[client,signal,management] Add browser client support (#4415)

2026-04-16 07:16:38 +00:00 · 2025-10-01 20:10:11 +02:00
parent 5e1a40c33f
commit b5daec3b51
107 changed files with 3591 additions and 284 deletions
--- a/shared/management/client/client_test.go
+++ b/shared/management/client/client_test.go
@@ -18,6 +18,7 @@ import (
 	"google.golang.org/grpc/status"

 	"github.com/netbirdio/management-integrations/integrations"
+
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/management/internals/server/config"
@@ -27,6 +28,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/integrations/port_forwarding"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 	"github.com/netbirdio/netbird/management/server/peers"
+	"github.com/netbirdio/netbird/management/server/peers/ephemeral/manager"
 	"github.com/netbirdio/netbird/management/server/permissions"
 	"github.com/netbirdio/netbird/management/server/settings"
 	"github.com/netbirdio/netbird/management/server/store"
@@ -117,7 +119,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	groupsManager := groups.NewManagerMock()

 	secretsManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay, settingsMockManager, groupsManager)
-	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, settingsMockManager, peersUpdateManager, secretsManager, nil, nil, nil, mgmt.MockIntegratedValidator{})
+	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, settingsMockManager, peersUpdateManager, secretsManager, nil, &manager.EphemeralManager{}, nil, mgmt.MockIntegratedValidator{})
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/shared/management/http/api/openapi.yml
+++ b/shared/management/http/api/openapi.yml
@@ -507,6 +507,48 @@ components:
            - serial_number
            - extra_dns_labels
            - ephemeral
+    PeerTemporaryAccessRequest:
+      type: object
+      properties:
+        name:
+          description: Peer's hostname
+          type: string
+          example: temp-host-1
+        wg_pub_key:
+          description: Peer's WireGuard public key
+          type: string
+          example: "n0r3pL4c3h0ld3rK3y=="
+        rules:
+          description: List of temporary access rules
+          type: array
+          items:
+            type: string
+            example: "tcp/80"
+      required:
+        - name
+        - wg_pub_key
+        - rules
+    PeerTemporaryAccessResponse:
+      type: object
+      properties:
+        name:
+          description: Peer's hostname
+          type: string
+          example: temp-host-1
+        id:
+          description: Peer ID
+          type: string
+          example: chacbco6lnnbn6cg5s90
+        rules:
+          description: List of temporary access rules
+          type: array
+          items:
+            type: string
+            example: "tcp/80"
+      required:
+        - name
+        - id
+        - rules
    AccessiblePeer:
      allOf:
        - $ref: '#/components/schemas/PeerMinimum'
@@ -1404,7 +1446,8 @@ components:
      allOf:
        - $ref: '#/components/schemas/NetworkResourceType'
        - type: string
-          example: host
+          enum: ["peer"]
+          example: peer
    NetworkRequest:
      type: object
      properties:
@@ -2793,6 +2836,42 @@ paths:
          "$ref": "#/components/responses/forbidden"
        '500':
          "$ref": "#/components/responses/internal_error"
+  /api/peers/{peerId}/temporary-access:
+    post:
+      summary: Create a Temporary Access Peer
+      description: Creates a temporary access peer that can be used to access this peer and this peer only. The temporary access peer and its access policies will be automatically deleted after it disconnects.
+      tags: [ Peers ]
+      security:
+        - BearerAuth: [ ]
+        - TokenAuth: [ ]
+      parameters:
+        - in: path
+          name: peerId
+          required: true
+          schema:
+            type: string
+          description: The unique identifier of a peer
+      requestBody:
+        description: Temporary Access Peer create request
+        content:
+          'application/json':
+            schema:
+              $ref: '#/components/schemas/PeerTemporaryAccessRequest'
+      responses:
+        '200':
+          description: Temporary Access Peer response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PeerTemporaryAccessResponse'
+        '400':
+          "$ref": "#/components/responses/bad_request"
+        '401':
+          "$ref": "#/components/responses/requires_authentication"
+        '403':
+          "$ref": "#/components/responses/forbidden"
+        '500':
+          "$ref": "#/components/responses/internal_error"
  /api/peers/{peerId}/ingress/ports:
    get:
      x-cloud-only: true
--- a/shared/management/http/api/types.gen.go
+++ b/shared/management/http/api/types.gen.go
@@ -168,6 +168,7 @@ const (
 const (
 	ResourceTypeDomain ResourceType = "domain"
 	ResourceTypeHost   ResourceType = "host"
+	ResourceTypePeer   ResourceType = "peer"
 	ResourceTypeSubnet ResourceType = "subnet"
 )

@@ -1221,6 +1222,30 @@ type PeerRequest struct {
 	SshEnabled             bool    `json:"ssh_enabled"`
 }

+// PeerTemporaryAccessRequest defines model for PeerTemporaryAccessRequest.
+type PeerTemporaryAccessRequest struct {
+	// Name Peer's hostname
+	Name string `json:"name"`
+
+	// Rules List of temporary access rules
+	Rules []string `json:"rules"`
+
+	// WgPubKey Peer's WireGuard public key
+	WgPubKey string `json:"wg_pub_key"`
+}
+
+// PeerTemporaryAccessResponse defines model for PeerTemporaryAccessResponse.
+type PeerTemporaryAccessResponse struct {
+	// Id Peer ID
+	Id string `json:"id"`
+
+	// Name Peer's hostname
+	Name string `json:"name"`
+
+	// Rules List of temporary access rules
+	Rules []string `json:"rules"`
+}
+
 // PersonalAccessToken defines model for PersonalAccessToken.
 type PersonalAccessToken struct {
 	// CreatedAt Date the token was created
@@ -1949,6 +1974,9 @@ type PostApiPeersPeerIdIngressPortsJSONRequestBody = IngressPortAllocationReques
 // PutApiPeersPeerIdIngressPortsAllocationIdJSONRequestBody defines body for PutApiPeersPeerIdIngressPortsAllocationId for application/json ContentType.
 type PutApiPeersPeerIdIngressPortsAllocationIdJSONRequestBody = IngressPortAllocationRequest

+// PostApiPeersPeerIdTemporaryAccessJSONRequestBody defines body for PostApiPeersPeerIdTemporaryAccess for application/json ContentType.
+type PostApiPeersPeerIdTemporaryAccessJSONRequestBody = PeerTemporaryAccessRequest
+
 // PostApiPoliciesJSONRequestBody defines body for PostApiPolicies for application/json ContentType.
 type PostApiPoliciesJSONRequestBody = PolicyUpdate

--- a/shared/management/proto/management.pb.go
+++ b/shared/management/proto/management.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v4.24.3
+// 	protoc        v6.32.0
 // source: management.proto

 package proto