netmaker

mirror of https://github.com/gravitl/netmaker.git synced 2025-09-08 14:15:25 +08:00

Author	SHA1	Message	Date
abhishek9686	f538e80f76	fix enrollment key join on existing networks	2025-05-27 22:55:16 +05:30
Abhishek K	a1304b43d8	NET-2054: Auto Removal of Offline Nodes, fix enrollment key relay function (#3458 ) * check host ports on join * if 443 not available fallback to 51821 * if 443 not available fallback to 51821 * add config for auto delete of offline nodes * autocleanup offline nodes * delete offline nodes on startup * fix relay via join token	2025-05-24 08:21:47 +05:30
Abhishek K	d7bad9865a	NET-2014: Audit Logging (#3455 ) * feat: api access tokens * revoke all user tokens * redefine access token api routes, add auto egress option to enrollment keys * add server settings apis, add db table for settigs * handle server settings updates * switch to using settings from DB * fix sever settings migration * revet force migration for settings * fix server settings database write * egress model * fix revoked tokens to be unauthorized * update egress model * remove unused functions * convert access token to sql schema * switch access token to sql schema * fix merge conflicts * fix server settings types * bypass basic auth setting for super admin * add TODO comment * setup api handlers for egress revamp * use single DB, fix update nat boolean field * extend validaiton checks for egress ranges * add migration to convert to new egress model * fix panic interface conversion * publish peer update on settings update * revoke token generated by an user * add user token creation restriction by user role * add forbidden check for access token creation * revoke user token when group or role is changed * add default group to admin users on update * chore(go): import style changes from migration branch; 1. Singular file names for table schema. 2. No table name method. 3. Use .Model instead of .Table. 4. No unnecessary tagging. * remove nat check on egress gateway request * Revert "remove nat check on egress gateway request" This reverts commit `0aff12a189`. * remove nat check on egress gateway request * feat(go): add db middleware; * feat(go): restore method; * feat(go): add user access token schema; * add inet gw status to egress model * fetch node ids in the tag, add inet gw info clients * add inet gw info to node from egress list * add migration logic internet gws * create default acl policies * add egress info * add egress TODO * add egress TODO * fix user auth api: * add reference id to acl policy * add egress response from DB * publish peer update on egress changes * re initalise oauth and email config * set verbosity * normalise cidr on egress req * add egress id to acl group * change acls to use egress id * resolve merge conflicts * fix egress reference errors * move egress model to schema * add api context to DB * sync auto update settings with hosts * sync auto update settings with hosts * check acl for egress node * check for egress policy in the acl dst groups * fix acl rules for egress policies with new models * add status to egress model * fix inet node func * mask secret and convert jwt duration to minutes * enable egress policies on creation * convert jwt duration to minutes * add relevant ranges to inet egress * skip non active egress routes * resolve merge conflicts * fix static check * notify peers after settings update * define schema for activity, add api handler to list network activity * setup event channel and logger * setup event logger, add event for user login * change activity model to event * add api error constants * add logout event * log user crud events * add login events for oauth * add user related events * log events for invites and user approvals * order user activity event by timestamp * fix logout api * add user and network events api, add addtional events triggers * add filters to all events api * fix events filter * add diff to event logs * update user logout api * log settigns updates * log events for network and host updates * check for diff on events * log host del event * add user loc info to desktop app connection events * fix authorize middleware check * add gateway events * resolve merge conflicts --------- Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>	2025-05-21 13:13:20 +05:30
Abhishek K	307a3d1e4b	NET-1932: Merge egress and internet gateways (#3436 ) * feat: api access tokens * revoke all user tokens * redefine access token api routes, add auto egress option to enrollment keys * add server settings apis, add db table for settigs * handle server settings updates * switch to using settings from DB * fix sever settings migration * revet force migration for settings * fix server settings database write * egress model * fix revoked tokens to be unauthorized * update egress model * remove unused functions * convert access token to sql schema * switch access token to sql schema * fix merge conflicts * fix server settings types * bypass basic auth setting for super admin * add TODO comment * setup api handlers for egress revamp * use single DB, fix update nat boolean field * extend validaiton checks for egress ranges * add migration to convert to new egress model * fix panic interface conversion * publish peer update on settings update * revoke token generated by an user * add user token creation restriction by user role * add forbidden check for access token creation * revoke user token when group or role is changed * add default group to admin users on update * chore(go): import style changes from migration branch; 1. Singular file names for table schema. 2. No table name method. 3. Use .Model instead of .Table. 4. No unnecessary tagging. * remove nat check on egress gateway request * Revert "remove nat check on egress gateway request" This reverts commit `0aff12a189`. * remove nat check on egress gateway request * feat(go): add db middleware; * feat(go): restore method; * feat(go): add user access token schema; * add inet gw status to egress model * fetch node ids in the tag, add inet gw info clients * add inet gw info to node from egress list * add migration logic internet gws * create default acl policies * add egress info * add egress TODO * add egress TODO * fix user auth api: * add reference id to acl policy * add egress response from DB * publish peer update on egress changes * re initalise oauth and email config * set verbosity * normalise cidr on egress req * add egress id to acl group * change acls to use egress id * resolve merge conflicts * fix egress reference errors * move egress model to schema * add api context to DB * sync auto update settings with hosts * sync auto update settings with hosts * check acl for egress node * check for egress policy in the acl dst groups * fix acl rules for egress policies with new models * add status to egress model * fix inet node func * mask secret and convert jwt duration to minutes * enable egress policies on creation * convert jwt duration to minutes * add relevant ranges to inet egress * skip non active egress routes * resolve merge conflicts * fix static check * update gorm tag for primary key on egress model * create user policies for egress resources * resolve merge conflicts * get egress info on failover apis, add egress src validation for inet gws * add additional validation checks on egress req * add additional validation checks on egress req * skip all resources for inet policy * delete associated egress acl policies * fix failover of inetclient * avoid setting inet client asd inet gw * fix all resource egress policy * fix inet gw egress rule * check for node egress on relay req * fix egress acl rules comms * add new field for egress info on node * check acl policy in failover ctx * avoid default host to be set as inet client * fix relayed egress node * add valid error messaging for egress validate func * return if inet default host * jump port detection to 51821 * check host ports on pull * check user access gws via acls * add validation check for default host and failover for inet clients * add error messaging for acl policy check * fix inet gw status * ignore failover req for peer using inet gw * check for allowed egress ranges for a peer * add egress routes to static nodes by access * avoid setting failvoer as inet client * fix egress error messaging * fix extclients egress comms * fix inet gw acting as inet client * return formatted error on update acl validation * add default route for static nodes on inetclient * check relay node acting as inetclient * move inet node info to separate field, fix all resouces policy * remove debug logs --------- Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>	2025-05-21 12:50:21 +05:30
Abhishek K	f9bc3a5386	Merge pull request #3440 from gravitl/master Master	2025-04-30 03:02:05 +04:00
Abhishek K	85084f9dfe	check host ports on join (#3437 )	2025-04-30 03:00:36 +04:00
alingse	eb0dbf7ee4	fix call logic.FormatError with a nil value error (#3406 ) * fix call logic.FormatError with a nil value error Signed-off-by: alingse <alingse@foxmail.com> * fix call slog.Error with wrong error --------- Signed-off-by: alingse <alingse@foxmail.com>	2025-04-30 02:39:35 +04:00
Abhishek K	309e4795a1	NET-1950: Persist Server Settings in the DB (#3419 ) * feat: api access tokens * revoke all user tokens * redefine access token api routes, add auto egress option to enrollment keys * add server settings apis, add db table for settigs * handle server settings updates * switch to using settings from DB * fix sever settings migration * revet force migration for settings * fix server settings database write * fix revoked tokens to be unauthorized * remove unused functions * convert access token to sql schema * switch access token to sql schema * fix merge conflicts * fix server settings types * bypass basic auth setting for super admin * add TODO comment * publish peer update on settings update * chore(go): import style changes from migration branch; 1. Singular file names for table schema. 2. No table name method. 3. Use .Model instead of .Table. 4. No unnecessary tagging. * remove nat check on egress gateway request * Revert "remove nat check on egress gateway request" This reverts commit `0aff12a189`. * feat(go): add db middleware; * feat(go): restore method; * feat(go): add user access token schema; * fix user auth api: * re initalise oauth and email config * set verbosity * sync auto update settings with hosts * sync auto update settings with hosts * mask secret and convert jwt duration to minutes * convert jwt duration to minutes * notify peers after settings update * compare with curr settings before updating * send host update to devices on auto update --------- Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>	2025-04-30 02:34:10 +04:00
Abhishek K	ca95954fb5	NET-2000: Api access tokens (#3418 ) * feat: api access tokens * revoke all user tokens * redefine access token api routes, add auto egress option to enrollment keys * fix revoked tokens to be unauthorized * remove unused functions * convert access token to sql schema * switch access token to sql schema * revoke token generated by an user * add user token creation restriction by user role * add forbidden check for access token creation * revoke user token when group or role is changed * add default group to admin users on update * fix token removal on user update * fix token removal on user update	2025-04-23 20:21:42 +04:00
abhishek9686	56d5c85da7	block default key deletion,delete default key on network deletion	2024-10-30 15:58:55 +04:00
abhishek9686	7dffa98884	associate enrollment key tags to node	2024-09-22 14:06:17 +04:00
abhishek9686	db2550b7bd	add tag groups to enrollment key	2024-09-18 12:22:49 +04:00
Max Ma	46b8fd21c8	NET-1440: scale test changes (#3014 ) * NET-1440 scale test changes * fix UT error and add error info * load metric data into cacha in startup * remove debug info for metric * add server telemetry and hasSuperAdmin to cache * fix user UT case * update sqlite connection string for performance * update check-in TS in cache only if cache enabled * update metric data in cache only if cache enabled and write to DB once in stop * update server status in mq topic * add failover existed to server status update * only send mq messsage when there is server status change * batch peerUpdate * code changes for scale for review * update UT case * update mq client check * mq connection code change * revert server status update changes * revert batch peerUpdate * remove server status update info * code changes based on review and setupmqtt in keepalive * set the mq message order to false for PIN * remove setupmqtt in keepalive * recycle ip in node deletion * update ip allocation logic * remove ip addr cap * remove ippool file * update get extClient func * remove ip from cache map when extClient is removed	2024-08-15 11:59:00 +05:30
Sayan Mallick	c551c487ca	New Docs (#3034 ) * New Docs CSS update and Dockerfile to include docs folder flash of unrendered text fix markdown docs ignore docs/docs.go improving the docs generation github actions for docs generation go runner version fix updated docs.yml update repo action updated updated actions and dns docs dns complete More docs update Complete docs and updated workflow Update documentation Tue Aug 6 11:17:42 UTC 2024 Update documentation Thu Aug 8 12:26:57 UTC 2024 clean up clean up Dockerfile clean up Updated workflow Updated workflow Update docs.yml Update docs.yml * requested changes * changed ingress gateway to remote access gateway	2024-08-15 11:55:01 +05:30
Max Ma	65faf73fe9	NET-1226: Scalability Improvements (#2987 ) * add api to check if failover node existed * remove 5 minute peerUpdate * update peerUpdate to trigger pull * update Action name to SignalPull * revert the peerUpdate from SignalPull * fix getfailover error issue * rm acls creation for on-prem emqx * remove use of acls * add additional broker status field on status api * NET-1165: Remove creation of acls on emqx (#2996) * rm acls creation for on-prem emqx * remove use of acls * add additional broker status field on status api * comment out mq reconnect logic * configure mq conn params * add metric_interval in ENV for publishing metrics * add metric_interval in ENV for publishing metrics * update PUBLISH_METRIC_INTERVAL env name * revert the mq setttings back * fix error nil issue --------- Co-authored-by: abhishek9686 <abhi281342@gmail.com> Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>	2024-07-09 18:56:55 +05:30
momantech	7e2b5b196a	chore: fix some comments (#2918 )	2024-05-08 12:17:23 +05:30
Abhishek K	66069fbc34	NET-1082: Scale Testing Fixes (#2894 ) * add additional mutex lock on node acls func * increase verbosity * disable acls on cloud emqx * add emqx creds creation to go routine * add debug log of mq client id * comment port check * uncomment port check * check for connection mq connection open * use username for client id * add write mutex on acl is allowed * add mq connection lost handler on server * spin off zombie init as go routine * get whole api path from config * Revert "get whole api path from config" This reverts commit `392f5f4c5f`. * update extclient acls async * add additional mutex lock on node acls func (cherry picked from commit `5325f0e7d7`) * increase verbosity (cherry picked from commit `705b3cf0bf`) * add emqx creds creation to go routine (cherry picked from commit `c8e65f4820`) * add debug log of mq client id (cherry picked from commit `29c5d6ceca`) * comment port check (cherry picked from commit `db8d6d95ea`) * check for connection mq connection open (cherry picked from commit `13b11033b0`) * use username for client id (cherry picked from commit `e90c7386de`) * add write mutex on acl is allowed (cherry picked from commit `4cae1b0bb4`) * add mq connection lost handler on server (cherry picked from commit `c82918ad35`) * spin off zombie init as go routine (cherry picked from commit `6d65c44c43`) * update extclient acls async (cherry picked from commit `6557ef1ebe`) * additionl logs for oauth user flow (cherry picked from commit `61703038ae`) * add more debug logs (cherry picked from commit `5980beacd1`) * add more debug logs (cherry picked from commit `4d001f0d27`) * add set auth secret (cherry picked from commit `f41cef5da5`) * fix fetch pass (cherry picked from commit `825caf4b60`) * make sure auth secret is set only once (cherry picked from commit `ba33ed02aa`) * make sure auth secret is set only once (cherry picked from commit `920ac4c507`) * comment usage of emqx acls * replace read lock with write lock on acls * replace read lock with write lock on acls (cherry picked from commit `808d2135c8`) * use deadlock pkg for visibility * add additional mutex locks * remove race flag * on mq re-connecting donot exit if failed * on mq re-connecting donot exit if failed * revert mutex package change * set mq clean session * remove debug log * go mod tidy * revert on prem emqx acls del	2024-04-11 21:18:57 +05:30
Jonathan Roth	f370a2923c	Add missing enrollment key swagger parameters (#2767 ) * Make swagger param private * Add missing swagger params for create/update enrollment key * Use same string in swagger doc path as the parameter * Re-generate swagger swagger generate spec -t ee -o swagger.yml	2024-03-12 08:30:44 +07:00
abhishek9686	82de96d9a3	if emqx, avoid sending mq creds from server to client	2024-01-26 11:23:50 +05:30
abhishek9686	fb0fead2f0	create emqx for server, get app creds from env	2024-01-26 10:24:29 +05:30
abhishek9686	155f2887b2	implement emqx interface methods for cloud and on-prem	2024-01-25 15:11:16 +05:30
Aceix	033e203d91	fix(NET-786): enhance enrollment key validation (#2726 )	2024-01-03 12:23:04 +05:30
Abhishek K	98c01c4325	NET-814: Deprecating TURN (#2723 ) * deprecate turn * process signals through mq	2023-12-13 22:46:57 +04:00
Aceix	61ef6142ff	feat(NET-688): auto relaying via enrollment keys (#2647 ) * feat(NET-688): auto relaying via enrollment keys * feat(NET-688): address pr comments	2023-11-04 16:28:57 +04:00
Gabriel de Souza Seibel	cb4b99ffcb	[NET-562] Persistent Keep Alive from node to host (#2604 ) * Move PKA field from models node to host level * Move PKA field from api models node to host level * Adapt logic package to node->host PKA * Adapt migration-related code to node->host PKA * Adapt cli code to node->host PKA * Change host PKA default to 20s * On IfaceDelta, check for PKA on host * On handleHostRegister, set default PKA * Use a default PKA * Use int64 for api host pka * Reorder imports * Don't use host pka in iface delta * Fix ConvertAPIHostToNMHost * Add swagger doc for host PKA field * Fix swagger.yml * Set default PKA only for new hosts * Remove TODO comment * Remove redundant check * Have api-host pka be specified in seconds	2023-10-06 10:09:19 +04:00
Matthew R Kasun	876778a1cc	open api spec file (#2595 ) * remove usergroup * superadmin * superadmin creation * generate openapi spec file * statticcheck * review comments	2023-10-04 10:26:38 +04:00
Abhishek K	3f1211795c	NET-383: Set Additional Host Fields From Client Side (#2566 ) * update static,mtu from client side host update * update host fields if host exists already on registration	2023-10-02 19:36:31 +04:00
Abhishek K	719e0c254d	NET-551: User Mgmt Re-Design (#2547 ) * add superadmin role, apis to create superadmin user * apis to attach and remove user from remote access gateways * add api to list user's remote client has gateway clients * remove code related user groups * remove networks and groups from user model * refactor user CRUD operations * fix network permission test * add superadmin to authorize func * remove user network and groups from cli * api to transfer superadmin role * add api to list users on a ingress gw * restrict user access to resources on server * deny request from remote access client if extclient is already created * fix user tests * fix static checks * fix static checks * add limits to extclient create handler * set username to superadmin on if masterkey is used * allow creation of extclients using masterkey * add migration func to assign superadmin role for existing admin user * check for superadmin on migration if users are present * allowe masterkey to extcleint apis * check ownerid * format error, on jwt token verification failure return unauthorized rather than forbidden * user update fix * move user remote functionality to ee * fix update user api * security patch * initalise ee user handlers * allow user to use master key to update any user * use slog * fix auth user test * table headers * remove user role, it's covered in middleware * setuser defaults fix	2023-09-01 14:27:08 +05:30
Tobias Cudnik	723375b334	NET-152 enrollment keys for non admins (#2346 ) * return 401 instead of 403 * fixed http.StatusForbidden * Tagged build version (temp) * Unauthorized_Err when applicable * untagged version * fixed PUT /api/users/networks/user1 * - expired token redirs to login - added `/api/enrollment_keys` for non-admins - unit test for enrollment keys for non-admins * handle user perms in `/hosts` * removed debug * misc * - support masteradmin - return hosts with partial access * added `ismaster` to middleware	2023-05-31 13:11:54 +05:30
Abhishek Kondur	423abf0fe4	add use_turn option to config,check if server is using turn	2023-04-28 14:06:28 +05:30
Abhishek Kondur	9f5239ec79	re-register host with turn	2023-04-26 13:12:16 +04:00
0xdcarns	18c9bcc58f	adapted sso to host registration	2023-04-17 22:23:17 -04:00
Anish Mukherjee	8a9f569c4f	add emqx acls	2023-03-21 17:47:57 +05:30
afeiszli	0bbf1dbe54	hotfixing logging and model issues found during IoT testing	2023-03-16 13:41:56 -04:00
0xdcarns	ee9df20b05	changed register response, simplified host port check dereference	2023-03-10 11:43:26 -05:00
0xdcarns	9a7407f635	updated logic to add new nodes	2023-02-27 19:18:41 -05:00
0xdcarns	977c9c8c19	send peer update after request + fix pass update issue	2023-02-27 12:32:07 -05:00
0xdcarns	0335e258ad	added TODO comment and allowed using enrollment key more than once	2023-02-24 12:08:32 -05:00
0xdcarns	541e232ad7	update comments	2023-02-17 12:09:18 -05:00
0xdcarns	9103efa88f	added request ack on register	2023-02-17 11:54:25 -05:00
0xdcarns	6b30cef968	handled node additions in more elegant manner	2023-02-17 11:32:02 -05:00
0xdcarns	08248e1b35	added log	2023-02-16 19:34:25 -05:00
0xdcarns	6e1db0bb3f	removed admin security check	2023-02-16 16:42:08 -05:00
0xdcarns	d8c7ab980e	fixed nil pointer from dereference in loop	2023-02-16 15:41:23 -05:00
0xdcarns	9078608bd1	fix initial map allocation	2023-02-16 15:13:40 -05:00
0xdcarns	607198d563	added host registration endpoint	2023-02-16 14:27:57 -05:00
0xdcarns	71ce2caabd	added tokenization + detokenization	2023-02-15 16:32:16 -05:00

47 commits