24 Commits

Author	SHA1	Message	Date
ctrl-zzz	49e65109d2	Add session expire functionality based on inactivity (#2326) ... Implemented inactivity expiration by checking the status of a peer: after a configurable period of time following netbird down, the peer shows login required.	2024-10-13 14:52:43 +02:00
Bethuel Mmbaga	acb73bd64a	[management] Remove redundant get account calls in GetAccountFromToken (#2615) ... * refactor access control middleware and user access by JWT groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor jwt groups extractor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to get account when necessary Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * revert handles change Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove GetUserByID from account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor getAccountWithAuthorizationClaims to return account id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor handlers to use GetAccountIDFromToken Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByName from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add GetGroupByID from store and refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor retrieval of policy and posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user permissions and retrieves PAT Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor route, setupkey, nameserver and dns to get record(s) from store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix add missing policy source posture checks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add store lock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add get account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-27 17:10:50 +03:00
Bethuel Mmbaga	35c892aea3	[management] Restrict accessible peers to user-owned peers for non-admins (#2618) ... * Restrict accessible peers to user-owned peers for non-admin users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add service user test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * reuse account from token Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * return error when peer not found Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-09-20 12:36:58 +03:00
Bethuel Mmbaga	170e842422	[management] Add accessible peers endpoint (#2579) ... * move accessible peer to separate endpoint in api doc Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add endpoint to get accessible peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/api/openapi.yml Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * Update management/server/http/peers_handler.go Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>	2024-09-12 16:19:27 +03:00
Viktor Liu	ac0d5ff9f3	[management] Improve mgmt sync performance (#2363)	2024-08-07 10:52:31 +02:00
pascal-fischer	765aba2c1c	Add context to throughout the project and update logging (#2209) ... propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-07-03 11:33:02 +02:00
Misha Bragin	df4ca01848	Return system serial on a peer HTTP API call (#1929)	2024-05-06 14:49:03 +02:00
Zoltan Papp	2d76b058fc	Feature/peer validator (#1553) ... Follow up management-integrations changes move groups to separated packages to avoid circle dependencies save location information in Login action	2024-03-27 18:48:48 +01:00
Bethuel Mmbaga	a47c69c472	Add private network posture check (#1606) ... * wip: Add PrivateNetworkCheck checks interface implementation * use generic CheckAction constant * Add private network check to posture checks * Fix copy function target in posture checks * Add network check functionality to posture package * regenerate the openapi specs * Update Posture Check actions in test file * Remove unused function * Refactor network address handling in PrivateNetworkCheck * Refactor Prefixes to Ranges in private network checks * Implement private network checks in posture checks handler tests * Add test for check copy * Add gorm serializer for network range	2024-02-22 19:22:43 +03:00
Yury Gargay	9bc7b9e897	Add initial support of device posture checks (#1540) ... This PR implements the following posture checks: * Agent minimum version allowed * OS minimum version allowed * Geo-location based on connection IP For the geo-based location, we rely on GeoLite2 databases which are free IP geolocation databases. MaxMind was tested and we provide a script that easily allows to download of all necessary files, see infrastructure_files/download-geolite2.sh. The OpenAPI spec should extensively cover the life cycle of current version posture checks.	2024-02-20 09:59:56 +01:00
Yury Gargay	27ed88f918	Implement lightweight method to check is peer has update channel (#1351) ... Instead of GetAllConnectedPeers that need to traverse the whole connections map in order to find one channel there.	2023-12-05 14:17:56 +01:00
pascal-fischer	141065f14e	Merge branch 'main' into feature/peer-approval	2023-11-29 16:27:01 +01:00
Maycon Santos	b6211ad020	Fix group membership for peers API response (#1337)	2023-11-29 09:33:05 +01:00
Pascal Fischer	efd05ca023	fix api references	2023-11-28 15:15:51 +01:00
Pascal Fischer	a7e55cc5e3	add signatures and frame for peer approval	2023-11-28 11:44:08 +01:00
Zoltan Papp	8be6e92563	Extend API with accessible peers (#1284) ... Extend the peer and peers API endpoints with accessible peers.	2023-11-07 14:38:36 +01:00
Yury Gargay	659110f0d5	Rework peer connection status based on the update channel existence (#1213) ... With this change, we don't need to update all peers on startup. We will check the existence of an update channel when returning a list or single peer on API. Then after restarting of server consumers of API will see peer not connected status till the creation of an updated channel which indicates peer successful connection.	2023-10-11 18:11:45 +02:00
Misha Bragin	b23011fbe8	Delete user peers when deleting a user (#1186)	2023-10-01 19:51:39 +02:00
Pascal Fischer	7bdb0dd358	merge openapi with version from docs repo	2023-05-26 15:32:52 +02:00
pascal-fischer	59372ee159	API cleanup (#824) ... removed all PATCH endpoints updated path parameters for all endpoints removed not implemented endpoints for api doc minor description updates	2023-05-03 00:15:25 +02:00
Pascal Fischer	03abdfa112	return empty object on all handlers instead of empty string	2023-03-29 18:46:40 +02:00
Pascal Fischer	8a130ec3f1	add comments to fix codacy	2023-02-28 16:51:30 +01:00
Pascal Fischer	c26cd3b9fe	add comments for constructors and fix typo	2023-02-28 15:46:08 +01:00
Pascal Fischer	f1f90807e4	changed the naming convention for all handling objects and methods to have unified way	2023-02-28 15:01:24 +01:00