* user mgmt models
* define user roles
* define models for new user mgmt and groups
* oauth debug log
* initialize user role after db conn
* print oauth token in debug log
* user roles CRUD apis
* user groups CRUD Apis
* additional api checks
* add additional scopes
* add additional scopes url
* add additional scopes url
* rm additional scopes url
* setup middlleware permission checks
* integrate permission check into middleware
* integrate permission check into middleware
* check for headers for subjects
* refactor user role models
* refactor user groups models
* add new user to pending user via RAC login
* untracked
* allow multiple groups for an user
* change json tag
* add debug headers
* refer network controls form roles, add debug headers
* refer network controls form roles, add debug headers
* replace auth checks, add network id to role model
* nodes handler
* migration funcs
* invoke sync users migration func
* add debug logs
* comment middleware
* fix get all nodes api
* add debug logs
* fix middleware error nil check
* add new func to get username from jwt
* fix jwt parsing
* abort on error
* allow multiple network roles
* allow multiple network roles
* add migration func
* return err if jwt parsing fails
* set global check to true when accessing user apis
* set netid for acls api calls
* set netid for acls api calls
* update role and groups routes
* add validation checks
* add invite flow apis and magic links
* add invited user via oauth signup automatically
* create invited user on oauth signup, with groups in the invite
* add group validation for user invite
* update create user handler with new role mgmt
* add validation checks
* create user invites tables
* add error logging for email invite
* fix invite singup url
* debug log
* get query params from url
* get query params from url
* add query escape
* debug log
* debug log
* fix user signup via invite api
* set admin field for backward compatbility
* use new role id for user apis
* deprecate use of old admin fields
* deprecate usage of old user fields
* add user role as service user if empty
* setup email sender
* delete invite after user singup
* add plaform user role
* redirect on invite verification link
* fix invite redirect
* temporary redirect
* fix invite redirect
* point invite link to frontend
* fix query params lookup
* add resend support, configure email interface types
* fix groups and user creation
* validate user groups, add check for metrics api in middleware
* add invite url to invite model
* migrate rac apis to new user mgmt
* handle network nodes
* add platform user to default role
* fix user role migration
* add default on rag creation and cleanup after deletion
* fix rac apis
* change to invite code param
* filter nodes and hosts based on user network access
* extend create user group req to accomodate users
* filter network based on user access
* format oauth error
* move user roles and groups
* fix get user v1 api
* move user mgmt func to pro
* add user auth type to user model
* fix roles init
* remove platform role from group object
* list only platform roles
* add network roles to invite req
* create default groups and roles
* fix middleware for global access
* create default role
* fix nodes filter with global network roles
* block selfupdate of groups and network roles
* delete netID if net roles are empty
* validate user roles nd groups on update
* set extclient permission scope when rag vpn access is set
* allow deletion of roles and groups
* replace _ with - in role naming convention
* fix failover middleware mgmt
* format oauth templates
* fetch route temaplate
* return err if user wrong login type
* check user groups on rac apis
* fix rac apis
* fix resp msg
* add validation checks for admin invite
* return oauth type
* format group err msg
* fix html tag
* clean up default groups
* create default rag role
* add UI name to roles
* remove default net group from user when deleted
* reorder migration funcs
* fix duplicacy of hosts
* check old field for migration
* from pro to ce make all secondary users admins
* from pro to ce make all secondary users admins
* revert: from pro to ce make all secondary users admins
* make sure downgrades work
* fix pending users approval
* fix duplicate hosts
* fix duplicate hosts entries
* fix cache reference issue
* feat: configure FRONTEND_URL during installation
* disable user vpn access when network roles are modified
* rm vpn acces when roles or groups are deleted
* add http to frontend url
* revert crypto version
* downgrade crytpo version
* add platform id check on user invites
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* add api to check if failover node existed
* remove 5 minute peerUpdate
* update peerUpdate to trigger pull
* update Action name to SignalPull
* revert the peerUpdate from SignalPull
* fix getfailover error issue
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* NET-1165: Remove creation of acls on emqx (#2996)
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* comment out mq reconnect logic
* configure mq conn params
* add metric_interval in ENV for publishing metrics
* add metric_interval in ENV for publishing metrics
* update PUBLISH_METRIC_INTERVAL env name
* revert the mq setttings back
* fix error nil issue
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
* move oauth from CE build block to pro
* move oauth code and api handler under pro
* move common func back to auth from pro/auth
* change log level to Info for information logs
* fix import issue
* add debug logs
* check if user exists, handle oauth not configured for host SSO
* check if user exists, handle oauth not configured for host SSO
* check if user exists, handle oauth not configured for host SSO
* quit when websocket is closed
* quit when websocket is closed
* quit when websocket is closed
* avoid sending msg onb closed channel
* add debug log
* exit when oauth state is deleted
* add debug log
* handle oauth state not valid with appropirate message
* handle oauth state not valid with appropirate message
* check for invalid oauth state
* rm debug logs
* additionl logs for oauth user flow
* add more debug logs
* add more debug logs
* add set auth secret
* fix fetch pass
* make sure auth secret is set only once
* make sure auth secret is set only once
* add pending users api
* insert user to pending users on first time oauth login
* add pending user check on headless login
* fix conflicting apis
* no records error
* add allowed emails domains for oauth singup to config
* check if user is allowed to signup
* improve oauth message prompts
* handle trial enddate error logs
* add pending users api
* insert user to pending users on first time oauth login
* add pending user check on headless login
* fix conflicting apis
* no records error
* add allowed emails domains for oauth singup to config
* check if user is allowed to signup
* block normal user login from accessing dashboard
* header change
* allow from ui header
* allow from ui header
* check for user role after decoding
* block oauth login for normal user
* handle other oauth provider callback funcs for user login
* add superadmin role, apis to create superadmin user
* apis to attach and remove user from remote access gateways
* add api to list user's remote client has gateway clients
* remove code related user groups
* remove networks and groups from user model
* refactor user CRUD operations
* fix network permission test
* add superadmin to authorize func
* remove user network and groups from cli
* api to transfer superadmin role
* add api to list users on a ingress gw
* restrict user access to resources on server
* deny request from remote access client if extclient is already created
* fix user tests
* fix static checks
* fix static checks
* add limits to extclient create handler
* set username to superadmin on if masterkey is used
* allow creation of extclients using masterkey
* add migration func to assign superadmin role for existing admin user
* check for superadmin on migration if users are present
* allowe masterkey to extcleint apis
* check ownerid
* format error, on jwt token verification failure return unauthorized rather than forbidden
* user update fix
* move user remote functionality to ee
* fix update user api
* security patch
* initalise ee user handlers
* allow user to use master key to update any user
* use slog
* fix auth user test
* table headers
* remove user role, it's covered in middleware
* setuser defaults fix
- Avoid referencing conditions we know are false/true
- Avoid using name of imported package as variable
- Avoid broken (see list item 1) if else statement in `ipservice.go` by refactoring to switch statement
- When assigning a pointer value to a variable along with an error, check that error before referencing that pointer. Thus avoiding de-referencing a nil and causing a panic.
*** This item is the most important ***
- Standard gofmt package sorting + linting; This includes fixing comment starts for go doc
- Explicit non-handling of unhandled errors where appropriate (assigning errs to _ to reduce linter screaming)
- Export ErrExpired in `netcache` package so that we can properly reference it using `errors.Is` instead of using `strings.Contains` against an `error.Error()` value