sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-19 16:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add trusted_cidrs field to bypass all restriction layers"

Browse Source 
This reverts commit 9c1eb0d288.
This commit is contained in:
Viktor Liu
2026-04-09 16:20:04 +02:00
parent a9bca879ae
commit 4d103036f7
8 changed files with 241 additions and 342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
management/internals/modules/reverseproxy/service/service.go
View File

@@ -113,7 +113,6 @@ type AccessRestrictions struct {
BlockedCIDRs []string `json:"blocked_cidrs,omitempty" gorm:"serializer:json"`
AllowedCountries []string `json:"allowed_countries,omitempty" gorm:"serializer:json"`
BlockedCountries []string `json:"blocked_countries,omitempty" gorm:"serializer:json"`
TrustedCIDRs []string `json:"trusted_cidrs,omitempty" gorm:"serializer:json"`
CrowdSecMode string `json:"crowdsec_mode,omitempty" gorm:"serializer:json"`
}
@@ -124,7 +123,6 @@ func (r AccessRestrictions) Copy() AccessRestrictions {
BlockedCIDRs: slices.Clone(r.BlockedCIDRs),
AllowedCountries: slices.Clone(r.AllowedCountries),
BlockedCountries: slices.Clone(r.BlockedCountries),
TrustedCIDRs: slices.Clone(r.TrustedCIDRs),
CrowdSecMode: r.CrowdSecMode,
}
}
@@ -656,9 +654,6 @@ func restrictionsFromAPI(r *api.AccessRestrictions) (AccessRestrictions, error)
if r.BlockedCountries != nil {
res.BlockedCountries = *r.BlockedCountries
}
if r.TrustedCidrs != nil {
res.TrustedCIDRs = *r.TrustedCidrs
}
if r.CrowdsecMode != nil {
if !r.CrowdsecMode.Valid() {
return AccessRestrictions{}, fmt.Errorf("invalid crowdsec_mode %q", *r.CrowdsecMode)
@@ -671,7 +666,7 @@ func restrictionsFromAPI(r *api.AccessRestrictions) (AccessRestrictions, error)
func restrictionsToAPI(r AccessRestrictions) *api.AccessRestrictions {
if len(r.AllowedCIDRs) == 0 && len(r.BlockedCIDRs) == 0 &&
len(r.AllowedCountries) == 0 && len(r.BlockedCountries) == 0 &&
len(r.TrustedCIDRs) == 0 && r.CrowdSecMode == "" {
r.CrowdSecMode == "" {
return nil
}
res := &api.AccessRestrictions{}
@@ -687,9 +682,6 @@ func restrictionsToAPI(r AccessRestrictions) *api.AccessRestrictions {
if len(r.BlockedCountries) > 0 {
res.BlockedCountries = &r.BlockedCountries
}
if len(r.TrustedCIDRs) > 0 {
res.TrustedCidrs = &r.TrustedCIDRs
}
if r.CrowdSecMode != "" {
mode := api.AccessRestrictionsCrowdsecMode(r.CrowdSecMode)
res.CrowdsecMode = &mode
@@ -700,7 +692,7 @@ func restrictionsToAPI(r AccessRestrictions) *api.AccessRestrictions {
func restrictionsToProto(r AccessRestrictions) *proto.AccessRestrictions {
if len(r.AllowedCIDRs) == 0 && len(r.BlockedCIDRs) == 0 &&
len(r.AllowedCountries) == 0 && len(r.BlockedCountries) == 0 &&
len(r.TrustedCIDRs) == 0 && r.CrowdSecMode == "" {
r.CrowdSecMode == "" {
return nil
}
return &proto.AccessRestrictions{
@@ -708,7 +700,6 @@ func restrictionsToProto(r AccessRestrictions) *proto.AccessRestrictions {
BlockedCidrs: r.BlockedCIDRs,
AllowedCountries: r.AllowedCountries,
BlockedCountries: r.BlockedCountries,
TrustedCidrs: r.TrustedCIDRs,
CrowdsecMode: r.CrowdSecMode,
}
}
@@ -1045,12 +1036,6 @@ func validateAccessRestrictions(r *AccessRestrictions) error {
return fmt.Errorf("blocked_countries: exceeds maximum of %d entries", maxCountryEntries)
}
if len(r.TrustedCIDRs) > maxCIDREntries {
return fmt.Errorf("trusted_cidrs: exceeds maximum of %d entries", maxCIDREntries)
}
if err := validateCIDRList("trusted_cidrs", r.TrustedCIDRs); err != nil {
return err
}
if err := validateCIDRList("allowed_cidrs", r.AllowedCIDRs); err != nil {
return err
}