[management, reverse proxy] Add reverse proxy feature (#5291)

* implement reverse proxy --------- Co-authored-by: Alisdair MacLeod <git@alisdairmacleod.co.uk> Co-authored-by: mlsmaycon <mlsmaycon@gmail.com> Co-authored-by: Eduard Gert <kontakt@eduardgert.de> Co-authored-by: Viktor Liu <viktor@netbird.io> Co-authored-by: Diego Noguês <diego.sure@gmail.com> Co-authored-by: Diego Noguês <49420+diegocn@users.noreply.github.com> Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Ashley Mensah <ashleyamo982@gmail.com>
2026-04-21 17:56:39 +00:00 · 2026-02-13 19:37:43 +01:00
parent edce11b34d
commit f53155562f
225 changed files with 35513 additions and 235 deletions
--- a/proxy/internal/auth/password.go
+++ b/proxy/internal/auth/password.go
@@ -0,0 +1,61 @@
+package auth
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/netbirdio/netbird/proxy/auth"
+	"github.com/netbirdio/netbird/shared/management/proto"
+)
+
+const passwordFormId = "password"
+
+type Password struct {
+	id, accountId string
+	client        authenticator
+}
+
+func NewPassword(client authenticator, id, accountId string) Password {
+	return Password{
+		id:        id,
+		accountId: accountId,
+		client:    client,
+	}
+}
+
+func (Password) Type() auth.Method {
+	return auth.MethodPassword
+}
+
+// Authenticate attempts to authenticate the request using a form
+// value passed in the request.
+// If authentication fails, the required HTTP form ID is returned
+// so that it can be injected into a request from the UI so that
+// authentication may be successful.
+func (p Password) Authenticate(r *http.Request) (string, string, error) {
+	password := r.FormValue(passwordFormId)
+
+	if password == "" {
+		// No password submitted; return the form ID so the UI can prompt the user.
+		return "", passwordFormId, nil
+	}
+
+	res, err := p.client.Authenticate(r.Context(), &proto.AuthenticateRequest{
+		Id:        p.id,
+		AccountId: p.accountId,
+		Request: &proto.AuthenticateRequest_Password{
+			Password: &proto.PasswordRequest{
+				Password: password,
+			},
+		},
+	})
+	if err != nil {
+		return "", "", fmt.Errorf("authenticate password: %w", err)
+	}
+
+	if res.GetSuccess() {
+		return res.GetSessionToken(), "", nil
+	}
+
+	return "", passwordFormId, nil
+}