* integrate api
integrate api with stream and implement some client side
* fix typo and fix validation
* use real daemon address
* redo the connect via address
* Refactor the debug bundle generator to be ready to use from engine (#4469)
* fix tests
* fix lint
* fix bug with stream
* try refactor status 1
* fix convert fullStatus to statusOutput & add logFile
* fix tests
* fix tests
* fix not enough arguments in call to nbstatus.ConvertToStatusOutputOverview
* fix status_test
* fix(engine): avoid deadlock when stopping engine during debug bundle
* use atomic for lock-free
* use new lock
---------
Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
fix lint
clean up
fix MarkPendingJobsAsFailed
apply feedbacks 1
fix typo
change api and apply new schema
fix lint
fix api object
clean switch case
apply feedback 2
fix error handle in create job
get rid of any/interface type in job database
fix sonar issue
use RawJson for both parameters and results
running go mod tidy
update package
fix 1
update codegen
fix code-gen
fix snyk
fix snyk hopefully
DNS record filtering to only include peers that a peer can connect to, reducing unnecessary DNS data in the peer's network map.
- Adds a new `filterZoneRecordsForPeers` function to filter DNS records based on peer connectivity
- Modifies `GetPeerNetworkMap` to use filtered DNS records instead of all records in the custom zone
- Includes comprehensive test coverage for the new filtering functionality
This PR adds user approval functionality to the management system, allowing administrators to manually approve new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin.
Adds UserApprovalRequired setting to control manual user approval requirement
Introduces user approval and rejection endpoints with corresponding business logic
Prevents pending approval users from adding peers or logging in
This PR introduces a new onboarding feature to handle such flows in the dashboard by defining an AccountOnboarding model, persisting it in the store, exposing CRUD operations in the manager and HTTP handlers, and updating API schemas and tests accordingly.
Add AccountOnboarding struct and embed it in Account
Extend Store and DefaultAccountManager with onboarding methods and SQL migrations
Update HTTP handlers, API types, OpenAPI spec, and add end-to-end tests
This PR introduces a new configuration option `DisableDefaultPolicy` that prevents the creation of the default all-to-all policy when new accounts are created. This is useful for automation scenarios where explicit policies are preferred.
### Key Changes:
- Added DisableDefaultPolicy flag to the management server config
- Modified account creation logic to respect this flag
- Updated all test cases to explicitly pass the flag (defaulting to false to maintain backward compatibility)
- Propagated the flag through the account manager initialization chain
### Testing:
- Verified default behavior remains unchanged when flag is false
- Confirmed no default policy is created when flag is true
- All existing tests pass with the new parameter
Adds backward compatibility for clients with versions prior to v0.48.0 that do not support port range firewall rules.
- Skips generation of firewall rules with multi-port ranges for older clients
- Preserves support for single-port ranges by treating them as individual port rules, ensuring compatibility with older clients
This PR addresses potential ID collisions by switching the setup key ID generation from a hash-based approach to using xid-generated IDs.
Replace the hash function with xid.New().String()
Remove obsolete imports and the Hash() function
This PR fixes configuration inconsistencies and updates the store engine type usage throughout the management code. Key changes include:
- Replacing outdated server.Config references with types.Config and updating related flag variables (e.g. types.MgmtConfigPath).
- Converting engine constants (SqliteStoreEngine, PostgresStoreEngine, MysqlStoreEngine) to use types.Engine for consistent type–safety.
- Adjusting various test and migration code paths to correctly reference the new configuration and engine types.
adds NetFlow functionality to track and log network traffic information between peers, with features including:
- Flow logging for TCP, UDP, and ICMP traffic
- Integration with connection tracking system
- Resource ID tracking in NetFlow events
- DNS and exit node collection configuration
- Flow API and Redis cache in management
- Memory-based flow storage implementation
- Kernel conntrack counters and userspace counters
- TCP state machine improvements for more accurate tracking
- Migration from net.IP to netip.Addr in the userspace firewall
Faster server bootstrap by counting accounts rather than fetching all from storage in the account manager instantiation.
This change moved the deprecated need to ensure accounts have an All group to tests instead.
* [client] Support Extra DNS Labels for Peer Addressing
* [management] Support Extra DNS Labels for Peer Addressing
---------
Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>
