Merge remote-tracking branch 'origin/main' into refactor/permissions-manager

# Conflicts: # management/internals/modules/reverseproxy/domain/manager/manager.go # management/internals/modules/reverseproxy/service/manager/api.go # management/internals/server/modules.go # management/server/http/testing/testing_tools/channel/channel.go
2026-04-21 17:56:39 +00:00 · 2026-03-17 12:38:08 +01:00
parent d85ee0b5a2 a590c38d8b
commit 3741eb46dd
244 changed files with 17304 additions and 3509 deletions
--- a/management/internals/modules/reverseproxy/accesslogs/accesslogentry.go
+++ b/management/internals/modules/reverseproxy/accesslogs/accesslogentry.go
@@ -10,20 +10,33 @@ import (
 	"github.com/netbirdio/netbird/shared/management/proto"
 )

+// AccessLogProtocol identifies the transport protocol of an access log entry.
+type AccessLogProtocol string
+
+const (
+	AccessLogProtocolHTTP AccessLogProtocol = "http"
+	AccessLogProtocolTCP  AccessLogProtocol = "tcp"
+	AccessLogProtocolUDP  AccessLogProtocol = "udp"
+)
+
 type AccessLogEntry struct {
-	ID             string        `gorm:"primaryKey"`
-	AccountID      string        `gorm:"index"`
-	ServiceID      string        `gorm:"index"`
-	Timestamp      time.Time     `gorm:"index"`
-	GeoLocation    peer.Location `gorm:"embedded;embeddedPrefix:location_"`
-	Method         string        `gorm:"index"`
-	Host           string        `gorm:"index"`
-	Path           string        `gorm:"index"`
-	Duration       time.Duration `gorm:"index"`
-	StatusCode     int           `gorm:"index"`
-	Reason         string
-	UserId         string `gorm:"index"`
-	AuthMethodUsed string `gorm:"index"`
+	ID              string        `gorm:"primaryKey"`
+	AccountID       string        `gorm:"index"`
+	ServiceID       string        `gorm:"index"`
+	Timestamp       time.Time     `gorm:"index"`
+	GeoLocation     peer.Location `gorm:"embedded;embeddedPrefix:location_"`
+	SubdivisionCode string
+	Method          string        `gorm:"index"`
+	Host            string        `gorm:"index"`
+	Path            string        `gorm:"index"`
+	Duration        time.Duration `gorm:"index"`
+	StatusCode      int           `gorm:"index"`
+	Reason          string
+	UserId          string            `gorm:"index"`
+	AuthMethodUsed  string            `gorm:"index"`
+	BytesUpload     int64             `gorm:"index"`
+	BytesDownload   int64             `gorm:"index"`
+	Protocol        AccessLogProtocol `gorm:"index"`
 }

 // FromProto creates an AccessLogEntry from a proto.AccessLog
@@ -39,17 +52,24 @@ func (a *AccessLogEntry) FromProto(serviceLog *proto.AccessLog) {
 	a.UserId = serviceLog.GetUserId()
 	a.AuthMethodUsed = serviceLog.GetAuthMechanism()
 	a.AccountID = serviceLog.GetAccountId()
+	a.BytesUpload = serviceLog.GetBytesUpload()
+	a.BytesDownload = serviceLog.GetBytesDownload()
+	a.Protocol = AccessLogProtocol(serviceLog.GetProtocol())

 	if sourceIP := serviceLog.GetSourceIp(); sourceIP != "" {
-		if ip, err := netip.ParseAddr(sourceIP); err == nil {
-			a.GeoLocation.ConnectionIP = net.IP(ip.AsSlice())
+		if addr, err := netip.ParseAddr(sourceIP); err == nil {
+			addr = addr.Unmap()
+			a.GeoLocation.ConnectionIP = net.IP(addr.AsSlice())
 		}
 	}

-	if !serviceLog.GetAuthSuccess() {
-		a.Reason = "Authentication failed"
-	} else if serviceLog.GetResponseCode() >= 400 {
-		a.Reason = "Request failed"
+	// Only set reason for HTTP entries. L4 entries have no auth or status code.
+	if a.Protocol == "" || a.Protocol == AccessLogProtocolHTTP {
+		if !serviceLog.GetAuthSuccess() {
+			a.Reason = "Authentication failed"
+		} else if serviceLog.GetResponseCode() >= 400 {
+			a.Reason = "Request failed"
+		}
 	}
 }

@@ -86,20 +106,35 @@ func (a *AccessLogEntry) ToAPIResponse() *api.ProxyAccessLog {
 		cityName = &a.GeoLocation.CityName
 	}

+	var subdivisionCode *string
+	if a.SubdivisionCode != "" {
+		subdivisionCode = &a.SubdivisionCode
+	}
+
+	var protocol *string
+	if a.Protocol != "" {
+		p := string(a.Protocol)
+		protocol = &p
+	}
+
 	return &api.ProxyAccessLog{
-		Id:             a.ID,
-		ServiceId:      a.ServiceID,
-		Timestamp:      a.Timestamp,
-		Method:         a.Method,
-		Host:           a.Host,
-		Path:           a.Path,
-		DurationMs:     int(a.Duration.Milliseconds()),
-		StatusCode:     a.StatusCode,
-		SourceIp:       sourceIP,
-		Reason:         reason,
-		UserId:         userID,
-		AuthMethodUsed: authMethod,
-		CountryCode:    countryCode,
-		CityName:       cityName,
+		Id:              a.ID,
+		ServiceId:       a.ServiceID,
+		Timestamp:       a.Timestamp,
+		Method:          a.Method,
+		Host:            a.Host,
+		Path:            a.Path,
+		DurationMs:      int(a.Duration.Milliseconds()),
+		StatusCode:      a.StatusCode,
+		SourceIp:        sourceIP,
+		Reason:          reason,
+		UserId:          userID,
+		AuthMethodUsed:  authMethod,
+		CountryCode:     countryCode,
+		CityName:        cityName,
+		SubdivisionCode: subdivisionCode,
+		BytesUpload:     a.BytesUpload,
+		BytesDownload:   a.BytesDownload,
+		Protocol:        protocol,
 	}
 }
--- a/management/internals/modules/reverseproxy/accesslogs/manager/manager.go
+++ b/management/internals/modules/reverseproxy/accesslogs/manager/manager.go
@@ -35,6 +35,9 @@ func (m *managerImpl) SaveAccessLog(ctx context.Context, logEntry *accesslogs.Ac
 			logEntry.GeoLocation.CountryCode = location.Country.ISOCode
 			logEntry.GeoLocation.CityName = location.City.Names.En
 			logEntry.GeoLocation.GeoNameID = location.City.GeonameID
+			if len(location.Subdivisions) > 0 {
+				logEntry.SubdivisionCode = location.Subdivisions[0].ISOCode
+			}
 		}
 	}