[management,client] Feat/exit node auto apply (#4272)

2026-04-16 07:16:38 +00:00 · 2025-08-19 18:19:24 +03:00
parent 9685411246
commit 533d93eb17
19 changed files with 665 additions and 309 deletions
--- a/management/server/http/handlers/routes/routes_handler.go
+++ b/management/server/http/handlers/routes/routes_handler.go
@@ -8,17 +8,19 @@ import (

 	"github.com/gorilla/mux"

-	"github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/management/server/account"
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
+	"github.com/netbirdio/netbird/route"
+	"github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/shared/management/http/api"
 	"github.com/netbirdio/netbird/shared/management/http/util"
 	"github.com/netbirdio/netbird/shared/management/status"
-	"github.com/netbirdio/netbird/route"
 )

 const failedToConvertRoute = "failed to convert route to response: %v"

+const exitNodeCIDR = "0.0.0.0/0"
+
 // handler is the routes handler of the account
 type handler struct {
 	accountManager account.Manager
@@ -124,8 +126,16 @@ func (h *handler) createRoute(w http.ResponseWriter, r *http.Request) {
 		accessControlGroupIds = *req.AccessControlGroups
 	}

+	// Set default skipAutoApply value for exit nodes (0.0.0.0/0 routes)
+	skipAutoApply := false
+	if req.SkipAutoApply != nil {
+		skipAutoApply = *req.SkipAutoApply
+	} else if newPrefix.String() == exitNodeCIDR {
+		skipAutoApply = false
+	}
+
 	newRoute, err := h.accountManager.CreateRoute(r.Context(), accountID, newPrefix, networkType, domains, peerId, peerGroupIds,
-		req.Description, route.NetID(req.NetworkId), req.Masquerade, req.Metric, req.Groups, accessControlGroupIds, req.Enabled, userID, req.KeepRoute)
+		req.Description, route.NetID(req.NetworkId), req.Masquerade, req.Metric, req.Groups, accessControlGroupIds, req.Enabled, userID, req.KeepRoute, skipAutoApply)

 	if err != nil {
 		util.WriteError(r.Context(), err, w)
@@ -142,23 +152,31 @@ func (h *handler) createRoute(w http.ResponseWriter, r *http.Request) {
 }

 func (h *handler) validateRoute(req api.PostApiRoutesJSONRequestBody) error {
-	if req.Network != nil && req.Domains != nil {
+	return h.validateRouteCommon(req.Network, req.Domains, req.Peer, req.PeerGroups, req.NetworkId)
+}
+
+func (h *handler) validateRouteUpdate(req api.PutApiRoutesRouteIdJSONRequestBody) error {
+	return h.validateRouteCommon(req.Network, req.Domains, req.Peer, req.PeerGroups, req.NetworkId)
+}
+
+func (h *handler) validateRouteCommon(network *string, domains *[]string, peer *string, peerGroups *[]string, networkId string) error {
+	if network != nil && domains != nil {
 		return status.Errorf(status.InvalidArgument, "only one of 'network' or 'domains' should be provided")
 	}

-	if req.Network == nil && req.Domains == nil {
+	if network == nil && domains == nil {
 		return status.Errorf(status.InvalidArgument, "either 'network' or 'domains' should be provided")
 	}

-	if req.Peer == nil && req.PeerGroups == nil {
+	if peer == nil && peerGroups == nil {
 		return status.Errorf(status.InvalidArgument, "either 'peer' or 'peer_groups' should be provided")
 	}

-	if req.Peer != nil && req.PeerGroups != nil {
+	if peer != nil && peerGroups != nil {
 		return status.Errorf(status.InvalidArgument, "only one of 'peer' or 'peer_groups' should be provided")
 	}

-	if utf8.RuneCountInString(req.NetworkId) > route.MaxNetIDChar || req.NetworkId == "" {
+	if utf8.RuneCountInString(networkId) > route.MaxNetIDChar || networkId == "" {
 		return status.Errorf(status.InvalidArgument, "identifier should be between 1 and %d characters",
 			route.MaxNetIDChar)
 	}
@@ -195,7 +213,7 @@ func (h *handler) updateRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if err := h.validateRoute(req); err != nil {
+	if err := h.validateRouteUpdate(req); err != nil {
 		util.WriteError(r.Context(), err, w)
 		return
 	}
@@ -205,15 +223,24 @@ func (h *handler) updateRoute(w http.ResponseWriter, r *http.Request) {
 		peerID = *req.Peer
 	}

+	// Set default skipAutoApply value for exit nodes (0.0.0.0/0 routes)
+	skipAutoApply := false
+	if req.SkipAutoApply != nil {
+		skipAutoApply = *req.SkipAutoApply
+	} else if req.Network != nil && *req.Network == exitNodeCIDR {
+		skipAutoApply = false
+	}
+
 	newRoute := &route.Route{
-		ID:          route.ID(routeID),
-		NetID:       route.NetID(req.NetworkId),
-		Masquerade:  req.Masquerade,
-		Metric:      req.Metric,
-		Description: req.Description,
-		Enabled:     req.Enabled,
-		Groups:      req.Groups,
-		KeepRoute:   req.KeepRoute,
+		ID:            route.ID(routeID),
+		NetID:         route.NetID(req.NetworkId),
+		Masquerade:    req.Masquerade,
+		Metric:        req.Metric,
+		Description:   req.Description,
+		Enabled:       req.Enabled,
+		Groups:        req.Groups,
+		KeepRoute:     req.KeepRoute,
+		SkipAutoApply: skipAutoApply,
 	}

 	if req.Domains != nil {
@@ -321,18 +348,19 @@ func toRouteResponse(serverRoute *route.Route) (*api.Route, error) {
 	}
 	network := serverRoute.Network.String()
 	route := &api.Route{
-		Id:          string(serverRoute.ID),
-		Description: serverRoute.Description,
-		NetworkId:   string(serverRoute.NetID),
-		Enabled:     serverRoute.Enabled,
-		Peer:        &serverRoute.Peer,
-		Network:     &network,
-		Domains:     &domains,
-		NetworkType: serverRoute.NetworkType.String(),
-		Masquerade:  serverRoute.Masquerade,
-		Metric:      serverRoute.Metric,
-		Groups:      serverRoute.Groups,
-		KeepRoute:   serverRoute.KeepRoute,
+		Id:            string(serverRoute.ID),
+		Description:   serverRoute.Description,
+		NetworkId:     string(serverRoute.NetID),
+		Enabled:       serverRoute.Enabled,
+		Peer:          &serverRoute.Peer,
+		Network:       &network,
+		Domains:       &domains,
+		NetworkType:   serverRoute.NetworkType.String(),
+		Masquerade:    serverRoute.Masquerade,
+		Metric:        serverRoute.Metric,
+		Groups:        serverRoute.Groups,
+		KeepRoute:     serverRoute.KeepRoute,
+		SkipAutoApply: &serverRoute.SkipAutoApply,
 	}

 	if len(serverRoute.PeerGroups) > 0 {
--- a/management/server/http/handlers/routes/routes_handler_test.go
+++ b/management/server/http/handlers/routes/routes_handler_test.go
@@ -15,13 +15,13 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/netbirdio/netbird/shared/management/domain"
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
-	"github.com/netbirdio/netbird/shared/management/http/api"
 	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/netbirdio/netbird/shared/management/status"
 	"github.com/netbirdio/netbird/management/server/util"
 	"github.com/netbirdio/netbird/route"
+	"github.com/netbirdio/netbird/shared/management/domain"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/status"
 )

 const (
@@ -62,21 +62,22 @@ func initRoutesTestData() *handler {
 	return &handler{
 		accountManager: &mock_server.MockAccountManager{
 			GetRouteFunc: func(_ context.Context, _ string, routeID route.ID, _ string) (*route.Route, error) {
-				if routeID == existingRouteID {
+				switch routeID {
+				case existingRouteID:
 					return baseExistingRoute, nil
-				}
-				if routeID == existingRouteID2 {
+				case existingRouteID2:
 					route := baseExistingRoute.Copy()
 					route.PeerGroups = []string{existingGroupID}
 					return route, nil
-				} else if routeID == existingRouteID3 {
+				case existingRouteID3:
 					route := baseExistingRoute.Copy()
 					route.Domains = domain.List{existingDomain}
 					return route, nil
+				default:
+					return nil, status.Errorf(status.NotFound, "route with ID %s not found", routeID)
 				}
-				return nil, status.Errorf(status.NotFound, "route with ID %s not found", routeID)
 			},
-			CreateRouteFunc: func(_ context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroups []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroups []string, enabled bool, _ string, keepRoute bool) (*route.Route, error) {
+			CreateRouteFunc: func(_ context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroups []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroups []string, enabled bool, _ string, keepRoute bool, skipAutoApply bool) (*route.Route, error) {
 				if peerID == notFoundPeerID {
 					return nil, status.Errorf(status.InvalidArgument, "peer with ID %s not found", peerID)
 				}
@@ -103,6 +104,7 @@ func initRoutesTestData() *handler {
 					Groups:              groups,
 					KeepRoute:           keepRoute,
 					AccessControlGroups: accessControlGroups,
+					SkipAutoApply:       skipAutoApply,
 				}, nil
 			},
 			SaveRouteFunc: func(_ context.Context, _, _ string, r *route.Route) error {
@@ -190,19 +192,20 @@ func TestRoutesHandlers(t *testing.T) {
 			requestType: http.MethodPost,
 			requestPath: "/api/routes",
 			requestBody: bytes.NewBuffer(
-				[]byte(fmt.Sprintf(`{"Description":"Post","Network":"192.168.0.0/16","network_id":"awesomeNet","Peer":"%s","groups":["%s"]}`, existingPeerID, existingGroupID))),
+				[]byte(fmt.Sprintf(`{"Description":"Post","Network":"192.168.0.0/16","network_id":"awesomeNet","Peer":"%s","groups":["%s"],"skip_auto_apply":false}`, existingPeerID, existingGroupID))),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
-				Id:          existingRouteID,
-				Description: "Post",
-				NetworkId:   "awesomeNet",
-				Network:     util.ToPtr("192.168.0.0/16"),
-				Peer:        &existingPeerID,
-				NetworkType: route.IPv4NetworkString,
-				Masquerade:  false,
-				Enabled:     false,
-				Groups:      []string{existingGroupID},
+				Id:            existingRouteID,
+				Description:   "Post",
+				NetworkId:     "awesomeNet",
+				Network:       util.ToPtr("192.168.0.0/16"),
+				Peer:          &existingPeerID,
+				NetworkType:   route.IPv4NetworkString,
+				Masquerade:    false,
+				Enabled:       false,
+				Groups:        []string{existingGroupID},
+				SkipAutoApply: util.ToPtr(false),
 			},
 		},
 		{
@@ -210,21 +213,22 @@ func TestRoutesHandlers(t *testing.T) {
 			requestType: http.MethodPost,
 			requestPath: "/api/routes",
 			requestBody: bytes.NewBuffer(
-				[]byte(fmt.Sprintf(`{"description":"Post","domains":["example.com"],"network_id":"domainNet","peer":"%s","groups":["%s"],"keep_route":true}`, existingPeerID, existingGroupID))),
+				[]byte(fmt.Sprintf(`{"description":"Post","domains":["example.com"],"network_id":"domainNet","peer":"%s","groups":["%s"],"keep_route":true,"skip_auto_apply":false}`, existingPeerID, existingGroupID))),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
-				Id:          existingRouteID,
-				Description: "Post",
-				NetworkId:   "domainNet",
-				Network:     util.ToPtr("invalid Prefix"),
-				KeepRoute:   true,
-				Domains:     &[]string{existingDomain},
-				Peer:        &existingPeerID,
-				NetworkType: route.DomainNetworkString,
-				Masquerade:  false,
-				Enabled:     false,
-				Groups:      []string{existingGroupID},
+				Id:            existingRouteID,
+				Description:   "Post",
+				NetworkId:     "domainNet",
+				Network:       util.ToPtr("invalid Prefix"),
+				KeepRoute:     true,
+				Domains:       &[]string{existingDomain},
+				Peer:          &existingPeerID,
+				NetworkType:   route.DomainNetworkString,
+				Masquerade:    false,
+				Enabled:       false,
+				Groups:        []string{existingGroupID},
+				SkipAutoApply: util.ToPtr(false),
 			},
 		},
 		{
@@ -232,7 +236,7 @@ func TestRoutesHandlers(t *testing.T) {
 			requestType: http.MethodPost,
 			requestPath: "/api/routes",
 			requestBody: bytes.NewBuffer(
-				[]byte(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"Peer\":\"%s\",\"groups\":[\"%s\"],\"access_control_groups\":[\"%s\"]}", existingPeerID, existingGroupID, existingGroupID))),
+				[]byte(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"Peer\":\"%s\",\"groups\":[\"%s\"],\"access_control_groups\":[\"%s\"],\"skip_auto_apply\":false}", existingPeerID, existingGroupID, existingGroupID))),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
@@ -246,6 +250,7 @@ func TestRoutesHandlers(t *testing.T) {
 				Enabled:             false,
 				Groups:              []string{existingGroupID},
 				AccessControlGroups: &[]string{existingGroupID},
+				SkipAutoApply:       util.ToPtr(false),
 			},
 		},
 		{
@@ -336,60 +341,63 @@ func TestRoutesHandlers(t *testing.T) {
 			name:           "Network PUT OK",
 			requestType:    http.MethodPut,
 			requestPath:    "/api/routes/" + existingRouteID,
-			requestBody:    bytes.NewBufferString(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"Peer\":\"%s\",\"groups\":[\"%s\"]}", existingPeerID, existingGroupID)),
+			requestBody:    bytes.NewBufferString(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"Peer\":\"%s\",\"groups\":[\"%s\"],\"is_selected\":true}", existingPeerID, existingGroupID)),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
-				Id:          existingRouteID,
-				Description: "Post",
-				NetworkId:   "awesomeNet",
-				Network:     util.ToPtr("192.168.0.0/16"),
-				Peer:        &existingPeerID,
-				NetworkType: route.IPv4NetworkString,
-				Masquerade:  false,
-				Enabled:     false,
-				Groups:      []string{existingGroupID},
+				Id:            existingRouteID,
+				Description:   "Post",
+				NetworkId:     "awesomeNet",
+				Network:       util.ToPtr("192.168.0.0/16"),
+				Peer:          &existingPeerID,
+				NetworkType:   route.IPv4NetworkString,
+				Masquerade:    false,
+				Enabled:       false,
+				Groups:        []string{existingGroupID},
+				SkipAutoApply: util.ToPtr(false),
 			},
 		},
 		{
 			name:           "Domains PUT OK",
 			requestType:    http.MethodPut,
 			requestPath:    "/api/routes/" + existingRouteID,
-			requestBody:    bytes.NewBufferString(fmt.Sprintf(`{"Description":"Post","domains":["example.com"],"network_id":"awesomeNet","Peer":"%s","groups":["%s"],"keep_route":true}`, existingPeerID, existingGroupID)),
+			requestBody:    bytes.NewBufferString(fmt.Sprintf(`{"Description":"Post","domains":["example.com"],"network_id":"awesomeNet","Peer":"%s","groups":["%s"],"keep_route":true,"skip_auto_apply":false}`, existingPeerID, existingGroupID)),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
-				Id:          existingRouteID,
-				Description: "Post",
-				NetworkId:   "awesomeNet",
-				Network:     util.ToPtr("invalid Prefix"),
-				Domains:     &[]string{existingDomain},
-				Peer:        &existingPeerID,
-				NetworkType: route.DomainNetworkString,
-				Masquerade:  false,
-				Enabled:     false,
-				Groups:      []string{existingGroupID},
-				KeepRoute:   true,
+				Id:            existingRouteID,
+				Description:   "Post",
+				NetworkId:     "awesomeNet",
+				Network:       util.ToPtr("invalid Prefix"),
+				Domains:       &[]string{existingDomain},
+				Peer:          &existingPeerID,
+				NetworkType:   route.DomainNetworkString,
+				Masquerade:    false,
+				Enabled:       false,
+				Groups:        []string{existingGroupID},
+				KeepRoute:     true,
+				SkipAutoApply: util.ToPtr(false),
 			},
 		},
 		{
 			name:           "PUT OK when peer_groups provided",
 			requestType:    http.MethodPut,
 			requestPath:    "/api/routes/" + existingRouteID,
-			requestBody:    bytes.NewBufferString(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"peer_groups\":[\"%s\"],\"groups\":[\"%s\"]}", existingGroupID, existingGroupID)),
+			requestBody:    bytes.NewBufferString(fmt.Sprintf("{\"Description\":\"Post\",\"Network\":\"192.168.0.0/16\",\"network_id\":\"awesomeNet\",\"peer_groups\":[\"%s\"],\"groups\":[\"%s\"],\"skip_auto_apply\":false}", existingGroupID, existingGroupID)),
 			expectedStatus: http.StatusOK,
 			expectedBody:   true,
 			expectedRoute: &api.Route{
-				Id:          existingRouteID,
-				Description: "Post",
-				NetworkId:   "awesomeNet",
-				Network:     util.ToPtr("192.168.0.0/16"),
-				Peer:        &emptyString,
-				PeerGroups:  &[]string{existingGroupID},
-				NetworkType: route.IPv4NetworkString,
-				Masquerade:  false,
-				Enabled:     false,
-				Groups:      []string{existingGroupID},
+				Id:            existingRouteID,
+				Description:   "Post",
+				NetworkId:     "awesomeNet",
+				Network:       util.ToPtr("192.168.0.0/16"),
+				Peer:          &emptyString,
+				PeerGroups:    &[]string{existingGroupID},
+				NetworkType:   route.IPv4NetworkString,
+				Masquerade:    false,
+				Enabled:       false,
+				Groups:        []string{existingGroupID},
+				SkipAutoApply: util.ToPtr(false),
 			},
 		},
 		{