* add list roles to pro and ce
* if not pro set user role to admin
* validate update user
* add separate validation check for password on update
* remove validate check
* fix github SSO with invite signup
* add oauth scopes for user email
* remove debug log
* fix azure ad
* add list roles to pro and ce
* if not pro set user role to admin
* validate update user
* add separate validation check for password on update
* remove validate check
* generalise smtp config
* copy over smtp vars
* env new line
* fix master key api access
* comment user tests
* fix network and user invite for master key access
* remove email sender type
* user mgmt commands
* check user role on CE
* user role nmtcl cmds
* user groups commands
* fix role and groups command
* fix user create cmd
* add usage info
* rm user role check
* fix user update cmd
* fix static check
* user mgmt models
* define user roles
* define models for new user mgmt and groups
* oauth debug log
* initialize user role after db conn
* print oauth token in debug log
* user roles CRUD apis
* user groups CRUD Apis
* additional api checks
* add additional scopes
* add additional scopes url
* add additional scopes url
* rm additional scopes url
* setup middlleware permission checks
* integrate permission check into middleware
* integrate permission check into middleware
* check for headers for subjects
* refactor user role models
* refactor user groups models
* add new user to pending user via RAC login
* untracked
* allow multiple groups for an user
* change json tag
* add debug headers
* refer network controls form roles, add debug headers
* refer network controls form roles, add debug headers
* replace auth checks, add network id to role model
* nodes handler
* migration funcs
* invoke sync users migration func
* add debug logs
* comment middleware
* fix get all nodes api
* add debug logs
* fix middleware error nil check
* add new func to get username from jwt
* fix jwt parsing
* abort on error
* allow multiple network roles
* allow multiple network roles
* add migration func
* return err if jwt parsing fails
* set global check to true when accessing user apis
* set netid for acls api calls
* set netid for acls api calls
* update role and groups routes
* add validation checks
* add invite flow apis and magic links
* add invited user via oauth signup automatically
* create invited user on oauth signup, with groups in the invite
* add group validation for user invite
* update create user handler with new role mgmt
* add validation checks
* create user invites tables
* add error logging for email invite
* fix invite singup url
* debug log
* get query params from url
* get query params from url
* add query escape
* debug log
* debug log
* fix user signup via invite api
* set admin field for backward compatbility
* use new role id for user apis
* deprecate use of old admin fields
* deprecate usage of old user fields
* add user role as service user if empty
* setup email sender
* delete invite after user singup
* add plaform user role
* redirect on invite verification link
* fix invite redirect
* temporary redirect
* fix invite redirect
* point invite link to frontend
* fix query params lookup
* add resend support, configure email interface types
* fix groups and user creation
* validate user groups, add check for metrics api in middleware
* add invite url to invite model
* migrate rac apis to new user mgmt
* handle network nodes
* add platform user to default role
* fix user role migration
* add default on rag creation and cleanup after deletion
* fix rac apis
* change to invite code param
* filter nodes and hosts based on user network access
* extend create user group req to accomodate users
* filter network based on user access
* format oauth error
* move user roles and groups
* fix get user v1 api
* move user mgmt func to pro
* add user auth type to user model
* fix roles init
* remove platform role from group object
* list only platform roles
* add network roles to invite req
* create default groups and roles
* fix middleware for global access
* create default role
* fix nodes filter with global network roles
* block selfupdate of groups and network roles
* delete netID if net roles are empty
* validate user roles nd groups on update
* set extclient permission scope when rag vpn access is set
* allow deletion of roles and groups
* replace _ with - in role naming convention
* fix failover middleware mgmt
* format oauth templates
* fetch route temaplate
* return err if user wrong login type
* check user groups on rac apis
* fix rac apis
* fix resp msg
* add validation checks for admin invite
* return oauth type
* format group err msg
* fix html tag
* clean up default groups
* create default rag role
* add UI name to roles
* remove default net group from user when deleted
* reorder migration funcs
* fix duplicacy of hosts
* check old field for migration
* from pro to ce make all secondary users admins
* from pro to ce make all secondary users admins
* revert: from pro to ce make all secondary users admins
* make sure downgrades work
* fix pending users approval
* fix duplicate hosts
* fix duplicate hosts entries
* fix cache reference issue
* feat: configure FRONTEND_URL during installation
* disable user vpn access when network roles are modified
* rm vpn acces when roles or groups are deleted
* add http to frontend url
* revert crypto version
* downgrade crytpo version
* add platform id check on user invites
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* NET-1440 scale test changes
* fix UT error and add error info
* load metric data into cacha in startup
* remove debug info for metric
* add server telemetry and hasSuperAdmin to cache
* fix user UT case
* update sqlite connection string for performance
* update check-in TS in cache only if cache enabled
* update metric data in cache only if cache enabled and write to DB once in stop
* update server status in mq topic
* add failover existed to server status update
* only send mq messsage when there is server status change
* batch peerUpdate
* code changes for scale for review
* update UT case
* update mq client check
* mq connection code change
* revert server status update changes
* revert batch peerUpdate
* remove server status update info
* code changes based on review and setupmqtt in keepalive
* set the mq message order to false for PIN
* remove setupmqtt in keepalive
* recycle ip in node deletion
* update ip allocation logic
* remove ip addr cap
* remove ippool file
* update get extClient func
* remove ip from cache map when extClient is removed
* add egress range check with netmaker network address
* add egerssrange check for delete egressGW and extClientGW
* remove egress range check for delete
* add additional checks to avoid failovers
* add failover defence check on signal handler
* only add check for victim node
* avoid failover reset on pull
* add relayed for failoverme
* misc changes for failover
* remove resetfailoverpeers for InetNode
* add egress route back to allowedip list if relayed is egressGW
* add extclient back to allowedip list if peer is ingressGW
* reset failover on pull
---------
Co-authored-by: Max Ma <mayabin@gmail.com>
* exclude IngressGW in failover
* resetfailoverpeer when adding IngressGw if failover enabled
* exclude InetGW in failover
* get egress ranges of failedover peer
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
* add additional mutex lock on node acls func
* increase verbosity
* disable acls on cloud emqx
* add emqx creds creation to go routine
* add debug log of mq client id
* comment port check
* uncomment port check
* check for connection mq connection open
* use username for client id
* add write mutex on acl is allowed
* add mq connection lost handler on server
* spin off zombie init as go routine
* get whole api path from config
* Revert "get whole api path from config"
This reverts commit 392f5f4c5f.
* update extclient acls async
* add additional mutex lock on node acls func
(cherry picked from commit 5325f0e7d7)
* increase verbosity
(cherry picked from commit 705b3cf0bf)
* add emqx creds creation to go routine
(cherry picked from commit c8e65f4820)
* add debug log of mq client id
(cherry picked from commit 29c5d6ceca)
* comment port check
(cherry picked from commit db8d6d95ea)
* check for connection mq connection open
(cherry picked from commit 13b11033b0)
* use username for client id
(cherry picked from commit e90c7386de)
* add write mutex on acl is allowed
(cherry picked from commit 4cae1b0bb4)
* add mq connection lost handler on server
(cherry picked from commit c82918ad35)
* spin off zombie init as go routine
(cherry picked from commit 6d65c44c43)
* update extclient acls async
(cherry picked from commit 6557ef1ebe)
* additionl logs for oauth user flow
(cherry picked from commit 61703038ae)
* add more debug logs
(cherry picked from commit 5980beacd1)
* add more debug logs
(cherry picked from commit 4d001f0d27)
* add set auth secret
(cherry picked from commit f41cef5da5)
* fix fetch pass
(cherry picked from commit 825caf4b60)
* make sure auth secret is set only once
(cherry picked from commit ba33ed02aa)
* make sure auth secret is set only once
(cherry picked from commit 920ac4c507)
* comment usage of emqx acls
* replace read lock with write lock on acls
* replace read lock with write lock on acls
(cherry picked from commit 808d2135c8)
* use deadlock pkg for visibility
* add additional mutex locks
* remove race flag
* on mq re-connecting donot exit if failed
* on mq re-connecting donot exit if failed
* revert mutex package change
* set mq clean session
* remove debug log
* go mod tidy
* revert on prem emqx acls del
* additionl logs for oauth user flow
* add more debug logs
* add more debug logs
* add set auth secret
* fix fetch pass
* make sure auth secret is set only once
* make sure auth secret is set only once
* add pending users api
* insert user to pending users on first time oauth login
* add pending user check on headless login
* fix conflicting apis
* no records error
* add allowed emails domains for oauth singup to config
* check if user is allowed to signup
* improve oauth message prompts
* handle trial enddate error logs
* add pending users api
* insert user to pending users on first time oauth login
* add pending user check on headless login
* fix conflicting apis
* no records error
* add allowed emails domains for oauth singup to config
* check if user is allowed to signup