server

package
v0.75.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2026 License: BSD-3-Clause Imports: 56 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrServiceNotUp = errors.New("service is not up")

Functions

func ParseLogLevel added in v0.27.10

func ParseLogLevel(level string) proto.LogLevel

Types

type Server

type Server struct {
	proto.UnimplementedDaemonServiceServer
	// contains filtered or unexported fields
}

Server for service control.

func New

func New(ctx context.Context, logFile string, configFile string, profilesDisabled bool, updateSettingsDisabled bool, captureEnabled bool, networksDisabled bool) *Server

New server instance constructor.

func (*Server) AddProfile added in v0.52.0

AddProfile adds a new profile to the daemon.

func (*Server) CleanState added in v0.34.0

CleanState handles cleaning of states (performing cleanup operations)

func (*Server) DebugBundle added in v0.27.4

func (s *Server) DebugBundle(_ context.Context, req *proto.DebugBundleRequest) (resp *proto.DebugBundleResponse, err error)

DebugBundle creates a debug bundle and returns the location.

func (*Server) DeleteState added in v0.34.0

DeleteState handles deletion of states without cleanup

func (*Server) DeselectNetworks added in v0.35.0

DeselectNetworks deselects specific networks based on the client request.

func (*Server) DismissSessionWarning

DismissSessionWarning forwards the user's "Dismiss" click on the T-WarningLead notification down to the engine's sessionWatcher so the T-FinalWarningLead fallback is suppressed for the current deadline. Best-effort: when the client/engine is not yet running the call is a successful no-op (the watcher has no deadline to dismiss anyway).

func (*Server) Down

Down engine work in the daemon.

func (*Server) ExposeService added in v0.66.0

ExposeService exposes a local port via the NetBird reverse proxy.

func (*Server) ForwardingRules added in v0.38.0

func (*Server) GetActiveProfile added in v0.52.0

GetActiveProfile returns the active profile in the daemon. The ProfileName field carries the display name for backwards compatibility with UI clients, new callers should prefer Id.

func (*Server) GetConfig

GetConfig of the daemon.

func (*Server) GetFeatures added in v0.54.2

GetFeatures returns the features supported by the daemon.

func (*Server) GetInstallerResult added in v0.61.0

func (*Server) GetLogLevel added in v0.27.10

GetLogLevel gets the current logging level for the server.

func (*Server) GetPeerSSHHostKey added in v0.60.0

GetPeerSSHHostKey retrieves SSH host key for a specific peer

func (*Server) ListNetworks added in v0.35.0

ListNetworks returns a list of all available networks.

func (*Server) ListProfiles added in v0.52.0

ListProfiles lists all profiles in the daemon.

func (*Server) ListStates added in v0.34.0

ListStates returns a list of all saved states

func (*Server) Login

func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*proto.LoginResponse, error)

Login uses setup key to prepare configuration for the daemon.

func (*Server) Logout added in v0.53.0

func (*Server) RegisterUILog

RegisterUILog records the desktop UI's absolute log path so DebugBundle can collect the GUI log. The daemon runs as root and can't resolve the user's config dir, so the UI reports it. Last-writer-wins (one UI per socket).

func (*Server) RemoveProfile added in v0.52.0

RemoveProfile removes a profile from the daemon.

func (*Server) RenameProfile added in v0.73.0

func (*Server) RequestExtendAuthSession

RequestExtendAuthSession initiates the SSO session-extension flow and returns the verification URI the UI should open. The flow state is held in s.extendAuthSessionFlow until WaitExtendAuthSession resolves it.

func (*Server) RequestJWTAuth added in v0.60.0

func (s *Server) RequestJWTAuth(
	ctx context.Context,
	msg *proto.RequestJWTAuthRequest,
) (*proto.RequestJWTAuthResponse, error)

RequestJWTAuth initiates JWT authentication flow for SSH

func (*Server) SelectNetworks added in v0.35.0

SelectNetworks selects specific networks based on the client request.

func (*Server) SetConfig added in v0.52.0

func (s *Server) SetConfig(callerCtx context.Context, msg *proto.SetConfigRequest) (*proto.SetConfigResponse, error)

Login uses setup key to prepare configuration for the daemon.

func (*Server) SetLogLevel added in v0.27.4

SetLogLevel sets the logging level for the server.

func (*Server) SetSyncResponsePersistence added in v0.53.0

SetSyncResponsePersistence sets the sync response persistence for the server.

func (*Server) Start

func (s *Server) Start() error

func (*Server) StartBundleCapture added in v0.70.5

StartBundleCapture begins capturing packets to a server-side temp file for inclusion in the next debug bundle. Not gated by --enable-capture since the output stays on the server (same trust level as CPU profiling).

A timeout auto-stops the capture as a safety net if StopBundleCapture is never called (e.g. CLI crash).

func (*Server) StartCPUProfile added in v0.64.1

StartCPUProfile starts CPU profiling in the daemon.

func (*Server) StartCapture added in v0.70.5

StartCapture streams a pcap or text packet capture over gRPC. Gated by the --enable-capture service flag.

func (*Server) Status

func (s *Server) Status(
	ctx context.Context,
	msg *proto.StatusRequest,
) (*proto.StatusResponse, error)

Status returns the daemon status

func (*Server) StopBundleCapture added in v0.70.5

StopBundleCapture stops the running bundle capture. Idempotent.

func (*Server) StopCPUProfile added in v0.64.1

StopCPUProfile stops CPU profiling in the daemon.

func (*Server) SubscribeEvents added in v0.37.0

func (*Server) SubscribeStatus

func (s *Server) SubscribeStatus(req *proto.StatusRequest, stream proto.DaemonService_SubscribeStatusServer) error

SubscribeStatus pushes a fresh StatusResponse on every connection state change. The first message is the current snapshot, so a re-subscribing client doesn't need to also call Status. Subsequent messages fire when the peer recorder reports any of: connected/disconnected/connecting, management or signal flip, address change, or peers list change.

The change channel coalesces bursts to a single tick. If the consumer is slow the daemon drops extras (not blocks), and the next snapshot the consumer pulls already reflects everything.

func (*Server) SwitchProfile added in v0.52.0

func (s *Server) SwitchProfile(callerCtx context.Context, msg *proto.SwitchProfileRequest) (*proto.SwitchProfileResponse, error)

SwitchProfile switches the active profile in the daemon.

func (*Server) TracePacket added in v0.36.6

func (*Server) TriggerUpdate added in v0.67.0

TriggerUpdate initiates installation of the pending enforced version. It is called when the user clicks the install button in the UI (Mode 2 / enforced update).

func (*Server) Up

func (s *Server) Up(callerCtx context.Context, msg *proto.UpRequest) (*proto.UpResponse, error)

Up starts engine work in the daemon.

func (*Server) WailsUIReady

WailsUIReady is a no-op the Wails UI probes at startup; merely answering it (rather than returning Unimplemented) tells the UI this daemon is new enough.

func (*Server) WaitExtendAuthSession

WaitExtendAuthSession blocks until the user completes the SSO step initiated by RequestExtendAuthSession, then forwards the resulting JWT to the management server's ExtendAuthSession RPC. The returned deadline is also applied locally via the engine so SubscribeStatus consumers see the refreshed state.

func (*Server) WaitJWTToken added in v0.60.0

func (s *Server) WaitJWTToken(
	ctx context.Context,
	req *proto.WaitJWTTokenRequest,
) (*proto.WaitJWTTokenResponse, error)

WaitJWTToken waits for JWT authentication completion

func (*Server) WaitSSOLogin

func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLoginRequest) (*proto.WaitSSOLoginResponse, error)

WaitSSOLogin validates the supplied userCode against the in-flight OAuth device/PKCE flow and blocks until the user finishes the browser leg.

The daemon holds StatusNeedsLogin for the whole browser wait (set on entry): the login is not done until the token returns, so a client that (re)attaches mid-wait — a restarted UI, a second `netbird up` — reads "login required" and offers the affordance, instead of a Connecting that never resolves. The wait is also tied to the caller's context (see the goroutine below), so a client that goes away cancels the wait instead of orphaning it on rootCtx until the device-code window expires.

State transitions on exit:

┌──────────────────────────────────────────┬──────────────────────────────────┐
│ Outcome                                  │ contextState                     │
├──────────────────────────────────────────┼──────────────────────────────────┤
│ Success → loginAttempt ok                │ NeedsLogin held; the caller's Up │
│                                          │   drives Connecting → Connected  │
│ Success → loginAttempt → still-NeedsLogin│ StatusNeedsLogin (loginAttempt)  │
│ Success → loginAttempt error             │ StatusLoginFailed (loginAttempt) │
│ UserCode mismatch                        │ StatusLoginFailed                │
│ WaitToken: context.Canceled              │ NeedsLogin held. Caller gone     │
│   (caller went away — UI restart /       │   (UI/CLI) → a fresh client      │
│   Ctrl+C — or internal abort: profile    │   shows the login affordance;    │
│   switch / app quit / another            │   internal aborts are            │
│   WaitSSOLogin via actCancel/waitCancel) │   overwritten by the next Up.    │
│ WaitToken: context.DeadlineExceeded      │ StatusNeedsLogin                 │
│   (OAuth device-code window expired      │   (retryable; the UI's "Connect" │
│   while waiting on the browser leg)      │   re-enters the Login flow)      │
│ WaitToken: any other error               │ StatusLoginFailed                │
│   (access_denied, expired_token, HTTP    │   (genuine auth/IO failure;      │
│   failure, token validation rejection)   │   surfaced verbatim to caller)   │
└──────────────────────────────────────────┴──────────────────────────────────┘

The defer still applies a StatusIdle fallback for the early oauth-flow-not-initialized return (before the entry Set), so a half state doesn't leak when there is nothing to wait on.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL