gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-14 09:04:44 +08:00
Code Issues Projects Releases Packages Wiki Activity
7098 commits 1593 branches 85 tags 295 MiB
Commit graph

90 commits

Author SHA1 Message Date
abhishek9686
ee5f2675c2 add egress domain to match domain list, fix egress nat rule for domains 2025-08-31 01:15:35 +05:30
abhishek9686
53c0b256ae resolve merge conflicts 2025-08-29 12:17:13 +05:30
abhishek9686
b10ce2da14 fix merger errors 2025-08-29 11:48:52 +05:30
abhishek9686
7688bc3ebc resolve merge conflicts 2025-08-29 11:37:27 +05:30
Vishal Dalwadi
ec6e6c393a
Prevent removing idp integration when oauth user is superadmin (#3589) 
* feat(go): prevent removing idp integration when oauth user is superadmin.

* feat(go): add suggestion for user;

* feat(go): remove usages of boolean fields on user;

* feat(go): set boolean fields correctly, but don't use;

* fix(go): static issues;

* feat(go): add suggestion for user;
 2025-08-25 10:28:53 +05:30
Abhishek K
c3498004c1
NM-82: auto create new group network policies (#3610) 
* check for all network user groups on gateways selection

* check network admin policy for admins and superadmins

* auto create default group gateways policies

* publish peer update on user group updates

* update name for default group policy
 2025-08-25 10:28:24 +05:30
Vishal Dalwadi
2d305e67a4
NM-86: Cleanup User Configs (#3603) 
* feat(go): cleanup user extclients;

1. On disabling a user, remove all their extclients.
2. Add comments and rename variables to clarify the user group extclient cleanup function.

* feat(go): add checks for disable and enable user api;

* feat(go): refactor extclient cleanup on group network roles changes;

* feat(go): delete extclient on user group membership changes;
 2025-08-25 10:24:15 +05:30
Abhishek K
b1f0843d27
NM-76: add network user api (#3605) 
* add network user api

* add remove network user api
 2025-08-25 10:21:52 +05:30
Vishal Dalwadi
85e4877803
Merge pull request #3576 from gravitl/NM-38 
NM-38: User Config Fixes
 2025-08-12 14:07:45 +05:30
Vishal Dalwadi
e4da84aa85
NM-61: User group ACL fixes (#3546) 
* feat(go): create default acl only for networks that are part of the group;

* feat(go): update acls on user group update and delete;

* feat(go): add migration for existing acls.

* feat(go): check for network roles in migration.
 2025-08-08 22:17:39 +05:30
Vishal Dalwadi
025eebe7f2 fix(go): add okta to idp sync test. 2025-07-31 21:36:59 +05:30
Vishal Dalwadi
41591d1ef5 feat(go): add idp sync test api; 2025-07-20 15:28:23 +05:30
Vishal Dalwadi
e92f6ea8e4 feat(go): add api to get idp sync status; 2025-07-17 14:19:31 +05:30
the_aceix
91c5fe0cf3 fix: update extclient ingress endpoint/port with host changes 2025-06-20 11:21:28 +00:00
Abhishek K
0f884d4f36
NET-2061: revert Inet gws, fix extclient comms with user policies (#3482) 
* revert inet gws from acl policies

* add egress range with metric for inet gw

* link pro inet funcs

* fix extclient comms with users

* remove TODO comments
 2025-06-05 22:42:16 +05:30
abhishek9686
84573787f8 add user info to events 2025-05-27 23:00:18 +05:30
Vishal Dalwadi
124e9ad4af
NET-1991 Fixes (#3459) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* fix revoked tokens to be unauthorized

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* feat(go): add types for idp package;

* feat(go): import azure sdk;

* feat(go): add stub for google workspace client;

* feat(go): implement azure ad client;

* feat(go): sync users and groups using idp client;

* publish peer update on settings update

* feat(go): read creds from env vars;

* feat(go): add api endpoint to trigger idp sync;

* fix(go): sync member changes;

* fix(go): handle error;

* fix(go): set correct response type;

* feat(go): support disabling user accounts;

1. Add api endpoints to enable and disable user accounts.
2. Add checks in authenticators to prevent disabled users from logging in.
3. Add checks in middleware to prevent api usage by disabled users.

* feat(go): use string slice for group members;

* feat(go): sync user account status from idp;

* feat(go): import google admin sdk;

* feat(go): add support for google workspace idp;

* feat(go): initialize idp client on sync;

* feat(go): sync from idp periodically;

* feat(go): improvements for google idp;

1. Use the impersonate package to authenticate.
2. Use Pages method to get all data.

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* fix user auth api:

* re initalise oauth and email config

* feat(go): fetch idp creds from server settings;

* feat(go): add filters for users and groups;

* feat(go): skip sync from idp if disabled;

* feat(go): add endpoint to remove idp integration;

* feat(go): import all users if no filters;

* feat(go): assign service-user role on sync;

* feat(go): remove microsoft-go-sdk;

* feat(go): add display name field for user;

* fix(go): set account disabled correctly;

* fix(go): update user if display name changes;

* fix(go): remove auth provider when removing idp integration;

* fix(go): ignore display name if empty;

* feat(go): add idp sync interval setting;

* fix(go): error on invalid auth provider;

* fix(go): no error if no user on group delete;

* fix(go): check superadmin using platform role id;

* feat(go): add display name and account disabled to return user as well;

* feat(go): tidy go mod after merge;

* feat(go): reinitialize auth provider and idp sync hook;

* fix(go): merge error;

* fix(go): merge error;

* feat(go): use id as the external provider id;

* fix(go): comments;

* feat(go): add function to return pending users;

* feat(go): prevent external id erasure;

* fix(go): user and group sync errors;

* chore(go): cleanup;

* fix(go): delete only oauth users;

* feat(go): use uuid group id;

* export ipd id to in rest api

* feat(go): don't use uuid for default groups;

* feat(go): migrate group only if id not uuid;

* chore(go): go mod tidy;

* fix(go): empty id user groups membership;

* fix(go): set user groups only if nil;

* fix(go): use reset to start only if required;

* fix(go): use context for better control;

---------

Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <abhishek@netmaker.io>
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
 2025-05-27 15:18:32 +05:30
abhishek9686
7b483f8c73 add clear all invites event 2025-05-22 15:50:23 +05:30
Abhishek K
7840eedc7b
convert invited emails to lowercase (#3457) 2025-05-21 17:05:53 +05:30
Vishal Dalwadi
614cf77b5a
NET-1991: Add IDP sync functionality. (#3428) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* fix revoked tokens to be unauthorized

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* feat(go): add types for idp package;

* feat(go): import azure sdk;

* feat(go): add stub for google workspace client;

* feat(go): implement azure ad client;

* feat(go): sync users and groups using idp client;

* publish peer update on settings update

* feat(go): read creds from env vars;

* feat(go): add api endpoint to trigger idp sync;

* fix(go): sync member changes;

* fix(go): handle error;

* fix(go): set correct response type;

* feat(go): support disabling user accounts;

1. Add api endpoints to enable and disable user accounts.
2. Add checks in authenticators to prevent disabled users from logging in.
3. Add checks in middleware to prevent api usage by disabled users.

* feat(go): use string slice for group members;

* feat(go): sync user account status from idp;

* feat(go): import google admin sdk;

* feat(go): add support for google workspace idp;

* feat(go): initialize idp client on sync;

* feat(go): sync from idp periodically;

* feat(go): improvements for google idp;

1. Use the impersonate package to authenticate.
2. Use Pages method to get all data.

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* fix user auth api:

* re initalise oauth and email config

* feat(go): fetch idp creds from server settings;

* feat(go): add filters for users and groups;

* feat(go): skip sync from idp if disabled;

* feat(go): add endpoint to remove idp integration;

* feat(go): import all users if no filters;

* feat(go): assign service-user role on sync;

* feat(go): remove microsoft-go-sdk;

* feat(go): add display name field for user;

* fix(go): set account disabled correctly;

* fix(go): update user if display name changes;

* fix(go): remove auth provider when removing idp integration;

* fix(go): ignore display name if empty;

* feat(go): add idp sync interval setting;

* fix(go): error on invalid auth provider;

* fix(go): no error if no user on group delete;

* fix(go): check superadmin using platform role id;

* feat(go): add display name and account disabled to return user as well;

* feat(go): tidy go mod after merge;

* feat(go): reinitialize auth provider and idp sync hook;

* fix(go): merge error;

* fix(go): merge error;

* feat(go): use id as the external provider id;

* fix(go): comments;

* feat(go): add function to return pending users;

* feat(go): prevent external id erasure;

* fix(go): user and group sync errors;

* chore(go): cleanup;

* fix(go): delete only oauth users;

* feat(go): use uuid group id;

* export ipd id to in rest api

* feat(go): don't use uuid for default groups;

* feat(go): migrate group only if id not uuid;

* chore(go): go mod tidy;

---------

Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <abhishek@netmaker.io>
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
 2025-05-21 13:48:15 +05:30
Abhishek K
d7bad9865a
NET-2014: Audit Logging (#3455) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* egress model

* fix revoked tokens to be unauthorized

* update egress model

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* setup api handlers for egress revamp

* use single DB, fix update nat boolean field

* extend validaiton checks for egress ranges

* add migration to convert to new egress model

* fix panic interface conversion

* publish peer update on settings update

* revoke token generated by an user

* add user token creation restriction by user role

* add forbidden check for access token creation

* revoke user token when group or role is changed

* add default group to admin users on update

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* remove nat check on egress gateway request

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* add inet gw status to egress model

* fetch node ids in the tag, add inet gw info clients

* add inet gw info to node from egress list

* add migration logic internet gws

* create default acl policies

* add egress info

* add egress TODO

* add egress TODO

* fix user auth api:

* add reference id to acl policy

* add egress response from DB

* publish peer update on egress changes

* re initalise oauth and email config

* set verbosity

* normalise cidr on egress req

* add egress id to acl group

* change acls to use egress id

* resolve merge conflicts

* fix egress reference errors

* move egress model to schema

* add api context to DB

* sync auto update settings with hosts

* sync auto update settings with hosts

* check acl for egress node

* check for egress policy in the acl dst groups

* fix acl rules for egress policies with new models

* add status to egress model

* fix inet node func

* mask secret and convert jwt duration to minutes

* enable egress policies on creation

* convert jwt duration to minutes

* add relevant ranges to inet egress

* skip non active egress routes

* resolve merge conflicts

* fix static check

* notify peers after settings update

* define schema for activity, add api handler to list network activity

* setup event channel and logger

* setup event logger, add event for user login

* change activity model to event

* add api error constants

* add logout event

* log user crud events

* add login events for oauth

* add user related events

* log events for invites and user approvals

* order user activity event by timestamp

* fix logout api

* add user and network events api, add addtional events triggers

* add filters to all events api

* fix events filter

* add diff to event logs

* update user logout api

* log settigns updates

* log events for network and host updates

* check for diff on events

* log host del event

* add user loc info to desktop app connection events

* fix authorize middleware check

* add gateway events

* resolve merge conflicts

---------

Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
 2025-05-21 13:13:20 +05:30
Abhishek K
307a3d1e4b
NET-1932: Merge egress and internet gateways (#3436) 
* feat: api access tokens

* revoke all user tokens

* redefine access token api routes, add auto egress option to enrollment keys

* add server settings apis, add db table for settigs

* handle server settings updates

* switch to using settings from DB

* fix sever settings migration

* revet force migration for settings

* fix server settings database write

* egress model

* fix revoked tokens to be unauthorized

* update egress model

* remove unused functions

* convert access token to sql schema

* switch access token to sql schema

* fix merge conflicts

* fix server settings types

* bypass basic auth setting for super admin

* add TODO comment

* setup api handlers for egress revamp

* use single DB, fix update nat boolean field

* extend validaiton checks for egress ranges

* add migration to convert to new egress model

* fix panic interface conversion

* publish peer update on settings update

* revoke token generated by an user

* add user token creation restriction by user role

* add forbidden check for access token creation

* revoke user token when group or role is changed

* add default group to admin users on update

* chore(go): import style changes from migration branch;

1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.

* remove nat check on egress gateway request

* Revert "remove nat check on egress gateway request"

This reverts commit 0aff12a189.

* remove nat check on egress gateway request

* feat(go): add db middleware;

* feat(go): restore method;

* feat(go): add user access token schema;

* add inet gw status to egress model

* fetch node ids in the tag, add inet gw info clients

* add inet gw info to node from egress list

* add migration logic internet gws

* create default acl policies

* add egress info

* add egress TODO

* add egress TODO

* fix user auth api:

* add reference id to acl policy

* add egress response from DB

* publish peer update on egress changes

* re initalise oauth and email config

* set verbosity

* normalise cidr on egress req

* add egress id to acl group

* change acls to use egress id

* resolve merge conflicts

* fix egress reference errors

* move egress model to schema

* add api context to DB

* sync auto update settings with hosts

* sync auto update settings with hosts

* check acl for egress node

* check for egress policy in the acl dst groups

* fix acl rules for egress policies with new models

* add status to egress model

* fix inet node func

* mask secret and convert jwt duration to minutes

* enable egress policies on creation

* convert jwt duration to minutes

* add relevant ranges to inet egress

* skip non active egress routes

* resolve merge conflicts

* fix static check

* update gorm tag for primary key on egress model

* create user policies for egress resources

* resolve merge conflicts

* get egress info on failover apis, add egress src validation for inet gws

* add additional validation checks on egress req

* add additional validation checks on egress req

* skip all resources for inet policy

* delete associated egress acl policies

* fix failover of inetclient

* avoid setting inet client asd inet gw

* fix all resource egress policy

* fix inet gw egress rule

* check for node egress on relay req

* fix egress acl rules comms

* add new field for egress info on node

* check acl policy in failover ctx

* avoid default host to be set as inet client

* fix relayed egress node

* add valid error messaging for egress validate func

* return if inet default host

* jump port detection to 51821

* check host ports on pull

* check user access gws via acls

* add validation check for default host and failover for inet clients

* add error messaging for acl policy check

* fix inet gw status

* ignore failover req for peer using inet gw

* check for allowed egress ranges for a peer

* add egress routes to static nodes by access

* avoid setting failvoer as inet client

* fix egress error messaging

* fix extclients egress comms

* fix inet gw acting as inet client

* return formatted error on update acl validation

* add default route for static nodes on inetclient

* check relay node acting as inetclient

* move inet node info to separate field, fix all resouces policy

* remove debug logs

---------

Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
 2025-05-21 12:50:21 +05:30
Abhishek K
4cc56fd3be
NET-1990: add peerkey to network egress routes model (#3379) 
* add peerkey to network egress routes model

* add peerkey to network egress routes model

* filter out conflicting routes from node

* add support for egress HA on relay

* add support for egress HA on relay

* add support for egress HA on relay

* skip if curr node is relay node of the peer

* skip if curr node is relay node of the peer

* fix failover egress HA

* add network to egress route model

* clone before modifying
 2025-03-24 15:33:39 +04:00
Aceix
39d812f137
feat: send gateway dns and private address (#3378) 2025-03-18 13:26:29 +04:00
Abhishek K
3d765f9cf1
NET-1910: Acl controls for Egress Traffic (#3377) 
* add support for egress ranges on acl policy

* add egress ranges to acl rules

* add egress ranges to acl policies

* Add egress ranges to acl rules

* add egress ranges to fw update

* fetch acl rules for egress networks

* apply egress policies for devices

* configure user policies for egresss routes

* fix gw tag name migration

* fix egress acl rules for static nodes

* add egress ranges for static nodes on ingress gw

* fileter acl IPs to be unique

* cleanup IOT logic from peer update

* make acl Rule Dst List

* cleanup egress ranges from acl policies

* create user group default acl policy for gateways

* remove remote access name ids

* rm egress ranges removal from acl policies

* simplify user permissions on nodes

* add additional nameservers to extclient dns

* remove debug logs

* fix static checks
 2025-03-18 13:25:55 +04:00
Abhishek K
1ad8b8b7b4
Merge pull request #3358 from gravitl/master 
Master
 2025-03-06 22:17:24 +04:00
abhishek9686
50c3e3aaed import dns field from gw node 2025-02-27 12:29:01 +04:00
abhishek9686
aa84d43f1c import dns field from gw node 2025-02-27 12:12:13 +04:00
Abhishek K
48535f7ef1
NET-1956: Async Node Status API (#3341) 
* add node status api

* upsate node status api to return map data

* resolve merge conflicts
 2025-02-24 08:48:24 +03:00
Aceix
a805901a73
feat: add node status to rac response (#3327) 2025-02-24 08:23:45 +03:00
Yabin Ma
c56f1cab15
fix swagger generation issue (#3241) 2024-12-10 08:41:41 +04:00
abhishek9686
dcbe94eeb5 avoid adding static nodes to tags 2024-11-11 21:31:10 +04:00
abhishek9686
2339b49878 cannot update default groups 2024-11-05 15:05:59 +04:00
abhishek9686
167d29a96b remove * on default grp, add admins to admin net groups by default 2024-10-30 19:22:05 +04:00
abhishek9686
e1cc0a24dd control user access to gw by roles 2024-10-30 15:24:23 +04:00
abhishek9686
9331431a4e Merge branch 'develop' of https://github.com/gravitl/netmaker into NET-1615 2024-10-30 11:40:22 +04:00
abhishek9686
2cc54d949c remove user role from policy types 2024-10-29 08:51:27 +04:00
abhishek9686
bf88a80ea2 avoid gateway role migration 2024-10-27 23:31:30 +04:00
Vishal Dalwadi
470e9ddfe7
feat(go): update email template. (#3150) 
* feat(go): update email template.

* feat(go): update email template.

* feat(go): update email template.

* feat(go): update email template.

* feat(go): update email template.

* feat(go): update email template.

* feat(go): update email template.
 2024-10-24 13:52:55 +04:00
abhishek9686
6b93163bd5 fix user policy acls 2024-10-19 13:50:54 +04:00
abhishek9686
5be8939e6e use acl policies to fetch rac nodes 2024-10-19 11:57:11 +04:00
abhishek9686
66871ab210 resolve merge conflict 2024-10-16 18:41:07 +04:00
Abhishek K
1f9808ff59
NET-1604: New Simplified RAC Apis (#3147) 
* ipv6 fix for mobile apps

* simplified RAC APIs

* add response to invite api

* fix get config api

* fix middleware for auth

* add separate controller for rac apis

* Revert "ipv6 fix for mobile apps"

This reverts commit dc84d90be2.
 2024-10-01 17:48:36 +04:00
abhishek9686
1561aaf788 remove query unescape usage 2024-09-29 16:00:38 +04:00
abhishek9686
add378cad5 fix api resp on group list api 2024-09-27 13:37:23 +04:00
abhishek9686
3d327bb89e fetch user gw via access policy 2024-09-25 18:18:23 +04:00
abhishek9686
6a1eb76633 add return response for user invites 2024-09-14 11:53:42 +04:00
abhishek9686
30309a4f9a add email validation 2024-09-11 15:43:58 +04:00
abhishek9686
b3a9ffd260 Merge branch 'develop' of https://github.com/gravitl/netmaker into ACC-638 2024-09-06 12:04:22 +04:00
Max Ma
bbca20e463
NET-1565:fix extClient ip conflict issue (#3082) 
* fix extClient ip conflict issue

* Update users.go

---------

Co-authored-by: Abhishek K <abhishek@netmaker.io>
 2024-08-28 18:58:07 +05:30