* user policies fix
* fix user acl rules for all resources tag
* handle relayed comms via gateway with active acl policies
* fix static node comms to all resources
* add all resources src rule for static node
* user policies fix
* fix user acl rules for all resources tag
* handle relayed comms via gateway with active acl policies
* fix static node comms to all resources
* feat(git): ignore run configurations;
* feat(go): add support for TOTP authentication;
* fix(go): api docs;
* fix(go): static checks failing;
* fix(go): ignore mfa enforcement for user auth;
* feat(go): allow resetting mfa;
* feat(go): allow resetting mfa;
* feat(go): use library function;
* fix(go): signature;
* feat(go): allow only master user to unset user's mfa;
* feat(go): set caller when master to prevent panic;
* feat(go): make messages more user friendly;
* fix(go): run go mod tidy;
* fix(go): optimize imports;
* fix(go): return unauthorized on token expiry;
* fix(go): move mfa endpoints under username;
* fix(go): set is mfa enabled when converting;
* feat(go): allow authenticated users to use preauth apis;
* feat(go): set correct header value;
* feat(go): allow super-admins and admins to unset mfa;
* feat(go): allow user to unset mfa if not enforced;
* revert inet gws from acl policies
* add egress range with metric for inet gw
* link pro inet funcs
* fix extclient comms with users
* remove TODO comments
* add backwards compatibility to egress ranges
* remove all resources check
* remove device policy check on pro
* fix egress policies for users groups
* add default forwarding rule for inet gw
* revert inet gws from acl policies
* add egress range with metric for inet gw
* link pro inet funcs
* fix extclient comms with users
* remove TODO comments
* add backwards compatibility to egress ranges
* remove all resources check
* remove device policy check on pro
* revert inet gws from acl policies
* add egress range with metric for inet gw
* link pro inet funcs
* fix extclient comms with users
* remove TODO comments
* add backwards compatibility to egress ranges
* revert inet gws from acl policies
* add egress range with metric for inet gw
* link pro inet funcs
* fix extclient comms with users
* remove TODO comments
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
* fix default network user policy
* fix egress migration
* fix egress migration
* add failover inet gw check
* optiomise egress calls
* auto create gw on inet egress node
* optimise egress calls
* add global user role check
* fix egress on inet gw
* remove addtional checks on inet policy
* add acl policy for static nodes on CE
* remove chained inet gws
* fix multi-inet issue
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
* fix default network user policy
* fix egress migration
* fix egress migration
* add failover inet gw check
* optiomise egress calls
* auto create gw on inet egress node
* optimise egress calls
* add global user role check
* fix egress on inet gw
* remove addtional checks on inet policy
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
* fix default network user policy
* fix egress migration
* fix egress migration
* add failover inet gw check
* optiomise egress calls
* auto create gw on inet egress node
* optimise egress calls
* add global user role check
* fix egress on inet gw
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
* fix default network user policy
* fix egress migration
* fix egress migration
* add failover inet gw check
* optiomise egress calls
* auto create gw on inet egress node
* optimise egress calls
* add global user role check
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* fix revoked tokens to be unauthorized
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* feat(go): add types for idp package;
* feat(go): import azure sdk;
* feat(go): add stub for google workspace client;
* feat(go): implement azure ad client;
* feat(go): sync users and groups using idp client;
* publish peer update on settings update
* feat(go): read creds from env vars;
* feat(go): add api endpoint to trigger idp sync;
* fix(go): sync member changes;
* fix(go): handle error;
* fix(go): set correct response type;
* feat(go): support disabling user accounts;
1. Add api endpoints to enable and disable user accounts.
2. Add checks in authenticators to prevent disabled users from logging in.
3. Add checks in middleware to prevent api usage by disabled users.
* feat(go): use string slice for group members;
* feat(go): sync user account status from idp;
* feat(go): import google admin sdk;
* feat(go): add support for google workspace idp;
* feat(go): initialize idp client on sync;
* feat(go): sync from idp periodically;
* feat(go): improvements for google idp;
1. Use the impersonate package to authenticate.
2. Use Pages method to get all data.
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* fix user auth api:
* re initalise oauth and email config
* feat(go): fetch idp creds from server settings;
* feat(go): add filters for users and groups;
* feat(go): skip sync from idp if disabled;
* feat(go): add endpoint to remove idp integration;
* feat(go): import all users if no filters;
* feat(go): assign service-user role on sync;
* feat(go): remove microsoft-go-sdk;
* feat(go): add display name field for user;
* fix(go): set account disabled correctly;
* fix(go): update user if display name changes;
* fix(go): remove auth provider when removing idp integration;
* fix(go): ignore display name if empty;
* feat(go): add idp sync interval setting;
* fix(go): error on invalid auth provider;
* fix(go): no error if no user on group delete;
* fix(go): check superadmin using platform role id;
* feat(go): add display name and account disabled to return user as well;
* feat(go): tidy go mod after merge;
* feat(go): reinitialize auth provider and idp sync hook;
* fix(go): merge error;
* fix(go): merge error;
* feat(go): use id as the external provider id;
* fix(go): comments;
* feat(go): add function to return pending users;
* feat(go): prevent external id erasure;
* fix(go): user and group sync errors;
* chore(go): cleanup;
* fix(go): delete only oauth users;
* feat(go): use uuid group id;
* export ipd id to in rest api
* feat(go): don't use uuid for default groups;
* feat(go): migrate group only if id not uuid;
* chore(go): go mod tidy;
* fix(go): empty id user groups membership;
* fix(go): set user groups only if nil;
* fix(go): use reset to start only if required;
* fix(go): use context for better control;
* fix(go): allow id to be string or int;
* fix(go): roles and groups migration;
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <abhishek@netmaker.io>
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
