mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
2e8d95e80e
* user mgmt models * define user roles * define models for new user mgmt and groups * oauth debug log * initialize user role after db conn * print oauth token in debug log * user roles CRUD apis * user groups CRUD Apis * additional api checks * add additional scopes * add additional scopes url * add additional scopes url * rm additional scopes url * setup middlleware permission checks * integrate permission check into middleware * integrate permission check into middleware * check for headers for subjects * refactor user role models * refactor user groups models * add new user to pending user via RAC login * untracked * allow multiple groups for an user * change json tag * add debug headers * refer network controls form roles, add debug headers * refer network controls form roles, add debug headers * replace auth checks, add network id to role model * nodes handler * migration funcs * invoke sync users migration func * add debug logs * comment middleware * fix get all nodes api * add debug logs * fix middleware error nil check * add new func to get username from jwt * fix jwt parsing * abort on error * allow multiple network roles * allow multiple network roles * add migration func * return err if jwt parsing fails * set global check to true when accessing user apis * set netid for acls api calls * set netid for acls api calls * update role and groups routes * add validation checks * add invite flow apis and magic links * add invited user via oauth signup automatically * create invited user on oauth signup, with groups in the invite * add group validation for user invite * update create user handler with new role mgmt * add validation checks * create user invites tables * add error logging for email invite * fix invite singup url * debug log * get query params from url * get query params from url * add query escape * debug log * debug log * fix user signup via invite api * set admin field for backward compatbility * use new role id for user apis * deprecate use of old admin fields * deprecate usage of old user fields * add user role as service user if empty * setup email sender * delete invite after user singup * add plaform user role * redirect on invite verification link * fix invite redirect * temporary redirect * fix invite redirect * point invite link to frontend * fix query params lookup * add resend support, configure email interface types * fix groups and user creation * validate user groups, add check for metrics api in middleware * add invite url to invite model * migrate rac apis to new user mgmt * handle network nodes * add platform user to default role * fix user role migration * add default on rag creation and cleanup after deletion * fix rac apis * change to invite code param * filter nodes and hosts based on user network access * extend create user group req to accomodate users * filter network based on user access * format oauth error * move user roles and groups * fix get user v1 api * move user mgmt func to pro * add user auth type to user model * fix roles init * remove platform role from group object * list only platform roles * add network roles to invite req * create default groups and roles * fix middleware for global access * create default role * fix nodes filter with global network roles * block selfupdate of groups and network roles * delete netID if net roles are empty * validate user roles nd groups on update * set extclient permission scope when rag vpn access is set * allow deletion of roles and groups * replace _ with - in role naming convention * fix failover middleware mgmt * format oauth templates * fetch route temaplate * return err if user wrong login type * check user groups on rac apis * fix rac apis * fix resp msg * add validation checks for admin invite * return oauth type * format group err msg * fix html tag * clean up default groups * create default rag role * add UI name to roles * remove default net group from user when deleted * reorder migration funcs * fix duplicacy of hosts * check old field for migration * from pro to ce make all secondary users admins * from pro to ce make all secondary users admins * revert: from pro to ce make all secondary users admins * make sure downgrades work * fix pending users approval * fix duplicate hosts * fix duplicate hosts entries * fix cache reference issue * feat: configure FRONTEND_URL during installation * disable user vpn access when network roles are modified * rm vpn acces when roles or groups are deleted * add http to frontend url * revert crypto version * downgrade crytpo version * add platform id check on user invites --------- Co-authored-by: the_aceix <aceixsmartx@gmail.com>
88 lines
3.2 KiB
Bash
88 lines
3.2 KiB
Bash
# Email used for SSL certificates
|
|
NM_EMAIL=
|
|
# The base domain of netmaker
|
|
NM_DOMAIN=
|
|
# Public IP of machine
|
|
SERVER_HOST=
|
|
# The admin master key for accessing the API. Change this in any production installation.
|
|
MASTER_KEY=
|
|
# The username to set for MQ access
|
|
MQ_USERNAME=
|
|
# The password to set for MQ access
|
|
MQ_PASSWORD=
|
|
INSTALL_TYPE=
|
|
NETMAKER_TENANT_ID=
|
|
LICENSE_KEY=
|
|
SERVER_IMAGE_TAG=
|
|
UI_IMAGE_TAG=
|
|
# used for HA - identifies this server vs other servers
|
|
NODE_ID=netmaker-server-1
|
|
METRICS_EXPORTER=off
|
|
PROMETHEUS=off
|
|
# Enables DNS Mode, meaning all nodes will set hosts file for private dns settings
|
|
DNS_MODE=on
|
|
# Enable auto update of netclient ? ENUM:- enabled,disabled | default=enabled
|
|
NETCLIENT_AUTO_UPDATE=enabled
|
|
# The HTTP API port for Netmaker. Used for API calls / communication from front end.
|
|
# If changed, need to change port of BACKEND_URL for netmaker-ui.
|
|
API_PORT=8081
|
|
EXPORTER_API_PORT=8085
|
|
# The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated
|
|
# URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
|
|
CORS_ALLOWED_ORIGIN=*
|
|
# Show keys permanently in UI (until deleted) as opposed to 1-time display.
|
|
DISPLAY_KEYS=on
|
|
# Database to use - sqlite, postgres, or rqlite
|
|
DATABASE=sqlite
|
|
# The address of the mq server. If running from docker compose it will be "mq". Otherwise, need to input address.
|
|
# If using "host networking", it will find and detect the IP of the mq container.
|
|
# For EMQX websockets use `SERVER_BROKER_ENDPOINT=ws://mq:8083/mqtt`
|
|
SERVER_BROKER_ENDPOINT=ws://mq:1883
|
|
# Logging verbosity level - 1, 2, or 3
|
|
VERBOSITY=1
|
|
DEBUG_MODE=off
|
|
# Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST).
|
|
REST_BACKEND=on
|
|
# If turned "on", Server will not set Host based on remote IP check.
|
|
# This is already overridden if SERVER_HOST is set. Turned "off" by default.
|
|
DISABLE_REMOTE_IP_CHECK=off
|
|
# Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
|
|
TELEMETRY=on
|
|
###
|
|
#
|
|
# OAuth section
|
|
#
|
|
###
|
|
# only mentioned domains will be allowded to signup using oauth, by default all domains are allowed
|
|
ALLOWED_EMAIL_DOMAINS=*
|
|
# "<azure-ad|github|google|oidc>"
|
|
AUTH_PROVIDER=
|
|
# "<client id of your oauth provider>"
|
|
CLIENT_ID=
|
|
# "<client secret of your oauth provider>"
|
|
CLIENT_SECRET=
|
|
# "https://dashboard.<netmaker base domain>"
|
|
FRONTEND_URL=
|
|
# "<only for azure, you may optionally specify the tenant for the OAuth>"
|
|
AZURE_TENANT=
|
|
# https://oidc.yourprovider.com - URL of oidc provider
|
|
OIDC_ISSUER=
|
|
# Duration of JWT token validity in seconds
|
|
JWT_VALIDITY_DURATION=43200
|
|
# Auto disable a user's connecteds clients bassed on JWT token expiration
|
|
RAC_AUTO_DISABLE=false
|
|
# if turned on data will be cached on to improve performance significantly (IMPORTANT: If HA set to `false` )
|
|
CACHING_ENABLED=true
|
|
# if turned on netclient checks if peers are reachable over private/LAN address, and choose that as peer endpoint
|
|
ENDPOINT_DETECTION=true
|
|
# config for sending emails
|
|
# mail server host
|
|
SMTP_HOST=smtp.gmail.com
|
|
# mail server port
|
|
SMTP_PORT=587
|
|
# sender email
|
|
EMAIL_SENDER_ADDR=
|
|
# sender email auth
|
|
EMAIL_SENDER_AUTH=
|
|
# mail sender type (smtp or resend)
|
|
EMAIL_SENDER_TYPE=smtp |