Merge branch 'main' of github.com:openziti/zrok into oauth-email-change

2024-11-25 09:33:43 +01:00 · 2024-02-14 13:44:17 -06:00 · 2024-02-14 13:44:17 -06:00 · 811981d671
commit 811981d671
parent 28f6b9f57b 4dafe4a963
46 changed files with 1228 additions and 492 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
 * text=auto eol=lf
--- a/.github/workflows/deploy-doc-site.yml
+++ b/.github/workflows/deploy-doc-site.yml
@ -1,47 +1,47 @@
-name: Deploy Doc Site
+name: Deploy Doc Site
-
+
-on:
+on:
-  push:
+  push:
-    branches:
+    branches:
-      - main
+      - main
-
+
-# allow GITHUB_TOKEN to be used by the peaceiris/actions-gh-pages action to push to gh-pages branch
+# allow GITHUB_TOKEN to be used by the peaceiris/actions-gh-pages action to push to gh-pages branch
-permissions:
+permissions:
-  contents: write
+  contents: write
-
+
-jobs:
+jobs:
-  build:
+  build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-    
+    
-    steps:
+    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v3
-          
+          
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v3
-        name: setup npm
+        name: setup npm
-        with:
+        with:
-          node-version: 18
+          node-version: 18
-          check-latest: true
+          check-latest: true
-          cache: "npm"
+          cache: "npm"
-          cache-dependency-path: website/package-lock.json
+          cache-dependency-path: website/package-lock.json
-
+
-      - name: Run a multi-line script
+      - name: Run a multi-line script
-        run: |
+        run: |
-          npm install
+          npm install
-          npm run build
+          npm run build
-        working-directory: website
+        working-directory: website
-        
+        
-      # Popular action to deploy to GitHub Pages:
+      # Popular action to deploy to GitHub Pages:
-      # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus
+      # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus
-      - name: Deploy to GitHub Pages
+      - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v3
-        with:
+        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
-          # Build output to publish to the `gh-pages` branch:
+          # Build output to publish to the `gh-pages` branch:
-          publish_dir: ./website/build
+          publish_dir: ./website/build
-          # The following lines assign commit authorship to the official
+          # The following lines assign commit authorship to the official
-          # GH-Actions bot for deploys to `gh-pages` branch:
+          # GH-Actions bot for deploys to `gh-pages` branch:
-          # https://github.com/actions/checkout/issues/13#issuecomment-724415212
+          # https://github.com/actions/checkout/issues/13#issuecomment-724415212
-          # The GH actions bot is used by default if you didn't specify the two fields.
+          # The GH actions bot is used by default if you didn't specify the two fields.
-          # You can swap them out with your own user credentials.
+          # You can swap them out with your own user credentials.
-          #user_name: github-actions[bot]
+          #user_name: github-actions[bot]
-          #user_email: 41898282+github-actions[bot]@users.noreply.github.com
+          #user_email: 41898282+github-actions[bot]@users.noreply.github.com
--- a/.gitignore
+++ b/.gitignore
@ -28,6 +28,8 @@ go.work
 go.work.sum
 zrok-venv
 # cache used by local dev cross-build script
 /.npm
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
--- a/ACKNOWLEDGEMENTS.md
+++ b/ACKNOWLEDGEMENTS.md
@ -1,5 +1,38 @@
 # ACKNOWLEDGEMENTS
 ## github.com/openziti/zrok/endpoints/socks
 Portions of the `socks` package is based on code from `https://github.com/tailscale/tailscale/blob/v1.58.2/net/socks5/socks5.go`, which included the following license:
 > BSD 3-Clause License
 > 
 > Copyright (c) 2020 Tailscale Inc & AUTHORS.
 > 
 > Redistribution and use in source and binary forms, with or without
 > modification, are permitted provided that the following conditions are met:
 > 
 > 1. Redistributions of source code must retain the above copyright notice, this
 >    list of conditions and the following disclaimer.
 > 
 > 2. Redistributions in binary form must reproduce the above copyright notice,
 >    this list of conditions and the following disclaimer in the documentation
 >    and/or other materials provided with the distribution.
 > 
 > 3. Neither the name of the copyright holder nor the names of its
 >    contributors may be used to endorse or promote products derived from
 >    this software without specific prior written permission.
 > 
 > THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 > AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 > IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 > DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 > FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 > DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 > SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 > CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 > OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 > OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ## github.com/openziti/zrok/drives/davServer
 The `davServer` package is based on code from `https://cs.opensource.google/go/go/`, which included the following license:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,7 +3,18 @@
 ## v0.4.25
 FEATURE: Public share oauth email domains renamed to `email address patterns`. These now take a glob to match against.
-Old `zrok share` and `zrok reserve` flag: `oauth-email-domains`. Changed to: `oauth-email-address-patterns`.
+Old `zrok share` and `zrok reserve` flag: `oauth-email-domains`.
 Changed to: `oauth-email-address-patterns`.
 ## v0.4.24
 FEATURE: New `socks` backend mode for use with private sharing. Use `zrok share private --backend-mode socks` and then `zrok access private` that share from somewhere else... very lightweight VPN-like functionality (https://github.com/openziti/zrok/issues/558)
 FEATURE: New `zrok admin create account` command that allows populating accounts directly into the underlying controller database (https://github.com/openziti/zrok/issues/551)
 CHANGE: The `zrok test loopback public` utility to report non-`200` errors and also ensure that the listening side of the test is fully established before starting loopback testing.
 CHANGE: The OpenZiti SDK for golang (https://github.com/openziti/sdk-golang) has been updated to version `v0.22.28`
 ## v0.4.23
--- a/cmd/zrok/accessPrivate.go
+++ b/cmd/zrok/accessPrivate.go
@ -143,6 +143,28 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) {
 			}
 		}()
 	case "socks":
 		fe, err := tcpTunnel.NewFrontend(&tcpTunnel.FrontendConfig{
 			BindAddress:  cmd.bindAddress,
 			IdentityName: env.EnvironmentIdentityName(),
 			ShrToken:     args[0],
 			RequestsChan: requests,
 		})
 		if err != nil {
 			if !panicInstead {
 				tui.Error("unable to create private access", err)
 			}
 			panic(err)
 		}
 		go func() {
 			if err := fe.Run(); err != nil {
 				if !panicInstead {
 					tui.Error("error starting access", err)
 				}
 				panic(err)
 			}
 		}()
 	default:
 		cfg := proxy.DefaultFrontendConfig(env.EnvironmentIdentityName())
 		cfg.ShrToken = shrToken
--- a/cmd/zrok/adminCreateAccount.go
+++ b/cmd/zrok/adminCreateAccount.go
@ -0,0 +1,66 @@
 package main
 import (
 	"fmt"
 	"github.com/openziti/zrok/controller"
 	"github.com/openziti/zrok/controller/config"
 	"github.com/openziti/zrok/controller/store"
 	"github.com/spf13/cobra"
 )
 func init() {
 	adminCreateCmd.AddCommand(newAdminCreateAccount().cmd)
 }
 type adminCreateAccount struct {
 	cmd *cobra.Command
 }
 func newAdminCreateAccount() *adminCreateAccount {
 	cmd := &cobra.Command{
 		Use:   "account <configPath}> <email> <password>",
 		Short: "Pre-populate an account in the database; returns an enable token for the account",
 		Args:  cobra.ExactArgs(3),
 	}
 	command := &adminCreateAccount{cmd: cmd}
 	cmd.Run = command.run
 	return command
 }
 func (cmd *adminCreateAccount) run(_ *cobra.Command, args []string) {
 	cfg, err := config.LoadConfig(args[0])
 	if err != nil {
 		panic(err)
 	}
 	str, err := store.Open(cfg.Store)
 	if err != nil {
 		panic(err)
 	}
 	token, err := controller.CreateToken()
 	if err != nil {
 		panic(err)
 	}
 	hpwd, err := controller.HashPassword(args[2])
 	if err != nil {
 		panic(err)
 	}
 	trx, err := str.Begin()
 	if err != nil {
 		panic(err)
 	}
 	defer func() {
 		if err := trx.Commit(); err != nil {
 			panic(err)
 		}
 	}()
 	a := &store.Account{
 		Email:    args[1],
 		Salt:     hpwd.Salt,
 		Password: hpwd.Password,
 		Token:    token,
 	}
 	if _, err := str.CreateAccount(a, trx); err != nil {
 		panic(err)
 	}
 	fmt.Println(token)
 }
--- a/cmd/zrok/reserve.go
+++ b/cmd/zrok/reserve.go
@ -31,14 +31,14 @@ type reserveCommand struct {
 func newReserveCommand() *reserveCommand {
 	cmd := &cobra.Command{
-		Use:   "reserve <public|private> <target>",
+		Use:   "reserve <public|private> [<target>]",
 		Short: "Create a reserved share",
-		Args:  cobra.ExactArgs(2),
+		Args:  cobra.RangeArgs(1, 2),
 	}
 	command := &reserveCommand{cmd: cmd}
 	cmd.Flags().StringVarP(&command.uniqueName, "unique-name", "n", "", "A unique name for the reserved share (defaults to generated identifier)")
 	cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
-	cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode (public|private: proxy, web, caddy, drive) (private: tcpTunnel, udpTunnel)")
+	cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode (public|private: proxy, web, caddy, drive) (private: tcpTunnel, udpTunnel, socks)")
 	cmd.Flags().BoolVarP(&command.jsonOutput, "json-output", "j", false, "Emit JSON describing the created reserved share")
 	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
 	cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]")
@ -52,7 +52,7 @@ func newReserveCommand() *reserveCommand {
 func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
 	shareMode := sdk.ShareMode(args[0])
-	privateOnlyModes := []string{"tcpTunnel", "udpTunnel"}
+	privateOnlyModes := []string{"tcpTunnel", "udpTunnel", "socks"}
 	if shareMode != sdk.PublicShareMode && shareMode != sdk.PrivateShareMode {
 		tui.Error("invalid sharing mode; expecting 'public' or 'private'", nil)
 	} else if shareMode == sdk.PublicShareMode && slices.Contains(privateOnlyModes, cmd.backendMode) {
@ -66,6 +66,9 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
 	var target string
 	switch cmd.backendMode {
 	case "proxy":
 		if len(args) != 2 {
 			tui.Error("the 'proxy' backend mode expects a <target>", nil)
 		}
 		v, err := parseUrl(args[1])
 		if err != nil {
 			tui.Error("invalid target endpoint URL", err)
@ -73,22 +76,42 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
 		target = v
 	case "web":
 		if len(args) != 2 {
 			tui.Error("the 'web' backend mode expects a <target>", nil)
 		}
 		target = args[1]
 	case "tcpTunnel":
 		if len(args) != 2 {
 			tui.Error("the 'tcpTunnel' backend mode expects a <target>", nil)
 		}
 		target = args[1]
 	case "udpTunnel":
 		if len(args) != 2 {
 			tui.Error("the 'udpTunnel' backend mode expects a <target>", nil)
 		}
 		target = args[1]
 	case "caddy":
 		if len(args) != 2 {
 			tui.Error("the 'caddy' backend mode expects a <target>", nil)
 		}
 		target = args[1]
 	case "drive":
 		if len(args) != 2 {
 			tui.Error("the 'drive' backend mode expects a <target>", nil)
 		}
 		target = args[1]
 	case "socks":
 		if len(args) != 1 {
 			tui.Error("the 'socks' backend mode does not expect <target>", nil)
 		}
 	default:
-		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, tcpTunnel, udpTunnel, caddy, drive}", cmd.backendMode), nil)
+		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks}", cmd.backendMode), nil)
 	}
 	env, err := environment.LoadRoot()
--- a/cmd/zrok/sharePrivate.go
+++ b/cmd/zrok/sharePrivate.go
@ -6,6 +6,7 @@ import (
 	"github.com/openziti/zrok/endpoints"
 	"github.com/openziti/zrok/endpoints/drive"
 	"github.com/openziti/zrok/endpoints/proxy"
 	"github.com/openziti/zrok/endpoints/socks"
 	"github.com/openziti/zrok/endpoints/tcpTunnel"
 	"github.com/openziti/zrok/endpoints/udpTunnel"
 	"github.com/openziti/zrok/environment"
@ -33,13 +34,13 @@ type sharePrivateCommand struct {
 func newSharePrivateCommand() *sharePrivateCommand {
 	cmd := &cobra.Command{
-		Use:   "private <target>",
+		Use:   "private [<target>]",
 		Short: "Share a target resource privately",
-		Args:  cobra.ExactArgs(1),
+		Args:  cobra.RangeArgs(0, 1),
 	}
 	command := &sharePrivateCommand{cmd: cmd}
 	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
-	cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive}")
+	cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks}")
 	cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
 	cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
 	cmd.Run = command.run
@ -51,6 +52,9 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 	switch cmd.backendMode {
 	case "proxy":
 		if len(args) != 1 {
 			tui.Error("the 'proxy' backend mode expects a <target>", nil)
 		}
 		v, err := parseUrl(args[0])
 		if err != nil {
 			if !panicInstead {
@ -61,21 +65,41 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 		target = v
 	case "web":
 		if len(args) != 1 {
 			tui.Error("the 'web' backend mode expects a <target>", nil)
 		}
 		target = args[0]
 	case "tcpTunnel":
 		if len(args) != 1 {
 			tui.Error("the 'tcpTunnel' backend mode expects a <target>", nil)
 		}
 		target = args[0]
 	case "udpTunnel":
 		if len(args) != 1 {
 			tui.Error("the 'udpTunnel' backend mode expects a <target>", nil)
 		}
 		target = args[0]
 	case "caddy":
 		if len(args) != 1 {
 			tui.Error("the 'caddy' backend mode expects a <target>", nil)
 		}
 		target = args[0]
 		cmd.headless = true
 	case "drive":
 		if len(args) != 1 {
 			tui.Error("the 'drive' backend mode expects a <target>", nil)
 		}
 		target = args[0]
 	case "socks":
 		if len(args) != 0 {
 			tui.Error("the 'socks' backend mode does not expect <target>", nil)
 		}
 	default:
 		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, tcpTunnel, udpTunnel, caddy, drive}", cmd.backendMode), nil)
 	}
@ -264,6 +288,27 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 			}
 		}()
 	case "socks":
 		cfg := &socks.BackendConfig{
 			IdentityPath: zif,
 			ShrToken:     shr.Token,
 			Requests:     requests,
 		}
 		be, err := socks.NewBackend(cfg)
 		if err != nil {
 			if !panicInstead {
 				tui.Error("error creating socks backend", err)
 			}
 			panic(err)
 		}
 		go func() {
 			if err := be.Run(); err != nil {
 				logrus.Errorf("error running socks backend: %v", err)
 			}
 		}()
 	default:
 		tui.Error("invalid backend mode", nil)
 	}
--- a/cmd/zrok/shareReserved.go
+++ b/cmd/zrok/shareReserved.go
@ -7,6 +7,7 @@ import (
 	"github.com/openziti/zrok/endpoints"
 	"github.com/openziti/zrok/endpoints/drive"
 	"github.com/openziti/zrok/endpoints/proxy"
 	"github.com/openziti/zrok/endpoints/socks"
 	"github.com/openziti/zrok/endpoints/tcpTunnel"
 	"github.com/openziti/zrok/endpoints/udpTunnel"
 	"github.com/openziti/zrok/environment"
@ -92,23 +93,25 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
-	logrus.Infof("sharing target: '%v'", target)
+	if resp.Payload.BackendMode != "socks" {
 		logrus.Infof("sharing target: '%v'", target)
-	if resp.Payload.BackendProxyEndpoint != target {
+		if resp.Payload.BackendProxyEndpoint != target {
-		upReq := share.NewUpdateShareParams()
+			upReq := share.NewUpdateShareParams()
-		upReq.Body = &rest_model_zrok.UpdateShareRequest{
+			upReq.Body = &rest_model_zrok.UpdateShareRequest{
-			ShrToken:             shrToken,
+				ShrToken:             shrToken,
-			BackendProxyEndpoint: target,
+				BackendProxyEndpoint: target,
 		}
 		if _, err := zrok.Share.UpdateShare(upReq, auth); err != nil {
 			if !panicInstead {
 				tui.Error("unable to update backend proxy endpoint", err)
 			}
-			panic(err)
+			if _, err := zrok.Share.UpdateShare(upReq, auth); err != nil {
 				if !panicInstead {
 					tui.Error("unable to update backend proxy endpoint", err)
 				}
 				panic(err)
 			}
 			logrus.Infof("updated backend proxy endpoint to: %v", target)
 		} else {
 			logrus.Infof("using existing backend proxy endpoint: %v", target)
 		}
 		logrus.Infof("updated backend proxy endpoint to: %v", target)
 	} else {
 		logrus.Infof("using existing backend proxy endpoint: %v", target)
 	}
 	var shareDescription string
@ -258,6 +261,27 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) {
 			}
 		}()
 	case "socks":
 		cfg := &socks.BackendConfig{
 			IdentityPath: zif,
 			ShrToken:     shrToken,
 			Requests:     requests,
 		}
 		be, err := socks.NewBackend(cfg)
 		if err != nil {
 			if !panicInstead {
 				tui.Error("error creating socks backend", err)
 			}
 			panic(err)
 		}
 		go func() {
 			if err := be.Run(); err != nil {
 				logrus.Errorf("error running socks backend: %v", err)
 			}
 		}()
 	default:
 		tui.Error("invalid backend mode", nil)
 	}
--- a/cmd/zrok/testLoopPublic.go
+++ b/cmd/zrok/testLoopPublic.go
@ -136,18 +136,19 @@ func (l *looper) run() {
 	l.startup()
 	logrus.Infof("looper #%d, shrToken: %v, frontend: %v", l.id, l.shrToken, l.proxyEndpoint)
-	go l.serviceListener()
+	if l.serviceListener() {
-	l.dwell()
+		l.dwell()
-	l.iterate()
+		l.iterate()
 	}
 	logrus.Infof("looper #%d: complete", l.id)
 	l.shutdown()
 }
-func (l *looper) serviceListener() {
+func (l *looper) serviceListener() bool {
 	zcfg, err := ziti.NewConfigFromFile(l.zif)
 	if err != nil {
 		logrus.Errorf("error opening ziti config '%v': %v", l.zif, err)
-		return
+		return false
 	}
 	options := ziti.ListenOptions{
 		ConnectTimeout:               5 * time.Minute,
@ -156,15 +157,21 @@ func (l *looper) serviceListener() {
 	zctx, err := ziti.NewContext(zcfg)
 	if err != nil {
 		logrus.Errorf("error loading ziti context: %v", err)
-		return
+		return false
 	}
-	if l.listener, err = zctx.ListenWithOptions(l.shrToken, &options); err == nil {
+
 	if l.listener, err = zctx.ListenWithOptions(l.shrToken, &options); err != nil {
 		logrus.Errorf("looper #%d, error listening: %v", l.id, err)
 		return false
 	}
 	go func() {
 		if err := http.Serve(l.listener, l); err != nil {
 			logrus.Errorf("looper #%d, error serving: %v", l.id, err)
 		}
-	} else {
+	}()
-		logrus.Errorf("looper #%d, error listening: %v", l.id, err)
+
-	}
+	return true
 }
 func (l *looper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@ -239,6 +246,9 @@ func (l *looper) iterate() {
 		if req, err := http.NewRequest("POST", l.proxyEndpoint, bytes.NewBufferString(outbase64)); err == nil {
 			client := &http.Client{Timeout: time.Second * time.Duration(l.cmd.timeoutSeconds)}
 			if resp, err := client.Do(req); err == nil {
 				if resp.StatusCode != 200 {
 					logrus.Errorf("looper #%d unexpected response status code %v!", l.id, resp.StatusCode)
 				}
 				inpayload := new(bytes.Buffer)
 				io.Copy(inpayload, resp.Body)
 				inbase64 := inpayload.String()
--- a/controller/access.go
+++ b/controller/access.go
@ -62,7 +62,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
 		return share.NewAccessNotFound()
 	}
-	feToken, err := createToken()
+	feToken, err := CreateToken()
 	if err != nil {
 		logrus.Error(err)
 		return share.NewAccessInternalServerError()
--- a/controller/createFrontend.go
+++ b/controller/createFrontend.go
@ -50,7 +50,7 @@ func (h *createFrontendHandler) Handle(params admin.CreateFrontendParams, princi
 	}
 	defer func() { _ = tx.Rollback() }()
-	feToken, err := createToken()
+	feToken, err := CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating frontend token: %v", err)
 		return admin.NewCreateFrontendInternalServerError()
--- a/controller/invite.go
+++ b/controller/invite.go
@ -55,7 +55,7 @@ func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder
 		logrus.Infof("using invite token '%v' to process invite request for '%v'", inviteToken.Token, params.Body.Email)
 	}
-	token, err = createToken()
+	token, err = CreateToken()
 	if err != nil {
 		logrus.Error(err)
 		return account.NewInviteInternalServerError()
--- a/controller/passwords.go
+++ b/controller/passwords.go
@ -24,7 +24,7 @@ func salt() string {
 	return base64.StdEncoding.EncodeToString(buf)
 }
-func hashPassword(password string) (*hashedPassword, error) {
+func HashPassword(password string) (*hashedPassword, error) {
 	return rehashPassword(password, salt())
 }
--- a/controller/register.go
+++ b/controller/register.go
@ -38,7 +38,7 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
 		return account.NewRegisterNotFound()
 	}
-	token, err := createToken()
+	token, err := CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating token for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
 		return account.NewRegisterInternalServerError()
@ -49,7 +49,7 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
 		return account.NewRegisterUnprocessableEntity().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
-	hpwd, err := hashPassword(params.Body.Password)
+	hpwd, err := HashPassword(params.Body.Password)
 	if err != nil {
 		logrus.Errorf("error hashing password for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
 		return account.NewRegisterInternalServerError()
--- a/controller/resetPassword.go
+++ b/controller/resetPassword.go
@ -53,7 +53,7 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
 		return account.NewResetPasswordUnprocessableEntity().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
-	hpwd, err := hashPassword(params.Body.Password)
+	hpwd, err := HashPassword(params.Body.Password)
 	if err != nil {
 		logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)
 		return account.NewResetPasswordRequestInternalServerError()
--- a/controller/resetPasswordRequest.go
+++ b/controller/resetPasswordRequest.go
@ -34,7 +34,7 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
 	}
 	defer func() { _ = tx.Rollback() }()
-	token, err = createToken()
+	token, err = CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating token for '%v': %v", params.Body.EmailAddress, err)
 		return account.NewResetPasswordRequestInternalServerError()
--- a/controller/store/sql/postgresql/017_v0_4_24_backend_mode_socks.sql
+++ b/controller/store/sql/postgresql/017_v0_4_24_backend_mode_socks.sql
@ -0,0 +1,3 @@
 -- +migrate Up
 alter type backend_mode add value 'socks';
--- a/controller/store/sql/sqlite3/017_v0_4_24_backend_mode_socks.sql
+++ b/controller/store/sql/sqlite3/017_v0_4_24_backend_mode_socks.sql
@ -0,0 +1,58 @@
 -- +migrate Up
 alter table shares rename to shares_old;
 create table shares (
    id                        integer             primary key,
    environment_id            integer             constraint fk_environments_shares references environments on delete cascade,
    z_id                      string              not null unique,
    token                     string              not null,
    share_mode                string              not null,
    backend_mode              string              not null,
    frontend_selection        string,
    frontend_endpoint         string,
    backend_proxy_endpoint    string,
    reserved                  boolean             not null default(false),
    created_at                datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
    updated_at                datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
    deleted                   boolean             not null default(false),
    constraint chk_z_id check (z_id <> ''),
    constraint chk_token check (token <> ''),
    constraint chk_share_mode check (share_mode == 'public' or share_mode == 'private'),
    constraint chk_backend_mode check (backend_mode == 'proxy' or backend_mode == 'web' or backend_mode == 'tcpTunnel' or backend_mode == 'udpTunnel' or backend_mode == 'caddy' or backend_mode == 'drive' or backend_mode == 'socks')
 );
 insert into shares select * from shares_old;
 drop index shares_token_idx;
 create unique index shares_token_idx ON shares(token) WHERE deleted is false;
 alter table frontends rename to frontends_old;
 create table frontends (
    id                    integer             primary key,
    environment_id        integer             references environments(id),
    token                 varchar(32)         not null unique,
    z_id                  varchar(32)         not null,
    public_name           varchar(64)         unique,
    url_template          varchar(1024),
    reserved              boolean             not null default(false),
    created_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
    updated_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
    deleted               boolean             not null default(false),
    private_share_id      integer             references shares(id)
 );
 insert into frontends select * from frontends_old;
 drop table frontends_old;
 alter table share_limit_journal rename to share_limit_journal_old;
 create table share_limit_journal (
    id                  integer                 primary key,
    share_id            integer                 references shares(id),
    rx_bytes            bigint                  not null,
    tx_bytes            bigint                  not null,
    action              limit_action_type       not null,
    created_at          datetime                not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
    updated_at          datetime                not null default(strftime('%Y-%m-%d %H:%M:%f', 'now'))
 );
 insert into share_limit_journal select * from share_limit_journal_old;
 drop table share_limit_journal_old;
 drop table shares_old;
--- a/controller/util.go
+++ b/controller/util.go
@ -65,7 +65,7 @@ func createShareToken() (string, error) {
 	return gen(), nil
 }
-func createToken() (string, error) {
+func CreateToken() (string, error) {
 	gen, err := nanoid.CustomASCII("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 12)
 	if err != nil {
 		return "", err
--- a/docker/images/cross-build/Dockerfile
+++ b/docker/images/cross-build/Dockerfile
@ -1,3 +1,4 @@
 # Stage 1: Install Node.js with nvm
 FROM debian:bullseye-slim
 #
 # this file mirrors the build params used in the GitHub Actions and enables
@ -12,23 +13,31 @@ ARG go_root=/usr/local/go
 ARG go_cache=/usr/share/go_cache
 ARG uid=1000
 ARG gid=1000
-RUN apt-get -y update
+RUN apt-get -y update \
-RUN apt-get -y install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu
+    && apt-get -y install \
-RUN apt-get -y install wget build-essential
+        gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu \
        wget build-essential
 COPY ./linux-build.sh /usr/local/bin/
 RUN wget -q https://go.dev/dl/${go_distribution_file}
 RUN tar -xzf ${go_distribution_file} -C /usr/local/
 RUN wget -qO- https://deb.nodesource.com/setup_18.x | bash \
    && apt-get -y update \
    && apt-get -y install \
        nodejs
 RUN mkdir ${go_path} ${go_cache}
 RUN chown -R ${uid}:${gid} ${go_path} ${go_cache}
 COPY ./linux-build.sh /usr/local/bin/
 USER ${uid}:${gid}
 ENV TARGETARCH=${TARGETARCH}
 ENV GOPATH=${go_path}
 ENV GOROOT=${go_root}
 ENV GOCACHE=${go_cache}
 ENV PATH=${go_path}/bin:${go_root}/bin:$PATH
 RUN go install github.com/mitchellh/gox@latest
 WORKDIR /mnt
 ENTRYPOINT ["linux-build.sh"]
--- a/docker/images/cross-build/linux-build.sh
+++ b/docker/images/cross-build/linux-build.sh
@ -6,7 +6,10 @@
 #
 # 
-set -o pipefail -e -u
+set -o errexit
 set -o nounset
 set -o pipefail
 set -o xtrace
 # if no architectures supplied then default list of three
 if (( ${#} )); then
@ -31,6 +34,16 @@ else
    PROCS_PER_JOB=0 # invokes gox default to use all CPUs-1
 fi
 (
    HOME=/tmp/builder
    # Navigate to the "ui" directory and run npm commands
    npm config set cache /mnt/.npm
    cd ./ui/
    mkdir -p $HOME
    npm install
    npm run build
 )
 for ARCH in ${JOBS[@]}; do
    GOX_CMD="
        gox \
--- a/docker/images/zrok/Dockerfile
+++ b/docker/images/zrok/Dockerfile
@ -1,5 +1,5 @@
 # this builds docker.io/openziti/zrok
-ARG ZITI_CLI_TAG="0.31.2"
+ARG ZITI_CLI_TAG="0.32.1"
 ARG ZITI_CLI_IMAGE="docker.io/openziti/ziti-cli"
 # this builds docker.io/openziti/ziti-controller
 FROM ${ZITI_CLI_IMAGE}:${ZITI_CLI_TAG}
@ -20,8 +20,9 @@ LABEL name="openziti/zrok" \
 USER root
-### install packages (jq introduced in source image in next release 0.30.6)
+### install packages: findutils provides xargs which is used by the zrok Helm chart's controller bootstrapping script to
-RUN   INSTALL_PKGS="jq" && \
+#create the default account enable token
 RUN   INSTALL_PKGS="findutils" && \
      microdnf -y update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs && \
      microdnf -y install --setopt=install_weak_deps=0 --setopt=tsflags=nodocs ${INSTALL_PKGS}
--- a/docs/_attic/network/_category_.json
+++ b/docs/_attic/network/_category_.json
@ -1,7 +1,7 @@
-{
+{
-  "label": "Network",
+  "label": "Network",
-  "position": 60,
+  "position": 60,
-  "link": {
+  "link": {
-    "type": "generated-index",
+    "type": "generated-index",
-  }
+  }
 }
--- a/docs/_attic/sharing/_category_.json
+++ b/docs/_attic/sharing/_category_.json
@ -1,7 +1,7 @@
-{
+{
-  "label": "Sharing",
+  "label": "Sharing",
-  "position": 20,
+  "position": 20,
-  "link": {
+  "link": {
-    "type": "generated-index",
+    "type": "generated-index",
-  }
+  }
 }
--- a/docs/concepts/_category_.json
+++ b/docs/concepts/_category_.json
@ -1,8 +1,8 @@
-{
+{
-  "label": "Concepts",
+  "label": "Concepts",
-  "position": 30,
+  "position": 30,
-  "link": {
+  "link": {
-    "type": "doc",
+    "type": "doc",
-    "id": "concepts/index"
+    "id": "concepts/index"
-  }
+  }
-}
+}
--- a/docs/concepts/files.md
+++ b/docs/concepts/files.md
@ -1,52 +1,52 @@
---
+---
-title: Sharing Websites and Files
+title: Sharing Websites and Files
-sidebar_position: 30
+sidebar_position: 30
---
+---
-
+
-With `zrok` it is possible to share files quickly and easily as well. To share files using `zrok` use
+With `zrok` it is possible to share files quickly and easily as well. To share files using `zrok` use
-the `--backend-mode web`, for example: `zrok share private . --backend-mode web`.
+the `--backend-mode web`, for example: `zrok share private . --backend-mode web`.
-
+
-Running with this mode will make it trivially easy to share files from the directory which the command
+Running with this mode will make it trivially easy to share files from the directory which the command
-was run from.
+was run from.
-
+
-For example if you have a directory with a structure like this:
+For example if you have a directory with a structure like this:
-
+
-```shell
+```shell
-rw-r--r--+ 1 Michael None     7090 Apr 17 12:53 CHANGELOG.md
+-rw-r--r--+ 1 Michael None     7090 Apr 17 12:53 CHANGELOG.md
-rw-r--r--+ 1 Michael None    11346 Apr 17 12:53 LICENSE
+-rw-r--r--+ 1 Michael None    11346 Apr 17 12:53 LICENSE
-rw-r--r--+ 1 Michael None     2885 Apr 17 12:53 README.md
+-rw-r--r--+ 1 Michael None     2885 Apr 17 12:53 README.md
-rwxr-xr-x+ 1 Michael None 44250624 Apr 17 13:00 zrok.exe*
+-rwxr-xr-x+ 1 Michael None 44250624 Apr 17 13:00 zrok.exe*
-```
+```
-
+
-The files can be shared using a command such as:
+The files can be shared using a command such as:
-
+
-```shell
+```shell
-zrok share public --backend-mode web .
+zrok share public --backend-mode web .
-```
+```
-
+
-Then the files can be access with a `private` or `public` share, for example as shown:
+Then the files can be access with a `private` or `public` share, for example as shown:
-
+
-![zrok_share_web_files](../images/zrok_share_web_files.png)
+![zrok_share_web_files](../images/zrok_share_web_files.png)
-
+
-`zrok` will automatically provide a stock website, which will allow the accessing user to browse and navigate the file tree. Clicking the files allows the user to download them.
+`zrok` will automatically provide a stock website, which will allow the accessing user to browse and navigate the file tree. Clicking the files allows the user to download them.
-
+
-`zrok` can also share a pre-rendered static HTML website. If you have a directory like this:
+`zrok` can also share a pre-rendered static HTML website. If you have a directory like this:
-
+
-```shell
+```shell
-rw-rw-r--+ 1 Michael None 56 Jun 26 13:23 index.html
+-rw-rw-r--+ 1 Michael None 56 Jun 26 13:23 index.html
-```
+```
-
+
-If `index.html` contains valid HTML, like this:
+If `index.html` contains valid HTML, like this:
-
+
-```html
+```html
-<html>
+<html>
-<body>
+<body>
-        <h1>Hello <code>zrok</code></h1>
+        <h1>Hello <code>zrok</code></h1>
-</html>
+</html>
-```
+```
-
+
-Sharing the directory will result in the following when you access the share in a web browser:
+Sharing the directory will result in the following when you access the share in a web browser:
-
+
-![zrok_share_web_website](../images/zrok_share_web_website.png)
+![zrok_share_web_website](../images/zrok_share_web_website.png)
-
+
 `zrok` contains a built-in web server, which you can use to serve static websites as a share.
--- a/docs/concepts/hosting.md
+++ b/docs/concepts/hosting.md
@ -1,16 +1,16 @@
---
+---
-sidebar_position: 200
+sidebar_position: 200
---
+---
-
+
-# Hosting
+# Hosting
-
+
-## Self-Hosted
+## Self-Hosted
-
+
-`zrok` is not limited to a managed offering. You can [host your own](../guides/self-hosting/self_hosting_guide.md) instance of `zrok` as well. `zrok` is
+`zrok` is not limited to a managed offering. You can [host your own](../guides/self-hosting/self_hosting_guide.md) instance of `zrok` as well. `zrok` is
-also freely available as open source software hosted by GitHub under a very permissive Apache v2 license.
+also freely available as open source software hosted by GitHub under a very permissive Apache v2 license.
-
+
-## Managed Service
+## Managed Service
-
+
-`zrok` is also offered as a cloud service, making it instantly accessible to a large population immediately.
+`zrok` is also offered as a cloud service, making it instantly accessible to a large population immediately.
-NetFoundry provides a manged version of `zrok` at https://zrok.io. This provides the easy-to-use,
+NetFoundry provides a manged version of `zrok` at https://zrok.io. This provides the easy-to-use,
-quick to demonstrate features of `zrok` without needing to deploy and host `zrok` yourself.
+quick to demonstrate features of `zrok` without needing to deploy and host `zrok` yourself.
--- a/docs/concepts/index.md
+++ b/docs/concepts/index.md
@ -1,13 +1,13 @@
---
+---
-sidebar_title: Core Features
+sidebar_title: Core Features
-sidebar_position: 25
+sidebar_position: 25
---
+---
-
+
-# Concepts
+# Concepts
-
+
-`zrok` was designed to make sharing local resources both secure and easy. In this section of the `zrok` documentation, we'll tour through all of the most important features.
+`zrok` was designed to make sharing local resources both secure and easy. In this section of the `zrok` documentation, we'll tour through all of the most important features.
-
+
-Sharing with `zrok` can be either [`public`](./sharing-public.md) or [`private`](./sharing-private.md).
+Sharing with `zrok` can be either [`public`](./sharing-public.md) or [`private`](./sharing-private.md).
-Naturally, regular web-based resources can be shared but `zrok` also includes support for sharing raw [TCP](./tunnels.md) and [UDP](./tunnels.md) network connections, and also includes a [website and file sharing](./files.md) feature.
+Naturally, regular web-based resources can be shared but `zrok` also includes support for sharing raw [TCP](./tunnels.md) and [UDP](./tunnels.md) network connections, and also includes a [website and file sharing](./files.md) feature.
-
+
-Learn about `zrok` [hosting here](./hosting.md), including instructions on how to [install your own `zrok` instance](../guides/self-hosting/self_hosting_guide.md).
+Learn about `zrok` [hosting here](./hosting.md), including instructions on how to [install your own `zrok` instance](../guides/self-hosting/self_hosting_guide.md).
--- a/docs/concepts/opensource.md
+++ b/docs/concepts/opensource.md
@ -1,24 +1,24 @@
---
+---
-sidebar_position: 100
+sidebar_position: 100
---
+---
-
+
-# Open Source
+# Open Source
-
+
-It's important to the `zrok` project that it remain free and open source software. The code is available on [GitHub](https://github.com/openziti/zrok)
+It's important to the `zrok` project that it remain free and open source software. The code is available on [GitHub](https://github.com/openziti/zrok)
-for the world to use, inspect, and build upon!
+for the world to use, inspect, and build upon!
-
+
-Check out the repository over on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok).  If you find `zrok` to be useful, and
+Check out the repository over on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok).  If you find `zrok` to be useful, and
-you want to help spread the word of `zrok` give the project a star. It really does help get the word out about the
+you want to help spread the word of `zrok` give the project a star. It really does help get the word out about the
-project.
+project.
-
+
-The project also uses a very permissive license: Apache v2. We encourage people to fork the repo and use `zrok` for your own purposes how you see fit or contribute back to the project.
+The project also uses a very permissive license: Apache v2. We encourage people to fork the repo and use `zrok` for your own purposes how you see fit or contribute back to the project.
-
+
-## Built on OpenZiti
+## Built on OpenZiti
-
+
-The power of `zrok` really lies in `private` sharing. It's increasingly clear that security needs to be a first-class
+The power of `zrok` really lies in `private` sharing. It's increasingly clear that security needs to be a first-class
-member of any organization. To enable `private` sharing, `zrok` was built on top of another excellent open source project named OpenZiti.
+member of any organization. To enable `private` sharing, `zrok` was built on top of another excellent open source project named OpenZiti.
-
+
-OpenZiti is a secure overlay network focusing on bringing zero trust to applications. It is the __backbone__ of `zrok`.
+OpenZiti is a secure overlay network focusing on bringing zero trust to applications. It is the __backbone__ of `zrok`.
-In fact, `zrok` proudly proclaims itself as an Ziti _native_ application.
+In fact, `zrok` proudly proclaims itself as an Ziti _native_ application.
-
+
-If you are interested in learning more about OpenZiti head over to [the docs](https://docs.openziti.io/docs/learn/introduction/), try the quickstart, and don't forget to star that project too. We couldn't build `zrok` without OpenZiti!
+If you are interested in learning more about OpenZiti head over to [the docs](https://docs.openziti.io/docs/learn/introduction/), try the quickstart, and don't forget to star that project too. We couldn't build `zrok` without OpenZiti!
--- a/docs/concepts/sharing-private.md
+++ b/docs/concepts/sharing-private.md
@ -1,29 +1,29 @@
---
+---
-sidebar_position: 0
+sidebar_position: 0
---
+---
-# Private Shares
+# Private Shares
-
+
-`zrok` was built to share and access digital resources. A `private` share allows a resource to be 
+`zrok` was built to share and access digital resources. A `private` share allows a resource to be 
-accessed on another user's system as if it were local to them. Privately shared resources can only be accessed by another `zrok` user who has the details of your unique share. You are in control of who can access your `private` shares by sharing the the share token.
+accessed on another user's system as if it were local to them. Privately shared resources can only be accessed by another `zrok` user who has the details of your unique share. You are in control of who can access your `private` shares by sharing the the share token.
-
+
-Peer-to-peer private resource sharing is one of the things that makes `zrok` unique.
+Peer-to-peer private resource sharing is one of the things that makes `zrok` unique.
-
+
-`zrok` also provides `public` sharing of resources with non-`zrok` users. Public resource sharing is limited to only resources that can be accessed over `HTTP` or `HTTPS`. `private` sharing works with all of the resources types that `zrok` supports.
+`zrok` also provides `public` sharing of resources with non-`zrok` users. Public resource sharing is limited to only resources that can be accessed over `HTTP` or `HTTPS`. `private` sharing works with all of the resources types that `zrok` supports.
-
+
-Here's how private sharing works:
+Here's how private sharing works:
-
+
-# Peer to Peer
+# Peer to Peer
-
+
-![zrok_public_share](../images/zrok_private_share.png)
+![zrok_public_share](../images/zrok_private_share.png)
-
+
-`private` shares are accessed using the `zrok access` command, and require the accessing user to have a `zrok enable`-d account on the same service instance where the share was created.
+`private` shares are accessed using the `zrok access` command, and require the accessing user to have a `zrok enable`-d account on the same service instance where the share was created.
-
+
-The `private` share is identified by a _share token_. The accessing user will use the share token, along with the `zrok access` command to create a local endpoint on their system, which lets them use the shared resource as if it were local to their system.
+The `private` share is identified by a _share token_. The accessing user will use the share token, along with the `zrok access` command to create a local endpoint on their system, which lets them use the shared resource as if it were local to their system.
-
+
-`zrok` does not require you to open any firewall ports or otherwise compromise the security of your local system; there is never an attack surface open to the public internet. As soon as you terminate the `zrok share` process, you immediately terminate any possible access to your shared resource.
+`zrok` does not require you to open any firewall ports or otherwise compromise the security of your local system; there is never an attack surface open to the public internet. As soon as you terminate the `zrok share` process, you immediately terminate any possible access to your shared resource.
-
+
-The shared resource can be a development web server to share with friends and colleagues, a webhook from a server running in the cloud which has `zrok` running and has been instructed to `access` the private resource. `zrok` can also share files, websites, and low-level TCP and UDP network connections using the `tunnel` backend.  What matters is that the access to the shared resource is not done in a public way, and can only be accessed by other `zrok` users that have access to your share token.
+The shared resource can be a development web server to share with friends and colleagues, a webhook from a server running in the cloud which has `zrok` running and has been instructed to `access` the private resource. `zrok` can also share files, websites, and low-level TCP and UDP network connections using the `tunnel` backend.  What matters is that the access to the shared resource is not done in a public way, and can only be accessed by other `zrok` users that have access to your share token.
-
+
-The peer-to-peer capabilities of `zrok` are an important property of the underlying [OpenZiti](https://docs.openziti.io/docs/learn/introduction/) network that `zrok` uses to provide connectivity between users and resources.
+The peer-to-peer capabilities of `zrok` are an important property of the underlying [OpenZiti](https://docs.openziti.io/docs/learn/introduction/) network that `zrok` uses to provide connectivity between users and resources.
-
+
 Creating `private` shares is easy and is accomplished using the `zrok share private` command. Run `zrok share private` to see the usage output and to further learn how to use the command.
--- a/docs/concepts/sharing-public.md
+++ b/docs/concepts/sharing-public.md
@ -1,16 +1,16 @@
---
+---
-sidebar_position: 10
+sidebar_position: 10
---
+---
-# Public Shares
+# Public Shares
-
+
-`zrok` supports `public` sharing for web-based (HTTP and HTTPS) resources. These resources are easily shared with the general internet through public access points.
+`zrok` supports `public` sharing for web-based (HTTP and HTTPS) resources. These resources are easily shared with the general internet through public access points.
-
+
-## Peer to Public
+## Peer to Public
-
+
-![zrok_public_share](../images/zrok_public_share.png)
+![zrok_public_share](../images/zrok_public_share.png)
-
+
-`public` sharing is most useful when the person or service accessing your resources does not have `zrok` running locally and cannot make use of the `private` sharing mode built into `zrok`. Many users share development web servers, webhooks, and other HTTP/HTTPS resources.
+`public` sharing is most useful when the person or service accessing your resources does not have `zrok` running locally and cannot make use of the `private` sharing mode built into `zrok`. Many users share development web servers, webhooks, and other HTTP/HTTPS resources.
-
+
-As with `private` sharing, `public` sharing does not require you to open any firewall ports or otherwise compromise the security of your local environments. A `public` share goes away as soon as you terminate the `zrok share` command.
+As with `private` sharing, `public` sharing does not require you to open any firewall ports or otherwise compromise the security of your local environments. A `public` share goes away as soon as you terminate the `zrok share` command.
-
+
 Using `public` shares is easy and is accomplished using the `zrok share public` command. Run `zrok share public` to see the command-line help and to learn how to use `public` shares.
--- a/docs/concepts/sharing-reserved.md
+++ b/docs/concepts/sharing-reserved.md
@ -1,14 +1,14 @@
---
+---
-sidebar_position: 10
+sidebar_position: 10
---
+---
-# Reserved Shares
+# Reserved Shares
-
+
-By default a `public` or `private` share is assigned a _share token_ when you create a share using the `zrok share` command. The `zrok share` command is the bridge between your local environment and the users you are sharing with. When you terminate the `zrok share`, the bridge is eliminated and the _share token_ is deleted. If you run `zrok share` again, you will be allocated a brand new _share token_.
+By default a `public` or `private` share is assigned a _share token_ when you create a share using the `zrok share` command. The `zrok share` command is the bridge between your local environment and the users you are sharing with. When you terminate the `zrok share`, the bridge is eliminated and the _share token_ is deleted. If you run `zrok share` again, you will be allocated a brand new _share token_.
-
+
-You can use a `reserved` share to persist your _share token_ across multiple runs of the `zrok share` bridge. When you use a `reserved` share, the share token will not be deleted between multiple runs of `zrok share`.
+You can use a `reserved` share to persist your _share token_ across multiple runs of the `zrok share` bridge. When you use a `reserved` share, the share token will not be deleted between multiple runs of `zrok share`.
-
+
-To use a `reserved` share, you will first run the `zrok reserve` command to create the reserved share (see `zrok reserve --help` for details). Once you've created your `reserved` share, you will use the `zrok share reserved` command (see `--help` for details) to run the bridge for the shared resource.
+To use a `reserved` share, you will first run the `zrok reserve` command to create the reserved share (see `zrok reserve --help` for details). Once you've created your `reserved` share, you will use the `zrok share reserved` command (see `--help` for details) to run the bridge for the shared resource.
-
+
-This pattern works for both `public` and `private` shares, and for all resource types supported by `zrok`.
+This pattern works for both `public` and `private` shares, and for all resource types supported by `zrok`.
-
+
-To delete your `reserved` share use the `zrok release` command or click the delete button in the share's _Actions_ tab in the web console.
+To delete your `reserved` share use the `zrok release` command or click the delete button in the share's _Actions_ tab in the web console.
--- a/docs/guides/_category_.json
+++ b/docs/guides/_category_.json
@ -1,7 +1,7 @@
-{
+{
-  "label": "Guides",
+  "label": "Guides",
-  "position": 50,
+  "position": 50,
-  "link": {
+  "link": {
-    "type": "generated-index"
+    "type": "generated-index"
-  }
+  }
-}
+}
--- a/docs/guides/install/_category_.json
+++ b/docs/guides/install/_category_.json
@ -1,8 +1,8 @@
-{
+{
-  "label": "Install",
+  "label": "Install",
-  "position": 10,
+  "position": 10,
-  "link": {
+  "link": {
-    "type": "doc",
+    "type": "doc",
-    "id": "guides/install/index"
+    "id": "guides/install/index"
-  }
+  }
-}
+}
--- a/docs/guides/install/windows.mdx
+++ b/docs/guides/install/windows.mdx
@ -29,7 +29,7 @@ import styles from '@site/src/css/download-card.module.css';
    ```text
    $source = Join-Path -Path $env:TEMP -ChildPath "zrok\zrok.exe"
-    $destination = Join-Path -Path $env:HOME -ChildPath "bin\zrok.exe"
+    $destination = Join-Path -Path $env:USERPROFILE -ChildPath "bin\zrok.exe"
    New-Item -Path $destination -ItemType Directory -ErrorAction SilentlyContinue
    Copy-Item -Path $source -Destination $destination
    $env:path += ";"+$destination
--- a/endpoints/socks/backend.go
+++ b/endpoints/socks/backend.go
@ -0,0 +1,53 @@
 package socks
 import (
 	"github.com/openziti/sdk-golang/ziti"
 	"github.com/openziti/sdk-golang/ziti/edge"
 	"github.com/openziti/zrok/endpoints"
 	"github.com/pkg/errors"
 	"time"
 )
 type BackendConfig struct {
 	IdentityPath string
 	ShrToken     string
 	Requests     chan *endpoints.Request
 }
 type Backend struct {
 	cfg      *BackendConfig
 	listener edge.Listener
 	server   *Server
 }
 func NewBackend(cfg *BackendConfig) (*Backend, error) {
 	options := ziti.ListenOptions{
 		ConnectTimeout:               5 * time.Minute,
 		WaitForNEstablishedListeners: 1,
 	}
 	zcfg, err := ziti.NewConfigFromFile(cfg.IdentityPath)
 	if err != nil {
 		return nil, errors.Wrap(err, "error loading ziti identity")
 	}
 	zctx, err := ziti.NewContext(zcfg)
 	if err != nil {
 		return nil, errors.Wrap(err, "error loading ziti context")
 	}
 	listener, err := zctx.ListenWithOptions(cfg.ShrToken, &options)
 	if err != nil {
 		return nil, err
 	}
 	return &Backend{
 		cfg:      cfg,
 		listener: listener,
 		server:   &Server{Requests: cfg.Requests},
 	}, nil
 }
 func (b *Backend) Run() error {
 	if err := b.server.Serve(b.listener); err != nil {
 		return err
 	}
 	return nil
 }
--- a/endpoints/socks/socks5.go
+++ b/endpoints/socks/socks5.go
@ -0,0 +1,415 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 // Package socks5 is a SOCKS5 server implementation.
 //
 // This is used for userspace networking in Tailscale. Specifically,
 // this is used for dialing out of the machine to other nodes, without
 // the host kernel's involvement, so it doesn't proper routing tables,
 // TUN, IPv6, etc. This package is meant to only handle the SOCKS5 protocol
 // details and not any integration with Tailscale internals itself.
 //
 // The glue between this package and Tailscale is in net/socks5/tssocks.
 package socks
 import (
 	"context"
 	"encoding/binary"
 	"fmt"
 	"github.com/openziti/zrok/endpoints"
 	"github.com/sirupsen/logrus"
 	"io"
 	"net"
 	"strconv"
 	"time"
 )
 // Authentication METHODs described in RFC 1928, section 3.
 const (
 	noAuthRequired   byte = 0
 	passwordAuth     byte = 2
 	noAcceptableAuth byte = 255
 )
 // passwordAuthVersion is the auth version byte described in RFC 1929.
 const passwordAuthVersion = 1
 // socks5Version is the byte that represents the SOCKS version
 // in requests.
 const socks5Version byte = 5
 // commandType are the bytes sent in SOCKS5 packets
 // that represent the kind of connection the client needs.
 type commandType byte
 // The set of valid SOCKS5 commands as described in RFC 1928.
 const (
 	connect      commandType = 1
 	bind         commandType = 2
 	udpAssociate commandType = 3
 )
 // addrType are the bytes sent in SOCKS5 packets
 // that represent particular address types.
 type addrType byte
 // The set of valid SOCKS5 address types as defined in RFC 1928.
 const (
 	ipv4       addrType = 1
 	domainName addrType = 3
 	ipv6       addrType = 4
 )
 // replyCode are the bytes sent in SOCKS5 packets
 // that represent replies from the server to a client
 // request.
 type replyCode byte
 // The set of valid SOCKS5 reply types as per the RFC 1928.
 const (
 	success              replyCode = 0
 	generalFailure       replyCode = 1
 	connectionNotAllowed replyCode = 2
 	networkUnreachable   replyCode = 3
 	hostUnreachable      replyCode = 4
 	connectionRefused    replyCode = 5
 	ttlExpired           replyCode = 6
 	commandNotSupported  replyCode = 7
 	addrTypeNotSupported replyCode = 8
 )
 // Server is a SOCKS5 proxy server.
 type Server struct {
 	// Dialer optionally specifies the dialer to use for outgoing connections.
 	// If nil, the net package's standard dialer is used.
 	Dialer func(ctx context.Context, network, addr string) (net.Conn, error)
 	// Username and Password, if set, are the credential clients must provide.
 	Username string
 	Password string
 	// For notifying user-facing components about activity
 	Requests chan *endpoints.Request
 }
 func (s *Server) dial(ctx context.Context, network, addr string) (net.Conn, error) {
 	dial := s.Dialer
 	if dial == nil {
 		dialer := &net.Dialer{}
 		dial = dialer.DialContext
 	}
 	return dial(ctx, network, addr)
 }
 // Serve accepts and handles incoming connections on the given listener.
 func (s *Server) Serve(l net.Listener) error {
 	defer l.Close()
 	for {
 		c, err := l.Accept()
 		if err != nil {
 			return err
 		}
 		go func() {
 			defer c.Close()
 			conn := &Conn{clientConn: c, srv: s}
 			err := conn.Run()
 			if err != nil {
 				logrus.Infof("client connection failed: %v", err)
 			}
 		}()
 	}
 }
 // Conn is a SOCKS5 connection for client to reach
 // server.
 type Conn struct {
 	// The struct is filled by each of the internal
 	// methods in turn as the transaction progresses.
 	srv        *Server
 	clientConn net.Conn
 	request    *request
 }
 // Run starts the new connection.
 func (c *Conn) Run() error {
 	needAuth := c.srv.Username != "" || c.srv.Password != ""
 	authMethod := noAuthRequired
 	if needAuth {
 		authMethod = passwordAuth
 	}
 	err := parseClientGreeting(c.clientConn, authMethod)
 	if err != nil {
 		c.clientConn.Write([]byte{socks5Version, noAcceptableAuth})
 		return err
 	}
 	c.clientConn.Write([]byte{socks5Version, authMethod})
 	if !needAuth {
 		return c.handleRequest()
 	}
 	user, pwd, err := parseClientAuth(c.clientConn)
 	if err != nil || user != c.srv.Username || pwd != c.srv.Password {
 		c.clientConn.Write([]byte{1, 1}) // auth error
 		return err
 	}
 	c.clientConn.Write([]byte{1, 0}) // auth success
 	return c.handleRequest()
 }
 func (c *Conn) handleRequest() error {
 	req, err := parseClientRequest(c.clientConn)
 	if err != nil {
 		res := &response{reply: generalFailure}
 		buf, _ := res.marshal()
 		c.clientConn.Write(buf)
 		return err
 	}
 	if req.command != connect {
 		res := &response{reply: commandNotSupported}
 		buf, _ := res.marshal()
 		c.clientConn.Write(buf)
 		return fmt.Errorf("unsupported command %v", req.command)
 	}
 	c.request = req
 	if c.srv.Requests != nil {
 		c.srv.Requests <- &endpoints.Request{
 			Stamp:  time.Now(),
 			Method: "CONNECT",
 			Path:   fmt.Sprintf("%v:%d", c.request.destination, c.request.port),
 		}
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	srv, err := c.srv.dial(
 		ctx,
 		"tcp",
 		net.JoinHostPort(c.request.destination, strconv.Itoa(int(c.request.port))),
 	)
 	if err != nil {
 		res := &response{reply: generalFailure}
 		buf, _ := res.marshal()
 		c.clientConn.Write(buf)
 		return err
 	}
 	defer srv.Close()
 	serverAddr, serverPortStr, err := net.SplitHostPort(srv.LocalAddr().String())
 	if err != nil {
 		return err
 	}
 	serverPort, _ := strconv.Atoi(serverPortStr)
 	var bindAddrType addrType
 	if ip := net.ParseIP(serverAddr); ip != nil {
 		if ip.To4() != nil {
 			bindAddrType = ipv4
 		} else {
 			bindAddrType = ipv6
 		}
 	} else {
 		bindAddrType = domainName
 	}
 	res := &response{
 		reply:        success,
 		bindAddrType: bindAddrType,
 		bindAddr:     serverAddr,
 		bindPort:     uint16(serverPort),
 	}
 	buf, err := res.marshal()
 	if err != nil {
 		res = &response{reply: generalFailure}
 		buf, _ = res.marshal()
 	}
 	c.clientConn.Write(buf)
 	errc := make(chan error, 2)
 	go func() {
 		_, err := io.Copy(c.clientConn, srv)
 		if err != nil {
 			err = fmt.Errorf("from backend to client: %w", err)
 		}
 		errc <- err
 	}()
 	go func() {
 		_, err := io.Copy(srv, c.clientConn)
 		if err != nil {
 			err = fmt.Errorf("from client to backend: %w", err)
 		}
 		errc <- err
 	}()
 	return <-errc
 }
 // parseClientGreeting parses a request initiation packet.
 func parseClientGreeting(r io.Reader, authMethod byte) error {
 	var hdr [2]byte
 	_, err := io.ReadFull(r, hdr[:])
 	if err != nil {
 		return fmt.Errorf("could not read packet header")
 	}
 	if hdr[0] != socks5Version {
 		return fmt.Errorf("incompatible SOCKS version")
 	}
 	count := int(hdr[1])
 	methods := make([]byte, count)
 	_, err = io.ReadFull(r, methods)
 	if err != nil {
 		return fmt.Errorf("could not read methods")
 	}
 	for _, m := range methods {
 		if m == authMethod {
 			return nil
 		}
 	}
 	return fmt.Errorf("no acceptable auth methods")
 }
 func parseClientAuth(r io.Reader) (usr, pwd string, err error) {
 	var hdr [2]byte
 	if _, err := io.ReadFull(r, hdr[:]); err != nil {
 		return "", "", fmt.Errorf("could not read auth packet header")
 	}
 	if hdr[0] != passwordAuthVersion {
 		return "", "", fmt.Errorf("bad SOCKS auth version")
 	}
 	usrLen := int(hdr[1])
 	usrBytes := make([]byte, usrLen)
 	if _, err := io.ReadFull(r, usrBytes); err != nil {
 		return "", "", fmt.Errorf("could not read auth packet username")
 	}
 	var hdrPwd [1]byte
 	if _, err := io.ReadFull(r, hdrPwd[:]); err != nil {
 		return "", "", fmt.Errorf("could not read auth packet password length")
 	}
 	pwdLen := int(hdrPwd[0])
 	pwdBytes := make([]byte, pwdLen)
 	if _, err := io.ReadFull(r, pwdBytes); err != nil {
 		return "", "", fmt.Errorf("could not read auth packet password")
 	}
 	return string(usrBytes), string(pwdBytes), nil
 }
 // request represents data contained within a SOCKS5
 // connection request packet.
 type request struct {
 	command      commandType
 	destination  string
 	port         uint16
 	destAddrType addrType
 }
 // parseClientRequest converts raw packet bytes into a
 // SOCKS5Request struct.
 func parseClientRequest(r io.Reader) (*request, error) {
 	var hdr [4]byte
 	_, err := io.ReadFull(r, hdr[:])
 	if err != nil {
 		return nil, fmt.Errorf("could not read packet header")
 	}
 	cmd := hdr[1]
 	destAddrType := addrType(hdr[3])
 	var destination string
 	var port uint16
 	if destAddrType == ipv4 {
 		var ip [4]byte
 		_, err = io.ReadFull(r, ip[:])
 		if err != nil {
 			return nil, fmt.Errorf("could not read IPv4 address")
 		}
 		destination = net.IP(ip[:]).String()
 	} else if destAddrType == domainName {
 		var dstSizeByte [1]byte
 		_, err = io.ReadFull(r, dstSizeByte[:])
 		if err != nil {
 			return nil, fmt.Errorf("could not read domain name size")
 		}
 		dstSize := int(dstSizeByte[0])
 		domainName := make([]byte, dstSize)
 		_, err = io.ReadFull(r, domainName)
 		if err != nil {
 			return nil, fmt.Errorf("could not read domain name")
 		}
 		destination = string(domainName)
 	} else if destAddrType == ipv6 {
 		var ip [16]byte
 		_, err = io.ReadFull(r, ip[:])
 		if err != nil {
 			return nil, fmt.Errorf("could not read IPv6 address")
 		}
 		destination = net.IP(ip[:]).String()
 	} else {
 		return nil, fmt.Errorf("unsupported address type")
 	}
 	var portBytes [2]byte
 	_, err = io.ReadFull(r, portBytes[:])
 	if err != nil {
 		return nil, fmt.Errorf("could not read port")
 	}
 	port = binary.BigEndian.Uint16(portBytes[:])
 	return &request{
 		command:      commandType(cmd),
 		destination:  destination,
 		port:         port,
 		destAddrType: destAddrType,
 	}, nil
 }
 // response contains the contents of
 // a response packet sent from the proxy
 // to the client.
 type response struct {
 	reply        replyCode
 	bindAddrType addrType
 	bindAddr     string
 	bindPort     uint16
 }
 // marshal converts a SOCKS5Response struct into
 // a packet. If res.reply == Success, it may throw an error on
 // receiving an invalid bind address. Otherwise, it will not throw.
 func (res *response) marshal() ([]byte, error) {
 	pkt := make([]byte, 4)
 	pkt[0] = socks5Version
 	pkt[1] = byte(res.reply)
 	pkt[2] = 0 // null reserved byte
 	pkt[3] = byte(res.bindAddrType)
 	if res.reply != success {
 		return pkt, nil
 	}
 	var addr []byte
 	switch res.bindAddrType {
 	case ipv4:
 		addr = net.ParseIP(res.bindAddr).To4()
 		if addr == nil {
 			return nil, fmt.Errorf("invalid IPv4 address for binding")
 		}
 	case domainName:
 		if len(res.bindAddr) > 255 {
 			return nil, fmt.Errorf("invalid domain name for binding")
 		}
 		addr = make([]byte, 0, len(res.bindAddr)+1)
 		addr = append(addr, byte(len(res.bindAddr)))
 		addr = append(addr, []byte(res.bindAddr)...)
 	case ipv6:
 		addr = net.ParseIP(res.bindAddr).To16()
 		if addr == nil {
 			return nil, fmt.Errorf("invalid IPv6 address for binding")
 		}
 	default:
 		return nil, fmt.Errorf("unsupported address type")
 	}
 	pkt = append(pkt, addr...)
 	pkt = binary.BigEndian.AppendUint16(pkt, uint16(res.bindPort))
 	return pkt, nil
 }
--- a/go.mod
+++ b/go.mod
@ -9,14 +9,14 @@ require (
 	github.com/charmbracelet/bubbletea v0.23.1
 	github.com/charmbracelet/lipgloss v0.6.0
 	github.com/go-openapi/errors v0.21.0
-	github.com/go-openapi/loads v0.21.3
+	github.com/go-openapi/loads v0.21.5
-	github.com/go-openapi/runtime v0.26.2
+	github.com/go-openapi/runtime v0.27.1
-	github.com/go-openapi/spec v0.20.12
+	github.com/go-openapi/spec v0.20.14
-	github.com/go-openapi/strfmt v0.21.10
+	github.com/go-openapi/strfmt v0.22.0
-	github.com/go-openapi/swag v0.22.5
+	github.com/go-openapi/swag v0.22.9
-	github.com/go-openapi/validate v0.22.4
+	github.com/go-openapi/validate v0.22.6
-	github.com/golang-jwt/jwt/v5 v5.0.0
+	github.com/golang-jwt/jwt/v5 v5.2.0
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.1
 	github.com/iancoleman/strcase v0.2.0
 	github.com/influxdata/influxdb-client-go/v2 v2.11.0
@ -30,25 +30,25 @@ require (
 	github.com/michaelquigley/pfxlog v0.6.10
 	github.com/muesli/reflow v0.3.0
 	github.com/nxadm/tail v1.4.8
-	github.com/openziti/channel/v2 v2.0.113
+	github.com/openziti/channel/v2 v2.0.119
-	github.com/openziti/edge-api v0.26.7
+	github.com/openziti/edge-api v0.26.10
 	github.com/openziti/fabric v0.23.26
-	github.com/openziti/identity v1.0.68
+	github.com/openziti/identity v1.0.70
-	github.com/openziti/sdk-golang v0.22.6
+	github.com/openziti/sdk-golang v0.22.28
-	github.com/openziti/transport/v2 v2.0.119
+	github.com/openziti/transport/v2 v2.0.122
 	github.com/pkg/errors v0.9.1
 	github.com/rabbitmq/amqp091-go v1.8.1
 	github.com/rubenv/sql-migrate v1.6.0
-	github.com/shirou/gopsutil/v3 v3.23.11
+	github.com/shirou/gopsutil/v3 v3.24.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
 	github.com/wneessen/go-mail v0.2.7
 	github.com/zitadel/oidc/v2 v2.12.0
 	go.uber.org/zap v1.25.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.18.0
-	golang.org/x/net v0.19.0
+	golang.org/x/net v0.20.0
-	golang.org/x/oauth2 v0.13.0
+	golang.org/x/oauth2 v0.16.0
 	golang.org/x/time v0.3.0
 	nhooyr.io/websocket v1.8.10
 )
@ -97,13 +97,13 @@ require (
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-kit/kit v0.10.0 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-openapi/analysis v0.21.5 // indirect
+	github.com/go-openapi/analysis v0.22.2 // indirect
-	github.com/go-openapi/jsonpointer v0.20.1 // indirect
+	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.3 // indirect
+	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-resty/resty/v2 v2.10.0 // indirect
+	github.com/go-resty/resty/v2 v2.11.0 // indirect
 	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
@ -162,9 +162,9 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/openziti/foundation/v2 v2.0.35 // indirect
+	github.com/openziti/foundation/v2 v2.0.37 // indirect
-	github.com/openziti/metrics v1.2.41 // indirect
+	github.com/openziti/metrics v1.2.45 // indirect
-	github.com/openziti/secretstream v0.1.15 // indirect
+	github.com/openziti/secretstream v0.1.16 // indirect
 	github.com/openziti/storage v0.2.6 // indirect
 	github.com/orcaman/concurrent-map/v2 v2.0.1 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
@ -225,9 +225,9 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
--- a/go.sum
+++ b/go.sum
@ -100,7 +100,6 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw=
 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
@ -182,7 +181,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@ -262,63 +260,36 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
 github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
 github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
+github.com/go-openapi/analysis v0.22.2 h1:ZBmNoP2h5omLKr/srIC9bfqrUGzT6g6gNv03HE9Vpj0=
-github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
+github.com/go-openapi/analysis v0.22.2/go.mod h1:pDF4UbZsQTo/oNuRfAWWd4dAh4yuYf//LYorPTjrpvo=
 github.com/go-openapi/analysis v0.21.5 h1:3tHfEBh6Ia8eKc4M7khOGjPOAlWKJ10d877Cr9teujI=
 github.com/go-openapi/analysis v0.21.5/go.mod h1:25YcZosX9Lwz2wBsrFrrsL8bmjjXdlyP6zsr2AMy29M=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M=
 github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
 github.com/go-openapi/errors v0.21.0 h1:FhChC/duCnfoLj1gZ0BgaBmzhJC2SL/sJr8a2vAobSY=
 github.com/go-openapi/errors v0.21.0/go.mod h1:jxNTMUxRCKj65yb/okJGEtahVd7uvWnuWfj53bse4ho=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q=
-github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
-github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
+github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU=
-github.com/go-openapi/jsonpointer v0.20.1 h1:MkK4VEIEZMj4wT9PmjaUmGflVBr9nvud4Q4UVFbDoBE=
+github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4=
-github.com/go-openapi/jsonpointer v0.20.1/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
+github.com/go-openapi/loads v0.21.5 h1:jDzF4dSoHw6ZFADCGltDb2lE4F6De7aWSpe+IcsRzT0=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/loads v0.21.5/go.mod h1:PxTsnFBoBe+z89riT+wYt3prmSBP6GDAQh2l9H1Flz8=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/runtime v0.27.1 h1:ae53yaOoh+fx/X5Eaq8cRmavHgDma65XPZuvBqvJYto=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/runtime v0.27.1/go.mod h1:fijeJEiEclyS8BRurYE1DE5TLb9/KZl6eAdbzjsrlLU=
-github.com/go-openapi/jsonreference v0.20.3 h1:EjGcjTW8pD1mRis6+w/gmoBdqv5+RbE9B85D1NgDOVQ=
+github.com/go-openapi/spec v0.20.14 h1:7CBlRnw+mtjFGlPDRZmAMnq35cRzI91xj03HVyUi/Do=
-github.com/go-openapi/jsonreference v0.20.3/go.mod h1:FviDZ46i9ivh810gqzFLl5NttD5q3tSlMLqLr6okedM=
+github.com/go-openapi/spec v0.20.14/go.mod h1:8EOhTpBoFiask8rrgwbLC3zmJfz4zsCUueRuPM6GNkw=
-github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
+github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI=
-github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
+github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4=
 github.com/go-openapi/loads v0.21.3 h1:8sSH2FIm/SnbDUGv572md4YqVMFne/a9Eubvcd3anew=
 github.com/go-openapi/loads v0.21.3/go.mod h1:Y3aMR24iHbKHppOj91nQ/SHc0cuPbAr4ndY4a02xydc=
 github.com/go-openapi/runtime v0.26.2 h1:elWyB9MacRzvIVgAZCBJmqTi7hBzU0hlKD4IvfX0Zl0=
 github.com/go-openapi/runtime v0.26.2/go.mod h1:O034jyRZ557uJKzngbMDJXkcKJVzXJiymdSfgejrcRw=
 github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.11 h1:J/TzFDLTt4Rcl/l1PmyErvkqlJDncGvPTMnCI39I4gY=
 github.com/go-openapi/spec v0.20.11/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.12 h1:cgSLbrsmziAP2iais+Vz7kSazwZ8rsUZd6TUzdDgkVI=
 github.com/go-openapi/spec v0.20.12/go.mod h1:iSCgnBcwbMW9SfzJb8iYynXvcY6C/QFrI7otzF7xGM4=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
 github.com/go-openapi/strfmt v0.21.9 h1:LnEGOO9qyEC1v22Bzr323M98G13paIUGPU7yeJtG9Xs=
 github.com/go-openapi/strfmt v0.21.9/go.mod h1:0k3v301mglEaZRJdDDGSlN6Npq4VMVU69DE0LUyf7uA=
 github.com/go-openapi/strfmt v0.21.10 h1:JIsly3KXZB/Qf4UzvzJpg4OELH/0ASDQsyk//TTBDDk=
 github.com/go-openapi/strfmt v0.21.10/go.mod h1:vNDMwbilnl7xKiO/Ve/8H8Bb2JIInBnH+lqiw6QWgis=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/validate v0.22.6 h1:+NhuwcEYpWdO5Nm4bmvhGLW0rt1Fcc532Mu3wpypXfo=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/validate v0.22.6/go.mod h1:eaddXSqKeTg5XpSmj1dYyFTK/95n/XHwcOY+BMxKMyM=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqxT/8=
-github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugys=
+github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
 github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
 github.com/go-openapi/validate v0.22.3 h1:KxG9mu5HBRYbecRb37KRCihvGGtND2aXziBAv0NNfyI=
 github.com/go-openapi/validate v0.22.3/go.mod h1:kVxh31KbfsxU8ZyoHaDbLBWU5CnMdqBUEtadQ2G4d5M=
 github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKEijzk8=
 github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A=
 github.com/go-resty/resty/v2 v2.10.0 h1:Qla4W/+TMmv0fOeeRqzEpXPLfTUnR5HZ1+lGs+CkiCo=
 github.com/go-resty/resty/v2 v2.10.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
@ -338,8 +309,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
@ -435,10 +406,8 @@ github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
 github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@ -604,7 +573,6 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -635,7 +603,6 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
@ -705,7 +672,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@ -731,6 +697,8 @@ github.com/muesli/termenv v0.13.0 h1:wK20DRpJdDX8b7Ek2QfhvqhRQFZ237RGRO0RQ/Iqdy0
 github.com/muesli/termenv v0.13.0/go.mod h1:sP1+uffeLaEYpyOTb8pLCUctGcGLnoFjSn4YJK5e2bc=
 github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=
 github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=
 github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY=
 github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
 github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
@ -773,36 +741,26 @@ github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxS
 github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
 github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openziti/channel/v2 v2.0.111 h1:ZZDyUUFcyshitXjUqAMjdAKbaDMpgV7oX1Jp1I35Rc4=
+github.com/openziti/channel/v2 v2.0.119 h1:stfSrnDqoTi78LMvQA3+NSivHjQnRrYKrgij5NaOENI=
-github.com/openziti/channel/v2 v2.0.111/go.mod h1:abw0qwT0MzWvh1eI2P6D6CD17PRHL8EEo1d3DHCyCdM=
+github.com/openziti/channel/v2 v2.0.119/go.mod h1:lSRJwqmbkE34DgXYEmUhVCzwcQcx65vZGE8nuBNK458=
-github.com/openziti/channel/v2 v2.0.113 h1:J7GdiwusrwpHtbQKAgQErRe4RJdeqTUQhIZNgsZpDn4=
+github.com/openziti/edge-api v0.26.10 h1:LEDuJHZsExi0PBVO9iVuIdZWJ7eFo/i4TJhXoSFmfOU=
-github.com/openziti/channel/v2 v2.0.113/go.mod h1:1cVOKm52klHza4WxRgcT4Ec/NlFrGwjXPZt/V7bSE+o=
+github.com/openziti/edge-api v0.26.10/go.mod h1:FQLjav9AfqxQYSL0xKPDZ/JWTSZXApkk7jM2/iczGXM=
 github.com/openziti/edge-api v0.26.6 h1:qM5XRaYYZxRIkb3xDkAU1D2EkQx8a+oHvCWbd+v0fbA=
 github.com/openziti/edge-api v0.26.6/go.mod h1:DX+fKivCRgnl5oxuLLoEx044arhjlgI7peGlqxN+Iks=
 github.com/openziti/edge-api v0.26.7 h1:dHLH7+O+Yp3HPmhgAbvq8z93EcZDypiSOHm/PVVUCoc=
 github.com/openziti/edge-api v0.26.7/go.mod h1:yKQYyc3zhHRM7Y2BRd5R7gT9zelh46julW4chjv2W9I=
 github.com/openziti/fabric v0.23.26 h1:wEPNh8m3qcq9sw1Zmg5YgFZw1FovsKGu53rRf8qzI7A=
 github.com/openziti/fabric v0.23.26/go.mod h1:0MtkZqIHs3cJPP4DB88xsWUemDm77nN/GvWBBfq7peo=
-github.com/openziti/foundation/v2 v2.0.35 h1:4VaMwZ2kAy6jwBYeQIBN2m8rcGroTDX4A2Jp7NAKb6M=
+github.com/openziti/foundation/v2 v2.0.37 h1:7pa4vWrlwllEoLXaK2rx91AffLQJ8k5pvc92oWANavA=
-github.com/openziti/foundation/v2 v2.0.35/go.mod h1:Xnb3IxP1e1UcgLggqSunEpCjH3iHozkPi9Bd9GESbwo=
+github.com/openziti/foundation/v2 v2.0.37/go.mod h1:2NxzCnJbMw35U9RrFcdEaiXdxIMfBHOUNPngpyhvKeY=
-github.com/openziti/identity v1.0.68 h1:SaFr7BeFQBoWQDiT28vUb8D9w7v6lIAK6/9RkwmV0OU=
+github.com/openziti/identity v1.0.70 h1:JNwtJHmIS0DcXookm2xuXyh4z92T1O21GQvuO8PmHWs=
-github.com/openziti/identity v1.0.68/go.mod h1:HbOu3TQ032v8xE6xZWjO51azF4fUxRLjO/l/oGqJwUI=
+github.com/openziti/identity v1.0.70/go.mod h1:jsKBL4G1BsmDSCIfhK4jha5B3Sevgy1jyZq0GtFKhSk=
-github.com/openziti/metrics v1.2.40 h1:gySRgR8prCPqaEjmUtX0eXFs7NkI9uPAzp+z6A8+JqA=
+github.com/openziti/metrics v1.2.45 h1:+3zqszLWyFdTgzbsQD90V0yJcC9Ek77qKaIGMQXkAXs=
-github.com/openziti/metrics v1.2.40/go.mod h1:HXdVryf3xpZfnY4VcaOjMxiBv+qw0wJlEJNLbooB9hY=
+github.com/openziti/metrics v1.2.45/go.mod h1:g6CgAEbFes2UtdfGrsR8AKkuoBVL5dkU61843uQvllM=
-github.com/openziti/metrics v1.2.41 h1:JShcFb6qJPA2cMiWQLtcSXiJjsrhEWpH+aVcjT/Mcbs=
+github.com/openziti/sdk-golang v0.22.28 h1:s159CT42dXug4GiJiN/kM6/ol+N2LFZ2tUk6bOpbgiI=
-github.com/openziti/metrics v1.2.41/go.mod h1:L9h0NrliMA3+p7+ascKgvx28qoKHymN9l+CMA+Q+sZc=
+github.com/openziti/sdk-golang v0.22.28/go.mod h1:BLaLvcLqAgf3JFoDPWLTj3j3X5rndo6ZejdDdkMlihQ=
-github.com/openziti/sdk-golang v0.21.2 h1:P66cslOAmQX37VFan+df+MoD2PqaFjHWDNMpuhhXHSo=
+github.com/openziti/secretstream v0.1.16 h1:tVanF7OpJL1MJ1gvWaRlR2i+kAbrGsxr3q6EXFOS08U=
-github.com/openziti/sdk-golang v0.21.2/go.mod h1:mepEUD39DsBm/v1WVLedYRoYCFdet5mmJ5Sxqm/zkFI=
+github.com/openziti/secretstream v0.1.16/go.mod h1:bvjGBUW/0e5MzD5S3FW3rhGASRNWAi+kTkTENZ9qRDE=
 github.com/openziti/sdk-golang v0.22.6 h1:AG0FNnh3QHTmqgL7Igl+ib2V65h0I2GskZ4Xi97eOo8=
 github.com/openziti/sdk-golang v0.22.6/go.mod h1:eq0Ww3cX8SVUyhAVGlZSZPIGBrMEnUioVBRME/IZ7rU=
 github.com/openziti/secretstream v0.1.14 h1:Ta+nB5Prcct+L5LIKUA1nE56QhWS6lMPQYTlpxUltU0=
 github.com/openziti/secretstream v0.1.14/go.mod h1:/hhuLfu+GIv0+cnapfsu/VOnXEvmTt3GKtCu+lQ0RIw=
 github.com/openziti/secretstream v0.1.15 h1:bGoPlT5zmZ+BiLKFMlaARG3gfiUzuhX/kmK6OInaghU=
 github.com/openziti/secretstream v0.1.15/go.mod h1:LyghB5JOlgvFASkLYPiBgjj5rcFXKiLD4qwHYRfBxnU=
 github.com/openziti/storage v0.2.6 h1:/pbIRzDwrczMWRVkN75PfwAXFbArplIqhpRsUrsUOBc=
 github.com/openziti/storage v0.2.6/go.mod h1:JnjCofrnPcajwn6VIB2CgI7pVVUFBL7evbezIsQ4AgA=
-github.com/openziti/transport/v2 v2.0.119 h1:KOgHU+9EZUVPvv8ncifqHmNEcFUHbJHigo3jyPvWnOc=
+github.com/openziti/transport/v2 v2.0.122 h1:XWwZ6JcSO1nvbZgfp6kdf8aR5LEEN343mpZlhSihirk=
-github.com/openziti/transport/v2 v2.0.119/go.mod h1:H2IIBP6ed9isE/eJHGXtAZL0d73ApYOpLG9sSvutNNI=
+github.com/openziti/transport/v2 v2.0.122/go.mod h1:07Ak2jMsyZmi7/ECxGNfMXk8cF1Vj5qtKj90FoAnK8A=
 github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=
 github.com/orcaman/concurrent-map/v2 v2.0.1/go.mod h1:9Eq3TG2oBe5FirmYWQfYO5iH1q0Jv47PLaNK++uCdOM=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
@ -876,9 +834,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE=
 github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
 github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
@ -897,10 +854,8 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh
 github.com/schollz/jsonstore v1.1.0 h1:WZBDjgezFS34CHI+myb4s8GGpir3UMpy7vWoCeO0n6E=
 github.com/schollz/jsonstore v1.1.0/go.mod h1:15c6+9guw8vDRyozGjN3FoILt0wpruJk9Pi66vjaZfg=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/shirou/gopsutil/v3 v3.23.10 h1:/N42opWlYzegYaVkWejXWJpbzKv2JDy3mrgGzKsh9hM=
+github.com/shirou/gopsutil/v3 v3.24.1 h1:R3t6ondCEvmARp3wxODhXMTLC/klMa87h2PHUw5m7QI=
-github.com/shirou/gopsutil/v3 v3.23.10/go.mod h1:JIE26kpucQi+innVlAUnIEOSBhBUkirr5b44yr55+WE=
+github.com/shirou/gopsutil/v3 v3.24.1/go.mod h1:UU7a2MSBQa+kW1uuDq8DeEBS8kmrnQwsv2b5O513rwU=
 github.com/shirou/gopsutil/v3 v3.23.11 h1:i3jP9NjCPUz7FiZKxlMnODZkdSIp2gnzfrvsu9CuWEQ=
 github.com/shirou/gopsutil/v3 v3.23.11/go.mod h1:1FrWgea594Jp7qmjHUUPlJDTPgcsb9mGnXDxavtikzM=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
 github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
 github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
@ -983,7 +938,6 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046 h1:8rUlviSVOEe7TMk7W0gIPrW8MqEzYfZHpsNWSf8s2vg=
 github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
 github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
 github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
@ -1002,9 +956,7 @@ github.com/wneessen/go-mail v0.2.7/go.mod h1:m25lkU2GYQnlVr6tdwK533/UXxo57V0kLOj
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
 github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
 github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
@ -1029,8 +981,6 @@ github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvv
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/zitadel/oidc/v2 v2.7.0 h1:IGX4EDk6tegTjUSsZDWeTfLseFU0BdJ/Glf1tgys2lU=
 github.com/zitadel/oidc/v2 v2.7.0/go.mod h1:zkUkVJS0sDVy9m0UA9RgO3f8i/C0rtjvXU36UJj7T+0=
 github.com/zitadel/oidc/v2 v2.12.0 h1:4aMTAy99/4pqNwrawEyJqhRb3yY3PtcDxnoDSryhpn4=
 github.com/zitadel/oidc/v2 v2.12.0/go.mod h1:LrRav74IiThHGapQgCHZOUNtnqJG0tcZKHro/91rtLw=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@ -1040,7 +990,6 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
 go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
 go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
 go.mozilla.org/pkcs7 v0.0.0-20210730143726-725912489c62/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
@ -1134,8 +1083,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -1229,8 +1178,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -1243,10 +1192,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
-golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -1260,8 +1207,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -1343,8 +1290,9 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@ -1353,8 +1301,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -1569,15 +1517,12 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
 google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -1603,11 +1548,8 @@ gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/rest_model_zrok/share_request.go
+++ b/rest_model_zrok/share_request.go
@ -28,7 +28,7 @@ type ShareRequest struct {
 	AuthUsers []*AuthUser `json:"authUsers"`
 	// backend mode
-	// Enum: [proxy web tcpTunnel udpTunnel caddy drive]
+	// Enum: [proxy web tcpTunnel udpTunnel caddy drive socks]
 	BackendMode string `json:"backendMode,omitempty"`
 	// backend proxy endpoint
@ -117,7 +117,7 @@ var shareRequestTypeBackendModePropEnum []interface{}
 func init() {
 	var res []string
-	if err := json.Unmarshal([]byte(`["proxy","web","tcpTunnel","udpTunnel","caddy","drive"]`), &res); err != nil {
+	if err := json.Unmarshal([]byte(`["proxy","web","tcpTunnel","udpTunnel","caddy","drive","socks"]`), &res); err != nil {
 		panic(err)
 	}
 	for _, v := range res {
@ -144,6 +144,9 @@ const (
 	// ShareRequestBackendModeDrive captures enum value "drive"
 	ShareRequestBackendModeDrive string = "drive"
 	// ShareRequestBackendModeSocks captures enum value "socks"
 	ShareRequestBackendModeSocks string = "socks"
 )
 // prop value enum
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -1476,7 +1476,8 @@ func init() {
            "tcpTunnel",
            "udpTunnel",
            "caddy",
-            "drive"
+            "drive",
            "socks"
          ]
        },
        "backendProxyEndpoint": {
@ -3099,7 +3100,8 @@ func init() {
            "tcpTunnel",
            "udpTunnel",
            "caddy",
-            "drive"
+            "drive",
            "socks"
          ]
        },
        "backendProxyEndpoint": {
--- a/sdk/python/sdk/zrok/zrok_api/models/share_request.py
+++ b/sdk/python/sdk/zrok/zrok_api/models/share_request.py
@ -184,7 +184,7 @@ class ShareRequest(object):
        :param backend_mode: The backend_mode of this ShareRequest.  # noqa: E501
        :type: str
        """
-        allowed_values = ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive"]  # noqa: E501
+        allowed_values = ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive", "socks"]  # noqa: E501
        if backend_mode not in allowed_values:
            raise ValueError(
                "Invalid value for `backend_mode` ({0}), must be one of {1}"  # noqa: E501
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -973,7 +973,7 @@ definitions:
          type: string
      backendMode:
        type: string
-        enum: ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive"]
+        enum: ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive", "socks"]
      backendProxyEndpoint:
        type: string
      authScheme:
--- a/website/static/img/logo-apple.svg
+++ b/website/static/img/logo-apple.svg
@ -1,47 +1,47 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
+<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
-<svg fill="#000000" height="800px" width="800px" version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" 
+<svg fill="#000000" height="800px" width="800px" version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" 
-	 viewBox="0 0 22.773 22.773" xml:space="preserve">
+	 viewBox="0 0 22.773 22.773" xml:space="preserve">
-<g>
+<g>
-	<g>
+	<g>
-		<path d="M15.769,0c0.053,0,0.106,0,0.162,0c0.13,1.606-0.483,2.806-1.228,3.675c-0.731,0.863-1.732,1.7-3.351,1.573
+		<path d="M15.769,0c0.053,0,0.106,0,0.162,0c0.13,1.606-0.483,2.806-1.228,3.675c-0.731,0.863-1.732,1.7-3.351,1.573
-			c-0.108-1.583,0.506-2.694,1.25-3.561C13.292,0.879,14.557,0.16,15.769,0z"/>
+			c-0.108-1.583,0.506-2.694,1.25-3.561C13.292,0.879,14.557,0.16,15.769,0z"/>
-		<path d="M20.67,16.716c0,0.016,0,0.03,0,0.045c-0.455,1.378-1.104,2.559-1.896,3.655c-0.723,0.995-1.609,2.334-3.191,2.334
+		<path d="M20.67,16.716c0,0.016,0,0.03,0,0.045c-0.455,1.378-1.104,2.559-1.896,3.655c-0.723,0.995-1.609,2.334-3.191,2.334
-			c-1.367,0-2.275-0.879-3.676-0.903c-1.482-0.024-2.297,0.735-3.652,0.926c-0.155,0-0.31,0-0.462,0
+			c-1.367,0-2.275-0.879-3.676-0.903c-1.482-0.024-2.297,0.735-3.652,0.926c-0.155,0-0.31,0-0.462,0
-			c-0.995-0.144-1.798-0.932-2.383-1.642c-1.725-2.098-3.058-4.808-3.306-8.276c0-0.34,0-0.679,0-1.019
+			c-0.995-0.144-1.798-0.932-2.383-1.642c-1.725-2.098-3.058-4.808-3.306-8.276c0-0.34,0-0.679,0-1.019
-			c0.105-2.482,1.311-4.5,2.914-5.478c0.846-0.52,2.009-0.963,3.304-0.765c0.555,0.086,1.122,0.276,1.619,0.464
+			c0.105-2.482,1.311-4.5,2.914-5.478c0.846-0.52,2.009-0.963,3.304-0.765c0.555,0.086,1.122,0.276,1.619,0.464
-			c0.471,0.181,1.06,0.502,1.618,0.485c0.378-0.011,0.754-0.208,1.135-0.347c1.116-0.403,2.21-0.865,3.652-0.648
+			c0.471,0.181,1.06,0.502,1.618,0.485c0.378-0.011,0.754-0.208,1.135-0.347c1.116-0.403,2.21-0.865,3.652-0.648
-			c1.733,0.262,2.963,1.032,3.723,2.22c-1.466,0.933-2.625,2.339-2.427,4.74C17.818,14.688,19.086,15.964,20.67,16.716z"/>
+			c1.733,0.262,2.963,1.032,3.723,2.22c-1.466,0.933-2.625,2.339-2.427,4.74C17.818,14.688,19.086,15.964,20.67,16.716z"/>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-	<g>
+	<g>
-	</g>
+	</g>
-</g>
+</g>
 </svg>
		`@ -0,0 +1,3 @@`
							`-- +migrate Up`

							`alter type backend_mode add value 'socks';`