mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-12 18:00:49 +01:00
Merge remote-tracking branch 'origin/main' into ssh
# Conflicts: # go.sum
This commit is contained in:
commit
c45f1083d6
@ -140,15 +140,11 @@ func RunClient(ctx context.Context, config *Config) error {
|
|||||||
|
|
||||||
// createEngineConfig converts configuration received from Management Service to EngineConfig
|
// createEngineConfig converts configuration received from Management Service to EngineConfig
|
||||||
func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
|
func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
|
||||||
iFaceBlackList := make(map[string]struct{})
|
|
||||||
for i := 0; i < len(config.IFaceBlackList); i += 2 {
|
|
||||||
iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
|
|
||||||
}
|
|
||||||
|
|
||||||
engineConf := &EngineConfig{
|
engineConf := &EngineConfig{
|
||||||
WgIfaceName: config.WgIface,
|
WgIfaceName: config.WgIface,
|
||||||
WgAddr: peerConfig.Address,
|
WgAddr: peerConfig.Address,
|
||||||
IFaceBlackList: iFaceBlackList,
|
IFaceBlackList: config.IFaceBlackList,
|
||||||
WgPrivateKey: key,
|
WgPrivateKey: key,
|
||||||
WgPort: iface.DefaultWgPort,
|
WgPort: iface.DefaultWgPort,
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ type EngineConfig struct {
|
|||||||
WgPrivateKey wgtypes.Key
|
WgPrivateKey wgtypes.Key
|
||||||
|
|
||||||
// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
|
// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
|
||||||
IFaceBlackList map[string]struct{}
|
IFaceBlackList []string
|
||||||
|
|
||||||
PreSharedKey *wgtypes.Key
|
PreSharedKey *wgtypes.Key
|
||||||
|
|
||||||
@ -592,11 +592,6 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
|
|||||||
stunTurn = append(stunTurn, e.STUNs...)
|
stunTurn = append(stunTurn, e.STUNs...)
|
||||||
stunTurn = append(stunTurn, e.TURNs...)
|
stunTurn = append(stunTurn, e.TURNs...)
|
||||||
|
|
||||||
interfaceBlacklist := make([]string, 0, len(e.config.IFaceBlackList))
|
|
||||||
for k := range e.config.IFaceBlackList {
|
|
||||||
interfaceBlacklist = append(interfaceBlacklist, k)
|
|
||||||
}
|
|
||||||
|
|
||||||
proxyConfig := proxy.Config{
|
proxyConfig := proxy.Config{
|
||||||
RemoteKey: pubKey,
|
RemoteKey: pubKey,
|
||||||
WgListenAddr: fmt.Sprintf("127.0.0.1:%d", e.config.WgPort),
|
WgListenAddr: fmt.Sprintf("127.0.0.1:%d", e.config.WgPort),
|
||||||
@ -611,7 +606,7 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
|
|||||||
Key: pubKey,
|
Key: pubKey,
|
||||||
LocalKey: e.config.WgPrivateKey.PublicKey().String(),
|
LocalKey: e.config.WgPrivateKey.PublicKey().String(),
|
||||||
StunTurn: stunTurn,
|
StunTurn: stunTurn,
|
||||||
InterfaceBlackList: interfaceBlacklist,
|
InterfaceBlackList: e.config.IFaceBlackList,
|
||||||
Timeout: timeout,
|
Timeout: timeout,
|
||||||
UDPMux: e.udpMux,
|
UDPMux: e.udpMux,
|
||||||
UDPMuxSrflx: e.udpMuxSrflx,
|
UDPMuxSrflx: e.udpMuxSrflx,
|
||||||
|
@ -92,6 +92,7 @@ func interfaceFilter(blackList []string) func(string) bool {
|
|||||||
return func(iFace string) bool {
|
return func(iFace string) bool {
|
||||||
for _, s := range blackList {
|
for _, s := range blackList {
|
||||||
if strings.HasPrefix(iFace, s) {
|
if strings.HasPrefix(iFace, s) {
|
||||||
|
log.Debugf("ignoring interface %s - it is not allowed", iFace)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
2
go.mod
2
go.mod
@ -110,3 +110,5 @@ require (
|
|||||||
)
|
)
|
||||||
|
|
||||||
replace github.com/pion/ice/v2 => github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb
|
replace github.com/pion/ice/v2 => github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb
|
||||||
|
|
||||||
|
//replace github.com/eko/gocache/v3 => /home/braginini/Documents/projects/my/wiretrustee/gocache
|
||||||
|
@ -1,18 +1,22 @@
|
|||||||
package server
|
package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"reflect"
|
"github.com/eko/gocache/v2/cache"
|
||||||
"strings"
|
cacheStore "github.com/eko/gocache/v2/store"
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/netbirdio/netbird/management/server/idp"
|
"github.com/netbirdio/netbird/management/server/idp"
|
||||||
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
"github.com/netbirdio/netbird/management/server/jwtclaims"
|
||||||
"github.com/netbirdio/netbird/util"
|
"github.com/netbirdio/netbird/util"
|
||||||
|
gocache "github.com/patrickmn/go-cache"
|
||||||
"github.com/rs/xid"
|
"github.com/rs/xid"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
|
"reflect"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -66,6 +70,8 @@ type DefaultAccountManager struct {
|
|||||||
mux sync.Mutex
|
mux sync.Mutex
|
||||||
peersUpdateManager *PeersUpdateManager
|
peersUpdateManager *PeersUpdateManager
|
||||||
idpManager idp.Manager
|
idpManager idp.Manager
|
||||||
|
cacheManager cache.CacheInterface
|
||||||
|
ctx context.Context
|
||||||
}
|
}
|
||||||
|
|
||||||
// Account represents a unique account of the system
|
// Account represents a unique account of the system
|
||||||
@ -148,11 +154,12 @@ func (a *Account) GetGroupAll() (*Group, error) {
|
|||||||
func BuildManager(
|
func BuildManager(
|
||||||
store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
|
store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
|
||||||
) (*DefaultAccountManager, error) {
|
) (*DefaultAccountManager, error) {
|
||||||
dam := &DefaultAccountManager{
|
am := &DefaultAccountManager{
|
||||||
Store: store,
|
Store: store,
|
||||||
mux: sync.Mutex{},
|
mux: sync.Mutex{},
|
||||||
peersUpdateManager: peersUpdateManager,
|
peersUpdateManager: peersUpdateManager,
|
||||||
idpManager: idpManager,
|
idpManager: idpManager,
|
||||||
|
ctx: context.Background(),
|
||||||
}
|
}
|
||||||
|
|
||||||
// if account has not default account
|
// if account has not default account
|
||||||
@ -160,13 +167,18 @@ func BuildManager(
|
|||||||
// also we create default rule with source an destination
|
// also we create default rule with source an destination
|
||||||
// groups 'all'
|
// groups 'all'
|
||||||
for _, account := range store.GetAllAccounts() {
|
for _, account := range store.GetAllAccounts() {
|
||||||
dam.addAllGroup(account)
|
am.addAllGroup(account)
|
||||||
if err := store.SaveAccount(account); err != nil {
|
if err := store.SaveAccount(account); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return dam, nil
|
gocacheClient := gocache.New(7*24*time.Hour, 30*time.Minute)
|
||||||
|
gocacheStore := cacheStore.NewGoCache(gocacheClient, nil)
|
||||||
|
|
||||||
|
am.cacheManager = cache.NewLoadable(am.loadFromCache, cache.New(gocacheStore))
|
||||||
|
return am, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddSetupKey generates a new setup key with a given name and type, and adds it to the specified account
|
// AddSetupKey generates a new setup key with a given name and type, and adds it to the specified account
|
||||||
@ -319,6 +331,49 @@ func mergeLocalAndQueryUser(queried idp.UserData, local User) *UserInfo {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (am *DefaultAccountManager) loadFromCache(ctx context.Context, accountID interface{}) (interface{}, error) {
|
||||||
|
return am.idpManager.GetBatchedUserData(fmt.Sprintf("%v", accountID))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (am *DefaultAccountManager) lookupCache(accountUsers map[string]*User, accountID string) ([]*idp.UserData, error) {
|
||||||
|
data, err := am.cacheManager.Get(am.ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
userData := data.([]*idp.UserData)
|
||||||
|
|
||||||
|
userDataMap := make(map[string]struct{})
|
||||||
|
for _, datum := range userData {
|
||||||
|
userDataMap[datum.ID] = struct{}{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// check whether we need to reload the cache
|
||||||
|
// the accountUsers ID list is the source of truth and all the users should be in the cache
|
||||||
|
reload := len(accountUsers) != len(userData)
|
||||||
|
for user := range accountUsers {
|
||||||
|
if _, ok := userDataMap[user]; !ok {
|
||||||
|
reload = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if reload {
|
||||||
|
// reload cache once avoiding loops
|
||||||
|
err := am.cacheManager.Delete(am.ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
data, err = am.cacheManager.Get(am.ctx, accountID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
userData = data.([]*idp.UserData)
|
||||||
|
}
|
||||||
|
|
||||||
|
return userData, err
|
||||||
|
}
|
||||||
|
|
||||||
// GetUsersFromAccount performs a batched request for users from IDP by account id
|
// GetUsersFromAccount performs a batched request for users from IDP by account id
|
||||||
func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
|
func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
|
||||||
account, err := am.GetAccountById(accountID)
|
account, err := am.GetAccountById(accountID)
|
||||||
@ -328,7 +383,7 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI
|
|||||||
|
|
||||||
queriedUsers := make([]*idp.UserData, 0)
|
queriedUsers := make([]*idp.UserData, 0)
|
||||||
if !isNil(am.idpManager) {
|
if !isNil(am.idpManager) {
|
||||||
queriedUsers, err = am.idpManager.GetBatchedUserData(accountID)
|
queriedUsers, err = am.lookupCache(account.Users, accountID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user