Pascal Fischer
2eaf4aa8d7
add test for auth middleware
2023-03-31 12:44:22 +02:00
Pascal Fischer
110067c00f
change order for access control checks and aquire account lock after global lock
2023-03-31 12:03:53 +02:00
Pascal Fischer
32c96c15b8
disable linter errors by comment
2023-03-31 10:30:05 +02:00
Pascal Fischer
ca1dc5ac88
disable access control for token endpoint
2023-03-30 19:03:44 +02:00
Pascal Fischer
f273fe9f51
revert codacy
2023-03-30 18:54:55 +02:00
Pascal Fischer
e08af7fcdf
codacy
2023-03-30 17:46:21 +02:00
Pascal Fischer
454240ca05
comments for codacy
2023-03-30 17:32:44 +02:00
Pascal Fischer
1343a3f00e
add test + codacy
2023-03-30 16:43:39 +02:00
Pascal Fischer
6c8bb60632
fix merge
2023-03-30 16:06:46 +02:00
Pascal Fischer
4d7029d80c
Merge branch 'main' into feature/add_pat_middleware
...
# Conflicts:
# management/server/grpcserver.go
# management/server/http/middleware/jwt.go
2023-03-30 16:06:21 +02:00
pascal-fischer
909f305728
Merge pull request #766 from netbirdio/feature/add_rest_endpoints_for_pat
...
Feature/add rest endpoints for pat
2023-03-30 15:55:48 +02:00
Pascal Fischer
9b000b89d5
Merge branch 'feature/add_rest_endpoints_for_pat' into feature/add_pat_middleware
...
# Conflicts:
# management/server/mock_server/account_mock.go
2023-03-30 14:02:58 +02:00
Pascal Fischer
5c1acdbf2f
move validation into account manager + func for get requests
2023-03-30 13:58:44 +02:00
Pascal Fischer
db3a9f0aa2
refactor jwt token validation and add PAT to middleware auth
2023-03-30 10:54:09 +02:00
Pascal Fischer
ecc4f8a10d
fix Pat handler test
2023-03-29 19:13:01 +02:00
Pascal Fischer
03abdfa112
return empty object on all handlers instead of empty string
2023-03-29 18:46:40 +02:00
Pascal Fischer
3bab745142
last_used can be nil
2023-03-29 17:46:09 +02:00
Pascal Fischer
726ffb5740
add comments for exported functions
2023-03-29 15:06:54 +02:00
Pascal Fischer
42ba0765c8
fix linter
2023-03-28 14:54:06 +02:00
Pascal Fischer
514403db37
use object instead of plain token for create response + handler test
2023-03-28 14:47:15 +02:00
Pascal Fischer
6a75ec4ab7
fix http error codes
2023-03-27 17:42:05 +02:00
Pascal Fischer
b66e984ddd
set limits for expiration
2023-03-27 17:28:24 +02:00
Pascal Fischer
c65a934107
refactor to use name instead of description
2023-03-27 16:28:49 +02:00
Maycon Santos
a27fe4326c
Add JWT middleware validation failure log ( #760 )
...
We will log the middleware log now, but in the next
releases we should provide a generic error that can be
parsed by the dashboard.
2023-03-23 18:26:41 +01:00
Pascal Fischer
de8608f99f
add rest endpoints and update openapi doc
2023-03-21 16:02:19 +01:00
Givi Khojanashvili
3bfa26b13b
Feat rego default policy ( #700 )
...
Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 18:14:18 +04:00
Pascal Fischer
60f67076b0
change methods to not link
2023-02-28 18:17:55 +01:00
Pascal Fischer
c645171c40
split api code into smaller pieces
2023-02-28 18:08:02 +01:00
Pascal Fischer
8a130ec3f1
add comments to fix codacy
2023-02-28 16:51:30 +01:00
Pascal Fischer
c26cd3b9fe
add comments for constructors and fix typo
2023-02-28 15:46:08 +01:00
Pascal Fischer
9d7b515b26
changed the naming convention for all handling objects and methods to have unified way
2023-02-28 15:27:43 +01:00
Pascal Fischer
f1f90807e4
changed the naming convention for all handling objects and methods to have unified way
2023-02-28 15:01:24 +01:00
Misha Bragin
c962d29280
Fix login expiration enum in OpenAPI ( #694 )
...
Add missing OpenAPI enums for the peer login expiration events
2023-02-16 15:36:36 +01:00
Misha Bragin
fe63a64b6e
Add Account HTTP API ( #691 )
...
Extend HTTP API with Account endpoints to configure global peer login expiration.
GET /api/accounts
PUT /api/account/{id}/
The GET endpoint returns an array of accounts with
always one account in the list. No exceptions.
The PUT endpoint updates account settings:
PeerLoginExpiration and PeerLoginExpirationEnabled.
PeerLoginExpiration is a duration in seconds after which peers' logins will expire.
2023-02-16 12:00:41 +01:00
Misha Bragin
d31219ba89
Update peer status when login expires ( #688 )
...
Extend PeerStatus with an extra field LoginExpired, that can be stored in the database.
2023-02-15 11:27:22 +01:00
Misha Bragin
756ce96da9
Add login expiration fields to peer HTTP API ( #687 )
...
Return login expiration related fields in the Peer HTTP GET endpoint.
Support enable/disable peer's login expiration via HTTP PUT.
2023-02-14 10:14:00 +01:00
Misha Bragin
00a8092482
Add GET peer HTTP API endpoint ( #670 )
2023-02-07 20:11:08 +01:00
Givi Khojanashvili
3ec8274b8e
Feature: add custom id claim ( #667 )
...
This feature allows using the custom claim in the JWT token as a user ID.
Refactor claims extractor with options support
Add is_current to the user API response
2023-02-03 21:47:20 +01:00
Misha Bragin
9adadfade4
Use Peer.ID instead of Peer.Key as peer identifier ( #664 )
...
Replace Peer.Key as internal identifier with a randomly generated Peer.ID
in the Management service.
Every group now references peers by ID instead of a public key.
Every route now references peers by ID instead of a public key.
FileStore does store.json file migration on startup by generating Peer.ID and replacing
all Peer.Key identifier references .
2023-02-03 10:33:28 +01:00
Misha Bragin
9e408b5bbc
Add more activity events ( #663 )
2023-01-25 16:29:59 +01:00
Maycon Santos
12ae2e93fc
Adding DNS settings for accounts ( #655 )
...
Allow users to set groups in which the DNS management is disabled
Added API, activity store, and network map sync test
2023-01-17 17:34:40 +01:00
Misha Bragin
5c0b8a46f0
Add system activity tracking and event store ( #636 )
...
This PR adds system activity tracking.
The management service records events like
add/remove peer, group, rule, route, etc.
The activity events are stored in the SQLite event store
and can be queried by the HTTP API.
2023-01-02 15:11:32 +01:00
Maycon Santos
0be46c083d
Generate validation certificate from mandatory JWK fields ( #614 )
...
When there is no X5c we will use N and E fields of
a JWK to generate the public RSA and a Pem certificate
2022-12-07 22:06:43 +01:00
Maycon Santos
a387e3cfc2
Add network routes distribution groups ( #606 )
...
Updated tests, API, and account manager methods
Sync routes to peers in the distribution groups
Added store upgrade by adding the All group to routes that don't have them
2022-12-06 10:11:57 +01:00
Misha Bragin
d1b7c23b19
Add SetupKey usage limit ( #605 )
...
Add a usage_limit parameter to the API.
This limits the number of times a setup key
can be used.
usage_limit == 0 indicates the the usage is inlimited.
2022-12-05 13:09:59 +01:00
Maycon Santos
d63a9ce4a7
Return peer's FQDN via API ( #567 )
...
Added a temp method to retrieve the dns domain
2022-11-21 11:14:42 +01:00
Misha Bragin
509d23c7cf
Replace gRPC errors in business logic with internal ones ( #558 )
2022-11-11 20:36:45 +01:00
Maycon Santos
270f0e4ce8
Feature/dns protocol ( #543 )
...
Added DNS update protocol message
Added sync to clients
Update nameserver API with new fields
Added default NS groups
Added new dns-name flag for the management service append to peer DNS label
2022-11-07 15:38:21 +01:00
Misha Bragin
d0c6d88971
Simplified Store Interface ( #545 )
...
This PR simplifies Store and FileStore
by keeping just the Get and Save account methods.
The AccountManager operates mostly around
a single account, so it makes sense to fetch
the whole account object from the store.
2022-11-07 12:10:56 +01:00
Misha Bragin
4321b71984
Hide content based on user role ( #541 )
2022-11-05 10:24:50 +01:00