extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-02-01 02:49:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,850 Commits 156 Branches 207 Tags 209 MiB
a05bd464cd
Commit Graph

224 Commits

Author SHA1 Message Date
bcmmbaga
1ba6eb62a6
Retrieve all groups for peers and restrict groups for regular users 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-28 15:01:44 +03:00
bcmmbaga
b2139875d9
Merge branch 'nameserver-get-account-refactoring' into peers-get-account-refactoring 
# Conflicts:
#	management/server/account.go
#	management/server/http/peers_handler.go
#	management/server/peer.go
 2024-11-27 13:18:17 +03:00
bcmmbaga
bdb2a76eae
Merge branch 'main' into policy-get-account-refactoring 
# Conflicts:
#	management/server/policy.go
#	management/server/posture_checks_test.go
#	management/server/sql_store.go
#	management/server/sql_store_test.go
#	management/server/status/error.go
#	management/server/store.go
#	management/server/testdata/extended-store.sql
 2024-11-25 19:03:55 +03:00
Bethuel Mmbaga
ca12bc6953
[management] Refactor posture check to use store methods (#2874) 2024-11-25 16:26:24 +01:00
Pascal Fischer
9db1932664
[management] Fix getSetupKey call (#2927) 2024-11-22 10:15:51 +01:00
bcmmbaga
b60e2c3261
prevent duplicate rules during updates 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-18 22:48:38 +03:00
bcmmbaga
df98c67ac8
prevent changing ruleID when not empty 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-18 18:46:52 +03:00
bcmmbaga
6dd56e3328
Merge branch 'posturechecks-get-account-refactoring' into policy-get-account-refactoring 2024-11-18 16:58:04 +03:00
bcmmbaga
d4c712493a
Merge branch 'groups-get-account-refactoring' into posturechecks-get-account-refactoring 2024-11-15 20:52:59 +03:00
Pascal Fischer
d9b691b8a5
[management] Limit the setup-key update operation (#2841) 2024-11-15 17:00:06 +01:00
Pascal Fischer
44e799c687
[management] Fix limited peer view groups (#2894) 2024-11-15 11:16:16 +01:00
bcmmbaga
7d849a92c0
Refactor peer handlers 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-14 19:32:34 +03:00
bcmmbaga
00023bf110
Merge branch 'groups-get-account-refactoring' into posturechecks-get-account-refactoring 2024-11-12 15:55:34 +03:00
bcmmbaga
2d7f08c609
Fix tests 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-12 11:18:16 +03:00
bcmmbaga
0c0fd380bd
Refactor policy get and save account to use store methods 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-12 11:17:16 +03:00
bcmmbaga
ffce48ca5f
Merge branch 'groups-get-account-refactoring' into policy-get-account-refactoring 2024-11-11 23:08:34 +03:00
bcmmbaga
601d429d82
fix tests 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-11 16:26:12 +03:00
bcmmbaga
174e07fefd
Refactor posture checks to remove get and save account 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-11-11 12:37:19 +03:00
Viktor Liu
08b6e9d647
[management] Fix api error message typo peers_group (#2862) 2024-11-08 23:28:02 +01:00
pascal-fischer
10480eb52f
[management] Setup key improvements (#2775) 2024-10-28 17:52:23 +01:00
pascal-fischer
563dca705c
[management] Fix session inactivity response (#2770) 2024-10-23 16:40:15 +02:00
ctrl-zzz
49e65109d2
Add session expire functionality based on inactivity (#2326) 
Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.
 2024-10-13 14:52:43 +02:00
Bethuel Mmbaga
ff7863785f
[management, client] Add access control support to network routes (#2100) 2024-10-02 13:41:00 +02:00
pascal-fischer
16179db599
[management] Propagate metrics (#2667) 2024-09-30 22:18:10 +02:00
Bethuel Mmbaga
acb73bd64a
[management] Remove redundant get account calls in GetAccountFromToken (#2615) 
* refactor access control middleware and user access by JWT groups

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor jwt groups extractor

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor handlers to get account when necessary

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor getAccountFromToken

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor getAccountWithAuthorizationClaims

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix merge

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* revert handles change

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* remove GetUserByID from account manager

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor getAccountWithAuthorizationClaims to return account id

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor handlers to use GetAccountIDFromToken

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* remove locks

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add GetGroupByName from store

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add GetGroupByID from store and refactor

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Refactor retrieval of policy and posture checks

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Refactor user permissions and retrieves PAT

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Refactor route, setupkey, nameserver and dns to get record(s) from store

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Refactor store

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix lint

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix add missing policy source posture checks

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add store lock

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add get account

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-09-27 17:10:50 +03:00
pascal-fischer
d47be154ea
[misc] Fix ip range posture check example (#2628) 2024-09-23 10:02:03 +02:00
Bethuel Mmbaga
35c892aea3
[management] Restrict accessible peers to user-owned peers for non-admins (#2618) 
* Restrict accessible peers to user-owned peers for non-admin users

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add service user test

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* reuse account from token

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* return error when peer not found

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
 2024-09-20 12:36:58 +03:00
Bethuel Mmbaga
170e842422
[management] Add accessible peers endpoint (#2579) 
* move accessible peer to separate endpoint in api doc

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* add endpoint to get accessible peers

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* Update management/server/http/api/openapi.yml

Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>

* Update management/server/http/api/openapi.yml

Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>

* Update management/server/http/peers_handler.go

Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
 2024-09-12 16:19:27 +03:00
benniekiss
12c36312b5
[management] Auto update geolite (#2297) 
introduces helper functions to fetch and verify database versions, downloads new files if outdated, and deletes old ones. It also refactors filename handling to improve clarity and consistency, adding options to disable auto-updating via a flag. The changes aim to simplify GeoLite database management for admins.
 2024-09-09 18:27:42 +02:00
Maycon Santos
95174d4619
Update route API doc with max domain number (#2516) 2024-09-02 17:40:34 +02:00
Bethuel Mmbaga
d97b03656f
[management] Refactor HTTP metrics (#2476) 
* Add logging for slow SQL queries in SaveAccount and GetAccount

* Add resource count log for large accounts

* Refactor metrics middleware to simplify counters and histograms

* Update log levels and remove redundant resource count check
 2024-08-23 19:42:55 +03:00
Bethuel Mmbaga
6016d2f7ce
Fix lint (#2427) 2024-08-14 13:30:10 +03:00
Viktor Liu
ac0d5ff9f3
[management] Improve mgmt sync performance (#2363) 2024-08-07 10:52:31 +02:00
Zoltan Papp
3506ac4234
When creating new setup key, "revoked" field doesn't do anything (#2357) 
Remove unused field from API
 2024-08-01 17:13:58 +02:00
pascal-fischer
765aba2c1c
Add context to throughout the project and update logging (#2209) 
propagate context from all the API calls and log request ID, account ID and peer ID

---------

Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
 2024-07-03 11:33:02 +02:00
Maycon Santos
4fec709bb1
Release 0.28.0 (#2092) 
* compile client under freebsd (#1620)

Compile netbird client under freebsd and now support netstack and userspace modes.
Refactoring linux specific code to share same code with FreeBSD, move to *_unix.go files.

Not implemented yet:

Kernel mode not supported
DNS probably does not work yet
Routing also probably does not work yet
SSH support did not tested yet
Lack of test environment for freebsd (dedicated VM for github runners under FreeBSD required)
Lack of tests for freebsd specific code
info reporting need to review and also implement, for example OS reported as GENERIC instead of FreeBSD (lack of FreeBSD icon in management interface)
Lack of proper client setup under FreeBSD
Lack of FreeBSD port/package

* Add DNS routes (#1943)

Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added.
This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records.

* Add process posture check (#1693)

Introduces a process posture check to validate the existence and active status of specific binaries on peer systems. The check ensures that files are present at specified paths, and that corresponding processes are running. This check supports Linux, Windows, and macOS systems.


Co-authored-by: Evgenii <mail@skillcoder.com>
Co-authored-by: Pascal Fischer <pascal@netbird.io>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
 2024-06-13 13:24:24 +02:00
pascal-fischer
012235ff12
Add FindExistingPostureCheck (#2075) 2024-05-30 15:22:42 +02:00
Misha Bragin
df4ca01848
Return system serial on a peer HTTP API call (#1929) 2024-05-06 14:49:03 +02:00
Viktor Liu
4e7c17756c
Refactor Route IDs (#1891) 2024-05-06 14:47:49 +02:00
Bethuel Mmbaga
71c6437bab
add content type before writing header (#1887) 2024-04-25 21:20:24 +02:00
Maycon Santos
a80c8b0176
Redeem invite only when incoming user was invited (#1861) 
checks for users with pending invite status in the cache that already logged in and refresh the cache
 2024-04-22 11:10:27 +02:00
Zoltan Papp
5204d07811
Pass integrated validator for API (#1814) 
Pass integrated validator for API handler
 2024-04-15 12:08:38 +02:00
Zoltan Papp
2d76b058fc
Feature/peer validator (#1553) 
Follow up management-integrations changes

move groups to separated packages to avoid circle dependencies
save location information in Login action
 2024-03-27 18:48:48 +01:00
pascal-fischer
ea2d060f93
Add limited dashboard view (#1738) 2024-03-27 16:11:45 +01:00
Maycon Santos
f0672b87bc
Add missing dns domain to tests to avoid verbose test logs (#1724) 2024-03-18 12:25:01 +01:00
Misha Bragin
abd57d1191
Avoid creating duplicate groups with the same name (#1579) 
Avoid creating groups with the same name via API calls. 

JWT and integrations still allowed to register groups with duplicated names
 2024-03-17 11:13:39 +01:00
Yury Gargay
0b3b50c705
Remove deprecated Rules API endpoints (#1523) 2024-03-14 21:31:21 +01:00
pascal-fischer
468fa2940b
add quotes to all timestamps in openapi spec (#1642) 2024-02-29 13:09:43 +01:00
Bethuel Mmbaga
d78b652ff7
Rename PrivateNetworkCheck to PeerNetworkRangeCheck (#1629) 
* Rename PrivateNetworkCheck to PeerNetworkRangeCheck

* update description and example

---------

Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
 2024-02-27 11:59:48 +01:00
Yury Gargay
d8ce08d898
Extend bypass middleware with support of wildcard paths (#1628) 
---------

Co-authored-by: Viktor Liu <viktor@netbird.io>
 2024-02-26 17:54:58 +01:00