST handler that creates a personal access token for the given user
-func (h *PATHandler) CreateToken(w http.ResponseWriter, r *http.Request) {
+func (h *patHandler) createToken(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -124,8 +133,8 @@ func (h *PATHandler) CreateToken(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toPATGeneratedResponse(pat))
 }
 
-// DeleteToken is HTTP DELETE handler that deletes a personal access token for the given user
+// deleteToken is HTTP DELETE handler that deletes a personal access token for the given user
-func (h *PATHandler) DeleteToken(w http.ResponseWriter, r *http.Request) {
+func (h *patHandler) deleteToken(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	accountID, userID, err := h.accountManager.GetAccountIDFromToken(r.Context(), claims)
 	if err != nil {
@@ -152,7 +161,7 @@ func (h *PATHandler) DeleteToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
 func toPATResponse(pat *server.PersonalAccessToken) *api.PersonalAccessToken {

management/server/http/handlers/users/pat_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package users
 
 import (
 	"bytes"
@@ -61,8 +61,8 @@ var testAccount = &server.Account{
 	},
 }
 
-func initPATTestData() *PATHandler {
+func initPATTestData() *patHandler {
-	return &PATHandler{
+	return &patHandler{
 		accountManager: &mock_server.MockAccountManager{
 			CreatePATFunc: func(_ context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*server.PersonalAccessTokenGenerated, error) {
 				if accountID != existingAccountID {
@@ -186,10 +186,10 @@ func TestTokenHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/users/{userId}/tokens", p.GetAllTokens).Methods("GET")
+			router.HandleFunc("/api/users/{userId}/tokens", p.getAllTokens).Methods("GET")
-			router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.GetToken).Methods("GET")
+			router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.getToken).Methods("GET")
-			router.HandleFunc("/api/users/{userId}/tokens", p.CreateToken).Methods("POST")
+			router.HandleFunc("/api/users/{userId}/tokens", p.createToken).Methods("POST")
-			router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.DeleteToken).Methods("DELETE")
+			router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.deleteToken).Methods("DELETE")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handlers/users/users_handler.go

@@ -1,4 +1,4 @@
-package http
+package users
 
 import (
 	"encoding/json"
@@ -9,6 +9,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/status"
 
@@ -16,15 +17,25 @@ import (
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
-// UsersHandler is a handler that returns users of the account
+// handler is a handler that returns users of the account
-type UsersHandler struct {
+type handler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewUsersHandler creates a new UsersHandler HTTP handler
+func AddEndpoints(accountManager server.AccountManager, authCfg configs.AuthCfg, router *mux.Router) {
-func NewUsersHandler(accountManager server.AccountManager, authCfg AuthCfg) *UsersHandler {
+	userHandler := newHandler(accountManager, authCfg)
-	return &UsersHandler{
+	router.HandleFunc("/users", userHandler.getAllUsers).Methods("GET", "OPTIONS")
+	router.HandleFunc("/users/{userId}", userHandler.updateUser).Methods("PUT", "OPTIONS")
+	router.HandleFunc("/users/{userId}", userHandler.deleteUser).Methods("DELETE", "OPTIONS")
+	router.HandleFunc("/users", userHandler.createUser).Methods("POST", "OPTIONS")
+	router.HandleFunc("/users/{userId}/invite", userHandler.inviteUser).Methods("POST", "OPTIONS")
+	addUsersTokensEndpoint(accountManager, authCfg, router)
+}
+
+// newHandler creates a new UsersHandler HTTP handler
+func newHandler(accountManager server.AccountManager, authCfg configs.AuthCfg) *handler {
+	return &handler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -33,8 +44,8 @@ func NewUsersHandler(accountManager server.AccountManager, authCfg AuthCfg) *Use
 	}
 }
 
-// UpdateUser is a PUT requests to update User data
+// updateUser is a PUT requests to update User data
-func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPut {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -94,8 +105,8 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toUserResponse(newUser, claims.UserId))
 }
 
-// DeleteUser is a DELETE request to delete a user
+// deleteUser is a DELETE request to delete a user
-func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) deleteUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodDelete {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -121,11 +132,11 @@ func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
-// CreateUser creates a User in the system with a status "invited" (effectively this is a user invite).
+// createUser creates a User in the system with a status "invited" (effectively this is a user invite).
-func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) createUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -175,9 +186,9 @@ func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toUserResponse(newUser, claims.UserId))
 }
 
-// GetAllUsers returns a list of users of the account this user belongs to.
+// getAllUsers returns a list of users of the account this user belongs to.
 // It also gathers additional user data (like email and name) from the IDP manager.
-func (h *UsersHandler) GetAllUsers(w http.ResponseWriter, r *http.Request) {
+func (h *handler) getAllUsers(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodGet {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -222,9 +233,9 @@ func (h *UsersHandler) GetAllUsers(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, users)
 }
 
-// InviteUser resend invitations to users who haven't activated their accounts,
+// inviteUser resend invitations to users who haven't activated their accounts,
 // prior to the expiration period.
-func (h *UsersHandler) InviteUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) inviteUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -250,7 +261,7 @@ func (h *UsersHandler) InviteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	util.WriteJSONObject(r.Context(), w, emptyObject{})
+	util.WriteJSONObject(r.Context(), w, util.EmptyObject{})
 }
 
 func toUserResponse(user *server.UserInfo, currenUserID string) *api.User {

management/server/http/handlers/users/users_handler_test.go

@@ -1,4 +1,4 @@
-package http
+package users
 
 import (
 	"bytes"
@@ -61,8 +61,8 @@ var usersTestAccount = &server.Account{
 	},
 }
 
-func initUsersTestData() *UsersHandler {
+func initUsersTestData() *handler {
-	return &UsersHandler{
+	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountIDFromTokenFunc: func(_ context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error) {
 				return usersTestAccount.Id, claims.UserId, nil
@@ -147,7 +147,7 @@ func TestGetUsers(t *testing.T) {
 		requestPath     string
 		expectedUserIDs []string
 	}{
-		{name: "GetAllUsers", requestType: http.MethodGet, requestPath: "/api/users", expectedStatus: http.StatusOK, expectedUserIDs: []string{existingUserID, regularUserID, serviceUserID}},
+		{name: "getAllUsers", requestType: http.MethodGet, requestPath: "/api/users", expectedStatus: http.StatusOK, expectedUserIDs: []string{existingUserID, regularUserID, serviceUserID}},
 		{name: "GetOnlyServiceUsers", requestType: http.MethodGet, requestPath: "/api/users?service_user=true", expectedStatus: http.StatusOK, expectedUserIDs: []string{serviceUserID}},
 		{name: "GetOnlyRegularUsers", requestType: http.MethodGet, requestPath: "/api/users?service_user=false", expectedStatus: http.StatusOK, expectedUserIDs: []string{existingUserID, regularUserID}},
 	}
@@ -159,7 +159,7 @@ func TestGetUsers(t *testing.T) {
 			recorder := httptest.NewRecorder()
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
 
-			userHandler.GetAllUsers(recorder, req)
+			userHandler.getAllUsers(recorder, req)
 
 			res := recorder.Result()
 			defer res.Body.Close()
@@ -265,7 +265,7 @@ func TestUpdateUser(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/users/{userId}", userHandler.UpdateUser).Methods("PUT")
+			router.HandleFunc("/api/users/{userId}", userHandler.updateUser).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -356,7 +356,7 @@ func TestCreateUser(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 			rr := httptest.NewRecorder()
 
-			userHandler.CreateUser(rr, req)
+			userHandler.createUser(rr, req)
 
 			res := rr.Result()
 			defer res.Body.Close()
@@ -401,7 +401,7 @@ func TestInviteUser(t *testing.T) {
 			req = mux.SetURLVars(req, tc.requestVars)
 			rr := httptest.NewRecorder()
 
-			userHandler.InviteUser(rr, req)
+			userHandler.inviteUser(rr, req)
 
 			res := rr.Result()
 			defer res.Body.Close()
@@ -454,7 +454,7 @@ func TestDeleteUser(t *testing.T) {
 			req = mux.SetURLVars(req, tc.requestVars)
 			rr := httptest.NewRecorder()
 
-			userHandler.DeleteUser(rr, req)
+			userHandler.deleteUser(rr, req)
 
 			res := rr.Result()
 			defer res.Body.Close()

management/server/http/util/util.go

@@ -14,6 +14,10 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
+// EmptyObject is an empty struct used to return empty JSON object
+type EmptyObject struct {
+}
+
 type ErrorResponse struct {
 	Message string `json:"message"`
 	Code    int    `json:"code"`

release_files/install.sh

@@ -239,7 +239,12 @@ install_netbird() {
     dnf)
         add_rpm_repo
         ${SUDO} dnf -y install dnf-plugin-config-manager
+        if [[ "$(dnf --version | head -n1 | cut -d. -f1)" > "4" ]];
+        then
+          ${SUDO} dnf config-manager addrepo --from-repofile=/etc/yum.repos.d/netbird.repo
+        else
           ${SUDO} dnf config-manager --add-repo /etc/yum.repos.d/netbird.repo
+        fi
         ${SUDO} dnf -y install netbird
 
         if ! $SKIP_UI_APP; then