netbird

mirror of https://github.com/netbirdio/netbird.git synced 2024-10-06 18:22:36 +02:00

Author	SHA1	Message	Date
pascal-fischer	dbec24b520	[management] Remove admin check on getAccountByID (#2699 )	2024-10-06 17:01:13 +02:00
Bethuel Mmbaga	5897a48e29	fix wrong reference (#2695 ) Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 18:55:25 +03:00
Bethuel Mmbaga	8bf729c7b4	[management] Add AccountExists to AccountManager (#2694 ) * Add AccountExists method to account manager interface Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 18:09:40 +03:00
Bethuel Mmbaga	7f09b39769	[management] Refactor User JWT group sync (#2690 ) * Refactor GetAccountIDByUserOrAccountID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * sync user jwt group changes Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * propagate jwt group changes to peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix no jwt groups synced Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests and lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Move the account peer update outside the transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move updateUserPeersInGroups to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * move event store outside of transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get user with update lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run jwt sync in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-10-04 17:17:01 +03:00
pascal-fischer	158936fb15	[management] Remove file store (#2689 )	2024-10-03 15:50:35 +02:00
Maycon Santos	8934453b30	Update management base docker image (#2687 )	2024-10-02 19:29:51 +03:00
Bethuel Mmbaga	ff7863785f	[management, client] Add access control support to network routes (#2100 )	2024-10-02 13:41:00 +02:00
pascal-fischer	16179db599	[management] Propagate metrics (#2667 )	2024-09-30 22:18:10 +02:00
adasauce	58ff7ab797	[management] improve zitadel idp error response detail by decoding errors (#2634 ) * [management] improve zitadel idp error response detail by decoding errors * [management] extend readZitadelError to be used for requestJWTToken more generically parse the error returned by zitadel. * fix lint --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 22:21:34 +03:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615 ) * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
pascal-fischer	1e4a0f77e2	Add get DB method to store (#2650 )	2024-09-25 18:22:27 +02:00
pascal-fischer	d47be154ea	[misc] Fix ip range posture check example (#2628 )	2024-09-23 10:02:03 +02:00
Bethuel Mmbaga	35c892aea3	[management] Restrict accessible peers to user-owned peers for non-admins (#2618 ) * Restrict accessible peers to user-owned peers for non-admin users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add service user test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * reuse account from token Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * return error when peer not found Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-20 12:36:58 +03:00
pascal-fischer	6c50b0c84b	[management] Add transaction to addPeer (#2469 ) This PR removes the GetAccount and SaveAccount operations from the AddPeer and instead makes use of gorm.Transaction to add the new peer.	2024-09-16 15:47:03 +02:00
Bethuel Mmbaga	82739e2832	[management] fix legacy decrypting of empty values (#2595 ) * allow legacy decrypting on empty values * validate source size and padding limits * added tests --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-09-15 16:22:46 +02:00
benniekiss	f1171198de	[management] Add command flag to set metrics port for signal and relay service, and update management port (#2599 ) * add flags to customize metrics port for relay and signal * change management default metrics port to match other services	2024-09-14 10:34:32 +02:00
Bethuel Mmbaga	170e842422	[management] Add accessible peers endpoint (#2579 ) * move accessible peer to separate endpoint in api doc Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add endpoint to get accessible peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/peers_handler.go Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>	2024-09-12 16:19:27 +03:00
Bethuel Mmbaga	cf6210a6f4	[management] Add GCM encryption and migrate legacy encrypted events (#2569 ) * Add AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * migrate legacy encrypted data to AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor and use transaction when migrating data Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add events migration tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip migrating record on error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preallocate capacity for nonce to avoid allocations in Seal Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-11 20:09:57 +03:00
Viktor Liu	2d1bf3982d	[relay] Improve relay messages (#2574 ) Co-authored-by: Zoltán Papp <zoltan.pmail@gmail.com>	2024-09-11 16:20:30 +02:00
pascal-fischer	f43a0a0177	[client] Retry on tun creation for darwin (#2564 ) The interface creation on macOS seems to be asynchronus why the tun.create methode somethimes failes becasue the interface is not ready yet. To work around this issue we introduce a retry on tun.create	2024-09-09 19:02:10 +02:00
benniekiss	12c36312b5	[management] Auto update geolite (#2297 ) introduces helper functions to fetch and verify database versions, downloads new files if outdated, and deletes old ones. It also refactors filename handling to improve clarity and consistency, adding options to disable auto-updating via a flag. The changes aim to simplify GeoLite database management for admins.	2024-09-09 18:27:42 +02:00
Zoltan Papp	0c039274a4	[relay] Feature/relay integration (#2244 ) This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service	2024-09-08 12:06:14 +02:00
Maycon Santos	a7e46bf7b1	Reduce test logs (#2550 )	2024-09-06 16:28:19 +02:00
Maycon Santos	95174d4619	Update route API doc with max domain number (#2516 )	2024-09-02 17:40:34 +02:00
Harry Kodden	00944bcdbf	[management] Add support to ECDSA public Keys (#2461 ) Update the JWT validation logic to handle ECDSA keys in addition to the existing RSA keys --------- Co-authored-by: Harry Kodden <harry.kodden@surf.nl> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>	2024-08-27 16:37:55 +02:00
Bethuel Mmbaga	d97b03656f	[management] Refactor HTTP metrics (#2476 ) * Add logging for slow SQL queries in SaveAccount and GetAccount * Add resource count log for large accounts * Refactor metrics middleware to simplify counters and histograms * Update log levels and remove redundant resource count check	2024-08-23 19:42:55 +03:00
pascal-fischer	0f0415b92a	rename request buffer and update default interval (#2459 )	2024-08-21 11:44:52 +02:00
pascal-fischer	3ed90728e6	[management] Add buffering for getAccount requests during login (#2449 )	2024-08-20 20:06:01 +02:00
Viktor Liu	8c2d37d3fc	[management] Fix logging out peers on deletion (#2453 )	2024-08-20 19:13:40 +02:00
pascal-fischer	049b5fb7ed	Split DB calls in peer login (#2439 )	2024-08-19 12:50:11 +02:00
Bethuel Mmbaga	6016d2f7ce	Fix lint (#2427 )	2024-08-14 13:30:10 +03:00
Bethuel Mmbaga	539480a713	[management] Prevent removal of All group from peers during user groups propagation (#2410 ) * Prevent removal of "All" group from peers * Prevent adding "All" group to users and setup keys * Refactor setup key group validation	2024-08-12 13:48:05 +03:00
Bethuel Mmbaga	0911163146	Add batch delete for groups and users (#2370 ) * Refactor user deletion logic and introduce batch delete * Prevent self-deletion for users * Add delete multiple groups * Refactor group deletion with validation * Fix tests * Add bulk delete functions for Users and Groups in account manager interface and mocks * Add tests for DeleteGroups method in group management * Add tests for DeleteUsers method in users management	2024-08-08 18:01:38 +03:00
Viktor Liu	ac0d5ff9f3	[management] Improve mgmt sync performance (#2363 )	2024-08-07 10:52:31 +02:00
Maycon Santos	54d896846b	Skip network map check if not regular user (#2402 ) when getting all peers we don't need to calculate network map when not a regular user	2024-08-07 10:22:12 +02:00
David Fry	f84b606506	add extra auth audience (#2350 )	2024-08-01 18:52:50 +02:00
keacwu	216d9f2ee8	Adding geolocation download log message. (#2085 ) * Adding geolocation download prompt message. * import log file and remove unnecessary else --------- Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>	2024-08-01 18:52:38 +02:00
Zoltan Papp	3506ac4234	When creating new setup key, "revoked" field doesn't do anything (#2357 ) Remove unused field from API	2024-08-01 17:13:58 +02:00
Maycon Santos	cbf9f2058e	Use accountID retrieved from the sync call to acquire read lock sooner (#2369 ) Use accountID retrieved from the sync call to acquire read lock sooner and avoiding extra DB calls. - Use the account ID across sync calls - Moved account read lock - Renamed CancelPeerRoutines to OnPeerDisconnected - Added race tests	2024-08-01 16:21:43 +02:00
Maycon Santos	5ee9c77e90	Move write peer lock (#2364 ) Moved the write peer lock to avoid latency caused by disk access Updated the method CancelPeerRoutines to use the peer public key	2024-07-31 21:51:45 +02:00
Bethuel Mmbaga	c832cef44c	Update SaveUsers and SaveGroups to SaveAccount (#2362 ) Changed SaveUsers and SaveGroups method calls to SaveAccount for consistency in data persistence operations.	2024-07-31 19:48:12 +03:00
Maycon Santos	165988429c	Add write lock for peer when saving its connection status (#2359 )	2024-07-31 14:53:32 +02:00
Maycon Santos	da39c8bbca	Refactor login with store.SavePeer (#2334 ) This pull request refactors the login functionality by integrating store.SavePeer. The changes aim to improve the handling of peer login processes, particularly focusing on synchronization and error handling. Changes: - Refactored login logic to use store.SavePeer. - Added checks for login without lock for login necessary checks from the client and utilized write lock for full login flow. - Updated error handling with status.NewPeerLoginExpiredError(). - Moved geoIP check logic to a more appropriate place. - Removed redundant calls and improved documentation. - Moved the code to smaller methods to improve readability.	2024-07-29 13:30:27 +02:00
Bethuel Mmbaga	7321046cd6	Remove redundant check for empty JWT groups (#2323 ) * Remove redundant check for empty group names in SetJWTGroups * add test	2024-07-26 16:33:54 +02:00
Maycon Santos	1f48fdf6ca	Add SavePeer method to prevent a possible account inconsistency (#2296 ) SyncPeer was storing the account with a simple read lock This change introduces the SavePeer method to the store to be used in these cases	2024-07-26 07:49:05 +02:00
Maycon Santos	45fd1e9c21	add save peer status test for connected peers (#2321 )	2024-07-25 16:22:04 +02:00
Maycon Santos	788f130941	Retry management connection only on context canceled (#2301 )	2024-07-22 15:49:25 +02:00
pascal-fischer	95d725f2c1	Wait on daemon down (#2279 )	2024-07-17 16:26:06 +02:00
ctrl-zzz	a711e116a3	fix: save peer status correctly in sqlstore (#2262 ) * fix: save peer status correctly in sqlstore https://github.com/netbirdio/netbird/issues/2110#issuecomment-2162768273 * feat: update test function * refactor: simplify status update	2024-07-16 18:38:12 +03:00
Bethuel Mmbaga	1537b0f5e7	Add batch save/update for groups and users (#2245 ) * Add functionality to update multiple users * Remove SaveUsers from DefaultAccountManager * Add SaveGroups method to AccountManager interface * Refactoring * Add SaveUsers and SaveGroups methods to store interface * Refactor method SaveAccount to SaveUsers and SaveGroups The method SaveAccount in user.go and group.go files was split into two separate methods. Now, user-specific data is handled by SaveUsers and group-specific data is handled by SaveGroups method. This provides a cleaner and more efficient way to save user and group data. * Add account ID to user and group in SqlStore * Refactor SaveUsers and SaveGroups in store * Remove unnecessary ID assignment in SaveUsers and SaveGroups	2024-07-15 17:04:06 +03:00

1 2 3 4 5 ...

643 Commits