netbird

mirror of https://github.com/netbirdio/netbird.git synced 2026-03-31 06:34:14 -04:00

Author	SHA1	Message	Date
Viktor Liu	b5daec3b51	[client,signal,management] Add browser client support (#4415 )	2025-10-01 20:10:11 +02:00
Pascal Fischer	d33f88df82	[management] only allow user devices to be expired (#4445 )	2025-09-05 18:11:23 +02:00
Maycon Santos	d39fcfd62a	[management] Add user approval (#4411 ) This PR adds user approval functionality to the management system, allowing administrators to manually approve new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin. Adds UserApprovalRequired setting to control manual user approval requirement Introduces user approval and rejection endpoints with corresponding business logic Prevents pending approval users from adding peers or logging in	2025-09-01 18:00:45 +02:00
Vlad	149559a06b	[management] login filter to fix multiple peers connected with the same pub key (#3986 )	2025-08-29 19:48:40 +02:00
Pascal Fischer	3488a516c9	[management] Move increment network serial as last step of each transaction (#4397 )	2025-08-25 17:27:07 +02:00
Pascal Fischer	5e273c121a	[management] Remove store locks 3 (#4390 )	2025-08-21 20:47:28 +02:00
Pascal Fischer	28bef26537	[management] Remove Store Locks 2 (#4385 )	2025-08-21 12:23:49 +02:00
Pascal Fischer	f9d64a06c2	[management] Remove all store locks from grpc side (#4374 )	2025-08-20 12:41:14 +02:00
Pascal Fischer	6a3846a8b7	[management] Remove save account calls (#4349 )	2025-08-18 12:37:20 +02:00
Pascal Fischer	5860e5343f	[management] Rework DB locks (#4291 )	2025-08-06 18:55:14 +02:00
Viktor Liu	abd152ee5a	[misc] Separate shared code dependencies (#4288 ) * Separate shared code dependencies * Fix import * Test respective shared code * Update openapi ref * Fix test * Fix test path	2025-08-05 18:34:41 +02:00
Pascal Fischer	348d981b2c	[management] expire invalid peer (#4275 )	2025-08-05 10:31:19 +02:00
Viktor Liu	beb66208a0	[management, client] Add API to change the network range (#4177 )	2025-08-04 16:45:49 +02:00
Pascal Fischer	552dc60547	[management] migrate group peers into seperate table (#4096 )	2025-08-01 12:22:07 +02:00
Vlad	541e258639	[management] add account deleted event (#4255 )	2025-07-30 17:49:50 +03:00
Maycon Santos	2c81cf2c1e	[management] Add account onboarding (#4084 ) This PR introduces a new onboarding feature to handle such flows in the dashboard by defining an AccountOnboarding model, persisting it in the store, exposing CRUD operations in the manager and HTTP handlers, and updating API schemas and tests accordingly. Add AccountOnboarding struct and embed it in Account Extend Store and DefaultAccountManager with onboarding methods and SQL migrations Update HTTP handlers, API types, OpenAPI spec, and add end-to-end tests	2025-07-03 09:01:32 +02:00
Pascal Fischer	22678bce7f	[management] add uniqueness constraint for peer ip and label and optimize generation (#4042 )	2025-07-02 18:13:10 +02:00
Ali Amer	d9402168ad	[management] Add option to disable default all-to-all policy (#3970 ) This PR introduces a new configuration option `DisableDefaultPolicy` that prevents the creation of the default all-to-all policy when new accounts are created. This is useful for automation scenarios where explicit policies are preferred. ### Key Changes: - Added DisableDefaultPolicy flag to the management server config - Modified account creation logic to respect this flag - Updated all test cases to explicitly pass the flag (defaulting to false to maintain backward compatibility) - Propagated the flag through the account manager initialization chain ### Testing: - Verified default behavior remains unchanged when flag is false - Confirmed no default policy is created when flag is true - All existing tests pass with the new parameter	2025-07-02 02:41:59 +02:00
Pascal Fischer	83457f8b99	[management] add transaction for integrated validator groups update and primary account update (#4014 )	2025-06-20 12:13:24 +02:00
Maycon Santos	af2b427751	[management] Avoid recalculating next peer expiration (#3991 ) * Avoid recalculating next peer expiration - Check if an account schedule is already running - Cancel executing schedules only when changes occurs - Add more context info to logs * fix tests	2025-06-17 15:14:11 +02:00
Bethuel Mmbaga	4ee1635baa	[management] Propagate user groups when group propagation setting is re-enabled (#3912 )	2025-06-11 14:32:16 +03:00
Pedro Maia Costa	87148c503f	[management] support account retrieval and creation by private domain (#3825 ) * [management] sys initiator save user (#3911) * [management] activity events with multiple external account users (#3914)	2025-06-04 11:21:31 +01:00
Pedro Maia Costa	5bed6777d5	[management] force account id on save groups update (#3850 )	2025-05-23 14:42:42 +01:00
Pedro Maia Costa	c03435061c	[management] lazy connection account setting (#3855 )	2025-05-22 14:09:00 +01:00
Pascal Fischer	f1de8e6eb0	[management] Make startup period configurable (#3767 )	2025-05-16 13:16:51 +02:00
Bethuel Mmbaga	ebda0fc538	[management] Delete service users with account manager (#3793 )	2025-05-06 17:31:03 +02:00
Maycon Santos	12f883badf	[management] Optimize load account (#3774 )	2025-05-02 00:59:41 +02:00
Maycon Santos	2abb92b0d4	[management] Get account id with order (#3773 ) updated log to display account id	2025-05-02 00:25:46 +02:00
Bethuel Mmbaga	d8dc107bee	[management] Skip IdP cache warm-up on Redis if data exists (#3733 ) * Add Redis cache check to skip warm-up on startup if cache is already populated * Refactor Redis test container setup for reusability	2025-04-28 15:10:40 +03:00
Pascal Fischer	312bfd9bd7	[management] support custom domains per account (#3726 )	2025-04-23 19:36:53 +02:00
Misha Bragin	c69df13515	[management] Add account meta (#3724 )	2025-04-23 18:44:22 +02:00
Pascal Fischer	e0b33d325d	[management] permissions manager use crud operations (#3690 )	2025-04-16 17:25:03 +02:00
Pascal Fischer	b9f82e2f8a	[management] Buffer updateAccountPeers calls (#3644 )	2025-04-11 17:21:05 +02:00
Pascal Fischer	5ea2806663	[management] use permission modules (#3622 )	2025-04-10 11:06:52 +02:00
Pedro Maia Costa	cbec7bda80	[management] permission manager validate account access (#3444 )	2025-03-30 17:08:22 +02:00
Pascal Fischer	f081435a56	[management] add log when using redis cache (#3562 )	2025-03-21 18:16:27 +01:00
Maycon Santos	c02e236196	[client,management] add netflow support to client and update management (#3414 ) adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall	2025-03-20 17:05:48 +01:00
Viktor Liu	fc1da94520	[client, management] Add port forwarding (#3275 ) Add initial support to ingress ports on the client code. - new types where added - new protocol messages and controller	2025-03-09 16:06:43 +01:00
Pedro Maia Costa	b64bee35fa	[management] faster server bootstrap (#3365 ) Faster server bootstrap by counting accounts rather than fetching all from storage in the account manager instantiation. This change moved the deprecated need to ensure accounts have an All group to tests instead.	2025-02-22 11:31:39 +01:00
Pedro Maia Costa	77e40f41f2	[management] refactor auth (#3296 )	2025-02-20 20:24:40 +00:00
hakansa	39986b0e97	[client, management] Support DNS Labels for Peer Addressing (#3252 ) * [client] Support Extra DNS Labels for Peer Addressing * [management] Support Extra DNS Labels for Peer Addressing --------- Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>	2025-02-20 13:43:20 +03:00
Bethuel Mmbaga	4cdb2e533a	[management] Refactor users to use store methods (#2917 ) * Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor GetGroupByID and add NewGroupNotFoundError Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add AddPeer and RemovePeer methods to Group struct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preserve store engine in SqlStore transactions Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run groups ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture checks to remove get and save account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Change setup key log level to debug for missing group Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve modified peers once for group events Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor policy get and save account to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve policy groups and posture checks once for validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor anyGroupHasPeers to retrieve all groups once Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor dns settings to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locking and merge group deletion methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor name server groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor ephemeral peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add lock for peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer handlers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add locks and remove log Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * run peer ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove duplicate store method Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix peer fields updated after save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use update strength and simplify check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent changing ruleID when not empty Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent duplicate rules during updates Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor auth middleware Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor account methods and mock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user and PAT handling Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove db query context and fix get user by id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix database transaction locking issue Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use UTC time in test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix prevent users from creating PATs for other users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add store locks and prevent fetching setup keys peers when retrieving user peers with empty userID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add missing tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor test names and remove duplicate TestPostgresql_SavePeerStatus Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks and remove redundant ephemeral check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve all groups for peers and restrict groups for regular users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix store tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use account object to get validated peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Improve peer performance Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Get account direct from store without buffer Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add get peer groups tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Update benchmark workflow (#3181) * update local benchmark expectations * update cloud expectations * Add status error for generic result error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use integrated validator direct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Refactor peer scheduler to retry every 3 seconds on errors Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * fix validator * fix validator * fix validator * update timeouts * Refactor ToGroupsInfo to process slices of groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Bump integrations version Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetValidatedPeers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use peers and groups map for peers validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove mysql from api benchmark tests * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix blocked db calls on user auto groups update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Skip user check for system initiated peer deletion Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove context in db calls Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Improve group peer/resource counting (#3192) * Fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Rename GetAccountInfoFromPAT to GetTokenInfo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove global account lock for ListUsers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * build userinfo after updating users in db Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Optimize user bulk deletion (#3315) * refactor building user infos Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetUsersFromAccount to return a map of UserInfo instead of a slice Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Export BuildUserInfosForAccount to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fetch account user info once for bulk users save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update user deletion expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Set max open conns for activity store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com>	2025-02-17 21:43:12 +03:00
Bethuel Mmbaga	1ad2cb5582	[management] Refactor peers to use store methods (#2893 )	2025-01-20 18:41:46 +01:00
Pascal Fischer	3e836db1d1	[management] add duration logs to Sync (#3203 )	2025-01-17 12:26:44 +01:00
Bethuel Mmbaga	02a3feddb8	[management] Add MySQL Support (#3108 ) * Add mysql store support * Add support to disable activity events recording	2025-01-06 13:38:30 +01:00
Pascal Fischer	782e3f8853	[management] Add integration test for the setup-keys API endpoints (#2936 )	2025-01-02 13:51:01 +01:00
Bethuel Mmbaga	2bdb4cb44a	[management] Preserve jwt groups when accessing API with PAT (#3128 ) * Skip JWT group sync for token-based authentication Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>	2024-12-31 18:59:37 +03:00
Viktor Liu	ddc365f7a0	[client, management] Add new network concept (#3047 ) --------- Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>	2024-12-20 11:30:28 +01:00
Bethuel Mmbaga	f118d81d32	[management] Refactor policy to use store methods (#2878 )	2024-11-26 10:46:05 +01:00
Bethuel Mmbaga	ca12bc6953	[management] Refactor posture check to use store methods (#2874 )	2024-11-25 16:26:24 +01:00

1 2 3 4 5 ...

282 Commits