diff --git a/management/internals/modules/reverseproxy/manager/manager.go b/management/internals/modules/reverseproxy/manager/manager.go index 9a17b65de..77822a785 100644 --- a/management/internals/modules/reverseproxy/manager/manager.go +++ b/management/internals/modules/reverseproxy/manager/manager.go @@ -180,6 +180,8 @@ func (m *managerImpl) UpdateReverseProxy(ctx context.Context, accountID, userID } reverseProxy.Meta = existingReverseProxy.Meta + reverseProxy.SessionPrivateKey = existingReverseProxy.SessionPrivateKey + reverseProxy.SessionPublicKey = existingReverseProxy.SessionPublicKey if err = transaction.UpdateReverseProxy(ctx, reverseProxy); err != nil { return fmt.Errorf("update reverse proxy: %w", err) diff --git a/management/internals/modules/reverseproxy/reverseproxy.go b/management/internals/modules/reverseproxy/reverseproxy.go index 334255ba5..8bbf5af5f 100644 --- a/management/internals/modules/reverseproxy/reverseproxy.go +++ b/management/internals/modules/reverseproxy/reverseproxy.go @@ -82,15 +82,15 @@ type ReverseProxyMeta struct { } type ReverseProxy struct { - ID string `gorm:"primaryKey"` - AccountID string `gorm:"index"` - Name string - Domain string `gorm:"index"` - ProxyCluster string `gorm:"index"` - Targets []Target `gorm:"serializer:json"` - Enabled bool - Auth AuthConfig `gorm:"serializer:json"` - Meta ReverseProxyMeta `gorm:"embedded;embeddedPrefix:meta_"` + ID string `gorm:"primaryKey"` + AccountID string `gorm:"index"` + Name string + Domain string `gorm:"index"` + ProxyCluster string `gorm:"index"` + Targets []Target `gorm:"serializer:json"` + Enabled bool + Auth AuthConfig `gorm:"serializer:json"` + Meta ReverseProxyMeta `gorm:"embedded;embeddedPrefix:meta_"` SessionPrivateKey string `gorm:"column:session_private_key"` SessionPublicKey string `gorm:"column:session_public_key"` } @@ -322,6 +322,7 @@ func (r *ReverseProxy) Copy() *ReverseProxy { AccountID: r.AccountID, Name: r.Name, Domain: r.Domain, + ProxyCluster: r.ProxyCluster, Targets: targets, Enabled: r.Enabled, Auth: r.Auth, diff --git a/management/internals/server/boot.go b/management/internals/server/boot.go index a0753a592..02772f638 100644 --- a/management/internals/server/boot.go +++ b/management/internals/server/boot.go @@ -180,8 +180,9 @@ func (s *BaseServer) proxyOIDCConfig() nbgrpc.ProxyOIDCConfig { callbackURL = callbackURL + "/api/oauth/callback" return nbgrpc.ProxyOIDCConfig{ - Issuer: s.Config.HttpConfig.AuthIssuer, - ClientID: "netbird-dashboard", // Reuse dashboard client + Issuer: s.Config.HttpConfig.AuthIssuer, + // todo: double check auth clientID value + ClientID: s.Config.HttpConfig.AuthAudience, // Reuse dashboard client Scopes: []string{"openid", "profile", "email"}, CallbackURL: callbackURL, HMACKey: []byte(s.Config.DataStoreEncryptionKey), // Use the datastore encryption key for OIDC state HMACs, this should ensure all management instances are using the same key. diff --git a/management/server/http/testing/testing_tools/channel/channel.go b/management/server/http/testing/testing_tools/channel/channel.go index ce5b31cdf..bdc68e85f 100644 --- a/management/server/http/testing/testing_tools/channel/channel.go +++ b/management/server/http/testing/testing_tools/channel/channel.go @@ -11,9 +11,6 @@ import ( "github.com/netbirdio/management-integrations/integrations" - "github.com/netbirdio/netbird/management/internals/modules/reverseproxy" - "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs" - "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain" zonesManager "github.com/netbirdio/netbird/management/internals/modules/zones/manager" recordsManager "github.com/netbirdio/netbird/management/internals/modules/zones/records/manager" "github.com/netbirdio/netbird/management/internals/server/config" @@ -105,12 +102,7 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee customZonesManager := zonesManager.NewManager(store, am, permissionsManager, "") zoneRecordsManager := recordsManager.NewManager(store, am, permissionsManager) - // Create empty managers for reverse proxy functionality (not used in channel tests) - var reverseProxyManager reverseproxy.Manager - reverseProxyDomainManager := domain.NewManager(store, nil) - var accessLogsManager accesslogs.Manager - - apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, reverseProxyManager, reverseProxyDomainManager, accessLogsManager, nil) + apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, nil, nil, nil, nil) if err != nil { t.Fatalf("Failed to create API handler: %v", err) }