Documentation
¶
Index ¶
- Constants
- type Environment
- type File
- type Flags
- type Location
- type MetaDiff
- type NetworkAddress
- type Peer
- func (p *Peer) AddedWithSSOLogin() bool
- func (p *Peer) Copy() *Peer
- func (p *Peer) EventMeta(dnsDomain string) map[string]any
- func (p *Peer) FQDN(dnsDomain string) string
- func (p *Peer) FromAPITemporaryAccessRequest(a *api.PeerTemporaryAccessRequest)
- func (p *Peer) GetLastLogin() time.Time
- func (p *Peer) HasCapability(capability int32) bool
- func (p *Peer) LoginExpired(expiresIn time.Duration) (bool, time.Duration)
- func (p *Peer) MarkLoginExpired(expired bool)
- func (p *Peer) SessionExpired(expiresIn time.Duration) (bool, time.Duration)
- func (p *Peer) SessionExpiresAt(accountExpirationEnabled bool, expiresIn time.Duration) time.Time
- func (p *Peer) SupportsIPv6() bool
- func (p *Peer) SupportsSourcePrefixes() bool
- func (p *Peer) UpdateLastLogin() *Peer
- func (p *Peer) UpdateMetaIfNew(ctx context.Context, meta PeerSystemMeta, newLocation *Location) MetaDiff
- type PeerStatus
- type PeerSystemMeta
- type ProxyMeta
Constants ¶
const ( PeerCapabilitySourcePrefixes int32 = 1 PeerCapabilityIPv6Overlay int32 = 2 )
Peer capability constants mirror the proto enum values.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Environment ¶ added in v0.26.3
Environment is a system environment information
type Flags ¶ added in v0.47.0
type Flags struct {
RosenpassEnabled bool
RosenpassPermissive bool
ServerSSHAllowed bool
DisableClientRoutes bool
DisableServerRoutes bool
DisableDNS bool
DisableFirewall bool
BlockLANAccess bool
BlockInbound bool
DisableIPv6 bool
LazyConnectionEnabled bool
}
Flags defines a set of options to control feature behavior
type Location ¶ added in v0.26.0
type Location struct {
ConnectionIP net.IP `gorm:"serializer:json"` // from grpc peer or reverse proxy headers depends on setup
CountryCode string
CityName string
GeoNameID uint // city level geoname id
}
Location is a geo location information of a Peer based on public connection IP
type MetaDiff ¶ added in v0.73.2
type MetaDiff struct {
OldMeta PeerSystemMeta
NewMeta PeerSystemMeta
OldLocation Location
NewLocation Location
Changed []string
}
MetaDiff holds a peer's full before/after state across a sync: both metas and both connection locations (the location lives on Peer, not PeerSystemMeta, but posture checks read it). Changed lists what moved, for logging and the persistence decision; the snapshots let a posture check be replayed against old and new. Everything is derived from these fields, so there are no parallel per-field flags to keep in sync.
func (*MetaDiff) HostnameChanged ¶ added in v0.74.0
HostnameChanged reports whether the peer's hostname changed.
func (*MetaDiff) LogSummary ¶ added in v0.74.0
LogSummary renders the changed fields as a single human-readable line.
func (*MetaDiff) Updated ¶ added in v0.73.2
Updated reports whether anything changed and the peer must be persisted. diffMeta fills Changed in the pass that builds the diff, so this is a length check, not a re-comparison. Pointer receiver: MetaDiff embeds two metas, so copying it per call is wasteful.
func (*MetaDiff) VersionChanged ¶ added in v0.73.2
VersionChanged reports whether the WireGuard client version changed (a client upgrade).
type NetworkAddress ¶ added in v0.26.0
NetworkAddress is the IP address with network and MAC address of a network interface
type Peer ¶
type Peer struct {
// ID is an internal ID of the peer
ID string `gorm:"primaryKey"`
// AccountID is a reference to Account that this object belongs
AccountID string `json:"-" gorm:"index"`
// WireGuard public key
Key string // uniqueness index (check migrations)
// IP address of the Peer
IP netip.Addr `gorm:"serializer:json"` // uniqueness index per accountID (check migrations)
// IPv6 overlay address of the Peer, zero value if IPv6 is not enabled for the account.
IPv6 netip.Addr `gorm:"serializer:json"`
// Meta is a Peer system meta data
Meta PeerSystemMeta `gorm:"embedded;embeddedPrefix:meta_"`
// ProxyMeta is metadata related to proxy peers
ProxyMeta ProxyMeta `gorm:"embedded;embeddedPrefix:proxy_meta_"`
// Name is peer's name (machine name)
Name string `gorm:"index"`
// DNSLabel is the parsed peer name for domain resolution. It is used to form an FQDN by appending the account's
// domain to the peer label. e.g. peer-dns-label.netbird.cloud
DNSLabel string // uniqueness index per accountID (check migrations)
// Status peer's management connection status
Status *PeerStatus `gorm:"embedded;embeddedPrefix:peer_status_"`
// The user ID that registered the peer
UserID string
// SSHKey is a public SSH key of the peer
SSHKey string
// SSHEnabled indicates whether SSH server is enabled on the peer
SSHEnabled bool
// LoginExpirationEnabled indicates whether peer's login expiration is enabled and once expired the peer has to re-login.
// Works with LastLogin
LoginExpirationEnabled bool
InactivityExpirationEnabled bool
// LastLogin the time when peer performed last login operation
LastLogin *time.Time
// CreatedAt records the time the peer was created
CreatedAt time.Time
// Indicate ephemeral peer attribute
Ephemeral bool `gorm:"index"`
// Geo location based on connection IP
Location Location `gorm:"embedded;embeddedPrefix:location_"`
// ExtraDNSLabels is a list of additional DNS labels that can be used to resolve the peer
ExtraDNSLabels []string `gorm:"serializer:json"`
// AllowExtraDNSLabels indicates whether the peer allows extra DNS labels to be used for resolving the peer
AllowExtraDNSLabels bool
}
Peer represents a machine connected to the network. The Peer is a WireGuard peer identified by a public key
func (*Peer) AddedWithSSOLogin ¶
AddedWithSSOLogin indicates whether this peer has been added with an SSO login by a user.
func (*Peer) FQDN ¶
FQDN returns peers FQDN combined of the peer's DNS label and the system's DNS domain
func (*Peer) FromAPITemporaryAccessRequest ¶ added in v0.59.0
func (p *Peer) FromAPITemporaryAccessRequest(a *api.PeerTemporaryAccessRequest)
func (*Peer) GetLastLogin ¶ added in v0.36.0
GetLastLogin returns the last login time of the peer.
func (*Peer) HasCapability ¶ added in v0.71.0
HasCapability reports whether the peer has the given capability.
func (*Peer) LoginExpired ¶
LoginExpired indicates whether the peer's login has expired or not. If Peer.LastLogin plus the expiresIn duration has happened already; then login has expired. Return true if a login has expired, false otherwise, and time left to expiration (negative when expired). Login expiration can be disabled/enabled on a Peer level via Peer.LoginExpirationEnabled property. Login expiration can also be disabled/enabled globally on the Account level via Settings.PeerLoginExpirationEnabled. Only peers added by interactive SSO login can be expired.
func (*Peer) MarkLoginExpired ¶
MarkLoginExpired marks peer's status expired or not
func (*Peer) SessionExpired ¶ added in v0.30.2
SessionExpired indicates whether the peer's session has expired or not. If Peer.LastLogin plus the expiresIn duration has happened already; then session has expired. Return true if a session has expired, false otherwise, and time left to expiration (negative when expired). Session expiration can be disabled/enabled on a Peer level via Peer.LoginExpirationEnabled property. Session expiration can also be disabled/enabled globally on the Account level via Settings.PeerLoginExpirationEnabled. Only peers added by interactive SSO login can be expired.
func (*Peer) SessionExpiresAt ¶ added in v0.72.0
SessionExpiresAt returns the absolute UTC instant at which the peer's SSO session expires, derived from LastLogin and the account-level PeerLoginExpiration setting. Returns the zero value when login expiration does not apply (peer not SSO-registered, peer-level toggle off, or account expiry disabled). Callers should treat the zero value as "no deadline".
func (*Peer) SupportsIPv6 ¶ added in v0.71.0
SupportsIPv6 reports whether the peer supports IPv6 overlay.
func (*Peer) SupportsSourcePrefixes ¶ added in v0.71.0
SupportsSourcePrefixes reports whether the peer reads SourcePrefixes.
func (*Peer) UpdateLastLogin ¶
UpdateLastLogin and set login expired false
func (*Peer) UpdateMetaIfNew ¶
func (p *Peer) UpdateMetaIfNew(ctx context.Context, meta PeerSystemMeta, newLocation *Location) MetaDiff
UpdateMetaIfNew updates peer's system metadata and connection geo location if new information is provided. newLocation is the geo location resolved from the peer's current connection IP, or nil when there is nothing to apply (geo disabled, no real IP, or the IP is unchanged); the caller owns the expensive lookup and the same-IP guard. It returns a MetaDiff describing what changed; diff.Updated() reports whether the peer needs to be persisted.
type PeerStatus ¶
type PeerStatus struct {
// LastSeen is the last time the peer status was updated (i.e. the last
// time we observed the peer being alive on a sync stream). Written by
// the database (CURRENT_TIMESTAMP) — callers do not supply it.
LastSeen time.Time
// SessionStartedAt records when the currently-active sync stream began,
// stored as Unix nanoseconds. It acts as the optimistic-locking token
// for status updates: a stream is only allowed to mutate the peer's
// status when its own token strictly exceeds the stored token (when connecting)
// or matches it exactly (for disconnects). Zero means "no
// active session". Integer nanoseconds are used so equality is
// precision-safe across drivers, and so the predicates compose to a
// single bigint comparison.
SessionStartedAt int64 `gorm:"not null;default:0"`
// Connected indicates whether peer is connected to the management service or not
Connected bool
// LoginExpired
LoginExpired bool
// RequiresApproval indicates whether peer requires approval or not
RequiresApproval bool
}
func (*PeerStatus) Copy ¶
func (p *PeerStatus) Copy() *PeerStatus
Copy PeerStatus. SessionStartedAt must be propagated so clone-based callers (Peer.Copy, MarkLoginExpired, UpdateLastLogin) don't silently reset the fencing token to zero — that would let any subsequent SavePeerStatus write reopen the optimistic-lock window.
type PeerSystemMeta ¶
type PeerSystemMeta struct {
Hostname string
GoOS string
Kernel string
Core string
Platform string
OS string
OSVersion string
WtVersion string
UIVersion string
KernelVersion string
NetworkAddresses []NetworkAddress `gorm:"serializer:json"`
SystemSerialNumber string
SystemProductName string
SystemManufacturer string
Environment Environment `gorm:"serializer:json"`
Flags Flags `gorm:"serializer:json"`
Files []File `gorm:"serializer:json"`
Capabilities []int32 `gorm:"serializer:json"`
}
PeerSystemMeta is a metadata of a Peer machine system