Commit Graph

2157 Commits

Author SHA1 Message Date
b64f5ffcb4 Mobile prerefactor (#680)
Small code cleaning in the iface package. These changes necessary to 
get a clean code in case if we involve more platforms. The OS related 
functions has been distributed into separate files and it has been 
mixed with not OS related logic. The goal is to get a clear picture 
of the layer between WireGuard and business logic.
2023-02-13 18:34:56 +01:00
eb45310c8f Fix nameserver peer conn check (#676)
* Disable upstream DNS resolver after several tries and fails

* Add tests for upstream fails

* Use an extra flag to disable domains in DNS upstreams

* Fix hashing IPs of nameservers for updates.
2023-02-13 18:25:11 +04:00
d5dfed498b Add account settings (#686)
Add account settings with a global peer expiration flag and duration
2023-02-13 15:07:15 +01:00
3fc89749c1 Add peer login expiration (#682)
This PR adds a peer login expiration logic that requires
peers created by a user to re-authenticate (re-login) after
a certain threshold of time (24h by default).

The Account object now has a PeerLoginExpiration
property that indicates the duration after which a peer's
login will expire and a login will be required. Defaults to 24h.

There are two new properties added to the Peer object:
LastLogin that indicates the last time peer successfully used
the Login gRPC endpoint and LoginExpirationEnabled that
enables/disables peer login expiration.

The login expiration logic applies only to peers that were created
by a user and not those that were added with a setup key.
2023-02-13 12:21:02 +01:00
aecee361d0 Use new sign pipeline v0.0.5 (#679) 2023-02-13 12:13:28 +01:00
f8273c3ce9 Add network activity monitoring as complete in Readme (#675) v0.13.0 2023-02-08 08:38:10 +01:00
00a8092482 Add GET peer HTTP API endpoint (#670) 2023-02-07 20:11:08 +01:00
64dbd5fbfc Refactor Management and Admin URL config (#674)
avoid sending admin or management URLs on service start
as it doesn't have an input

Parse management and admin URL when needed

Pass empty admin url on commands to prevent default overwrite
2023-02-07 11:40:05 +01:00
b5217350cf Revert preshared-key shorthand flag (#671)
This prevents conflict with the
 ssh command shorthand flag

add some init tests
2023-02-06 10:35:37 +01:00
3ec8274b8e Feature: add custom id claim (#667)
This feature allows using the custom claim in the JWT token as a user ID.

Refactor claims extractor with options support

Add is_current to the user API response
2023-02-03 21:47:20 +01:00
494e56d1be Macos version error (#666)
use sw_vers to retrieve the proper macOS version.
2023-02-03 21:40:30 +01:00
9adadfade4 Use Peer.ID instead of Peer.Key as peer identifier (#664)
Replace Peer.Key as internal identifier with a randomly generated Peer.ID 
in the Management service.
Every group now references peers by ID instead of a public key.
Every route now references peers by ID instead of a public key.
FileStore does store.json file migration on startup by generating Peer.ID and replacing
all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
9e408b5bbc Add more activity events (#663) 2023-01-25 16:29:59 +01:00
a0de9aa345 Simplify event storing with one generic method (#662)
Use the generic storeEvent() funcion to store all activity events.
2023-01-24 10:17:24 +01:00
4406d50c18 Check if peer name change before update labels (#658) 2023-01-20 10:07:37 +01:00
5e3502bb83 Enable CGO in goreleaser for management (#657)
Update the debug docker image file

update goreleaser version
Install and reference CGO OS deps
v0.12.0
2023-01-19 15:03:10 +01:00
793e4f1f29 Allow empty groups for DNS setting (#656)
We should allow passing empty group slice for DisabledManagementGroups to reset any setting.


Fix DNS settings activities message
2023-01-18 14:01:50 +01:00
dcf6533ed5 Adding --external-ip-map and --dns-resolver-address and shorthand flags (#652)
Adding --external-ip-map and --dns-resolver-address to up command and shorthand option to global flags.

Refactor get and read config functions with new ConfigInput type.

updated cobra package to latest release.
2023-01-17 19:16:50 +01:00
12ae2e93fc Adding DNS settings for accounts (#655)
Allow users to set groups in which the DNS management is disabled

Added API, activity store, and network map sync test
2023-01-17 17:34:40 +01:00
2bc3d88af3 Involve foreground mode switch for up cmd (#654)
Add new --deamon-off command line parameter
for 'up' cmd instead of existing log-file workaround

Split the up function and organize the code
2023-01-16 18:12:51 +01:00
afaf0660be Install ca-certs in the Management docker image build (#650) 2023-01-11 08:19:22 +01:00
d4d8c5f037 Fix cgo dependencies in the management docker container (#649) 2023-01-10 17:24:51 +01:00
e5adc1eb23 Use macOS v11 to build UI release (#648)
This allows us to run clients on older macOS versions
2023-01-10 16:49:24 +01:00
44f612f121 Fix typo - "netforwad" -> "netforward" (#647) 2023-01-08 23:51:08 +01:00
Roy
f9dfafa9d9 Add device flow scope. (#616)
add the openid as the base scope
2023-01-08 22:26:14 +01:00
ca62f6787a Use configuration input struct (#645)
As we will be passing more flags to configure
 local agents, we need a more flexible type
2023-01-08 12:57:28 +01:00
27f4993ce3 Add netbird installer project (#637) 2023-01-08 11:33:04 +01:00
5c0b8a46f0 Add system activity tracking and event store (#636)
This PR adds system activity tracking. 
The management service records events like 
add/remove peer,  group, rule, route, etc.

The activity events are stored in the SQLite event store
and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
50caacff69 Fix COTURN config when selfhosting netbird
Coturn doesn't read the turnserver.conf when selfhosting netbird.
This PR fixes that.
2022-12-22 12:02:48 +01:00
d18966276a Store the previous applied dns configuration hash (#628)
This prevents changing the system
DNS config when there is nothing to new

It also prevents issues with network change on google chrome
2022-12-16 17:00:20 +01:00
6b32e2dc07 Validate single account domain input (#624) v0.11.6 2022-12-13 13:43:29 +01:00
c0a62b6ddc Add DNS domain to getting started scripts (#625) 2022-12-13 13:42:43 +01:00
7dfef091bb Properly parse dns resolver address (#622)
Prevent panic when address is empty. Common with older managers, where
resolver is disabled by default as
we receive an empty dns config
2022-12-13 12:26:48 +01:00
93fcfeae91 Export single account domain variable 2022-12-08 19:45:33 +01:00
6f610dca89 Filter routes to sync from same HA group (#618)
An additional check and filter for routes that are part
 of the same HA group where the peer is a routing peer
v0.11.5
2022-12-08 15:15:50 +01:00
eec24fc730 Use latest tag for dashboard (#617)
Using the latest tag will align with the
dashboard's new release cycle that relies on tags
2022-12-08 15:15:17 +01:00
1204bbd54a HA Network Routes: prevent routing directly-accessible networks through VPN interface (#612)
Prevent routing peer to add routes from the same HA group as client routes
2022-12-08 13:19:55 +01:00
0be46c083d Generate validation certificate from mandatory JWK fields (#614)
When there is no X5c we will use N and E fields of 
a JWK to generate the public RSA and a Pem certificate
2022-12-07 22:06:43 +01:00
0fbfec4ce4 Remove wiretrustee conflict checks (#615) 2022-12-07 18:53:48 +01:00
d43f0200a6 Handle peer deletion and state update (#611)
If peer is deleted in the console,
we set its state as needs login

On Down command we clean any previous state errors
this prevents need for daemon restart

Removed state error wrapping when engine exits, log is enough
2022-12-06 15:37:30 +01:00
a387e3cfc2 Add network routes distribution groups (#606)
Updated tests, API, and account manager methods

Sync routes to peers in the distribution groups

Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
d1b7c23b19 Add SetupKey usage limit (#605)
Add a usage_limit parameter to the API.
This limits the number of times a setup key
can be used. 
usage_limit == 0 indicates the the usage is inlimited.
v0.11.4
2022-12-05 13:09:59 +01:00
d2d5d4b4b9 Update go version (#603)
Removed ioctl code and remove exception from lint action
2022-12-04 13:22:21 +01:00
d029136d3d Add security policy file (#600) 2022-12-02 13:54:22 +01:00
a6d2f673ad Add contribution guide (#595)
* Add contribution guide

* update code of conduct contact email

* add PR template
2022-12-02 13:31:31 +01:00
0cf0dc048b Update issue templates (#597) 2022-12-02 13:31:15 +01:00
5ade879e31 Remove the leading space from the Signal status value (#594) 2022-12-01 11:48:13 +01:00
a814715ef8 Add resolvconf configurator for linux (#592) v0.11.3 2022-11-29 14:51:18 +01:00
4a30b66503 Check if system is our manager when resolvconf (#590)
Sometimes resolvconf will manage the /etc/resolv.conf file
And systemd-resolved still the DNS manager
2022-11-29 13:37:50 +01:00
ae500b63a7 User custom loopback address (#589)
We will probe a set of addresses and port
to define the one available for our DNS service

if none is available, we return an error
2022-11-29 11:49:18 +01:00