[management, reverse proxy] Add reverse proxy feature (#5291)

* implement reverse proxy


---------

Co-authored-by: Alisdair MacLeod <git@alisdairmacleod.co.uk>
Co-authored-by: mlsmaycon <mlsmaycon@gmail.com>
Co-authored-by: Eduard Gert <kontakt@eduardgert.de>
Co-authored-by: Viktor Liu <viktor@netbird.io>
Co-authored-by: Diego Noguês <diego.sure@gmail.com>
Co-authored-by: Diego Noguês <49420+diegocn@users.noreply.github.com>
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
Co-authored-by: Ashley Mensah <ashleyamo982@gmail.com>

management/internals/modules/reverseproxy/accesslogs/manager/api.go

@@ -0,0 +1,64 @@
+package manager
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
+	nbcontext "github.com/netbirdio/netbird/management/server/context"
+	"github.com/netbirdio/netbird/shared/management/http/api"
+	"github.com/netbirdio/netbird/shared/management/http/util"
+)
+
+type handler struct {
+	manager accesslogs.Manager
+}
+
+func RegisterEndpoints(router *mux.Router, manager accesslogs.Manager) {
+	h := &handler{
+		manager: manager,
+	}
+
+	router.HandleFunc("/events/proxy", h.getAccessLogs).Methods("GET", "OPTIONS")
+}
+
+func (h *handler) getAccessLogs(w http.ResponseWriter, r *http.Request) {
+	userAuth, err := nbcontext.GetUserAuthFromContext(r.Context())
+	if err != nil {
+		util.WriteError(r.Context(), err, w)
+		return
+	}
+
+	var filter accesslogs.AccessLogFilter
+	filter.ParseFromRequest(r)
+
+	logs, totalCount, err := h.manager.GetAllAccessLogs(r.Context(), userAuth.AccountId, userAuth.UserId, &filter)
+	if err != nil {
+		util.WriteError(r.Context(), err, w)
+		return
+	}
+
+	apiLogs := make([]api.ProxyAccessLog, 0, len(logs))
+	for _, log := range logs {
+		apiLogs = append(apiLogs, *log.ToAPIResponse())
+	}
+
+	response := &api.ProxyAccessLogsResponse{
+		Data:         apiLogs,
+		Page:         filter.Page,
+		PageSize:     filter.PageSize,
+		TotalRecords: int(totalCount),
+		TotalPages:   getTotalPageCount(int(totalCount), filter.PageSize),
+	}
+
+	util.WriteJSONObject(r.Context(), w, response)
+}
+
+// getTotalPageCount calculates the total number of pages
+func getTotalPageCount(totalCount, pageSize int) int {
+	if pageSize <= 0 {
+		return 0
+	}
+	return (totalCount + pageSize - 1) / pageSize
+}

management/internals/modules/reverseproxy/accesslogs/manager/manager.go

@@ -0,0 +1,108 @@
+package manager
+
+import (
+	"context"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
+	"github.com/netbirdio/netbird/management/server/geolocation"
+	"github.com/netbirdio/netbird/management/server/permissions"
+	"github.com/netbirdio/netbird/management/server/permissions/modules"
+	"github.com/netbirdio/netbird/management/server/permissions/operations"
+	"github.com/netbirdio/netbird/management/server/store"
+	"github.com/netbirdio/netbird/shared/management/status"
+)
+
+type managerImpl struct {
+	store              store.Store
+	permissionsManager permissions.Manager
+	geo                geolocation.Geolocation
+}
+
+func NewManager(store store.Store, permissionsManager permissions.Manager, geo geolocation.Geolocation) accesslogs.Manager {
+	return &managerImpl{
+		store:              store,
+		permissionsManager: permissionsManager,
+		geo:                geo,
+	}
+}
+
+// SaveAccessLog saves an access log entry to the database after enriching it
+func (m *managerImpl) SaveAccessLog(ctx context.Context, logEntry *accesslogs.AccessLogEntry) error {
+	if m.geo != nil && logEntry.GeoLocation.ConnectionIP != nil {
+		location, err := m.geo.Lookup(logEntry.GeoLocation.ConnectionIP)
+		if err != nil {
+			log.WithContext(ctx).Warnf("failed to get location for access log source IP [%s]: %v", logEntry.GeoLocation.ConnectionIP.String(), err)
+		} else {
+			logEntry.GeoLocation.CountryCode = location.Country.ISOCode
+			logEntry.GeoLocation.CityName = location.City.Names.En
+			logEntry.GeoLocation.GeoNameID = location.City.GeonameID
+		}
+	}
+
+	if err := m.store.CreateAccessLog(ctx, logEntry); err != nil {
+		log.WithContext(ctx).WithFields(log.Fields{
+			"service_id": logEntry.ServiceID,
+			"method":     logEntry.Method,
+			"host":       logEntry.Host,
+			"path":       logEntry.Path,
+			"status":     logEntry.StatusCode,
+		}).Errorf("failed to save access log: %v", err)
+		return err
+	}
+
+	return nil
+}
+
+// GetAllAccessLogs retrieves access logs for an account with pagination and filtering
+func (m *managerImpl) GetAllAccessLogs(ctx context.Context, accountID, userID string, filter *accesslogs.AccessLogFilter) ([]*accesslogs.AccessLogEntry, int64, error) {
+	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
+	if err != nil {
+		return nil, 0, status.NewPermissionValidationError(err)
+	}
+	if !ok {
+		return nil, 0, status.NewPermissionDeniedError()
+	}
+
+	if err := m.resolveUserFilters(ctx, accountID, filter); err != nil {
+		log.WithContext(ctx).Warnf("failed to resolve user filters: %v", err)
+	}
+
+	logs, totalCount, err := m.store.GetAccountAccessLogs(ctx, store.LockingStrengthNone, accountID, *filter)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	return logs, totalCount, nil
+}
+
+// resolveUserFilters converts user email/name filters to user ID filter
+func (m *managerImpl) resolveUserFilters(ctx context.Context, accountID string, filter *accesslogs.AccessLogFilter) error {
+	if filter.UserEmail == nil && filter.UserName == nil {
+		return nil
+	}
+
+	users, err := m.store.GetAccountUsers(ctx, store.LockingStrengthNone, accountID)
+	if err != nil {
+		return err
+	}
+
+	var matchingUserIDs []string
+	for _, user := range users {
+		if filter.UserEmail != nil && strings.Contains(strings.ToLower(user.Email), strings.ToLower(*filter.UserEmail)) {
+			matchingUserIDs = append(matchingUserIDs, user.Id)
+			continue
+		}
+		if filter.UserName != nil && strings.Contains(strings.ToLower(user.Name), strings.ToLower(*filter.UserName)) {
+			matchingUserIDs = append(matchingUserIDs, user.Id)
+		}
+	}
+
+	if len(matchingUserIDs) > 0 {
+		filter.UserID = &matchingUserIDs[0]
+	}
+
+	return nil
+}