server

package
v0.54.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2025 License: BSD-3-Clause, AGPL-3.0 Imports: 68 Imported by: 16

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertSliceToMap added in v0.29.3 

func ConvertSliceToMap(existingLabels []string) map[string]struct{}

func ToResponseProto 

func ToResponseProto(configProto types.Protocol) proto.HostConfig_Protocol

Types

type AccountRequest added in v0.28.8 

type AccountRequest struct {
	AccountID  string
	ResultChan chan *AccountResult
}

AccountRequest holds the result channel to return the requested account.

type AccountRequestBuffer added in v0.28.9 

type AccountRequestBuffer struct {
	// contains filtered or unexported fields
}

func NewAccountRequestBuffer added in v0.28.9 

func NewAccountRequestBuffer(ctx context.Context, store store.Store) *AccountRequestBuffer

func (*AccountRequestBuffer) GetAccountWithBackpressure added in v0.28.9 

func (ac *AccountRequestBuffer) GetAccountWithBackpressure(ctx context.Context, accountID string) (*types.Account, error)

type AccountResult added in v0.28.8 

type AccountResult struct {
	Account *types.Account
	Err     error
}

AccountResult holds the account data or an error.

type DNSConfigCache added in v0.28.8 

type DNSConfigCache struct {
	CustomZones      sync.Map
	NameServerGroups sync.Map
}

DNSConfigCache is a thread-safe cache for DNS configuration components

func (*DNSConfigCache) GetCustomZone added in v0.28.8 

func (c *DNSConfigCache) GetCustomZone(key string) (*proto.CustomZone, bool)

GetCustomZone retrieves a cached custom zone

func (*DNSConfigCache) GetNameServerGroup added in v0.28.8 

func (c *DNSConfigCache) GetNameServerGroup(key string) (*proto.NameServerGroup, bool)

GetNameServerGroup retrieves a cached name server group

func (*DNSConfigCache) SetCustomZone added in v0.28.8 

func (c *DNSConfigCache) SetCustomZone(key string, value *proto.CustomZone)

SetCustomZone stores a custom zone in the cache

func (*DNSConfigCache) SetNameServerGroup added in v0.28.8 

func (c *DNSConfigCache) SetNameServerGroup(key string, value *proto.NameServerGroup)

SetNameServerGroup stores a name server group in the cache

type DefaultAccountManager 

type DefaultAccountManager struct {
	Store store.Store
	// contains filtered or unexported fields
}

func BuildManager 

func BuildManager(
	ctx context.Context,
	store store.Store,
	peersUpdateManager *PeersUpdateManager,
	idpManager idp.Manager,
	singleAccountModeDomain string,
	dnsDomain string,
	eventStore activity.Store,
	geo geolocation.Geolocation,
	userDeleteFromIDPEnabled bool,
	integratedPeerValidator integrated_validator.IntegratedValidator,
	metrics telemetry.AppMetrics,
	proxyController port_forwarding.Controller,
	settingsManager settings.Manager,
	permissionsManager permissions.Manager,
	disableDefaultPolicy bool,
) (*DefaultAccountManager, error)

BuildManager creates a new DefaultAccountManager with a provided Store

func (*DefaultAccountManager) AccountExists 

func (am *DefaultAccountManager) AccountExists(ctx context.Context, accountID string) (bool, error)

AccountExists checks if an account exists.

func (*DefaultAccountManager) AddPeer 

func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

AddPeer adds a new peer to the Store. Each Account has a list of pre-authorized SetupKey and if no Account has a given key err with a code status.PermissionDenied will be returned, meaning the setup key is invalid or not found. If a User ID is provided, it means that we passed the authentication using JWT, then we look for account by User ID and register the peer to it. We also add the User ID to the peer metadata to identify registrant. If no userID provided, then fail with status.PermissionDenied Each new Peer will be assigned a new next net.IP from the Account.Network and Account.Network.LastIP will be updated (IP's are not reused). The peer property is just a placeholder for the Peer properties to pass further

func (*DefaultAccountManager) BufferUpdateAccountPeers added in v0.41.0 

func (am *DefaultAccountManager) BufferUpdateAccountPeers(ctx context.Context, accountID string)

func (*DefaultAccountManager) BuildUserInfosForAccount added in v0.37.0 

func (am *DefaultAccountManager) BuildUserInfosForAccount(ctx context.Context, accountID, _ string, accountUsers []*types.User) (map[string]*types.UserInfo, error)

BuildUserInfosForAccount builds user info for the given account.

func (*DefaultAccountManager) CheckGroupPermissions added in v0.30.0 

func (am *DefaultAccountManager) CheckGroupPermissions(ctx context.Context, accountID, userID string) error

CheckGroupPermissions validates if a user has the necessary permissions to view groups

func (*DefaultAccountManager) CreateGroup added in v0.53.0 

func (am *DefaultAccountManager) CreateGroup(ctx context.Context, accountID, userID string, newGroup *types.Group) error

CreateGroup object of the peers

func (*DefaultAccountManager) CreateGroups added in v0.53.0 

func (am *DefaultAccountManager) CreateGroups(ctx context.Context, accountID, userID string, groups []*types.Group) error

CreateGroups adds new groups to the account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method. This method will not create group peer membership relations. Use AddPeerToGroup or RemovePeerFromGroup methods for that.

func (*DefaultAccountManager) CreateNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, primary bool, domains []string, enabled bool, userID string, searchDomainEnabled bool) (*nbdns.NameServerGroup, error)

CreateNameServerGroup creates and saves a new nameserver group

func (*DefaultAccountManager) CreatePAT added in v0.14.6 

func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*types.PersonalAccessTokenGenerated, error)

CreatePAT creates a new PAT for the given user

func (*DefaultAccountManager) CreateRoute added in v0.8.9 

func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroupIDs []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroupIDs []string, enabled bool, userID string, keepRoute bool) (*route.Route, error)

CreateRoute creates and saves a new route

func (*DefaultAccountManager) CreateSetupKey added in v0.9.2 

func (am *DefaultAccountManager) CreateSetupKey(ctx context.Context, accountID string, keyName string, keyType types.SetupKeyType,
	expiresIn time.Duration, autoGroups []string, usageLimit int, userID string, ephemeral bool, allowExtraDNSLabels bool) (*types.SetupKey, error)

CreateSetupKey generates a new setup key with a given name, type, list of groups IDs to auto-assign to peers registered with this key, and adds it to the specified account. A list of autoGroups IDs can be empty.

func (*DefaultAccountManager) CreateUser added in v0.9.8 

func (am *DefaultAccountManager) CreateUser(ctx context.Context, accountID, userID string, user *types.UserInfo) (*types.UserInfo, error)

CreateUser creates a new user under the given account. Effectively this is a user invite.

func (*DefaultAccountManager) DeleteAccount added in v0.24.4 

func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, userID string) error

DeleteAccount deletes an account and all its users from local store and from the remote IDP if the requester is an admin and account owner

func (*DefaultAccountManager) DeleteGroup 

func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountID, userID, groupID string) error

DeleteGroup object of the peers.

func (*DefaultAccountManager) DeleteGroups added in v0.28.8 

func (am *DefaultAccountManager) DeleteGroups(ctx context.Context, accountID, userID string, groupIDs []string) error

DeleteGroups deletes groups from an account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

If an error occurs while deleting a group, the function skips it and continues deleting other groups. Errors are collected and returned at the end.

func (*DefaultAccountManager) DeleteNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, accountID, nsGroupID, userID string) error

DeleteNameServerGroup deletes nameserver group with nsGroupID

func (*DefaultAccountManager) DeletePAT added in v0.14.5 

func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) error

DeletePAT deletes a specific PAT from a user

func (*DefaultAccountManager) DeletePeer 

func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peerID, userID string) error

DeletePeer removes peer from the account by its IP

func (*DefaultAccountManager) DeletePolicy added in v0.14.5 

func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, policyID, userID string) error

DeletePolicy from the store

func (*DefaultAccountManager) DeletePostureChecks added in v0.26.0 

func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error

DeletePostureChecks deletes a posture check by ID.

func (*DefaultAccountManager) DeleteRegularUsers added in v0.28.8 

func (am *DefaultAccountManager) DeleteRegularUsers(ctx context.Context, accountID, initiatorUserID string, targetUserIDs []string, userInfos map[string]*types.UserInfo) error

DeleteRegularUsers deletes regular users from an account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

If an error occurs while deleting the user, the function skips it and continues deleting other users. Errors are collected and returned at the end.

func (*DefaultAccountManager) DeleteRoute added in v0.8.9 

func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID string, routeID route.ID, userID string) error

DeleteRoute deletes route with routeID

func (*DefaultAccountManager) DeleteSetupKey added in v0.31.0 

func (am *DefaultAccountManager) DeleteSetupKey(ctx context.Context, accountID, userID, keyID string) error

DeleteSetupKey removes the setup key from the account

func (*DefaultAccountManager) DeleteUser added in v0.17.0 

func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, initiatorUserID, targetUserID string) error

DeleteUser deletes a user from the given account.

func (*DefaultAccountManager) FindExistingPostureCheck added in v0.28.0 

func (am *DefaultAccountManager) FindExistingPostureCheck(accountID string, checks *posture.ChecksDefinition) (*posture.Checks, error)

func (*DefaultAccountManager) GetAccount added in v0.30.0 

func (am *DefaultAccountManager) GetAccount(ctx context.Context, accountID string) (*types.Account, error)

GetAccount returns an account associated with this account ID.

func (*DefaultAccountManager) GetAccountByID added in v0.30.0 

func (am *DefaultAccountManager) GetAccountByID(ctx context.Context, accountID string, userID string) (*types.Account, error)

GetAccountByID returns an account associated with this account ID.

func (*DefaultAccountManager) GetAccountIDByUserID added in v0.30.0 

func (am *DefaultAccountManager) GetAccountIDByUserID(ctx context.Context, userID, domain string) (string, error)

GetAccountIDByUserID retrieves the account ID based on the userID provided. If user does have an account, it returns the user's account ID. If the user doesn't have an account, it creates one using the provided domain. Returns the account ID or an error if none is found or created.

func (*DefaultAccountManager) GetAccountIDForPeerKey added in v0.28.4 

func (am *DefaultAccountManager) GetAccountIDForPeerKey(ctx context.Context, peerKey string) (string, error)

func (*DefaultAccountManager) GetAccountIDFromUserAuth added in v0.37.0 

func (am *DefaultAccountManager) GetAccountIDFromUserAuth(ctx context.Context, userAuth nbcontext.UserAuth) (string, string, error)

func (*DefaultAccountManager) GetAccountMeta added in v0.42.0 

func (am *DefaultAccountManager) GetAccountMeta(ctx context.Context, accountID string, userID string) (*types.AccountMeta, error)

GetAccountMeta returns the account metadata associated with this account ID.

func (*DefaultAccountManager) GetAccountOnboarding added in v0.50.0 

func (am *DefaultAccountManager) GetAccountOnboarding(ctx context.Context, accountID string, userID string) (*types.AccountOnboarding, error)

GetAccountOnboarding retrieves the onboarding information for a specific account.

func (*DefaultAccountManager) GetAccountSettings added in v0.30.0 

func (am *DefaultAccountManager) GetAccountSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error)

func (*DefaultAccountManager) GetAllConnectedPeers added in v0.23.9 

func (am *DefaultAccountManager) GetAllConnectedPeers() (map[string]struct{}, error)

GetAllConnectedPeers returns connected peers based on peersUpdateManager.GetAllConnectedPeers()

func (*DefaultAccountManager) GetAllGroups added in v0.26.4 

func (am *DefaultAccountManager) GetAllGroups(ctx context.Context, accountID, userID string) ([]*types.Group, error)

GetAllGroups returns all groups in an account

func (*DefaultAccountManager) GetAllPATs added in v0.14.6 

func (am *DefaultAccountManager) GetAllPATs(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) ([]*types.PersonalAccessToken, error)

GetAllPATs returns all PATs for a user

func (*DefaultAccountManager) GetCurrentUserInfo added in v0.41.1 

func (am *DefaultAccountManager) GetCurrentUserInfo(ctx context.Context, userAuth nbcontext.UserAuth) (*users.UserInfoWithPermissions, error)

GetCurrentUserInfo retrieves the account's current user info and permissions

func (*DefaultAccountManager) GetDNSDomain added in v0.10.10 

func (am *DefaultAccountManager) GetDNSDomain(settings *types.Settings) string

GetDNSDomain returns the configured dnsDomain

func (*DefaultAccountManager) GetDNSSettings added in v0.12.0 

func (am *DefaultAccountManager) GetDNSSettings(ctx context.Context, accountID string, userID string) (*types.DNSSettings, error)

GetDNSSettings validates a user role and returns the DNS settings for the provided account ID

func (*DefaultAccountManager) GetEvents added in v0.12.0 

func (am *DefaultAccountManager) GetEvents(ctx context.Context, accountID, userID string) ([]*activity.Event, error)

GetEvents returns a list of activity events of an account

func (*DefaultAccountManager) GetExternalCacheManager added in v0.24.3 

func (am *DefaultAccountManager) GetExternalCacheManager() account.ExternalCacheManager

func (*DefaultAccountManager) GetGroup 

func (am *DefaultAccountManager) GetGroup(ctx context.Context, accountID, groupID, userID string) (*types.Group, error)

GetGroup returns a specific group by groupID in an account

func (*DefaultAccountManager) GetGroupByName added in v0.25.5 

func (am *DefaultAccountManager) GetGroupByName(ctx context.Context, groupName, accountID string) (*types.Group, error)

GetGroupByName filters all groups in an account by name and returns the one with the most peers

func (*DefaultAccountManager) GetIdpManager added in v0.26.3 

func (am *DefaultAccountManager) GetIdpManager() idp.Manager

func (*DefaultAccountManager) GetNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) GetNameServerGroup(ctx context.Context, accountID, userID, nsGroupID string) (*nbdns.NameServerGroup, error)

GetNameServerGroup gets a nameserver group object from account and nameserver group IDs

func (*DefaultAccountManager) GetNetworkMap 

func (am *DefaultAccountManager) GetNetworkMap(ctx context.Context, peerID string) (*types.NetworkMap, error)

GetNetworkMap returns Network map for a given peer (omits original peer from the Peers result)

func (*DefaultAccountManager) GetOrCreateAccountByPrivateDomain added in v0.46.0 

func (am *DefaultAccountManager) GetOrCreateAccountByPrivateDomain(ctx context.Context, initiatorId, domain string) (*types.Account, bool, error)

func (*DefaultAccountManager) GetOrCreateAccountByUser 

func (am *DefaultAccountManager) GetOrCreateAccountByUser(ctx context.Context, userID, domain string) (*types.Account, error)

GetOrCreateAccountByUser returns an existing account for a given user id or creates a new one if doesn't exist

func (*DefaultAccountManager) GetOwnerInfo added in v0.40.0 

func (am *DefaultAccountManager) GetOwnerInfo(ctx context.Context, accountID string) (*types.UserInfo, error)

GetOwnerInfo retrieves the owner information for a given account ID.

func (*DefaultAccountManager) GetPAT added in v0.14.6 

func (am *DefaultAccountManager) GetPAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) (*types.PersonalAccessToken, error)

GetPAT returns a specific PAT from a user

func (*DefaultAccountManager) GetPeer 

func (am *DefaultAccountManager) GetPeer(ctx context.Context, accountID, peerID, userID string) (*nbpeer.Peer, error)

GetPeer for a given accountID, peerID and userID error if not found.

func (*DefaultAccountManager) GetPeerGroups added in v0.36.4 

func (am *DefaultAccountManager) GetPeerGroups(ctx context.Context, accountID, peerID string) ([]*types.Group, error)

GetPeerGroups returns groups that the peer is part of.

func (*DefaultAccountManager) GetPeerNetwork added in v0.8.0 

func (am *DefaultAccountManager) GetPeerNetwork(ctx context.Context, peerID string) (*types.Network, error)

GetPeerNetwork returns the Network for a given peer

func (*DefaultAccountManager) GetPeers added in v0.10.5 

func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID, nameFilter, ipFilter string) ([]*nbpeer.Peer, error)

GetPeers returns a list of peers under the given account filtering out peers that do not belong to a user if the current user is not an admin.

func (*DefaultAccountManager) GetPolicy added in v0.14.5 

func (am *DefaultAccountManager) GetPolicy(ctx context.Context, accountID, policyID, userID string) (*types.Policy, error)

GetPolicy from the store

func (*DefaultAccountManager) GetPostureChecks added in v0.26.0 

func (am *DefaultAccountManager) GetPostureChecks(ctx context.Context, accountID, postureChecksID, userID string) (*posture.Checks, error)

func (*DefaultAccountManager) GetRoute added in v0.8.9 

func (am *DefaultAccountManager) GetRoute(ctx context.Context, accountID string, routeID route.ID, userID string) (*route.Route, error)

GetRoute gets a route object from account and route IDs

func (*DefaultAccountManager) GetSetupKey added in v0.9.2 

func (am *DefaultAccountManager) GetSetupKey(ctx context.Context, accountID, userID, keyID string) (*types.SetupKey, error)

GetSetupKey looks up a SetupKey by KeyID, returns NotFound error if not found.

func (*DefaultAccountManager) GetStore added in v0.39.0 

func (am *DefaultAccountManager) GetStore() store.Store

func (*DefaultAccountManager) GetUserByID added in v0.30.0 

func (am *DefaultAccountManager) GetUserByID(ctx context.Context, id string) (*types.User, error)

func (*DefaultAccountManager) GetUserFromUserAuth added in v0.37.0 

func (am *DefaultAccountManager) GetUserFromUserAuth(ctx context.Context, userAuth nbContext.UserAuth) (*types.User, error)

GetUser looks up a user by provided nbContext.UserAuths. Expects account to have been created already.

func (*DefaultAccountManager) GetUsersFromAccount 

func (am *DefaultAccountManager) GetUsersFromAccount(ctx context.Context, accountID, initiatorUserID string) (map[string]*types.UserInfo, error)

GetUsersFromAccount performs a batched request for users from IDP by account ID apply filter on what data to return based on provided user role.

func (*DefaultAccountManager) GetValidatedPeers added in v0.26.5 

func (am *DefaultAccountManager) GetValidatedPeers(ctx context.Context, accountID string) (map[string]struct{}, error)

func (*DefaultAccountManager) GroupAddPeer 

func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, groupID, peerID string) error

GroupAddPeer appends peer to the group

func (*DefaultAccountManager) GroupAddResource added in v0.35.0 

func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID, groupID string, resource types.Resource) error

GroupAddResource appends resource to the group

func (*DefaultAccountManager) GroupDeletePeer 

func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, groupID, peerID string) error

GroupDeletePeer removes peer from the group

func (*DefaultAccountManager) GroupDeleteResource added in v0.35.0 

func (am *DefaultAccountManager) GroupDeleteResource(ctx context.Context, accountID, groupID string, resource types.Resource) error

GroupDeleteResource removes resource from the group

func (*DefaultAccountManager) GroupValidation added in v0.26.5 

func (am *DefaultAccountManager) GroupValidation(ctx context.Context, accountID string, groupIDs []string) (bool, error)

func (*DefaultAccountManager) HasConnectedChannel added in v0.24.4 

func (am *DefaultAccountManager) HasConnectedChannel(peerID string) bool

HasConnectedChannel returns true if peers has channel in update manager, otherwise false

func (*DefaultAccountManager) InviteUser added in v0.21.9 

func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error

InviteUser resend invitations to users who haven't activated their accounts prior to the expiration period.

func (*DefaultAccountManager) ListNameServerGroups added in v0.9.8 

func (am *DefaultAccountManager) ListNameServerGroups(ctx context.Context, accountID string, userID string) ([]*nbdns.NameServerGroup, error)

ListNameServerGroups returns a list of nameserver groups from account

func (*DefaultAccountManager) ListPolicies added in v0.14.5 

func (am *DefaultAccountManager) ListPolicies(ctx context.Context, accountID, userID string) ([]*types.Policy, error)

ListPolicies from the store.

func (*DefaultAccountManager) ListPostureChecks added in v0.26.0 

func (am *DefaultAccountManager) ListPostureChecks(ctx context.Context, accountID, userID string) ([]*posture.Checks, error)

ListPostureChecks returns a list of posture checks.

func (*DefaultAccountManager) ListRoutes added in v0.8.9 

func (am *DefaultAccountManager) ListRoutes(ctx context.Context, accountID, userID string) ([]*route.Route, error)

ListRoutes returns a list of routes from account

func (*DefaultAccountManager) ListSetupKeys added in v0.9.2 

func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, userID string) ([]*types.SetupKey, error)

ListSetupKeys returns a list of all setup keys of the account

func (*DefaultAccountManager) ListUsers added in v0.24.3 

func (am *DefaultAccountManager) ListUsers(ctx context.Context, accountID string) ([]*types.User, error)

ListUsers returns lists of all users under the account. It doesn't populate user information such as email or name.

func (*DefaultAccountManager) LoginPeer added in v0.14.3 

func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.PeerLogin) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

LoginPeer logs in or registers a peer. If peer doesn't exist the function checks whether a setup key or a user is present and registers a new peer if so.

func (*DefaultAccountManager) MarkPeerConnected 

func (am *DefaultAccountManager) MarkPeerConnected(ctx context.Context, peerPubKey string, connected bool, realIP net.IP, accountID string) error

MarkPeerConnected marks peer as connected (true) or disconnected (false)

func (*DefaultAccountManager) OnPeerDisconnected added in v0.28.7 

func (am *DefaultAccountManager) OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error

func (*DefaultAccountManager) SaveDNSSettings added in v0.12.0 

func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID string, userID string, dnsSettingsToSave *types.DNSSettings) error

SaveDNSSettings validates a user role and updates the account's DNS settings

func (*DefaultAccountManager) SaveNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accountID, userID string, nsGroupToSave *nbdns.NameServerGroup) error

SaveNameServerGroup saves nameserver group

func (*DefaultAccountManager) SaveOrAddUser added in v0.24.3 

func (am *DefaultAccountManager) SaveOrAddUser(ctx context.Context, accountID, initiatorUserID string, update *types.User, addIfNotExists bool) (*types.UserInfo, error)

SaveOrAddUser updates the given user. If addIfNotExists is set to true it will add user when no exist Only User.AutoGroups, User.Role, and User.Blocked fields are allowed to be updated for now.

func (*DefaultAccountManager) SaveOrAddUsers added in v0.28.5 

func (am *DefaultAccountManager) SaveOrAddUsers(ctx context.Context, accountID, initiatorUserID string, updates []*types.User, addIfNotExists bool) ([]*types.UserInfo, error)

SaveOrAddUsers updates existing users or adds new users to the account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

func (*DefaultAccountManager) SavePolicy added in v0.14.5 

func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, userID string, policy *types.Policy, create bool) (*types.Policy, error)

SavePolicy in the store

func (*DefaultAccountManager) SavePostureChecks added in v0.26.0 

func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountID, userID string, postureChecks *posture.Checks, create bool) (*posture.Checks, error)

SavePostureChecks saves a posture check.

func (*DefaultAccountManager) SaveRoute added in v0.8.9 

func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userID string, routeToSave *route.Route) error

SaveRoute saves route

func (*DefaultAccountManager) SaveSetupKey added in v0.9.2 

func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID string, keyToSave *types.SetupKey, userID string) (*types.SetupKey, error)

SaveSetupKey saves the provided SetupKey to the database overriding the existing one. Due to the unique nature of a SetupKey certain properties must not be overwritten (e.g. the key itself, creation date, ID, etc). These properties are overwritten: AutoGroups, Revoked (only from false to true), and the UpdatedAt. The rest is copied from the existing key.

func (*DefaultAccountManager) SaveUser added in v0.9.4 

func (am *DefaultAccountManager) SaveUser(ctx context.Context, accountID, initiatorUserID string, update *types.User) (*types.UserInfo, error)

SaveUser saves updates to the given user. If the user doesn't exist, it will throw status.NotFound error.

func (*DefaultAccountManager) StoreEvent added in v0.24.3 

func (am *DefaultAccountManager) StoreEvent(ctx context.Context, initiatorID, targetID, accountID string, activityID activity.ActivityDescriber, meta map[string]any)

func (*DefaultAccountManager) SyncAndMarkPeer added in v0.27.5 

func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID string, peerPubKey string, meta nbpeer.PeerSystemMeta, realIP net.IP) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

func (*DefaultAccountManager) SyncPeer added in v0.14.3 

func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync types.PeerSync, accountID string) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

SyncPeer checks whether peer is eligible for receiving NetworkMap (authenticated) and returns its NetworkMap if eligible

func (*DefaultAccountManager) SyncPeerMeta added in v0.28.0 

func (am *DefaultAccountManager) SyncPeerMeta(ctx context.Context, peerPubKey string, meta nbpeer.PeerSystemMeta) error

func (*DefaultAccountManager) SyncUserJWTGroups added in v0.37.0 

func (am *DefaultAccountManager) SyncUserJWTGroups(ctx context.Context, userAuth nbcontext.UserAuth) error

syncJWTGroups processes the JWT groups for a user, updates the account based on the groups, and propagates changes to peers if group propagation is enabled. requires userAuth to have been ValidateAndParseToken and EnsureUserAccessByJWTGroups by the AuthManager

func (*DefaultAccountManager) UpdateAccountOnboarding added in v0.50.0 

func (am *DefaultAccountManager) UpdateAccountOnboarding(ctx context.Context, accountID, userID string, newOnboarding *types.AccountOnboarding) (*types.AccountOnboarding, error)

func (*DefaultAccountManager) UpdateAccountPeer added in v0.36.0 

func (am *DefaultAccountManager) UpdateAccountPeer(ctx context.Context, accountId string, peerId string)

UpdateAccountPeer updates a single peer that belongs to an account. Should be called when changes need to be synced to a specific peer only.

func (*DefaultAccountManager) UpdateAccountPeers added in v0.35.0 

func (am *DefaultAccountManager) UpdateAccountPeers(ctx context.Context, accountID string)

UpdateAccountPeers updates all peers that belong to an account. Should be called when changes have to be synced to peers.

func (*DefaultAccountManager) UpdateAccountSettings added in v0.14.0 

func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *types.Settings) (*types.Settings, error)

UpdateAccountSettings updates Account settings. Only users with role UserRoleAdmin can update the account. User that performs the update has to belong to the account. Returns an updated Settings

func (*DefaultAccountManager) UpdateGroup added in v0.7.0 

func (am *DefaultAccountManager) UpdateGroup(ctx context.Context, accountID, userID string, newGroup *types.Group) error

UpdateGroup object of the peers

func (*DefaultAccountManager) UpdateGroups added in v0.53.0 

func (am *DefaultAccountManager) UpdateGroups(ctx context.Context, accountID, userID string, groups []*types.Group) error

UpdateGroups updates groups in the account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method. This method will not create group peer membership relations. Use AddPeerToGroup or RemovePeerFromGroup methods for that.

func (*DefaultAccountManager) UpdateIntegratedValidator added in v0.52.0 

func (am *DefaultAccountManager) UpdateIntegratedValidator(ctx context.Context, accountID, userID, validator string, groups []string) error

UpdateIntegratedValidator updates the integrated validator groups for a specified account. It retrieves the account associated with the provided userID, then updates the integrated validator groups with the provided list of group ids. The updated account is then saved.

Parameters:

  • accountID: The ID of the account for which integrated validator groups are to be updated.
  • userID: The ID of the user whose account is being updated.
  • validator: The validator type to use, or empty to remove.
  • groups: A slice of strings representing the ids of integrated validator groups to be updated.

Returns:

  • error: An error if any occurred during the process, otherwise returns nil

func (*DefaultAccountManager) UpdatePeer added in v0.8.0 

func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error)

UpdatePeer updates peer. Only Peer.Name, Peer.SSHEnabled, Peer.LoginExpirationEnabled and Peer.InactivityExpirationEnabled can be updated.

func (*DefaultAccountManager) UpdatePeerIP added in v0.53.0 

func (am *DefaultAccountManager) UpdatePeerIP(ctx context.Context, accountID, userID, peerID string, newIP netip.Addr) error

func (*DefaultAccountManager) UpdateToPrimaryAccount added in v0.40.0 

func (am *DefaultAccountManager) UpdateToPrimaryAccount(ctx context.Context, accountId string) (*types.Account, error)

type DefaultScheduler added in v0.14.2 

type DefaultScheduler struct {
	// contains filtered or unexported fields
}

DefaultScheduler is a generic structure that allows to schedule jobs (functions) to run in the future and cancel them.

func NewDefaultScheduler added in v0.14.2 

func NewDefaultScheduler() *DefaultScheduler

NewDefaultScheduler creates an instance of a DefaultScheduler

func (*DefaultScheduler) Cancel added in v0.14.2 

func (wm *DefaultScheduler) Cancel(ctx context.Context, IDs []string)

Cancel cancels the scheduled job by ID if present. If job wasn't found the function returns false.

func (*DefaultScheduler) CancelAll added in v0.52.0 

func (wm *DefaultScheduler) CancelAll(ctx context.Context)

func (*DefaultScheduler) IsSchedulerRunning added in v0.47.2 

func (wm *DefaultScheduler) IsSchedulerRunning(ID string) bool

IsSchedulerRunning checks if a job with the provided ID is scheduled to run

func (*DefaultScheduler) Schedule added in v0.14.2 

func (wm *DefaultScheduler) Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))

Schedule a job to run in some time in the future. If job returns true then it will be scheduled one more time. If job with the provided ID already exists, a new one won't be scheduled.

type EphemeralManager added in v0.23.0 

type EphemeralManager struct {
	// contains filtered or unexported fields
}

EphemeralManager keep a list of ephemeral peers. After ephemeralLifeTime inactivity the peer will be deleted automatically. Inactivity means the peer disconnected from the Management server.

func NewEphemeralManager added in v0.23.0 

func NewEphemeralManager(store store.Store, accountManager nbAccount.Manager) *EphemeralManager

NewEphemeralManager instantiate new EphemeralManager

func (*EphemeralManager) LoadInitialPeers added in v0.23.0 

func (e *EphemeralManager) LoadInitialPeers(ctx context.Context)

LoadInitialPeers load from the database the ephemeral type of peers and schedule a cleanup procedure to the head of the linked list (to the most deprecated peer). At the end of cleanup it schedules the next cleanup to the new head.

func (*EphemeralManager) OnPeerConnected added in v0.23.0 

func (e *EphemeralManager) OnPeerConnected(ctx context.Context, peer *nbpeer.Peer)

OnPeerConnected remove the peer from the linked list of ephemeral peers. Because it has been called when the peer is active the manager will not delete it while it is active.

func (*EphemeralManager) OnPeerDisconnected added in v0.23.0 

func (e *EphemeralManager) OnPeerDisconnected(ctx context.Context, peer *nbpeer.Peer)

OnPeerDisconnected add the peer to the linked list of ephemeral peers. Because of the peer is inactive it will be deleted after the ephemeralLifeTime period.

func (*EphemeralManager) Stop added in v0.23.0 

func (e *EphemeralManager) Stop()

Stop timer

type GRPCServer added in v0.8.5 

type GRPCServer struct {
	proto.UnimplementedManagementServiceServer
	// contains filtered or unexported fields
}

GRPCServer an instance of a Management gRPC API server

func NewServer 

func NewServer(
	ctx context.Context,
	config *types.Config,
	accountManager account.Manager,
	settingsManager settings.Manager,
	peersUpdateManager *PeersUpdateManager,
	secretsManager SecretsManager,
	appMetrics telemetry.AppMetrics,
	ephemeralManager *EphemeralManager,
	authManager auth.Manager,
	integratedPeerValidator integrated_validator.IntegratedValidator,
) (*GRPCServer, error)

NewServer creates a new Management server

func (*GRPCServer) GetDeviceAuthorizationFlow added in v0.8.5 

func (s *GRPCServer) GetDeviceAuthorizationFlow(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

GetDeviceAuthorizationFlow returns a device authorization flow information This is used for initiating an Oauth 2 device authorization grant flow which will be used by our clients to Login

func (*GRPCServer) GetPKCEAuthorizationFlow added in v0.22.0 

func (s *GRPCServer) GetPKCEAuthorizationFlow(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

GetPKCEAuthorizationFlow returns a pkce authorization flow information This is used for initiating an Oauth 2 pkce authorization grant flow which will be used by our clients to Login

func (*GRPCServer) GetServerKey added in v0.8.5 

func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto.ServerKeyResponse, error)

func (*GRPCServer) IsHealthy added in v0.8.5 

func (s *GRPCServer) IsHealthy(ctx context.Context, req *proto.Empty) (*proto.Empty, error)

IsHealthy indicates whether the service is healthy

func (*GRPCServer) Login added in v0.8.5 

func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

Login endpoint first checks whether peer is registered under any account In case it is, the login is successful In case it isn't, the endpoint checks whether setup key is provided within the request and tries to register a peer. In case of the successful registration login is also successful

func (*GRPCServer) Logout added in v0.53.0 

func (s *GRPCServer) Logout(ctx context.Context, req *proto.EncryptedMessage) (*proto.Empty, error)

func (*GRPCServer) Sync added in v0.8.5 

func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_SyncServer) error

Sync validates the existence of a connecting peer, sends an initial state (all available for the connecting peers) and notifies the connected peer of any updates (e.g. new peers under the same account)

func (*GRPCServer) SyncMeta added in v0.28.0 

func (s *GRPCServer) SyncMeta(ctx context.Context, req *proto.EncryptedMessage) (*proto.Empty, error)

SyncMeta endpoint is used to synchronize peer's system metadata and notifies the connected, peer's under the same account of any updates.

type GroupLinkError added in v0.21.9 

type GroupLinkError struct {
	Resource string
	Name     string
}

func (*GroupLinkError) Error added in v0.21.9 

func (e *GroupLinkError) Error() string

type MockIntegratedValidator added in v0.51.2 

type MockIntegratedValidator struct {
	integrated_validator.IntegratedValidator
	ValidatePeerFunc func(_ context.Context, update *nbpeer.Peer, peer *nbpeer.Peer, userID string, accountID string, dnsDomain string, peersGroup []string, extraSettings *types.ExtraSettings) (*nbpeer.Peer, bool, error)
}

func (MockIntegratedValidator) GetValidatedPeers added in v0.51.2 

func (a MockIntegratedValidator) GetValidatedPeers(_ context.Context, accountID string, groups []*types.Group, peers []*nbpeer.Peer, extraSettings *types.ExtraSettings) (map[string]struct{}, error)

func (MockIntegratedValidator) IsNotValidPeer added in v0.51.2 

func (MockIntegratedValidator) IsNotValidPeer(_ context.Context, accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *types.ExtraSettings) (bool, bool, error)

func (MockIntegratedValidator) PeerDeleted added in v0.51.2 

func (MockIntegratedValidator) PeerDeleted(_ context.Context, _, _ string, extraSettings *types.ExtraSettings) error

func (MockIntegratedValidator) PreparePeer added in v0.51.2 

func (MockIntegratedValidator) PreparePeer(_ context.Context, accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *types.ExtraSettings) *nbpeer.Peer

func (MockIntegratedValidator) SetPeerInvalidationListener added in v0.51.2 

func (MockIntegratedValidator) SetPeerInvalidationListener(func(accountID string, peerIDs []string))

func (MockIntegratedValidator) Stop added in v0.51.2 

func (MockIntegratedValidator) Stop(_ context.Context)

func (MockIntegratedValidator) ValidateExtraSettings added in v0.51.2 

func (a MockIntegratedValidator) ValidateExtraSettings(_ context.Context, newExtraSettings *types.ExtraSettings, oldExtraSettings *types.ExtraSettings, peers map[string]*nbpeer.Peer, userID string, accountID string) error

func (MockIntegratedValidator) ValidatePeer added in v0.51.2 

func (a MockIntegratedValidator) ValidatePeer(_ context.Context, update *nbpeer.Peer, peer *nbpeer.Peer, userID string, accountID string, dnsDomain string, peersGroup []string, extraSettings *types.ExtraSettings) (*nbpeer.Peer, bool, error)

type MockScheduler added in v0.14.2 

type MockScheduler struct {
	CancelFunc             func(ctx context.Context, IDs []string)
	CancelAllFunc          func(ctx context.Context)
	ScheduleFunc           func(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
	IsSchedulerRunningFunc func(ID string) bool
}

MockScheduler is a mock implementation of Scheduler

func (*MockScheduler) Cancel added in v0.14.2 

func (mock *MockScheduler) Cancel(ctx context.Context, IDs []string)

Cancel mocks the Cancel function of the Scheduler interface

func (*MockScheduler) CancelAll added in v0.52.0 

func (mock *MockScheduler) CancelAll(ctx context.Context)

CancelAll mocks the CancelAll function of the Scheduler interface

func (*MockScheduler) IsSchedulerRunning added in v0.47.2 

func (mock *MockScheduler) IsSchedulerRunning(ID string) bool

func (*MockScheduler) Schedule added in v0.14.2 

func (mock *MockScheduler) Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))

Schedule mocks the Schedule function of the Scheduler interface

type PeersUpdateManager 

type PeersUpdateManager struct {
	// contains filtered or unexported fields
}

func NewPeersUpdateManager 

func NewPeersUpdateManager(metrics telemetry.AppMetrics) *PeersUpdateManager

NewPeersUpdateManager returns a new instance of PeersUpdateManager

func (*PeersUpdateManager) CloseChannel 

func (p *PeersUpdateManager) CloseChannel(ctx context.Context, peerID string)

CloseChannel closes updates channel of a given peer

func (*PeersUpdateManager) CloseChannels added in v0.14.2 

func (p *PeersUpdateManager) CloseChannels(ctx context.Context, peerIDs []string)

CloseChannels closes updates channel for each given peer

func (*PeersUpdateManager) CreateChannel 

func (p *PeersUpdateManager) CreateChannel(ctx context.Context, peerID string) chan *UpdateMessage

CreateChannel creates a go channel for a given peer used to deliver updates relevant to the peer.

func (*PeersUpdateManager) GetAllConnectedPeers added in v0.10.0 

func (p *PeersUpdateManager) GetAllConnectedPeers() map[string]struct{}

GetAllConnectedPeers returns a copy of the connected peers map

func (*PeersUpdateManager) HasChannel added in v0.24.4 

func (p *PeersUpdateManager) HasChannel(peerID string) bool

HasChannel returns true if peers has channel in update manager, otherwise false

func (*PeersUpdateManager) SendUpdate 

func (p *PeersUpdateManager) SendUpdate(ctx context.Context, peerID string, update *UpdateMessage)

SendUpdate sends update message to the peer's channel

type Resource added in v0.35.0 

type Resource struct {
	Type ResourceType
	ID   string
}

type ResourceType added in v0.35.0 

type ResourceType string

func (ResourceType) String added in v0.35.0 

func (p ResourceType) String() string

type Scheduler added in v0.14.2 

type Scheduler interface {
	Cancel(ctx context.Context, IDs []string)
	CancelAll(ctx context.Context)
	Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
	IsSchedulerRunning(ID string) bool
}

Scheduler is an interface which implementations can schedule and cancel jobs

type SecretsManager added in v0.29.0 

type SecretsManager interface {
	GenerateTurnToken() (*Token, error)
	GenerateRelayToken() (*Token, error)
	SetupRefresh(ctx context.Context, accountID, peerKey string)
	CancelRefresh(peerKey string)
}

SecretsManager used to manage TURN and relay secrets

type SetupKeyUpdateOperation added in v0.9.2 

type SetupKeyUpdateOperation struct {
	Type   SetupKeyUpdateOperationType
	Values []string
}

SetupKeyUpdateOperation operation object with type and values to be applied

type SetupKeyUpdateOperationType added in v0.9.2 

type SetupKeyUpdateOperationType int

SetupKeyUpdateOperationType operation type 

const (
	// UpdateSetupKeyName indicates a setup key name update operation
	UpdateSetupKeyName SetupKeyUpdateOperationType = iota
	// UpdateSetupKeyRevoked indicates a setup key revoked filed update operation
	UpdateSetupKeyRevoked
	// UpdateSetupKeyAutoGroups indicates a setup key auto-assign groups update operation
	UpdateSetupKeyAutoGroups
	// UpdateSetupKeyExpiresAt indicates a setup key expiration time update operation
	UpdateSetupKeyExpiresAt
)

func (SetupKeyUpdateOperationType) String added in v0.9.2 

func (t SetupKeyUpdateOperationType) String() string

type TimeBasedAuthSecretsManager 

type TimeBasedAuthSecretsManager struct {
	// contains filtered or unexported fields
}

TimeBasedAuthSecretsManager generates credentials with TTL and using pre-shared secret known to TURN server

func NewTimeBasedAuthSecretsManager 

func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *types.TURNConfig, relayCfg *types.Relay, settingsManager settings.Manager, groupsManager groups.Manager) *TimeBasedAuthSecretsManager

func (*TimeBasedAuthSecretsManager) CancelRefresh 

func (m *TimeBasedAuthSecretsManager) CancelRefresh(peerID string)

CancelRefresh cancels scheduled peer credentials refresh

func (*TimeBasedAuthSecretsManager) GenerateRelayToken added in v0.29.0 

func (m *TimeBasedAuthSecretsManager) GenerateRelayToken() (*Token, error)

GenerateRelayToken generates new time-based secret credentials for relay

func (*TimeBasedAuthSecretsManager) GenerateTurnToken added in v0.29.0 

func (m *TimeBasedAuthSecretsManager) GenerateTurnToken() (*Token, error)

GenerateTurnToken generates new time-based secret credentials for TURN

func (*TimeBasedAuthSecretsManager) SetupRefresh 

func (m *TimeBasedAuthSecretsManager) SetupRefresh(ctx context.Context, accountID, peerID string)

SetupRefresh starts peer credentials refresh

type Token added in v0.29.0 

type Token auth.Token

type UpdateMessage 

type UpdateMessage struct {
	Update     *proto.SyncResponse
	NetworkMap *types.NetworkMap
}

Source Files

View all Source files

Directories

Path Synopsis
store
jwt
configs
handlers/accounts
handlers/dns
handlers/events
handlers/groups
handlers/networks
handlers/peers
handlers/policies
handlers/routes
handlers/setup_keys
handlers/users
middleware
middleware/bypass
testing/testing_tools
integrations
extra_settings
integrated_validator
port_forwarding
Package metrics gather anonymous information about the usage of NetBird management
 Package metrics gather anonymous information about the usage of NetBird management
resources
resources/types
routers
routers/types
types
Package peers is a generated GoMock package.
 Package peers is a generated GoMock package.
Package permissions is a generated GoMock package.
 Package permissions is a generated GoMock package.
modules
operations
roles
Package settings is a generated GoMock package.
 Package settings is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.