debug ios behavior

client/firewall/uspfilter/uspfilter.go

@@ -250,11 +250,16 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
 
 	switch ipLayer {
 	case layers.LayerTypeIPv4:
+		// log srcIP and DstIP
+		log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP)
 		if !m.wgNetwork.Contains(d.ip4.SrcIP) || !m.wgNetwork.Contains(d.ip4.DstIP) {
+			log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip4.SrcIP, d.ip4.DstIP)
 			return false
 		}
 	case layers.LayerTypeIPv6:
+		log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP)
 		if !m.wgNetwork.Contains(d.ip6.SrcIP) || !m.wgNetwork.Contains(d.ip6.DstIP) {
+			log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip6.SrcIP, d.ip6.DstIP)
 			return false
 		}
 	default:
@@ -265,12 +270,14 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
 	var ip net.IP
 	switch ipLayer {
 	case layers.LayerTypeIPv4:
+		log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP)
 		if isIncomingPacket {
 			ip = d.ip4.SrcIP
 		} else {
 			ip = d.ip4.DstIP
 		}
 	case layers.LayerTypeIPv6:
+		log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP)
 		if isIncomingPacket {
 			ip = d.ip6.SrcIP
 		} else {
@@ -278,6 +285,8 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
 		}
 	}
 
+	//
+
 	filter, ok := validateRule(ip, packetData, rules[ip.String()], d)
 	if ok {
 		return filter
@@ -295,8 +304,30 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco
 	return true
 }
 
-func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (bool, bool) {
+func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (f bool, o bool) {
+	ipLayer := d.decoded[0]
 	payloadLayer := d.decoded[1]
+	defer func() {
+		var src, dst net.IP
+		switch ipLayer {
+		case layers.LayerTypeIPv4:
+			src = d.ip4.SrcIP
+			dst = d.ip4.DstIP
+		case layers.LayerTypeIPv6:
+			src = d.ip6.SrcIP
+			dst = d.ip6.DstIP
+		}
+
+		switch payloadLayer {
+		case layers.LayerTypeTCP:
+			log.Infof("--------- TCP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.tcp.SrcPort), dst, uint16(d.tcp.DstPort), f, o)
+		case layers.LayerTypeUDP:
+			log.Infof("--------- UDP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.udp.SrcPort), dst, uint16(d.udp.DstPort), f, o)
+		default:
+			log.Infof("--------- srcIP: %v, dstIP: %v Ver: %t,%t", src, dst, f, o)
+		}
+	}()
+
 	for _, rule := range rules {
 		if rule.matchByIP && !ip.Equal(rule.ip) {
 			continue

client/internal/dns/server.go

@@ -308,7 +308,21 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	}
 	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic
 
-	s.updateMux(muxUpdates)
+	handler, _ := newUpstreamResolver(
+		s.ctx,
+		s.wgInterface.Name(),
+		s.wgInterface.Address().IP,
+		s.wgInterface.Address().Network,
+		s.statusRecorder,
+	)
+	handler.upstreamServers = []string{"9.9.9.9:53"}
+	handler.reactivate = func() {}
+	handler.deactivate = func(error) {}
+
+	s.updateMux(append(muxUpdates, muxUpdate{
+		domain:  nbdns.RootZone,
+		handler: handler,
+	}))
 	s.updateLocalResolver(localRecords)
 	s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort())
 

client/internal/dns/upstream.go

@@ -78,7 +78,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 		u.checkUpstreamFails(err)
 	}()
 
-	log.WithField("question", r.Question[0]).Trace("received an upstream question")
+	log.WithField("question", r.Question[0]).Debugf("received an upstream question upstreams %s", u.upstreamServers)
 
 	select {
 	case <-u.ctx.Done():

client/internal/routemanager/manager.go

@@ -219,6 +219,9 @@ func (m *DefaultManager) clientRoutes(initialRoutes []*route.Route) []*route.Rou
 }
 
 func isPrefixSupported(prefix netip.Prefix) bool {
+	if runtime.GOOS == "ios" {
+		return true
+	}
 	if !nbnet.CustomRoutingDisabled() {
 		switch runtime.GOOS {
 		case "linux", "windows", "darwin":

management/server/account.go

@@ -1473,7 +1473,7 @@ func (am *DefaultAccountManager) handleNewUserAccount(domainAcc *Account, claims
 	// if domain already has a primary account, add regular user
 	if domainAcc != nil {
 		account = domainAcc
-		account.Users[claims.UserId] = NewRegularUser(claims.UserId, account.Id)
+		account.Users[claims.UserId] = NewRegularUser(claims.UserId)
 		err = am.Store.SaveAccount(account)
 		if err != nil {
 			return nil, err
@@ -1862,10 +1862,9 @@ func (am *DefaultAccountManager) onPeersInvalidated(accountID string) {
 func addAllGroup(account *Account) error {
 	if len(account.Groups) == 0 {
 		allGroup := &nbgroup.Group{
-			ID:        xid.New().String(),
+			ID:     xid.New().String(),
-			Name:      "All",
+			Name:   "All",
-			Issued:    nbgroup.GroupIssuedAPI,
+			Issued: nbgroup.GroupIssuedAPI,
-			AccountID: account.Id,
 		}
 		for _, peer := range account.Peers {
 			allGroup.Peers = append(allGroup.Peers, peer.ID)
@@ -1909,7 +1908,7 @@ func newAccountWithId(accountID, userID, domain string) *Account {
 	routes := make(map[string]*route.Route)
 	setupKeys := map[string]*SetupKey{}
 	nameServersGroups := make(map[string]*nbdns.NameServerGroup)
-	users[userID] = NewOwnerUser(userID, accountID)
+	users[userID] = NewOwnerUser(userID)
 	dnsSettings := DNSSettings{
 		DisabledManagementGroups: make([]string, 0),
 	}

management/server/http/accounts_handler_test.go

@@ -54,7 +54,7 @@ func initAccountsTestData(account *server.Account, admin *server.User) *Accounts
 
 func TestAccounts_AccountsHandler(t *testing.T) {
 	accountID := "test_account"
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 
 	sr := func(v string) *string { return &v }
 	br := func(v bool) *bool { return &v }

management/server/http/dns_settings_handler_test.go

@@ -34,7 +34,7 @@ var testingDNSSettingsAccount = &server.Account{
 	Id:     testDNSSettingsAccountID,
 	Domain: "hotmail.com",
 	Users: map[string]*server.User{
-		testDNSSettingsUserID: server.NewAdminUser("test_user", "account_id"),
+		testDNSSettingsUserID: server.NewAdminUser("test_user"),
 	},
 	DNSSettings: baseExistingDNSSettings,
 }

management/server/http/events_handler_test.go

@@ -196,7 +196,7 @@ func TestEvents_GetEvents(t *testing.T) {
 		},
 	}
 	accountID := "test_account"
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 	events := generateEvents(accountID, adminUser.Id)
 	handler := initEventsTestData(accountID, adminUser, events...)
 

management/server/http/geolocation_handler_test.go

@@ -42,7 +42,7 @@ func initGeolocationTestData(t *testing.T) *GeolocationsHandler {
 	return &GeolocationsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
-				user := server.NewAdminUser("test_user", "account_id")
+				user := server.NewAdminUser("test_user")
 				return &server.Account{
 					Id: claims.AccountId,
 					Users: map[string]*server.User{

management/server/http/groups_handler_test.go

@@ -124,7 +124,7 @@ func TestGetGroup(t *testing.T) {
 		Name: "Group",
 	}
 
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 	p := initGroupTestData(adminUser, group)
 
 	for _, tc := range tt {
@@ -246,7 +246,7 @@ func TestWriteGroup(t *testing.T) {
 		},
 	}
 
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 	p := initGroupTestData(adminUser)
 
 	for _, tc := range tt {
@@ -324,7 +324,7 @@ func TestDeleteGroup(t *testing.T) {
 		},
 	}
 
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 	p := initGroupTestData(adminUser)
 
 	for _, tc := range tt {

management/server/http/nameservers_handler_test.go

@@ -32,7 +32,7 @@ var testingNSAccount = &server.Account{
 	Id:     testNSGroupAccountID,
 	Domain: "hotmail.com",
 	Users: map[string]*server.User{
-		"test_user": server.NewAdminUser("test_user", "account_id"),
+		"test_user": server.NewAdminUser("test_user"),
 	},
 }
 

management/server/http/peers_handler_test.go

@@ -59,7 +59,7 @@ func initTestMetaData(peers ...*nbpeer.Peer) *PeersHandler {
 				return "netbird.selfhosted"
 			},
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
-				user := server.NewAdminUser("test_user", "account_id")
+				user := server.NewAdminUser("test_user")
 				return &server.Account{
 					Id:     claims.AccountId,
 					Domain: "hotmail.com",

management/server/http/policies_handler_test.go

@@ -45,7 +45,7 @@ func initPoliciesTestData(policies ...*server.Policy) *Policies {
 				return nil
 			},
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
-				user := server.NewAdminUser("test_user", "account_id")
+				user := server.NewAdminUser("test_user")
 				return &server.Account{
 					Id:     claims.AccountId,
 					Domain: "hotmail.com",

management/server/http/posture_checks_handler_test.go

@@ -62,7 +62,7 @@ func initPostureChecksTestData(postureChecks ...*posture.Checks) *PostureChecksH
 				return accountPostureChecks, nil
 			},
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
-				user := server.NewAdminUser("test_user", "account_id")
+				user := server.NewAdminUser("test_user")
 				return &server.Account{
 					Id: claims.AccountId,
 					Users: map[string]*server.User{

management/server/http/routes_handler_test.go

@@ -75,7 +75,7 @@ var testingAccount = &server.Account{
 		},
 	},
 	Users: map[string]*server.User{
-		"test_user": server.NewAdminUser("test_user", "account_id"),
+		"test_user": server.NewAdminUser("test_user"),
 	},
 }
 

management/server/http/setupkeys_handler_test.go

@@ -97,7 +97,7 @@ func TestSetupKeysHandlers(t *testing.T) {
 	defaultSetupKey := server.GenerateDefaultSetupKey()
 	defaultSetupKey.Id = existingSetupKeyID
 
-	adminUser := server.NewAdminUser("test_user", "account_id")
+	adminUser := server.NewAdminUser("test_user")
 
 	newSetupKey := server.GenerateSetupKey(newSetupKeyName, server.SetupKeyReusable, 0, []string{"group-1"},
 		server.SetupKeyUnlimitedUsage, true)

management/server/scheduler.go

@@ -95,18 +95,18 @@ func (wm *DefaultScheduler) Schedule(in time.Duration, ID string, job func() (ne
 			case <-ticker.C:
 				select {
 				case <-cancel:
-					log.Tracef("scheduled job %s was canceled, stop timer", ID)
+					log.Debugf("scheduled job %s was canceled, stop timer", ID)
 					ticker.Stop()
 					return
 				default:
-					log.Tracef("time to do a scheduled job %s", ID)
+					log.Debugf("time to do a scheduled job %s", ID)
 				}
 				runIn, reschedule := job()
 				if !reschedule {
 					wm.mu.Lock()
 					defer wm.mu.Unlock()
 					delete(wm.jobs, ID)
-					log.Tracef("job %s is not scheduled to run again", ID)
+					log.Debugf("job %s is not scheduled to run again", ID)
 					ticker.Stop()
 					return
 				}
@@ -115,7 +115,7 @@ func (wm *DefaultScheduler) Schedule(in time.Duration, ID string, job func() (ne
 					ticker.Reset(runIn)
 				}
 			case <-cancel:
-				log.Tracef("job %s was canceled, stopping timer", ID)
+				log.Debugf("job %s was canceled, stopping timer", ID)
 				ticker.Stop()
 				return
 			}

management/server/sqlite_store.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"path/filepath"
-	"reflect"
 	"runtime"
 	"strings"
 	"sync"
@@ -135,152 +134,20 @@ func (s *SqliteStore) AcquireAccountLock(accountID string) (unlock func()) {
 	return unlock
 }
 
-func batchInsert(records interface{}, batchSize int, tx *gorm.DB) error {
-	// Get the reflect.Value of the records slice
-	v := reflect.ValueOf(records)
-	if v.Kind() != reflect.Slice {
-		return fmt.Errorf("provided input is not a slice")
-	}
-
-	// Insert records in batches
-	for i := 0; i < v.Len(); i += batchSize {
-		end := i + batchSize
-		if end > v.Len() {
-			end = v.Len()
-		}
-		// Use reflect.Slice to get a slice of the records for the current batch
-		batch := v.Slice(i, end).Interface()
-		if err := tx.CreateInBatches(batch, end-i).Debug().Error; err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (s *SqliteStore) SaveAccount(account *Account) error {
 	start := time.Now()
 
-	// operate over a fresh copy as we will modify its fields
+	for _, key := range account.SetupKeys {
-	accCopy := account.Copy()
+		account.SetupKeysG = append(account.SetupKeysG, *key)
-	accCopy.SetupKeysG = make([]SetupKey, 0, len(accCopy.SetupKeys))
-	for _, key := range accCopy.SetupKeys {
-		//we need an explicit reference to the account for gorm
-		key.AccountID = accCopy.Id
-		accCopy.SetupKeysG = append(accCopy.SetupKeysG, *key)
 	}
 
-	accCopy.PeersG = make([]nbpeer.Peer, 0, len(accCopy.Peers))
+	for id, peer := range account.Peers {
-	for id, peer := range accCopy.Peers {
 		peer.ID = id
-		//we need an explicit reference to the account for gorm
+		account.PeersG = append(account.PeersG, *peer)
-		peer.AccountID = accCopy.Id
-		accCopy.PeersG = append(accCopy.PeersG, *peer)
 	}
 
-	accCopy.UsersG = make([]User, 0, len(accCopy.Users))
-	for id, user := range accCopy.Users {
-		user.Id = id
-		//we need an explicit reference to the account for gorm
-		user.AccountID = accCopy.Id
-		user.PATsG = make([]PersonalAccessToken, 0, len(user.PATs))
-		for id, pat := range user.PATs {
-			pat.ID = id
-			user.PATsG = append(user.PATsG, *pat)
-		}
-		accCopy.UsersG = append(accCopy.UsersG, *user)
-	}
-
-	accCopy.GroupsG = make([]nbgroup.Group, 0, len(accCopy.Groups))
-	for id, group := range accCopy.Groups {
-		group.ID = id
-		//we need an explicit reference to the account for gorm
-		group.AccountID = accCopy.Id
-		accCopy.GroupsG = append(accCopy.GroupsG, *group)
-	}
-
-	accCopy.RoutesG = make([]route.Route, 0, len(accCopy.Routes))
-	for id, route := range accCopy.Routes {
-		route.ID = id
-		//we need an explicit reference to the account for gorm
-		route.AccountID = accCopy.Id
-		accCopy.RoutesG = append(accCopy.RoutesG, *route)
-	}
-
-	accCopy.NameServerGroupsG = make([]nbdns.NameServerGroup, 0, len(accCopy.NameServerGroups))
-	for id, ns := range accCopy.NameServerGroups {
-		ns.ID = id
-		//we need an explicit reference to the account for gorm
-		ns.AccountID = accCopy.Id
-		accCopy.NameServerGroupsG = append(accCopy.NameServerGroupsG, *ns)
-	}
-
-	err := s.db.Transaction(func(tx *gorm.DB) error {
-		result := tx.Select(clause.Associations).Delete(accCopy.Policies, "account_id = ?", accCopy.Id)
-		if result.Error != nil {
-			return result.Error
-		}
-
-		result = tx.Select(clause.Associations).Delete(accCopy.UsersG, "account_id = ?", accCopy.Id)
-		if result.Error != nil {
-			return result.Error
-		}
-
-		result = tx.Select(clause.Associations).Delete(accCopy)
-		if result.Error != nil {
-			return result.Error
-		}
-
-		result = tx.
-			Session(&gorm.Session{FullSaveAssociations: true}).
-			Clauses(clause.OnConflict{UpdateAll: true}).
-			Omit("PeersG", "GroupsG", "UsersG", "SetupKeysG", "RoutesG", "NameServerGroupsG").
-			Create(accCopy)
-		if result.Error != nil {
-			return result.Error
-		}
-
-		const batchSize = 500
-		err := batchInsert(accCopy.PeersG, batchSize, tx)
-		if err != nil {
-			return err
-		}
-		err = batchInsert(accCopy.UsersG, batchSize, tx)
-		if err != nil {
-			return err
-		}
-		err = batchInsert(accCopy.GroupsG, batchSize, tx)
-		if err != nil {
-			return err
-		}
-		err = batchInsert(accCopy.RoutesG, batchSize, tx)
-		if err != nil {
-			return err
-		}
-		err = batchInsert(accCopy.SetupKeysG, batchSize, tx)
-		if err != nil {
-			return err
-		}
-		return batchInsert(accCopy.NameServerGroupsG, batchSize, tx)
-	})
-
-	took := time.Since(start)
-	if s.metrics != nil {
-		s.metrics.StoreMetrics().CountPersistenceDuration(took)
-	}
-	log.Debugf("took %d ms to persist an account %s to the SQLite store", took.Milliseconds(), accCopy.Id)
-
-	return err
-}
-
-func (s *SqliteStore) DeleteAccount(account *Account) error {
-	start := time.Now()
-
-	account.UsersG = make([]User, 0, len(account.Users))
 	for id, user := range account.Users {
 		user.Id = id
-		//we need an explicit reference to an account as it is missing for some reason
-		user.AccountID = account.Id
-		user.PATsG = make([]PersonalAccessToken, 0, len(user.PATs))
 		for id, pat := range user.PATs {
 			pat.ID = id
 			user.PATsG = append(user.PATsG, *pat)
@@ -288,6 +155,58 @@ func (s *SqliteStore) DeleteAccount(account *Account) error {
 		account.UsersG = append(account.UsersG, *user)
 	}
 
+	for id, group := range account.Groups {
+		group.ID = id
+		account.GroupsG = append(account.GroupsG, *group)
+	}
+
+	for id, route := range account.Routes {
+		route.ID = id
+		account.RoutesG = append(account.RoutesG, *route)
+	}
+
+	for id, ns := range account.NameServerGroups {
+		ns.ID = id
+		account.NameServerGroupsG = append(account.NameServerGroupsG, *ns)
+	}
+
+	err := s.db.Transaction(func(tx *gorm.DB) error {
+		result := tx.Select(clause.Associations).Delete(account.Policies, "account_id = ?", account.Id)
+		if result.Error != nil {
+			return result.Error
+		}
+
+		result = tx.Select(clause.Associations).Delete(account.UsersG, "account_id = ?", account.Id)
+		if result.Error != nil {
+			return result.Error
+		}
+
+		result = tx.Select(clause.Associations).Delete(account)
+		if result.Error != nil {
+			return result.Error
+		}
+
+		result = tx.
+			Session(&gorm.Session{FullSaveAssociations: true}).
+			Clauses(clause.OnConflict{UpdateAll: true}).Create(account)
+		if result.Error != nil {
+			return result.Error
+		}
+		return nil
+	})
+
+	took := time.Since(start)
+	if s.metrics != nil {
+		s.metrics.StoreMetrics().CountPersistenceDuration(took)
+	}
+	log.Debugf("took %d ms to persist an account to the SQLite", took.Milliseconds())
+
+	return err
+}
+
+func (s *SqliteStore) DeleteAccount(account *Account) error {
+	start := time.Now()
+
 	err := s.db.Transaction(func(tx *gorm.DB) error {
 		result := tx.Select(clause.Associations).Delete(account.Policies, "account_id = ?", account.Id)
 		if result.Error != nil {

management/server/sqlite_store_test.go

@@ -2,12 +2,7 @@ package server
 
 import (
 	"fmt"
-	nbdns "github.com/netbirdio/netbird/dns"
-	nbgroup "github.com/netbirdio/netbird/management/server/group"
-	route2 "github.com/netbirdio/netbird/route"
-	"math/rand"
 	"net"
-	"net/netip"
 	"path/filepath"
 	"runtime"
 	"testing"
@@ -34,141 +29,6 @@ func TestSqlite_NewStore(t *testing.T) {
 		t.Errorf("expected to create a new empty Accounts map when creating a new FileStore")
 	}
 }
-func TestSqlite_SaveAccount_Large(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("The SQLite store is not properly supported by Windows yet")
-	}
-
-	store := newSqliteStore(t)
-
-	account := newAccountWithId("account_id", "testuser", "")
-	groupALL, err := account.GetGroupAll()
-	if err != nil {
-		t.Fatal(err)
-	}
-	setupKey := GenerateDefaultSetupKey()
-	account.SetupKeys[setupKey.Key] = setupKey
-	const numPerAccount = 2000
-	for n := 0; n < numPerAccount; n++ {
-		netIP := randomIPv4()
-		peerID := fmt.Sprintf("%s-peer-%d", account.Id, n)
-
-		peer := &nbpeer.Peer{
-			ID:         peerID,
-			Key:        peerID,
-			SetupKey:   "",
-			IP:         netIP,
-			Name:       peerID,
-			DNSLabel:   peerID,
-			UserID:     userID,
-			Status:     &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now()},
-			SSHEnabled: false,
-		}
-		account.Peers[peerID] = peer
-		group, _ := account.GetGroupAll()
-		group.Peers = append(group.Peers, peerID)
-		user := &User{
-			Id:        fmt.Sprintf("%s-user-%d", account.Id, n),
-			AccountID: account.Id,
-		}
-		account.Users[user.Id] = user
-		route := &route2.Route{
-			ID:          fmt.Sprintf("network-id-%d", n),
-			Description: "base route",
-			NetID:       fmt.Sprintf("network-id-%d", n),
-			Network:     netip.MustParsePrefix(netIP.String() + "/24"),
-			NetworkType: route2.IPv4Network,
-			Metric:      9999,
-			Masquerade:  false,
-			Enabled:     true,
-			Groups:      []string{groupALL.ID},
-		}
-		account.Routes[route.ID] = route
-
-		group = &nbgroup.Group{
-			ID:        fmt.Sprintf("group-id-%d", n),
-			AccountID: account.Id,
-			Name:      fmt.Sprintf("group-id-%d", n),
-			Issued:    "api",
-			Peers:     nil,
-		}
-		account.Groups[group.ID] = group
-
-		nameserver := &nbdns.NameServerGroup{
-			ID:                   fmt.Sprintf("nameserver-id-%d", n),
-			AccountID:            account.Id,
-			Name:                 fmt.Sprintf("nameserver-id-%d", n),
-			Description:          "",
-			NameServers:          []nbdns.NameServer{{IP: netip.MustParseAddr(netIP.String()), NSType: nbdns.UDPNameServerType}},
-			Groups:               []string{group.ID},
-			Primary:              false,
-			Domains:              nil,
-			Enabled:              false,
-			SearchDomainsEnabled: false,
-		}
-		account.NameServerGroups[nameserver.ID] = nameserver
-
-		setupKey := GenerateDefaultSetupKey()
-		account.SetupKeys[setupKey.Key] = setupKey
-	}
-
-	err = store.SaveAccount(account)
-	require.NoError(t, err)
-
-	if len(store.GetAllAccounts()) != 1 {
-		t.Errorf("expecting 1 Accounts to be stored after SaveAccount()")
-	}
-
-	a, err := store.GetAccount(account.Id)
-	if a == nil {
-		t.Errorf("expecting Account to be stored after SaveAccount(): %v", err)
-	}
-
-	if a != nil && len(a.Policies) != 1 {
-		t.Errorf("expecting Account to have one policy stored after SaveAccount(), got %d", len(a.Policies))
-	}
-
-	if a != nil && len(a.Policies[0].Rules) != 1 {
-		t.Errorf("expecting Account to have one policy rule stored after SaveAccount(), got %d", len(a.Policies[0].Rules))
-		return
-	}
-
-	if a != nil && len(a.Peers) != numPerAccount {
-		t.Errorf("expecting Account to have %d peers stored after SaveAccount(), got %d",
-			numPerAccount, len(a.Peers))
-		return
-	}
-
-	if a != nil && len(a.Users) != numPerAccount+1 {
-		t.Errorf("expecting Account to have %d users stored after SaveAccount(), got %d",
-			numPerAccount+1, len(a.Users))
-		return
-	}
-
-	if a != nil && len(a.Routes) != numPerAccount {
-		t.Errorf("expecting Account to have %d routes stored after SaveAccount(), got %d",
-			numPerAccount, len(a.Routes))
-		return
-	}
-
-	if a != nil && len(a.NameServerGroups) != numPerAccount {
-		t.Errorf("expecting Account to have %d NameServerGroups stored after SaveAccount(), got %d",
-			numPerAccount, len(a.NameServerGroups))
-		return
-	}
-
-	if a != nil && len(a.NameServerGroups) != numPerAccount {
-		t.Errorf("expecting Account to have %d NameServerGroups stored after SaveAccount(), got %d",
-			numPerAccount, len(a.NameServerGroups))
-		return
-	}
-
-	if a != nil && len(a.SetupKeys) != numPerAccount+1 {
-		t.Errorf("expecting Account to have %d SetupKeys stored after SaveAccount(), got %d",
-			numPerAccount+1, len(a.SetupKeys))
-		return
-	}
-}
 
 func TestSqlite_SaveAccount(t *testing.T) {
 	if runtime.GOOS == "windows" {
@@ -188,12 +48,6 @@ func TestSqlite_SaveAccount(t *testing.T) {
 		Name:     "peer name",
 		Status:   &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
 	}
-	admin := account.Users["testuser"]
-	admin.PATs = map[string]*PersonalAccessToken{"testtoken": {
-		ID:          "testtoken",
-		Name:        "test token",
-		HashedToken: "hashed token",
-	}}
 
 	err := store.SaveAccount(account)
 	require.NoError(t, err)
@@ -256,7 +110,7 @@ func TestSqlite_DeleteAccount(t *testing.T) {
 	store := newSqliteStore(t)
 
 	testUserID := "testuser"
-	user := NewAdminUser(testUserID, "account_id")
+	user := NewAdminUser(testUserID)
 	user.PATs = map[string]*PersonalAccessToken{"testtoken": {
 		ID:   "testtoken",
 		Name: "test token",
@@ -539,12 +393,3 @@ func newAccount(store Store, id int) error {
 
 	return store.SaveAccount(account)
 }
-
-func randomIPv4() net.IP {
-	rand.New(rand.NewSource(time.Now().UnixNano()))
-	b := make([]byte, 4)
-	for i := range b {
-		b[i] = byte(rand.Intn(256))
-	}
-	return net.IP(b)
-}

management/server/user.go

@@ -180,11 +180,9 @@ func (u *User) Copy() *User {
 }
 
 // NewUser creates a new user
-func NewUser(ID string, role UserRole, isServiceUser bool, nonDeletable bool, serviceUserName string, autoGroups []string, issued string,
+func NewUser(id string, role UserRole, isServiceUser bool, nonDeletable bool, serviceUserName string, autoGroups []string, issued string) *User {
-	accountID string) *User {
 	return &User{
-		Id:              ID,
+		Id:              id,
-		AccountID:       accountID,
 		Role:            role,
 		IsServiceUser:   isServiceUser,
 		NonDeletable:    nonDeletable,
@@ -196,26 +194,22 @@ func NewUser(ID string, role UserRole, isServiceUser bool, nonDeletable bool, se
 }
 
 // NewRegularUser creates a new user with role UserRoleUser
-func NewRegularUser(ID, accountID string) *User {
+func NewRegularUser(id string) *User {
-	return NewUser(ID, UserRoleUser, false, false, "", []string{}, UserIssuedAPI,
+	return NewUser(id, UserRoleUser, false, false, "", []string{}, UserIssuedAPI)
-		accountID)
 }
 
 // NewAdminUser creates a new user with role UserRoleAdmin
-func NewAdminUser(ID, accountID string) *User {
+func NewAdminUser(id string) *User {
-	return NewUser(ID, UserRoleAdmin, false, false, "", []string{}, UserIssuedAPI,
+	return NewUser(id, UserRoleAdmin, false, false, "", []string{}, UserIssuedAPI)
-		accountID)
 }
 
 // NewOwnerUser creates a new user with role UserRoleOwner
-func NewOwnerUser(ID, accountID string) *User {
+func NewOwnerUser(id string) *User {
-	return NewUser(ID, UserRoleOwner, false, false, "", []string{}, UserIssuedAPI,
+	return NewUser(id, UserRoleOwner, false, false, "", []string{}, UserIssuedAPI)
-		accountID)
 }
 
 // createServiceUser creates a new service user under the given account.
-func (am *DefaultAccountManager) createServiceUser(accountID string, initiatorUserID string, role UserRole,
+func (am *DefaultAccountManager) createServiceUser(accountID string, initiatorUserID string, role UserRole, serviceUserName string, nonDeletable bool, autoGroups []string) (*UserInfo, error) {
-	serviceUserName string, nonDeletable bool, autoGroups []string) (*UserInfo, error) {
 	unlock := am.Store.AcquireAccountLock(accountID)
 	defer unlock()
 
@@ -237,7 +231,7 @@ func (am *DefaultAccountManager) createServiceUser(accountID string, initiatorUs
 	}
 
 	newUserID := uuid.New().String()
-	newUser := NewUser(newUserID, role, true, nonDeletable, serviceUserName, autoGroups, UserIssuedAPI, accountID)
+	newUser := NewUser(newUserID, role, true, nonDeletable, serviceUserName, autoGroups, UserIssuedAPI)
 	log.Debugf("New User: %v", newUser)
 	account.Users[newUserID] = newUser
 

management/server/user_test.go

@@ -679,8 +679,8 @@ func TestDefaultAccountManager_GetUser(t *testing.T) {
 func TestDefaultAccountManager_ListUsers(t *testing.T) {
 	store := newStore(t)
 	account := newAccountWithId(mockAccountID, mockUserID, "")
-	account.Users["normal_user1"] = NewRegularUser("normal_user1", mockAccountID)
+	account.Users["normal_user1"] = NewRegularUser("normal_user1")
-	account.Users["normal_user2"] = NewRegularUser("normal_user2", mockAccountID)
+	account.Users["normal_user2"] = NewRegularUser("normal_user2")
 
 	err := store.SaveAccount(account)
 	if err != nil {
@@ -760,7 +760,7 @@ func TestDefaultAccountManager_ListUsers_DashboardPermissions(t *testing.T) {
 		t.Run(testCase.name, func(t *testing.T) {
 			store := newStore(t)
 			account := newAccountWithId(mockAccountID, mockUserID, "")
-			account.Users["normal_user1"] = NewUser("normal_user1", testCase.role, false, false, "", []string{}, UserIssuedAPI, mockAccountID)
+			account.Users["normal_user1"] = NewUser("normal_user1", testCase.role, false, false, "", []string{}, UserIssuedAPI)
 			account.Settings.RegularUsersViewBlocked = testCase.limitedViewSettings
 			delete(account.Users, mockUserID)
 
@@ -844,10 +844,10 @@ func TestDefaultAccountManager_ExternalCache(t *testing.T) {
 
 func TestUser_IsAdmin(t *testing.T) {
 
-	user := NewAdminUser(mockUserID, mockAccountID)
+	user := NewAdminUser(mockUserID)
 	assert.True(t, user.HasAdminPower())
 
-	user = NewRegularUser(mockUserID, mockAccountID)
+	user = NewRegularUser(mockUserID)
 	assert.False(t, user.HasAdminPower())
 }
 
@@ -1055,8 +1055,8 @@ func TestDefaultAccountManager_SaveUser(t *testing.T) {
 			}
 
 			// create other users
-			account.Users[regularUserID] = NewRegularUser(regularUserID, account.Id)
+			account.Users[regularUserID] = NewRegularUser(regularUserID)
-			account.Users[adminUserID] = NewAdminUser(adminUserID, account.Id)
+			account.Users[adminUserID] = NewAdminUser(adminUserID)
 			account.Users[serviceUserID] = &User{IsServiceUser: true, Id: serviceUserID, Role: UserRoleAdmin, ServiceUserName: "service"}
 			err = manager.Store.SaveAccount(account)
 			if err != nil {

util/net/net.go

@@ -2,6 +2,7 @@ package net
 
 import (
 	"os"
+	"runtime"
 
 	"github.com/google/uuid"
 )
@@ -23,5 +24,5 @@ func GenerateConnID() ConnectionID {
 }
 
 func CustomRoutingDisabled() bool {
-	return os.Getenv(envDisableCustomRouting) == "true"
+	return os.Getenv(envDisableCustomRouting) == "true" || runtime.GOOS == "ios"
 }