[client,signal,management] Add browser client support (#4415)

2026-04-18 08:16:39 +00:00 · 2025-10-01 20:10:11 +02:00
parent 5e1a40c33f
commit b5daec3b51
107 changed files with 3591 additions and 284 deletions
--- a/management/server/http/handlers/peers/peers_handler.go
+++ b/management/server/http/handlers/peers/peers_handler.go
@@ -32,6 +32,7 @@ func AddEndpoints(accountManager account.Manager, router *mux.Router) {
 	router.HandleFunc("/peers/{peerId}", peersHandler.HandlePeer).
 		Methods("GET", "PUT", "DELETE", "OPTIONS")
 	router.HandleFunc("/peers/{peerId}/accessible-peers", peersHandler.GetAccessiblePeers).Methods("GET", "OPTIONS")
+	router.HandleFunc("/peers/{peerId}/temporary-access", peersHandler.CreateTemporaryAccess).Methods("POST", "OPTIONS")
 }

 // NewHandler creates a new peers Handler
@@ -318,6 +319,88 @@ func (h *Handler) GetAccessiblePeers(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toAccessiblePeers(netMap, dnsDomain))
 }

+func (h *Handler) CreateTemporaryAccess(w http.ResponseWriter, r *http.Request) {
+	userAuth, err := nbcontext.GetUserAuthFromContext(r.Context())
+	if err != nil {
+		util.WriteError(r.Context(), err, w)
+		return
+	}
+
+	vars := mux.Vars(r)
+	peerID := vars["peerId"]
+	if len(peerID) == 0 {
+		util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "invalid peer ID"), w)
+		return
+	}
+
+	var req api.PeerTemporaryAccessRequest
+	err = json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
+		return
+	}
+
+	newPeer := &nbpeer.Peer{}
+	newPeer.FromAPITemporaryAccessRequest(&req)
+
+	targetPeer, err := h.accountManager.GetPeer(r.Context(), userAuth.AccountId, peerID, userAuth.UserId)
+	if err != nil {
+		util.WriteError(r.Context(), err, w)
+		return
+	}
+
+	peer, _, _, err := h.accountManager.AddPeer(r.Context(), userAuth.AccountId, "", userAuth.UserId, newPeer, true)
+	if err != nil {
+		util.WriteError(r.Context(), err, w)
+		return
+	}
+
+	for _, rule := range req.Rules {
+		protocol, portRange, err := types.ParseRuleString(rule)
+		if err != nil {
+			util.WriteError(r.Context(), err, w)
+			return
+		}
+		policy := &types.Policy{
+			AccountID:   userAuth.AccountId,
+			Description: "Temporary access policy for peer " + peer.Name,
+			Name:        "Temporary access policy for peer " + peer.Name,
+			Enabled:     true,
+			Rules: []*types.PolicyRule{{
+				Name:        "Temporary access rule",
+				Description: "Temporary access rule",
+				Enabled:     true,
+				Action:      types.PolicyTrafficActionAccept,
+				SourceResource: types.Resource{
+					Type: types.ResourceTypePeer,
+					ID:   peer.ID,
+				},
+				DestinationResource: types.Resource{
+					Type: types.ResourceTypePeer,
+					ID:   targetPeer.ID,
+				},
+				Bidirectional: false,
+				Protocol:      protocol,
+				PortRanges:    []types.RulePortRange{portRange},
+			}},
+		}
+
+		_, err = h.accountManager.SavePolicy(r.Context(), userAuth.AccountId, userAuth.UserId, policy, true)
+		if err != nil {
+			util.WriteError(r.Context(), err, w)
+			return
+		}
+	}
+
+	resp := &api.PeerTemporaryAccessResponse{
+		Id:    peer.ID,
+		Name:  peer.Name,
+		Rules: req.Rules,
+	}
+
+	util.WriteJSONObject(r.Context(), w, resp)
+}
+
 func toAccessiblePeers(netMap *types.NetworkMap, dnsDomain string) []api.AccessiblePeer {
 	accessiblePeers := make([]api.AccessiblePeer, 0, len(netMap.Peers)+len(netMap.OfflinePeers))
 	for _, p := range netMap.Peers {