netmaker

6849 commits 1584 branches 84 tags 295 MiB

Author	SHA1	Message	Date
Abhishek K	d7bad9865a	NET-2014: Audit Logging (#3455 ) * feat: api access tokens * revoke all user tokens * redefine access token api routes, add auto egress option to enrollment keys * add server settings apis, add db table for settigs * handle server settings updates * switch to using settings from DB * fix sever settings migration * revet force migration for settings * fix server settings database write * egress model * fix revoked tokens to be unauthorized * update egress model * remove unused functions * convert access token to sql schema * switch access token to sql schema * fix merge conflicts * fix server settings types * bypass basic auth setting for super admin * add TODO comment * setup api handlers for egress revamp * use single DB, fix update nat boolean field * extend validaiton checks for egress ranges * add migration to convert to new egress model * fix panic interface conversion * publish peer update on settings update * revoke token generated by an user * add user token creation restriction by user role * add forbidden check for access token creation * revoke user token when group or role is changed * add default group to admin users on update * chore(go): import style changes from migration branch; 1. Singular file names for table schema. 2. No table name method. 3. Use .Model instead of .Table. 4. No unnecessary tagging. * remove nat check on egress gateway request * Revert "remove nat check on egress gateway request" This reverts commit `0aff12a189`. * remove nat check on egress gateway request * feat(go): add db middleware; * feat(go): restore method; * feat(go): add user access token schema; * add inet gw status to egress model * fetch node ids in the tag, add inet gw info clients * add inet gw info to node from egress list * add migration logic internet gws * create default acl policies * add egress info * add egress TODO * add egress TODO * fix user auth api: * add reference id to acl policy * add egress response from DB * publish peer update on egress changes * re initalise oauth and email config * set verbosity * normalise cidr on egress req * add egress id to acl group * change acls to use egress id * resolve merge conflicts * fix egress reference errors * move egress model to schema * add api context to DB * sync auto update settings with hosts * sync auto update settings with hosts * check acl for egress node * check for egress policy in the acl dst groups * fix acl rules for egress policies with new models * add status to egress model * fix inet node func * mask secret and convert jwt duration to minutes * enable egress policies on creation * convert jwt duration to minutes * add relevant ranges to inet egress * skip non active egress routes * resolve merge conflicts * fix static check * notify peers after settings update * define schema for activity, add api handler to list network activity * setup event channel and logger * setup event logger, add event for user login * change activity model to event * add api error constants * add logout event * log user crud events * add login events for oauth * add user related events * log events for invites and user approvals * order user activity event by timestamp * fix logout api * add user and network events api, add addtional events triggers * add filters to all events api * fix events filter * add diff to event logs * update user logout api * log settigns updates * log events for network and host updates * check for diff on events * log host del event * add user loc info to desktop app connection events * fix authorize middleware check * add gateway events * resolve merge conflicts --------- Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>	2025-05-21 13:13:20 +05:30
Vishal Dalwadi	4b3f1fd58a	feat(go): improve error message. (#3368 )	2025-03-17 18:50:08 +04:00
abhishek9686	c4bfae77df	increase log verbose	2024-09-02 14:15:04 +05:30
abhishek9686	ed2a0a0a01	fix oidc invite flow	2024-09-02 10:57:10 +05:30
abhishek9686	ebce98448c	use github apis to fetch user email	2024-09-02 09:23:28 +05:30
Abhishek K	0463b17ea5	NET-1227: Add Additional Oauth Scopes to fetch user email (#3079 ) * add list roles to pro and ce * if not pro set user role to admin * validate update user * add separate validation check for password on update * remove validate check * fix github SSO with invite signup * add oauth scopes for user email * remove debug log * fix azure ad	2024-08-28 14:14:26 +05:30
Abhishek K	9ac78e15bc	NET-1227: Fix Singup Flow with Github SSO (#3078 ) * add list roles to pro and ce * if not pro set user role to admin * validate update user * add separate validation check for password on update * remove validate check * fix github SSO with invite signup	2024-08-27 17:07:21 +05:30
Abhishek K	2e8d95e80e	NET-1227: User Mgmt V2 (#3055 ) * user mgmt models * define user roles * define models for new user mgmt and groups * oauth debug log * initialize user role after db conn * print oauth token in debug log * user roles CRUD apis * user groups CRUD Apis * additional api checks * add additional scopes * add additional scopes url * add additional scopes url * rm additional scopes url * setup middlleware permission checks * integrate permission check into middleware * integrate permission check into middleware * check for headers for subjects * refactor user role models * refactor user groups models * add new user to pending user via RAC login * untracked * allow multiple groups for an user * change json tag * add debug headers * refer network controls form roles, add debug headers * refer network controls form roles, add debug headers * replace auth checks, add network id to role model * nodes handler * migration funcs * invoke sync users migration func * add debug logs * comment middleware * fix get all nodes api * add debug logs * fix middleware error nil check * add new func to get username from jwt * fix jwt parsing * abort on error * allow multiple network roles * allow multiple network roles * add migration func * return err if jwt parsing fails * set global check to true when accessing user apis * set netid for acls api calls * set netid for acls api calls * update role and groups routes * add validation checks * add invite flow apis and magic links * add invited user via oauth signup automatically * create invited user on oauth signup, with groups in the invite * add group validation for user invite * update create user handler with new role mgmt * add validation checks * create user invites tables * add error logging for email invite * fix invite singup url * debug log * get query params from url * get query params from url * add query escape * debug log * debug log * fix user signup via invite api * set admin field for backward compatbility * use new role id for user apis * deprecate use of old admin fields * deprecate usage of old user fields * add user role as service user if empty * setup email sender * delete invite after user singup * add plaform user role * redirect on invite verification link * fix invite redirect * temporary redirect * fix invite redirect * point invite link to frontend * fix query params lookup * add resend support, configure email interface types * fix groups and user creation * validate user groups, add check for metrics api in middleware * add invite url to invite model * migrate rac apis to new user mgmt * handle network nodes * add platform user to default role * fix user role migration * add default on rag creation and cleanup after deletion * fix rac apis * change to invite code param * filter nodes and hosts based on user network access * extend create user group req to accomodate users * filter network based on user access * format oauth error * move user roles and groups * fix get user v1 api * move user mgmt func to pro * add user auth type to user model * fix roles init * remove platform role from group object * list only platform roles * add network roles to invite req * create default groups and roles * fix middleware for global access * create default role * fix nodes filter with global network roles * block selfupdate of groups and network roles * delete netID if net roles are empty * validate user roles nd groups on update * set extclient permission scope when rag vpn access is set * allow deletion of roles and groups * replace _ with - in role naming convention * fix failover middleware mgmt * format oauth templates * fetch route temaplate * return err if user wrong login type * check user groups on rac apis * fix rac apis * fix resp msg * add validation checks for admin invite * return oauth type * format group err msg * fix html tag * clean up default groups * create default rag role * add UI name to roles * remove default net group from user when deleted * reorder migration funcs * fix duplicacy of hosts * check old field for migration * from pro to ce make all secondary users admins * from pro to ce make all secondary users admins * revert: from pro to ce make all secondary users admins * make sure downgrades work * fix pending users approval * fix duplicate hosts * fix duplicate hosts entries * fix cache reference issue * feat: configure FRONTEND_URL during installation * disable user vpn access when network roles are modified * rm vpn acces when roles or groups are deleted * add http to frontend url * revert crypto version * downgrade crytpo version * add platform id check on user invites --------- Co-authored-by: the_aceix <aceixsmartx@gmail.com>	2024-08-20 17:08:56 +05:30
Max Ma	da11dc8a87	NET-1134:move oauth from CE build block to pro (#2919 ) * move oauth from CE build block to pro * move oauth code and api handler under pro * move common func back to auth from pro/auth * change log level to Info for information logs * fix import issue	2024-05-08 12:44:39 +05:30

Renamed from auth/github.go (Browse further)

9 commits