netbird

mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 15:26:40 +00:00

Author	SHA1	Message	Date
Maycon Santos	d39fcfd62a	[management] Add user approval (#4411 ) This PR adds user approval functionality to the management system, allowing administrators to manually approve new users joining via domain matching. When enabled, users are blocked with pending approval status until explicitly approved by an admin. Adds UserApprovalRequired setting to control manual user approval requirement Introduces user approval and rejection endpoints with corresponding business logic Prevents pending approval users from adding peers or logging in	2025-09-01 18:00:45 +02:00
Maycon Santos	d817584f52	[misc] fix Windows client and management bench tests (#4424 ) Windows tests had too many directories, causing issues to the payload via psexec. Also migrated all checked benchmarks to send data to grafana.	2025-08-31 17:19:56 +02:00
Pascal Fischer	e14c6de203	[management] fix ephemeral flag on peer batch response (#4420 )	2025-08-29 17:41:20 +02:00
Bethuel Mmbaga	968d95698e	[management] Bump github.com/golang-jwt/jwt from 3.2.2+incompatible to 5.3.0 (#4375 )	2025-08-21 15:02:51 +03:00
hakansa	533d93eb17	[management,client] Feat/exit node auto apply (#4272 ) [management,client] Feat/exit node auto apply (#4272)	2025-08-19 18:19:24 +03:00
hakansa	d00a226556	[management] Add CreatedAt field to Peer and PeerBatch models (#4371 ) [management] Add CreatedAt field to Peer and PeerBatch models (#4371)	2025-08-19 16:02:11 +03:00
Bethuel Mmbaga	a4e8647aef	[management] Enable flow groups (#4230 ) Adds the ability to limit traffic events logging to specific peer groups	2025-08-13 00:00:40 +03:00
Viktor Liu	abd152ee5a	[misc] Separate shared code dependencies (#4288 ) * Separate shared code dependencies * Fix import * Test respective shared code * Update openapi ref * Fix test * Fix test path	2025-08-05 18:34:41 +02:00
Viktor Liu	1d5e871bdf	[misc] Move shared components to shared directory (#4286 ) Moved the following directories: ``` - management/client → shared/management/client - management/domain → shared/management/domain - management/proto → shared/management/proto - signal/client → shared/signal/client - signal/proto → shared/signal/proto - relay/client → shared/relay/client - relay/auth → shared/relay/auth ``` and adjusted import paths	2025-08-05 15:22:58 +02:00
Viktor Liu	beb66208a0	[management, client] Add API to change the network range (#4177 )	2025-08-04 16:45:49 +02:00
Pascal Fischer	552dc60547	[management] migrate group peers into seperate table (#4096 )	2025-08-01 12:22:07 +02:00
Bethuel Mmbaga	a7af15c4fc	[management] Fix group resource count mismatch in policy (#4182 )	2025-07-21 15:26:06 +03:00
Maycon Santos	08fd460867	[management] Add validate flow response (#4172 ) This PR adds a validate flow response feature to the management server by integrating an IntegratedValidator component. The main purpose is to enable validation of PKCE authorization flows through an integrated validator interface. - Adds a new ValidateFlowResponse method to the IntegratedValidator interface - Integrates the validator into the management server to validate PKCE authorization flows - Updates dependency version for management-integrations	2025-07-18 12:18:52 +02:00
Maycon Santos	2c81cf2c1e	[management] Add account onboarding (#4084 ) This PR introduces a new onboarding feature to handle such flows in the dashboard by defining an AccountOnboarding model, persisting it in the store, exposing CRUD operations in the manager and HTTP handlers, and updating API schemas and tests accordingly. Add AccountOnboarding struct and embed it in Account Extend Store and DefaultAccountManager with onboarding methods and SQL migrations Update HTTP handlers, API types, OpenAPI spec, and add end-to-end tests	2025-07-03 09:01:32 +02:00
Ali Amer	d9402168ad	[management] Add option to disable default all-to-all policy (#3970 ) This PR introduces a new configuration option `DisableDefaultPolicy` that prevents the creation of the default all-to-all policy when new accounts are created. This is useful for automation scenarios where explicit policies are preferred. ### Key Changes: - Added DisableDefaultPolicy flag to the management server config - Modified account creation logic to respect this flag - Updated all test cases to explicitly pass the flag (defaulting to false to maintain backward compatibility) - Propagated the flag through the account manager initialization chain ### Testing: - Verified default behavior remains unchanged when flag is false - Confirmed no default policy is created when flag is true - All existing tests pass with the new parameter	2025-07-02 02:41:59 +02:00
Pascal Fischer	b45284f086	[management] export ephemeral peer flag on api (#4004 )	2025-06-19 16:46:56 +02:00
Bethuel Mmbaga	4ee1635baa	[management] Propagate user groups when group propagation setting is re-enabled (#3912 )	2025-06-11 14:32:16 +03:00
Bethuel Mmbaga	87376afd13	[management] Enable unidirectional rules for all port policy (#3826 )	2025-06-10 18:02:45 +03:00
Bethuel Mmbaga	684501fd35	[management] Prevent deletion of peers linked to network routers (#3881 ) - Prevent deletion of peers linked to network routers - Add API endpoint to list all network routers	2025-05-29 18:50:00 +03:00
Bethuel Mmbaga	5523040acd	[management] Add correlated network traffic event schema (#3680 )	2025-05-27 13:47:53 +03:00
Bethuel Mmbaga	24f932b2ce	[management] Update traffic events pagination filters (#3857 )	2025-05-22 16:28:14 +03:00
Pedro Maia Costa	c03435061c	[management] lazy connection account setting (#3855 )	2025-05-22 14:09:00 +01:00
Bethuel Mmbaga	0cd4b601c3	[management] Add connection type filter to Network Traffic API (#3815 )	2025-05-14 11:15:50 +03:00
Pedro Maia Costa	7b64953eed	[management] user info with role permissions (#3728 )	2025-05-01 11:24:55 +01:00
Bethuel Mmbaga	488e619ec7	[management] Add network traffic events pagination (#3580 ) * Add network traffic events pagination schema	2025-04-30 11:51:40 +03:00
Pascal Fischer	38ada44a0e	[management] allow impersonation via pats (#3739 )	2025-04-25 16:40:54 +02:00
Pascal Fischer	312bfd9bd7	[management] support custom domains per account (#3726 )	2025-04-23 19:36:53 +02:00
Misha Bragin	c69df13515	[management] Add account meta (#3724 )	2025-04-23 18:44:22 +02:00
Pascal Fischer	986eb8c1e0	[management] fix lastLogin on dashboard (#3725 )	2025-04-23 15:54:49 +02:00
Pascal Fischer	1a6d6b3109	[management] fix github run id (#3705 )	2025-04-18 11:21:54 +02:00
Pascal Fischer	a4311f574d	[management] push benchmark results to grafana (#3701 )	2025-04-17 21:01:23 +02:00
Pascal Fischer	e0b33d325d	[management] permissions manager use crud operations (#3690 )	2025-04-16 17:25:03 +02:00
Pedro Maia Costa	75bdd47dfb	[management] get current user endpoint (#3666 )	2025-04-15 11:06:07 +01:00
Pedro Maia Costa	4134b857b4	[management] add permissions manager to geolocation handler (#3665 )	2025-04-14 17:57:58 +01:00
Pedro Maia Costa	fd2a21c65d	[management] remove unnecessary access control middleware (#3650 )	2025-04-11 10:43:59 +01:00
Pascal Fischer	5ea2806663	[management] use permission modules (#3622 )	2025-04-10 11:06:52 +02:00
Pedro Maia Costa	cbec7bda80	[management] permission manager validate account access (#3444 )	2025-03-30 17:08:22 +02:00
Pascal Fischer	b62a1b56ce	[docs] rename network traffic logging to traffic events (#3556 )	2025-03-21 16:32:47 +01:00
Pascal Fischer	8d7c92c661	[management] add receive timestamp to traffic event (#3559 )	2025-03-21 16:31:23 +01:00
Pascal Fischer	8f0aa8352a	[docs] add examples to events and tag to ingress port (#3552 )	2025-03-20 18:26:08 +01:00
Maycon Santos	c02e236196	[client,management] add netflow support to client and update management (#3414 ) adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall	2025-03-20 17:05:48 +01:00
Christian Alexander Sauer Mark	919fe94fd5	Fix always enabling of NetworkResource in createResource() (#3532 )	2025-03-18 19:41:15 +01:00
Pascal Fischer	67ae871ce4	[management] return empty array instead of null on networks endpoints (#3480 )	2025-03-11 00:20:54 +01:00
Viktor Liu	fc1da94520	[client, management] Add port forwarding (#3275 ) Add initial support to ingress ports on the client code. - new types where added - new protocol messages and controller	2025-03-09 16:06:43 +01:00
Pedro Maia Costa	77e40f41f2	[management] refactor auth (#3296 )	2025-02-20 20:24:40 +00:00
hakansa	39986b0e97	[client, management] Support DNS Labels for Peer Addressing (#3252 ) * [client] Support Extra DNS Labels for Peer Addressing * [management] Support Extra DNS Labels for Peer Addressing --------- Co-authored-by: Viktor Liu <17948409+lixmal@users.noreply.github.com>	2025-02-20 13:43:20 +03:00
Bethuel Mmbaga	4cdb2e533a	[management] Refactor users to use store methods (#2917 ) * Refactor setup key handling to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add lock to get account groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add check for regular user Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * get only required groups for auto-group validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add account lock and return auto groups map on validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor account peers update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor GetGroupByID and add NewGroupNotFoundError Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add AddPeer and RemovePeer methods to Group struct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preserve store engine in SqlStore transactions Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Run groups ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix missing group removed from setup key activity Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor posture checks to remove get and save account Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix refactor Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Change setup key log level to debug for missing group Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve modified peers once for group events Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor policy get and save account to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve policy groups and posture checks once for validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add policy tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor anyGroupHasPeers to retrieve all groups once Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor dns settings to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locking and merge group deletion methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor name server groups to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor ephemeral peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add lock for peer store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer handlers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor peer to use store methods Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix typo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add locks and remove log Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * run peer ops in transaction Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove duplicate store method Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix peer fields updated after save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use update strength and simplify check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent changing ruleID when not empty Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * prevent duplicate rules during updates Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor auth middleware Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor account methods and mock Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor user and PAT handling Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove db query context and fix get user by id Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix database transaction locking issue Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use UTC time in test Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix prevent users from creating PATs for other users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add store locks and prevent fetching setup keys peers when retrieving user peers with empty userID Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add missing tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor test names and remove duplicate TestPostgresql_SavePeerStatus Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add account locks and remove redundant ephemeral check Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Retrieve all groups for peers and restrict groups for regular users Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix store tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * use account object to get validated peers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Improve peer performance Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Get account direct from store without buffer Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add get peer groups tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust benchmarks Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Update benchmark workflow (#3181) * update local benchmark expectations * update cloud expectations * Add status error for generic result error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use integrated validator direct Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Refactor peer scheduler to retry every 3 seconds on errors Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * fix validator * fix validator * fix validator * update timeouts * Refactor ToGroupsInfo to process slices of groups Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations * update expectations * update expectations * Bump integrations version Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetValidatedPeers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * go mod tidy Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Use peers and groups map for peers validation Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove mysql from api benchmark tests * Fix merge Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix blocked db calls on user auto groups update Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Skip user check for system initiated peer deletion Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove context in db calls Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * update expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Improve group peer/resource counting (#3192) * Fix sonar Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Adjust bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Rename GetAccountInfoFromPAT to GetTokenInfo Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Remove global account lock for ListUsers Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * build userinfo after updating users in db Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * [management] Optimize user bulk deletion (#3315) * refactor building user infos Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * remove unused code Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor GetUsersFromAccount to return a map of UserInfo instead of a slice Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Export BuildUserInfosForAccount to account manager Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Fetch account user info once for bulk users save Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update user deletion expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Set max open conns for activity store Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update bench expectations Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: Pascal Fischer <pascal@netbird.io> Co-authored-by: Pedro Costa <550684+pnmcosta@users.noreply.github.com>	2025-02-17 21:43:12 +03:00
Pascal Fischer	cee4aeea9e	[management] Check groups when counting peers on networks list (#3284 )	2025-02-06 13:36:57 +01:00
Zoltan Papp	f930ef2ee6	Cleanup magiconair usage from repo (#3276 )	2025-02-03 17:54:35 +01:00
Pascal Fischer	2605948e01	[management] use account request buffer on sync (#3229 )	2025-01-24 12:04:50 +01:00

1 2 3 4 5 ...

276 Commits