[misc] Remove version prefix v docker tags (#6471 )

[management] remove db calls in nested loops (#6470 )
[management] pass meta update for browser clients (#6465 )
2026-06-18 22:09:56 +00:00 · 2026-06-18 22:34:24 +02:00 · 2026-06-18 22:12:59 +02:00 · 2026-06-18 17:22:42 +02:00
2 changed files with 43 additions and 54 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -247,7 +247,7 @@ dockers_v2:
       - netbirdio/netbird
       - ghcr.io/netbirdio/netbird
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: client/Dockerfile
     extra_files:
@@ -295,7 +295,7 @@ dockers_v2:
       - netbirdio/relay
       - ghcr.io/netbirdio/relay
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: relay/Dockerfile
     platforms:
@@ -317,7 +317,7 @@ dockers_v2:
       - netbirdio/signal
       - ghcr.io/netbirdio/signal
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: signal/Dockerfile
     platforms:
@@ -339,7 +339,7 @@ dockers_v2:
       - netbirdio/management
       - ghcr.io/netbirdio/management
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: management/Dockerfile
     platforms:
@@ -361,7 +361,7 @@ dockers_v2:
       - netbirdio/upload
       - ghcr.io/netbirdio/upload
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: upload-server/Dockerfile
     platforms:
@@ -383,7 +383,7 @@ dockers_v2:
       - netbirdio/netbird-server
       - ghcr.io/netbirdio/netbird-server
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: combined/Dockerfile
     platforms:
@@ -405,7 +405,7 @@ dockers_v2:
       - netbirdio/reverse-proxy
       - ghcr.io/netbirdio/reverse-proxy
     tags:
-       - "v{{ .Version }}"
+       - "{{ .Version }}"
       - "{{ if eq .Env.SKIP_PUBLISH \"false\" }}latest{{ end }}"
     dockerfile: proxy/Dockerfile
     platforms:
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -1026,7 +1026,12 @@ func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync types.PeerSy
 				return err
 			}

-			postureChecks, err = getPeerPostureChecks(ctx, transaction, accountID, peer.ID)
+			policies, err := transaction.GetAccountPolicies(ctx, store.LockingStrengthNone, accountID)
+			if err != nil {
+				return err
+			}
+
+			postureChecks, err = getPeerPostureChecks(ctx, transaction, accountID, peerGroupIDs, policies)
 			if err != nil {
 				return err
 			}
@@ -1124,7 +1129,7 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer
 	}

 	var peer *nbpeer.Peer
-	var shouldStorePeer bool
+	var shouldStorePeer, shouldUpdatePeers bool
 	var peerGroupIDs []string

 	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthNone, accountID)
@@ -1151,6 +1156,7 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer

 			if changed {
 				shouldStorePeer = true
+				shouldUpdatePeers = true
 			}
 		}

@@ -1174,13 +1180,16 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer
 			}
 		}

+		// This is needed to keep in memory for the peer config. Otherwise browser client will end in a retry loop
+		peer.UpdateMetaIfNew(login.Meta)
+
 		return nil
 	})
 	if err != nil {
 		return nil, nil, nil, false, err
 	}

-	isRequiresApproval, isStatusChanged, err := am.integratedPeerValidator.IsNotValidPeer(ctx, accountID, peer, peerGroupIDs, settings.Extra)
+	isRequiresApproval, _, err := am.integratedPeerValidator.IsNotValidPeer(ctx, accountID, peer, peerGroupIDs, settings.Extra)
 	if err != nil {
 		return nil, nil, nil, false, err
 	}
@@ -1190,7 +1199,7 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer
 		return nil, nil, nil, false, err
 	}

-	if isStatusChanged || shouldStorePeer {
+	if shouldUpdatePeers {
 		changedPeerIDs := []string{peer.ID}
 		affectedPeerIDs := am.resolveAffectedPeersForPeerChanges(ctx, am.Store, accountID, changedPeerIDs)
 		if err = am.networkMapController.OnPeersUpdated(ctx, accountID, changedPeerIDs, affectedPeerIDs); err != nil {
@@ -1286,12 +1295,22 @@ func getPeerLoginInfo(ctx context.Context, transaction store.Store, accountID st
 		return network, nil, false, nil
 	}

-	postureChecks, err := getPeerPostureChecks(ctx, transaction, accountID, peer.ID)
+	policies, err := transaction.GetAccountPolicies(ctx, store.LockingStrengthNone, accountID)
 	if err != nil {
 		return nil, nil, false, err
 	}

-	enableSSH, err := isPeerSSHEnabled(ctx, transaction, accountID, peer)
+	peerGroupIDs, err := transaction.GetPeerGroupIDs(ctx, store.LockingStrengthNone, accountID, peer.ID)
+	if err != nil {
+		return nil, nil, false, err
+	}
+
+	postureChecks, err := getPeerPostureChecks(ctx, transaction, accountID, peerGroupIDs, policies)
+	if err != nil {
+		return nil, nil, false, err
+	}
+
+	enableSSH, err := isPeerSSHEnabled(ctx, peer, policies, peerGroupIDs)
 	if err != nil {
 		return nil, nil, false, err
 	}
@@ -1299,32 +1318,16 @@ func getPeerLoginInfo(ctx context.Context, transaction store.Store, accountID st
 	return network, postureChecks, enableSSH, nil
 }

-func isPeerSSHEnabled(ctx context.Context, transaction store.Store, accountID string, peer *nbpeer.Peer) (bool, error) {
-	policies, err := transaction.GetAccountPolicies(ctx, store.LockingStrengthNone, accountID)
-	if err != nil {
-		return false, err
+func isPeerSSHEnabled(ctx context.Context, peer *nbpeer.Peer, policies []*types.Policy, peerGroupIDs []string) (bool, error) {
+	groupIDsMap := make(map[string]struct{}, len(peerGroupIDs))
+	for _, peerID := range peerGroupIDs {
+		groupIDsMap[peerID] = struct{}{}
 	}
-
-	peerGroups, err := transaction.GetPeerGroups(ctx, store.LockingStrengthNone, accountID, peer.ID)
-	if err != nil {
-		return false, err
-	}
-
-	peerGroupIDs := make(map[string]struct{}, len(peerGroups))
-	for _, g := range peerGroups {
-		peerGroupIDs[g.ID] = struct{}{}
-	}
-
-	return types.PeerSSHEnabledFromPolicies(policies, peer.ID, peerGroupIDs, peer.SSHEnabled), nil
+	return types.PeerSSHEnabledFromPolicies(policies, peer.ID, groupIDsMap, peer.SSHEnabled), nil
 }

 // getPeerPostureChecks returns the posture checks for the peer.
-func getPeerPostureChecks(ctx context.Context, transaction store.Store, accountID, peerID string) ([]*posture.Checks, error) {
-	policies, err := transaction.GetAccountPolicies(ctx, store.LockingStrengthNone, accountID)
-	if err != nil {
-		return nil, err
-	}
-
+func getPeerPostureChecks(ctx context.Context, transaction store.Store, accountID string, peerGroupIDs []string, policies []*types.Policy) ([]*posture.Checks, error) {
 	if len(policies) == 0 {
 		return nil, nil
 	}
@@ -1336,11 +1339,7 @@ func getPeerPostureChecks(ctx context.Context, transaction store.Store, accountI
 			continue
 		}

-		postureChecksIDs, err := processPeerPostureChecks(ctx, transaction, policy, accountID, peerID)
-		if err != nil {
-			return nil, err
-		}
-
+		postureChecksIDs := processPeerPostureChecks(policy, peerGroupIDs)
 		peerPostureChecksIDs = append(peerPostureChecksIDs, postureChecksIDs...)
 	}

@@ -1353,29 +1352,19 @@ func getPeerPostureChecks(ctx context.Context, transaction store.Store, accountI
 }

 // processPeerPostureChecks checks if the peer is in the source group of the policy and returns the posture checks.
-func processPeerPostureChecks(ctx context.Context, transaction store.Store, policy *types.Policy, accountID, peerID string) ([]string, error) {
+func processPeerPostureChecks(policy *types.Policy, peerGroupIDs []string) []string {
 	for _, rule := range policy.Rules {
 		if !rule.Enabled {
 			continue
 		}

-		sourceGroups, err := transaction.GetGroupsByIDs(ctx, store.LockingStrengthNone, accountID, rule.Sources)
-		if err != nil {
-			return nil, err
-		}
-
 		for _, sourceGroup := range rule.Sources {
-			group, ok := sourceGroups[sourceGroup]
-			if !ok {
-				return nil, fmt.Errorf("failed to check peer in policy source group")
-			}
-
-			if slices.Contains(group.Peers, peerID) {
-				return policy.SourcePostureChecks, nil
+			if slices.Contains(peerGroupIDs, sourceGroup) {
+				return policy.SourcePostureChecks
 			}
 		}
 	}
-	return nil, nil
+	return nil
 }

 // checkIFPeerNeedsLoginWithoutLock checks if the peer needs login without acquiring the account lock. The check validate if the peer was not added via SSO
Author	SHA1	Message	Date
Maycon Santos	679c7182a4	[misc] Remove version prefix `v` docker tags (#6471 )	2026-06-18 22:34:24 +02:00
Pascal Fischer	8c031ea6f0	[management] remove db calls in nested loops (#6470 )	2026-06-18 22:12:59 +02:00
Pascal Fischer	60a9544656	[management] pass meta update for browser clients (#6465 )	2026-06-18 17:22:42 +02:00