Embed Dex as a built-in IdP to simplify self-hosting setup.
Adds an embedded OIDC Identity Provider (Dex) with local user management and optional external IdP connectors (Google/GitHub/OIDC/SAML), plus device-auth flow for CLI login. Introduces instance onboarding/setup endpoints (including owner creation), field-level encryption for sensitive user data, a streamlined self-hosting provisioning script, and expanded APIs + test coverage for IdP management.
more at https://github.com/netbirdio/netbird/pull/5008#issuecomment-3718987393
Upgrade Go toolchain and golang.org/x/* deps to 1.24.10, standardize GitHub Actions to derive Go version from go.mod and adjust checkout ordering, raise WASM size limit to 55 MB, update FreeBSD tarball and gomobile refs, fix a few format-string/logging calls, treat usernames ending with $ as system accounts, and add Windows tests.
* Open quick settings window if netbird-ui is already running
* [client-ui] fix connection status comparison
* [client-ui] modularize quick actions code
* [client-ui] add netbird-disconnected logo
* [client-ui] change quickactions UI
It now displays the NetBird logo and a single button
with a round icon
* [client-ui] add hint message to quick actions screen
This also updates fyne to v2.7.0
* [client-ui] remove unnecessary default clause
* [client-ui] remove commented code
* [client-ui] remove unused dependency
* [client-ui] close quick actions on connection change
* [client-ui] add function to get image from embed resources
* [client] Return error when calling sendShowWindowSignal from Windows
* [client-ui] Add commentary on empty OnTapped function for toggleConnectionButton
* [client-ui] Fix tests
* [client-ui] Add context to menuUpClick call
* [client-ui] Pass serviceClient app as parameter
To use its clipboard rather than the window's when showing
the upload success dialog
* [client-ui] Replace for select with for range chan
* [client-ui] Replace settings change listener channel
Settings now accept a function callback
* [client-ui] Add missing iconAboutDisconnected to icons_windows.go
* [client] Add quick actions signal handler for Windows with named events
* [client] Run go mod tidy
* [client] Remove line break
* [client] Log unexpected status in separate function
* [client-ui] Refactor quick actions window
To address racing conditions, it also replaces
usage of pause and resume channels with an
atomic bool.
* [client-ui] use derived context from ServiceClient
* [client] Update signal_windows log message
Also, format error when trying to set event on
sendShowWindowSignal
* go mod tidy
* [client-ui] Add struct to pass fewer parameters
to applyQuickActionsUiState function
* [client] Add missing import
---------
Co-authored-by: Viktor Liu <viktor@netbird.io>
Deduplicate STUN package sending.
Originally, because every peer shared the same UDP address, the library could not distinguish which STUN message was associated with which candidate. As a result, the Pion library responded from all candidates for every STUN message.
This PR adds a validate flow response feature to the management server by integrating an IntegratedValidator component. The main purpose is to enable validation of PKCE authorization flows through an integrated validator interface.
- Adds a new ValidateFlowResponse method to the IntegratedValidator interface
- Integrates the validator into the management server to validate PKCE authorization flows
- Updates dependency version for management-integrations
Add an upload bundle option with the flag --upload-bundle; by default, the upload will use a NetBird address, which can be replaced using the flag --upload-bundle-url.
The upload server is available under the /upload-server path. The release change will push a docker image to netbirdio/upload image repository.
The server supports using s3 with pre-signed URL for direct upload and local file for storing bundles.
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
* [misc] Add vendor/ to .gitignore
Ignore the vendor/ tree created if someone runs "go mod vendor"
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/protobuf to latest
Updating protobuf runtime library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update google.golang.org/grpc to latest
Updating grpc library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/net to latest
Updating x/net library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/oauth2 to latest
Updating x/oauth2 library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update github.com/stretchr/testify to latest
Updating testify library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update opentelemetry to latest
Updating otel library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [client, signal, management] Update golang.org/x/time to latest
Updating x/time library as a dependency of eventually updating
google.golang.org/api in a future commit.
Signed-off-by: Christian Stewart <christian@aperture.us>
* [management] Update google.golang.org/api to latest
Updating google.golang.org/api library to fix indirect dependency issues with
older versions of OpenTelemetry.
See: #3240
Signed-off-by: Christian Stewart <christian@aperture.us>
---------
Signed-off-by: Christian Stewart <christian@aperture.us>
