Refactor Sync

When we delete a peer from an account, we save the account in the file store.
The file store maintains peerID -> accountID and peerKey -> accountID indices.
Those can't be updated when we delete a peer because the store saves the whole account
without a peer already and has no access to the removed peer.
In this PR, we dynamically check if there are stale indices when GetAccountByPeerPubKey
and GetAccountByPeerID.

client/cmd/status.go

@@ -2,25 +2,74 @@ package cmd
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"net"
 	"net/netip"
 	"sort"
 	"strings"
+	"time"
+
+	"github.com/spf13/cobra"
+	"google.golang.org/grpc/status"
+	"gopkg.in/yaml.v3"
 
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
-	nbStatus "github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/util"
-	"github.com/spf13/cobra"
-	"google.golang.org/grpc/status"
 )
 
+type peerStateDetailOutput struct {
+	FQDN             string           `json:"fqdn" yaml:"fqdn"`
+	IP               string           `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey           string           `json:"publicKey" yaml:"publicKey"`
+	Status           string           `json:"status" yaml:"status"`
+	LastStatusUpdate time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
+	ConnType         string           `json:"connectionType" yaml:"connectionType"`
+	Direct           bool             `json:"direct" yaml:"direct"`
+	IceCandidateType iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
+}
+
+type peersStateOutput struct {
+	Total     int                     `json:"total" yaml:"total"`
+	Connected int                     `json:"connected" yaml:"connected"`
+	Details   []peerStateDetailOutput `json:"details" yaml:"details"`
+}
+
+type signalStateOutput struct {
+	URL       string `json:"url" yaml:"url"`
+	Connected bool   `json:"connected" yaml:"connected"`
+}
+
+type managementStateOutput struct {
+	URL       string `json:"url" yaml:"url"`
+	Connected bool   `json:"connected" yaml:"connected"`
+}
+
+type iceCandidateType struct {
+	Local  string `json:"local" yaml:"local"`
+	Remote string `json:"remote" yaml:"remote"`
+}
+
+type statusOutputOverview struct {
+	Peers           peersStateOutput      `json:"peers" yaml:"peers"`
+	CliVersion      string                `json:"cliVersion" yaml:"cliVersion"`
+	DaemonVersion   string                `json:"daemonVersion" yaml:"daemonVersion"`
+	ManagementState managementStateOutput `json:"management" yaml:"management"`
+	SignalState     signalStateOutput     `json:"signal" yaml:"signal"`
+	IP              string                `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey          string                `json:"publicKey" yaml:"publicKey"`
+	KernelInterface bool                  `json:"usesKernelInterface" yaml:"usesKernelInterface"`
+	FQDN            string                `json:"fqdn" yaml:"fqdn"`
+}
+
 var (
 	detailFlag   bool
 	ipv4Flag     bool
+	jsonFlag     bool
+	yamlFlag     bool
 	ipsFilter    []string
 	statusFilter string
 	ipsFilterMap map[string]struct{}
@@ -29,67 +78,99 @@ var (
 var statusCmd = &cobra.Command{
 	Use:   "status",
 	Short: "status of the Netbird Service",
-	RunE: func(cmd *cobra.Command, args []string) error {
-		SetFlagsFromEnvVars(rootCmd)
-
-		cmd.SetOut(cmd.OutOrStdout())
-
-		err := parseFilters()
-		if err != nil {
-			return err
-		}
-
-		err = util.InitLog(logLevel, "console")
-		if err != nil {
-			return fmt.Errorf("failed initializing log %v", err)
-		}
-
-		ctx := internal.CtxInitState(context.Background())
-
-		conn, err := DialClientGRPCServer(ctx, daemonAddr)
-		if err != nil {
-			return fmt.Errorf("failed to connect to daemon error: %v\n"+
-				"If the daemon is not running please run: "+
-				"\nnetbird service install \nnetbird service start\n", err)
-		}
-		defer conn.Close()
-
-		resp, err := proto.NewDaemonServiceClient(conn).Status(cmd.Context(), &proto.StatusRequest{GetFullPeerStatus: true})
-		if err != nil {
-			return fmt.Errorf("status failed: %v", status.Convert(err).Message())
-		}
-
-		daemonStatus := fmt.Sprintf("Daemon status: %s\n", resp.GetStatus())
-		if resp.GetStatus() == string(internal.StatusNeedsLogin) || resp.GetStatus() == string(internal.StatusLoginFailed) {
-
-			cmd.Printf("%s\n"+
-				"Run UP command to log in with SSO (interactive login):\n\n"+
-				" netbird up \n\n"+
-				"If you are running a self-hosted version and no SSO provider has been configured in your Management Server,\n"+
-				"you can use a setup-key:\n\n netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>\n\n"+
-				"More info: https://www.netbird.io/docs/overview/setup-keys\n\n",
-				daemonStatus,
-			)
-			return nil
-		}
-
-		pbFullStatus := resp.GetFullStatus()
-		fullStatus := fromProtoFullStatus(pbFullStatus)
-
-		cmd.Print(parseFullStatus(fullStatus, detailFlag, daemonStatus, resp.GetDaemonVersion(), ipv4Flag))
-
-		return nil
-	},
+	RunE:  statusFunc,
 }
 
 func init() {
 	ipsFilterMap = make(map[string]struct{})
-	statusCmd.PersistentFlags().BoolVarP(&detailFlag, "detail", "d", false, "display detailed status information")
+	statusCmd.PersistentFlags().BoolVarP(&detailFlag, "detail", "d", false, "display detailed status information in human-readable format")
+	statusCmd.PersistentFlags().BoolVar(&jsonFlag, "json", false, "display detailed status information in json format")
+	statusCmd.PersistentFlags().BoolVar(&yamlFlag, "yaml", false, "display detailed status information in yaml format")
 	statusCmd.PersistentFlags().BoolVar(&ipv4Flag, "ipv4", false, "display only NetBird IPv4 of this peer, e.g., --ipv4 will output 100.64.0.33")
+	statusCmd.MarkFlagsMutuallyExclusive("detail", "json", "yaml", "ipv4")
 	statusCmd.PersistentFlags().StringSliceVar(&ipsFilter, "filter-by-ips", []string{}, "filters the detailed output by a list of one or more IPs, e.g., --filter-by-ips 100.64.0.100,100.64.0.200")
 	statusCmd.PersistentFlags().StringVar(&statusFilter, "filter-by-status", "", "filters the detailed output by connection status(connected|disconnected), e.g., --filter-by-status connected")
 }
 
+func statusFunc(cmd *cobra.Command, args []string) error {
+	SetFlagsFromEnvVars(rootCmd)
+
+	cmd.SetOut(cmd.OutOrStdout())
+
+	err := parseFilters()
+	if err != nil {
+		return err
+	}
+
+	err = util.InitLog(logLevel, "console")
+	if err != nil {
+		return fmt.Errorf("failed initializing log %v", err)
+	}
+
+	ctx := internal.CtxInitState(context.Background())
+
+	resp, _ := getStatus(ctx, cmd)
+	if err != nil {
+		return nil
+	}
+
+	if resp.GetStatus() == string(internal.StatusNeedsLogin) || resp.GetStatus() == string(internal.StatusLoginFailed) {
+		cmd.Printf("Daemon status: %s\n\n"+
+			"Run UP command to log in with SSO (interactive login):\n\n"+
+			" netbird up \n\n"+
+			"If you are running a self-hosted version and no SSO provider has been configured in your Management Server,\n"+
+			"you can use a setup-key:\n\n netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>\n\n"+
+			"More info: https://www.netbird.io/docs/overview/setup-keys\n\n",
+			resp.GetStatus(),
+		)
+		return nil
+	}
+
+	if ipv4Flag {
+		cmd.Print(parseInterfaceIP(resp.GetFullStatus().GetLocalPeerState().GetIP()))
+		return nil
+	}
+
+	outputInformationHolder := convertToStatusOutputOverview(resp)
+
+	statusOutputString := ""
+	switch {
+	case detailFlag:
+		statusOutputString = parseToFullDetailSummary(outputInformationHolder)
+	case jsonFlag:
+		statusOutputString, err = parseToJSON(outputInformationHolder)
+	case yamlFlag:
+		statusOutputString, err = parseToYAML(outputInformationHolder)
+	default:
+		statusOutputString = parseGeneralSummary(outputInformationHolder, false)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	cmd.Print(statusOutputString)
+
+	return nil
+}
+
+func getStatus(ctx context.Context, cmd *cobra.Command) (*proto.StatusResponse, error) {
+	conn, err := DialClientGRPCServer(ctx, daemonAddr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to daemon error: %v\n"+
+			"If the daemon is not running please run: "+
+			"\nnetbird service install \nnetbird service start\n", err)
+	}
+	defer conn.Close()
+
+	resp, err := proto.NewDaemonServiceClient(conn).Status(cmd.Context(), &proto.StatusRequest{GetFullPeerStatus: true})
+	if err != nil {
+		return nil, fmt.Errorf("status failed: %v", status.Convert(err).Message())
+	}
+
+	return resp, nil
+}
+
 func parseFilters() error {
 	switch strings.ToLower(statusFilter) {
 	case "", "disconnected", "connected":
@@ -109,195 +190,229 @@ func parseFilters() error {
 	return nil
 }
 
-func fromProtoFullStatus(pbFullStatus *proto.FullStatus) nbStatus.FullStatus {
-	var fullStatus nbStatus.FullStatus
+func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverview {
+	pbFullStatus := resp.GetFullStatus()
+
 	managementState := pbFullStatus.GetManagementState()
-	fullStatus.ManagementState.URL = managementState.GetURL()
-	fullStatus.ManagementState.Connected = managementState.GetConnected()
-
-	signalState := pbFullStatus.GetSignalState()
-	fullStatus.SignalState.URL = signalState.GetURL()
-	fullStatus.SignalState.Connected = signalState.GetConnected()
-
-	localPeerState := pbFullStatus.GetLocalPeerState()
-	fullStatus.LocalPeerState.IP = localPeerState.GetIP()
-	fullStatus.LocalPeerState.PubKey = localPeerState.GetPubKey()
-	fullStatus.LocalPeerState.KernelInterface = localPeerState.GetKernelInterface()
-	fullStatus.LocalPeerState.FQDN = localPeerState.GetFqdn()
-
-	var peersState []nbStatus.PeerState
-
-	for _, pbPeerState := range pbFullStatus.GetPeers() {
-		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
-		peerState := nbStatus.PeerState{
-			IP:                     pbPeerState.GetIP(),
-			PubKey:                 pbPeerState.GetPubKey(),
-			ConnStatus:             pbPeerState.GetConnStatus(),
-			ConnStatusUpdate:       timeLocal,
-			Relayed:                pbPeerState.GetRelayed(),
-			Direct:                 pbPeerState.GetDirect(),
-			LocalIceCandidateType:  pbPeerState.GetLocalIceCandidateType(),
-			RemoteIceCandidateType: pbPeerState.GetRemoteIceCandidateType(),
-			FQDN:                   pbPeerState.GetFqdn(),
-		}
-		peersState = append(peersState, peerState)
+	managementOverview := managementStateOutput{
+		URL:       managementState.GetURL(),
+		Connected: managementState.GetConnected(),
 	}
 
-	fullStatus.Peers = peersState
+	signalState := pbFullStatus.GetSignalState()
+	signalOverview := signalStateOutput{
+		URL:       signalState.GetURL(),
+		Connected: signalState.GetConnected(),
+	}
 
-	return fullStatus
+	peersOverview := mapPeers(resp.GetFullStatus().GetPeers())
+
+	overview := statusOutputOverview{
+		Peers:           peersOverview,
+		CliVersion:      system.NetbirdVersion(),
+		DaemonVersion:   resp.GetDaemonVersion(),
+		ManagementState: managementOverview,
+		SignalState:     signalOverview,
+		IP:              pbFullStatus.GetLocalPeerState().GetIP(),
+		PubKey:          pbFullStatus.GetLocalPeerState().GetPubKey(),
+		KernelInterface: pbFullStatus.GetLocalPeerState().GetKernelInterface(),
+		FQDN:            pbFullStatus.GetLocalPeerState().GetFqdn(),
+	}
+
+	return overview
 }
 
-func parseFullStatus(fullStatus nbStatus.FullStatus, printDetail bool, daemonStatus string, daemonVersion string, flag bool) string {
+func mapPeers(peers []*proto.PeerState) peersStateOutput {
+	var peersStateDetail []peerStateDetailOutput
+	localICE := ""
+	remoteICE := ""
+	connType := ""
+	peersConnected := 0
+	for _, pbPeerState := range peers {
+		isPeerConnected := pbPeerState.ConnStatus == peer.StatusConnected.String()
+		if skipDetailByFilters(pbPeerState, isPeerConnected) {
+			continue
+		}
+		if isPeerConnected {
+			peersConnected = peersConnected + 1
 
-	interfaceIP := fullStatus.LocalPeerState.IP
+			localICE = pbPeerState.GetLocalIceCandidateType()
+			remoteICE = pbPeerState.GetRemoteIceCandidateType()
+			connType = "P2P"
+			if pbPeerState.Relayed {
+				connType = "Relayed"
+			}
+		}
 
+		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
+		peerState := peerStateDetailOutput{
+			IP:               pbPeerState.GetIP(),
+			PubKey:           pbPeerState.GetPubKey(),
+			Status:           pbPeerState.GetConnStatus(),
+			LastStatusUpdate: timeLocal.UTC(),
+			ConnType:         connType,
+			Direct:           pbPeerState.GetDirect(),
+			IceCandidateType: iceCandidateType{
+				Local:  localICE,
+				Remote: remoteICE,
+			},
+			FQDN: pbPeerState.GetFqdn(),
+		}
+
+		peersStateDetail = append(peersStateDetail, peerState)
+	}
+
+	sortPeersByIP(peersStateDetail)
+
+	peersOverview := peersStateOutput{
+		Total:     len(peersStateDetail),
+		Connected: peersConnected,
+		Details:   peersStateDetail,
+	}
+	return peersOverview
+}
+
+func sortPeersByIP(peersStateDetail []peerStateDetailOutput) {
+	if len(peersStateDetail) > 0 {
+		sort.SliceStable(peersStateDetail, func(i, j int) bool {
+			iAddr, _ := netip.ParseAddr(peersStateDetail[i].IP)
+			jAddr, _ := netip.ParseAddr(peersStateDetail[j].IP)
+			return iAddr.Compare(jAddr) == -1
+		})
+	}
+}
+
+func parseInterfaceIP(interfaceIP string) string {
 	ip, _, err := net.ParseCIDR(interfaceIP)
 	if err != nil {
 		return ""
 	}
+	return fmt.Sprintf("%s\n", ip)
+}
 
-	if ipv4Flag {
-		return fmt.Sprintf("%s\n", ip)
+func parseToJSON(overview statusOutputOverview) (string, error) {
+	jsonBytes, err := json.Marshal(overview)
+	if err != nil {
+		return "", fmt.Errorf("json marshal failed")
 	}
+	return string(jsonBytes), err
+}
 
-	var (
-		managementStatusURL  = ""
-		signalStatusURL      = ""
-		managementConnString = "Disconnected"
-		signalConnString     = "Disconnected"
-		interfaceTypeString  = "Userspace"
-	)
-
-	if printDetail {
-		managementStatusURL = fmt.Sprintf(" to %s", fullStatus.ManagementState.URL)
-		signalStatusURL = fmt.Sprintf(" to %s", fullStatus.SignalState.URL)
+func parseToYAML(overview statusOutputOverview) (string, error) {
+	yamlBytes, err := yaml.Marshal(overview)
+	if err != nil {
+		return "", fmt.Errorf("yaml marshal failed")
 	}
+	return string(yamlBytes), nil
+}
 
-	if fullStatus.ManagementState.Connected {
+func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
+
+	managementConnString := "Disconnected"
+	if overview.ManagementState.Connected {
 		managementConnString = "Connected"
+		if showURL {
+			managementConnString = fmt.Sprintf("%s to %s", managementConnString, overview.ManagementState.URL)
+		}
 	}
 
-	if fullStatus.SignalState.Connected {
+	signalConnString := "Disconnected"
+	if overview.SignalState.Connected {
 		signalConnString = "Connected"
+		if showURL {
+			signalConnString = fmt.Sprintf("%s to %s", signalConnString, overview.SignalState.URL)
+		}
 	}
 
-	if fullStatus.LocalPeerState.KernelInterface {
+	interfaceTypeString := "Userspace"
+	interfaceIP := overview.IP
+	if overview.KernelInterface {
 		interfaceTypeString = "Kernel"
-	} else if fullStatus.LocalPeerState.IP == "" {
+	} else if overview.IP == "" {
 		interfaceTypeString = "N/A"
 		interfaceIP = "N/A"
 	}
 
-	parsedPeersString, peersConnected := parsePeers(fullStatus.Peers, printDetail)
-
-	peersCountString := fmt.Sprintf("%d/%d Connected", peersConnected, len(fullStatus.Peers))
+	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)
 
 	summary := fmt.Sprintf(
 		"Daemon version: %s\n"+
 			"CLI version: %s\n"+
-			"%s"+ // daemon status
-			"Management: %s%s\n"+
-			"Signal: %s%s\n"+
-			"Domain: %s\n"+
+			"Management: %s\n"+
+			"Signal: %s\n"+
+			"FQDN: %s\n"+
 			"NetBird IP: %s\n"+
 			"Interface type: %s\n"+
 			"Peers count: %s\n",
-		daemonVersion,
+		overview.DaemonVersion,
 		system.NetbirdVersion(),
-		daemonStatus,
 		managementConnString,
-		managementStatusURL,
 		signalConnString,
-		signalStatusURL,
-		fullStatus.LocalPeerState.FQDN,
+		overview.FQDN,
 		interfaceIP,
 		interfaceTypeString,
 		peersCountString,
 	)
-
-	if printDetail {
-		return fmt.Sprintf(
-			"Peers detail:"+
-				"%s\n"+
-				"%s",
-			parsedPeersString,
-			summary,
-		)
-	}
 	return summary
 }
 
-func parsePeers(peers []nbStatus.PeerState, printDetail bool) (string, int) {
-	var (
-		peersString    = ""
-		peersConnected = 0
+func parseToFullDetailSummary(overview statusOutputOverview) string {
+	parsedPeersString := parsePeers(overview.Peers)
+	summary := parseGeneralSummary(overview, true)
+
+	return fmt.Sprintf(
+		"Peers detail:"+
+			"%s\n"+
+			"%s",
+		parsedPeersString,
+		summary,
 	)
-
-	if len(peers) > 0 {
-		sort.SliceStable(peers, func(i, j int) bool {
-			iAddr, _ := netip.ParseAddr(peers[i].IP)
-			jAddr, _ := netip.ParseAddr(peers[j].IP)
-			return iAddr.Compare(jAddr) == -1
-		})
-	}
-
-	connectedStatusString := peer.StatusConnected.String()
-
-	for _, peerState := range peers {
-		peerConnectionStatus := false
-		if peerState.ConnStatus == connectedStatusString {
-			peersConnected = peersConnected + 1
-			peerConnectionStatus = true
-		}
-
-		if printDetail {
-
-			if skipDetailByFilters(peerState, peerConnectionStatus) {
-				continue
-			}
-
-			localICE := "-"
-			remoteICE := "-"
-			connType := "-"
-
-			if peerConnectionStatus {
-				localICE = peerState.LocalIceCandidateType
-				remoteICE = peerState.RemoteIceCandidateType
-				connType = "P2P"
-				if peerState.Relayed {
-					connType = "Relayed"
-				}
-			}
-
-			peerString := fmt.Sprintf(
-				"\n %s:\n"+
-					"  NetBird IP: %s\n"+
-					"  Public key: %s\n"+
-					"  Status: %s\n"+
-					"  -- detail --\n"+
-					"  Connection type: %s\n"+
-					"  Direct: %t\n"+
-					"  ICE candidate (Local/Remote): %s/%s\n"+
-					"  Last connection update: %s\n",
-				peerState.FQDN,
-				peerState.IP,
-				peerState.PubKey,
-				peerState.ConnStatus,
-				connType,
-				peerState.Direct,
-				localICE,
-				remoteICE,
-				peerState.ConnStatusUpdate.Format("2006-01-02 15:04:05"),
-			)
-
-			peersString = peersString + peerString
-		}
-	}
-	return peersString, peersConnected
 }
 
-func skipDetailByFilters(peerState nbStatus.PeerState, isConnected bool) bool {
+func parsePeers(peers peersStateOutput) string {
+	var (
+		peersString = ""
+	)
+
+	for _, peerState := range peers.Details {
+
+		localICE := "-"
+		if peerState.IceCandidateType.Local != "" {
+			localICE = peerState.IceCandidateType.Local
+		}
+
+		remoteICE := "-"
+		if peerState.IceCandidateType.Remote != "" {
+			remoteICE = peerState.IceCandidateType.Remote
+		}
+
+		peerString := fmt.Sprintf(
+			"\n %s:\n"+
+				"  NetBird IP: %s\n"+
+				"  Public key: %s\n"+
+				"  Status: %s\n"+
+				"  -- detail --\n"+
+				"  Connection type: %s\n"+
+				"  Direct: %t\n"+
+				"  ICE candidate (Local/Remote): %s/%s\n"+
+				"  Last connection update: %s\n",
+			peerState.FQDN,
+			peerState.IP,
+			peerState.PubKey,
+			peerState.Status,
+			peerState.ConnType,
+			peerState.Direct,
+			localICE,
+			remoteICE,
+			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
+		)
+
+		peersString = peersString + peerString
+	}
+	return peersString
+}
+
+func skipDetailByFilters(peerState *proto.PeerState, isConnected bool) bool {
 	statusEval := false
 	ipEval := false
 

client/cmd/status_test.go

@@ -0,0 +1,301 @@
+package cmd
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/netbirdio/netbird/client/proto"
+	"github.com/netbirdio/netbird/client/system"
+)
+
+var resp = &proto.StatusResponse{
+	Status: "Connected",
+	FullStatus: &proto.FullStatus{
+		Peers: []*proto.PeerState{
+			{
+				IP:                     "192.168.178.101",
+				PubKey:                 "Pubkey1",
+				Fqdn:                   "peer-1.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
+				Relayed:                false,
+				Direct:                 true,
+				LocalIceCandidateType:  "",
+				RemoteIceCandidateType: "",
+			},
+			{
+				IP:                     "192.168.178.102",
+				PubKey:                 "Pubkey2",
+				Fqdn:                   "peer-2.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
+				Relayed:                true,
+				Direct:                 false,
+				LocalIceCandidateType:  "relay",
+				RemoteIceCandidateType: "prflx",
+			},
+		},
+		ManagementState: &proto.ManagementState{
+			URL:       "my-awesome-management.com:443",
+			Connected: true,
+		},
+		SignalState: &proto.SignalState{
+			URL:       "my-awesome-signal.com:443",
+			Connected: true,
+		},
+		LocalPeerState: &proto.LocalPeerState{
+			IP:              "192.168.178.100/16",
+			PubKey:          "Some-Pub-Key",
+			KernelInterface: true,
+			Fqdn:            "some-localhost.awesome-domain.com",
+		},
+	},
+	DaemonVersion: "0.14.1",
+}
+
+var overview = statusOutputOverview{
+	Peers: peersStateOutput{
+		Total:     2,
+		Connected: 2,
+		Details: []peerStateDetailOutput{
+			{
+				IP:               "192.168.178.101",
+				PubKey:           "Pubkey1",
+				FQDN:             "peer-1.awesome-domain.com",
+				Status:           "Connected",
+				LastStatusUpdate: time.Date(2001, 1, 1, 1, 1, 1, 0, time.UTC),
+				ConnType:         "P2P",
+				Direct:           true,
+				IceCandidateType: iceCandidateType{
+					Local:  "",
+					Remote: "",
+				},
+			},
+			{
+				IP:               "192.168.178.102",
+				PubKey:           "Pubkey2",
+				FQDN:             "peer-2.awesome-domain.com",
+				Status:           "Connected",
+				LastStatusUpdate: time.Date(2002, 2, 2, 2, 2, 2, 0, time.UTC),
+				ConnType:         "Relayed",
+				Direct:           false,
+				IceCandidateType: iceCandidateType{
+					Local:  "relay",
+					Remote: "prflx",
+				},
+			},
+		},
+	},
+	CliVersion:    system.NetbirdVersion(),
+	DaemonVersion: "0.14.1",
+	ManagementState: managementStateOutput{
+		URL:       "my-awesome-management.com:443",
+		Connected: true,
+	},
+	SignalState: signalStateOutput{
+		URL:       "my-awesome-signal.com:443",
+		Connected: true,
+	},
+	IP:              "192.168.178.100/16",
+	PubKey:          "Some-Pub-Key",
+	KernelInterface: true,
+	FQDN:            "some-localhost.awesome-domain.com",
+}
+
+func TestConversionFromFullStatusToOutputOverview(t *testing.T) {
+	convertedResult := convertToStatusOutputOverview(resp)
+
+	assert.Equal(t, overview, convertedResult)
+}
+
+func TestSortingOfPeers(t *testing.T) {
+	peers := []peerStateDetailOutput{
+		{
+			IP: "192.168.178.104",
+		},
+		{
+			IP: "192.168.178.102",
+		},
+		{
+			IP: "192.168.178.101",
+		},
+		{
+			IP: "192.168.178.105",
+		},
+		{
+			IP: "192.168.178.103",
+		},
+	}
+
+	sortPeersByIP(peers)
+
+	assert.Equal(t, peers[3].IP, "192.168.178.104")
+}
+
+func TestParsingToJSON(t *testing.T) {
+	json, _ := parseToJSON(overview)
+
+	//@formatter:off
+	expectedJSON := "{\"" +
+		"peers\":" +
+		"{" +
+		"\"total\":2," +
+		"\"connected\":2," +
+		"\"details\":" +
+		"[" +
+		"{" +
+		"\"fqdn\":\"peer-1.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.101\"," +
+		"\"publicKey\":\"Pubkey1\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2001-01-01T01:01:01Z\"," +
+		"\"connectionType\":\"P2P\"," +
+		"\"direct\":true," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"\"," +
+		"\"remote\":\"\"" +
+		"}" +
+		"}," +
+		"{" +
+		"\"fqdn\":\"peer-2.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.102\"," +
+		"\"publicKey\":\"Pubkey2\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2002-02-02T02:02:02Z\"," +
+		"\"connectionType\":\"Relayed\"," +
+		"\"direct\":false," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"relay\"," +
+		"\"remote\":\"prflx\"" +
+		"}" +
+		"}" +
+		"]" +
+		"}," +
+		"\"cliVersion\":\"development\"," +
+		"\"daemonVersion\":\"0.14.1\"," +
+		"\"management\":" +
+		"{" +
+		"\"url\":\"my-awesome-management.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"signal\":" +
+		"{\"" +
+		"url\":\"my-awesome-signal.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"netbirdIp\":\"192.168.178.100/16\"," +
+		"\"publicKey\":\"Some-Pub-Key\"," +
+		"\"usesKernelInterface\":true," +
+		"\"fqdn\":\"some-localhost.awesome-domain.com\"" +
+		"}"
+	// @formatter:on
+
+	assert.Equal(t, expectedJSON, json)
+}
+
+func TestParsingToYAML(t *testing.T) {
+	yaml, _ := parseToYAML(overview)
+
+	expectedYAML := "peers:\n" +
+		"    total: 2\n" +
+		"    connected: 2\n" +
+		"    details:\n" +
+		"        - fqdn: peer-1.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.101\n" +
+		"          publicKey: Pubkey1\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2001-01-01T01:01:01Z\n" +
+		"          connectionType: P2P\n" +
+		"          direct: true\n" +
+		"          iceCandidateType:\n" +
+		"            local: \"\"\n" +
+		"            remote: \"\"\n" +
+		"        - fqdn: peer-2.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.102\n" +
+		"          publicKey: Pubkey2\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2002-02-02T02:02:02Z\n" +
+		"          connectionType: Relayed\n" +
+		"          direct: false\n" +
+		"          iceCandidateType:\n" +
+		"            local: relay\n" +
+		"            remote: prflx\n" +
+		"cliVersion: development\n" +
+		"daemonVersion: 0.14.1\n" +
+		"management:\n" +
+		"    url: my-awesome-management.com:443\n" +
+		"    connected: true\n" +
+		"signal:\n" +
+		"    url: my-awesome-signal.com:443\n" +
+		"    connected: true\n" +
+		"netbirdIp: 192.168.178.100/16\n" +
+		"publicKey: Some-Pub-Key\n" +
+		"usesKernelInterface: true\n" +
+		"fqdn: some-localhost.awesome-domain.com\n"
+
+	assert.Equal(t, expectedYAML, yaml)
+}
+
+func TestParsingToDetail(t *testing.T) {
+	detail := parseToFullDetailSummary(overview)
+
+	expectedDetail := "Peers detail:\n" +
+		" peer-1.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.101\n" +
+		"  Public key: Pubkey1\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: P2P\n" +
+		"  Direct: true\n" +
+		"  ICE candidate (Local/Remote): -/-\n" +
+		"  Last connection update: 2001-01-01 01:01:01\n" +
+		"\n" +
+		" peer-2.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.102\n" +
+		"  Public key: Pubkey2\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: Relayed\n" +
+		"  Direct: false\n" +
+		"  ICE candidate (Local/Remote): relay/prflx\n" +
+		"  Last connection update: 2002-02-02 02:02:02\n" +
+		"\n" +
+		"Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected to my-awesome-management.com:443\n" +
+		"Signal: Connected to my-awesome-signal.com:443\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"
+
+	assert.Equal(t, expectedDetail, detail)
+}
+
+func TestParsingToShortVersion(t *testing.T) {
+	shortVersion := parseGeneralSummary(overview, false)
+
+	expectedString := "Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected\n" +
+		"Signal: Connected\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"
+
+	assert.Equal(t, expectedString, shortVersion)
+}
+
+func TestParsingOfIP(t *testing.T) {
+	InterfaceIP := "192.168.178.123/16"
+
+	parsedIP := parseInterfaceIP(InterfaceIP)
+
+	assert.Equal(t, "192.168.178.123\n", parsedIP)
+}

formatter/formatter.go

@@ -0,0 +1,51 @@
+package formatter
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/sirupsen/logrus"
+)
+
+// TextFormatter formats logs into text with included source code's path
+type TextFormatter struct {
+	TimestampFormat string
+	LevelDesc       []string
+}
+
+// NewTextFormatter create new MyTextFormatter instance
+func NewTextFormatter() *TextFormatter {
+	return &TextFormatter{
+		LevelDesc:       []string{"PANC", "FATL", "ERRO", "WARN", "INFO", "DEBG", "TRAC"},
+		TimestampFormat: time.RFC3339, // or RFC3339
+	}
+}
+
+// Format renders a single log entry
+func (f *TextFormatter) Format(entry *logrus.Entry) ([]byte, error) {
+	var fields string
+	keys := make([]string, 0, len(entry.Data))
+	for k, v := range entry.Data {
+		if k == "source" {
+			continue
+		}
+		keys = append(keys, fmt.Sprintf("%s: %v", k, v))
+	}
+
+	if len(keys) > 0 {
+		fields = fmt.Sprintf("[%s] ", strings.Join(keys, ", "))
+	}
+
+	level := f.parseLevel(entry.Level)
+
+	return []byte(fmt.Sprintf("%s %s %s%s: %s\n", entry.Time.Format(f.TimestampFormat), level, fields, entry.Data["source"], entry.Message)), nil
+}
+
+func (f *TextFormatter) parseLevel(level logrus.Level) string {
+	if len(f.LevelDesc) < int(level) {
+		return ""
+	}
+
+	return f.LevelDesc[level]
+}

formatter/formatter_test.go

@@ -0,0 +1,26 @@
+package formatter
+
+import (
+	"testing"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLogMessageFormat(t *testing.T) {
+
+	someEntry := &logrus.Entry{
+		Data:    logrus.Fields{"att1": 1, "att2": 2, "source": "some/fancy/path.go:46"},
+		Time:    time.Date(2021, time.Month(2), 21, 1, 10, 30, 0, time.UTC),
+		Level:   3,
+		Message: "Some Message",
+	}
+
+	formatter := NewTextFormatter()
+	result, _ := formatter.Format(someEntry)
+
+	parsedString := string(result)
+	expectedString := "^2021-02-21T01:10:30Z WARN \\[(att1: 1, att2: 2|att2: 2, att1: 1)\\] some/fancy/path.go:46: Some Message\\s+$"
+	assert.Regexp(t, expectedString, parsedString)
+}

formatter/hook.go

@@ -0,0 +1,61 @@
+package formatter
+
+import (
+	"fmt"
+	"path"
+	"runtime/debug"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+)
+
+// ContextHook is a custom hook for add the source information for the entry
+type ContextHook struct {
+	goModuleName string
+}
+
+// NewContextHook instantiate a new context hook
+func NewContextHook() *ContextHook {
+	hook := &ContextHook{}
+	hook.goModuleName = hook.moduleName() + "/"
+	return hook
+}
+
+// Levels set the supported levels for this hook
+func (hook ContextHook) Levels() []logrus.Level {
+	return logrus.AllLevels
+}
+
+// Fire extend with the source information the entry.Data
+func (hook ContextHook) Fire(entry *logrus.Entry) error {
+	src := hook.parseSrc(entry.Caller.File)
+	entry.Data["source"] = fmt.Sprintf("%s:%v", src, entry.Caller.Line)
+	return nil
+}
+
+func (hook ContextHook) moduleName() string {
+	info, ok := debug.ReadBuildInfo()
+	if ok && info.Main.Path != "" {
+		return info.Main.Path
+	}
+
+	return "netbird"
+}
+
+func (hook ContextHook) parseSrc(filePath string) string {
+	netbirdPath := strings.SplitAfter(filePath, hook.goModuleName)
+	if len(netbirdPath) > 1 {
+		return netbirdPath[len(netbirdPath)-1]
+	}
+
+	// in case of forked repo
+	netbirdPath = strings.SplitAfter(filePath, "netbird/")
+	if len(netbirdPath) > 1 {
+		return netbirdPath[len(netbirdPath)-1]
+	}
+
+	// in case if log entry is come from external pkg
+	_, pkg := path.Split(path.Dir(filePath))
+	file := path.Base(filePath)
+	return fmt.Sprintf("%s/%s", pkg, file)
+}

formatter/hook_test.go

@@ -0,0 +1,39 @@
+package formatter
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFilePathParsing(t *testing.T) {
+
+	testCases := []struct {
+		filePath         string
+		expectedFileName string
+	}{
+		// locally cloned repo
+		{
+			filePath:         "/Users/user/Github/Netbird/netbird/formatter/formatter.go",
+			expectedFileName: "formatter/formatter.go",
+		},
+		// locally cloned repo with duplicated name in path
+		{
+			filePath:         "/Users/user/netbird/repos/netbird/formatter/formatter.go",
+			expectedFileName: "formatter/formatter.go",
+		},
+		// locally cloned repo with renamed package root
+		{
+			filePath:         "/Users/user/Github/MyOwnNetbirdClient/formatter/formatter.go",
+			expectedFileName: "formatter/formatter.go",
+		},
+	}
+
+	hook := NewContextHook()
+
+	for _, testCase := range testCases {
+		parsedString := hook.parseSrc(testCase.filePath)
+		assert.Equal(t, testCase.expectedFileName, parsedString, "Parsed filepath does not match expected for %s", testCase.filePath)
+	}
+
+}

formatter/set.go

@@ -0,0 +1,10 @@
+package formatter
+
+import "github.com/sirupsen/logrus"
+
+// SetTextFormatter set the formatter for given logger.
+func SetTextFormatter(logger *logrus.Logger) {
+	logger.Formatter = NewTextFormatter()
+	logger.ReportCaller = true
+	logger.AddHook(NewContextHook())
+}

go.mod

@@ -53,6 +53,7 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v0.33.0
 	golang.org/x/net v0.7.0
 	golang.org/x/term v0.5.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
@@ -124,7 +125,6 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 	honnef.co/go/tools v0.2.2 // indirect
 	k8s.io/apimachinery v0.23.5 // indirect
 )

management/server/account.go

@@ -63,7 +63,6 @@ type AccountManager interface {
 	GetNetworkMap(peerID string) (*NetworkMap, error)
 	GetPeerNetwork(peerID string) (*Network, error)
 	AddPeer(setupKey, userID string, peer *Peer) (*Peer, error)
-	UpdatePeerMeta(peerID string, meta PeerSystemMeta) error
 	UpdatePeerSSHKey(peerID string, sshKey string) error
 	GetUsersFromAccount(accountID, userID string) ([]*UserInfo, error)
 	GetGroup(accountId, groupID string) (*Group, error)
@@ -96,8 +95,9 @@ type AccountManager interface {
 	GetDNSSettings(accountID string, userID string) (*DNSSettings, error)
 	SaveDNSSettings(accountID string, userID string, dnsSettingsToSave *DNSSettings) error
 	GetPeer(accountID, peerID, userID string) (*Peer, error)
-	UpdatePeerLastLogin(peerID string) error
 	UpdateAccountSettings(accountID, userID string, newSettings *Settings) (*Account, error)
+	LoginPeer(login PeerLogin) (*Peer, error)
+	SyncPeer(sync PeerSync) (*Peer, *NetworkMap, error)
 }
 
 type DefaultAccountManager struct {
@@ -119,7 +119,8 @@ type DefaultAccountManager struct {
 	// singleAccountModeDomain is a domain to use in singleAccountMode setup
 	singleAccountModeDomain string
 	// dnsDomain is used for peer resolution. This is appended to the peer's name
-	dnsDomain string
+	dnsDomain       string
+	peerLoginExpiry Scheduler
 }
 
 // Settings represents Account settings structure that can be modified via API and Dashboard
@@ -307,6 +308,58 @@ func (a *Account) GetGroup(groupID string) *Group {
 	return a.Groups[groupID]
 }
 
+// GetExpiredPeers returns peers that have been expired
+func (a *Account) GetExpiredPeers() []*Peer {
+	var peers []*Peer
+	for _, peer := range a.GetPeersWithExpiration() {
+		expired, _ := peer.LoginExpired(a.Settings.PeerLoginExpiration)
+		if expired {
+			peers = append(peers, peer)
+		}
+	}
+
+	return peers
+}
+
+// GetNextPeerExpiration returns the minimum duration in which the next peer of the account will expire if it was found.
+// If there is no peer that expires this function returns false and a duration of 0.
+// This function only considers peers that haven't been expired yet and that are connected.
+func (a *Account) GetNextPeerExpiration() (time.Duration, bool) {
+
+	peersWithExpiry := a.GetPeersWithExpiration()
+	if len(peersWithExpiry) == 0 {
+		return 0, false
+	}
+	var nextExpiry *time.Duration
+	for _, peer := range peersWithExpiry {
+		// consider only connected peers because others will require login on connecting to the management server
+		if peer.Status.LoginExpired || !peer.Status.Connected {
+			continue
+		}
+		_, duration := peer.LoginExpired(a.Settings.PeerLoginExpiration)
+		if nextExpiry == nil || duration < *nextExpiry {
+			nextExpiry = &duration
+		}
+	}
+
+	if nextExpiry == nil {
+		return 0, false
+	}
+
+	return *nextExpiry, true
+}
+
+// GetPeersWithExpiration returns a list of peers that have Peer.LoginExpirationEnabled set to true
+func (a *Account) GetPeersWithExpiration() []*Peer {
+	peers := make([]*Peer, 0)
+	for _, peer := range a.Peers {
+		if peer.LoginExpirationEnabled {
+			peers = append(peers, peer)
+		}
+	}
+	return peers
+}
+
 // GetPeers returns a list of all Account peers
 func (a *Account) GetPeers() []*Peer {
 	var peers []*Peer
@@ -550,13 +603,14 @@ func BuildManager(store Store, peersUpdateManager *PeersUpdateManager, idpManage
 		cacheLoading:       map[string]chan struct{}{},
 		dnsDomain:          dnsDomain,
 		eventStore:         eventStore,
+		peerLoginExpiry:    NewDefaultScheduler(),
 	}
 	allAccounts := store.GetAllAccounts()
 	// enable single account mode only if configured by user and number of existing accounts is not grater than 1
 	am.singleAccountMode = singleAccountModeDomain != "" && len(allAccounts) <= 1
 	if am.singleAccountMode {
 		if !isDomainValid(singleAccountModeDomain) {
-			return nil, status.Errorf(status.InvalidArgument, "invalid domain \"%s\" provided for single accound mode. Please review your input for --single-account-mode-domain", singleAccountModeDomain)
+			return nil, status.Errorf(status.InvalidArgument, "invalid domain \"%s\" provided for a single account mode. Please review your input for --single-account-mode-domain", singleAccountModeDomain)
 		}
 		am.singleAccountModeDomain = singleAccountModeDomain
 		log.Infof("single account mode enabled, accounts number %d", len(allAccounts))
@@ -640,12 +694,16 @@ func (am *DefaultAccountManager) UpdateAccountSettings(accountID, userID string,
 		event := activity.AccountPeerLoginExpirationEnabled
 		if !newSettings.PeerLoginExpirationEnabled {
 			event = activity.AccountPeerLoginExpirationDisabled
+			am.peerLoginExpiry.Cancel([]string{accountID})
+		} else {
+			am.checkAndSchedulePeerLoginExpiration(account)
 		}
 		am.storeEvent(userID, accountID, accountID, event, nil)
 	}
 
 	if oldSettings.PeerLoginExpiration != newSettings.PeerLoginExpiration {
 		am.storeEvent(userID, accountID, accountID, activity.AccountPeerLoginExpirationDurationUpdated, nil)
+		am.checkAndSchedulePeerLoginExpiration(account)
 	}
 
 	updatedAccount := account.UpdateSettings(newSettings)
@@ -658,6 +716,54 @@ func (am *DefaultAccountManager) UpdateAccountSettings(accountID, userID string,
 	return updatedAccount, nil
 }
 
+func (am *DefaultAccountManager) peerLoginExpirationJob(accountID string) func() (time.Duration, bool) {
+	return func() (time.Duration, bool) {
+		unlock := am.Store.AcquireAccountLock(accountID)
+		defer unlock()
+
+		account, err := am.Store.GetAccount(accountID)
+		if err != nil {
+			log.Errorf("failed getting account %s expiring peers", account.Id)
+			return account.GetNextPeerExpiration()
+		}
+
+		var peerIDs []string
+		for _, peer := range account.GetExpiredPeers() {
+			if peer.Status.LoginExpired {
+				continue
+			}
+			peerIDs = append(peerIDs, peer.ID)
+			peer.MarkLoginExpired(true)
+			account.UpdatePeer(peer)
+			err = am.Store.SavePeerStatus(account.Id, peer.ID, *peer.Status)
+			if err != nil {
+				log.Errorf("failed saving peer status while expiring peer %s", peer.ID)
+				return account.GetNextPeerExpiration()
+			}
+		}
+
+		log.Debugf("discovered %d peers to expire for account %s", len(peerIDs), account.Id)
+
+		if len(peerIDs) != 0 {
+			// this will trigger peer disconnect from the management service
+			am.peersUpdateManager.CloseChannels(peerIDs)
+			err := am.updateAccountPeers(account)
+			if err != nil {
+				log.Errorf("failed updating account peers while expiring peers for account %s", accountID)
+				return account.GetNextPeerExpiration()
+			}
+		}
+		return account.GetNextPeerExpiration()
+	}
+}
+
+func (am *DefaultAccountManager) checkAndSchedulePeerLoginExpiration(account *Account) {
+	am.peerLoginExpiry.Cancel([]string{account.Id})
+	if nextRun, ok := account.GetNextPeerExpiration(); ok {
+		go am.peerLoginExpiry.Schedule(nextRun, account.Id, am.peerLoginExpirationJob(account.Id))
+	}
+}
+
 // newAccount creates a new Account with a generated ID and generated default setup keys.
 // If ID is already in use (due to collision) we try one more time before returning error
 func (am *DefaultAccountManager) newAccount(userID, domain string) (*Account, error) {

management/server/account_test.go

@@ -544,8 +544,7 @@ func TestAccountManager_AddPeer(t *testing.T) {
 
 	peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  expectedPeerKey,
-		Meta: PeerSystemMeta{},
-		Name: expectedPeerKey,
+		Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v", err)
@@ -613,8 +612,7 @@ func TestAccountManager_AddPeerWithUserID(t *testing.T) {
 
 	peer, err := manager.AddPeer("", userID, &Peer{
 		Key:  expectedPeerKey,
-		Meta: PeerSystemMeta{},
-		Name: expectedPeerKey,
+		Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v, account users: %v", err, account.CreatedBy)
@@ -696,8 +694,7 @@ func TestAccountManager_NetworkUpdates(t *testing.T) {
 
 		peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
 			Key:  expectedPeerKey,
-			Meta: PeerSystemMeta{},
-			Name: expectedPeerKey,
+			Meta: PeerSystemMeta{Hostname: expectedPeerKey},
 		})
 		if err != nil {
 			t.Fatalf("expecting peer1 to be added, got failure %v", err)
@@ -866,8 +863,7 @@ func TestAccountManager_DeletePeer(t *testing.T) {
 
 	peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey,
-		Meta: PeerSystemMeta{},
-		Name: peerKey,
+		Meta: PeerSystemMeta{Hostname: peerKey},
 	})
 	if err != nil {
 		t.Errorf("expecting peer to be added, got failure %v", err)
@@ -951,7 +947,7 @@ func TestGetUsersFromAccount(t *testing.T) {
 	}
 }
 
-func TestAccountManager_UpdatePeerMeta(t *testing.T) {
+/*func TestAccountManager_UpdatePeerMeta(t *testing.T) {
 	manager, err := createManager(t)
 	if err != nil {
 		t.Fatal(err)
@@ -1018,7 +1014,7 @@ func TestAccountManager_UpdatePeerMeta(t *testing.T) {
 	}
 
 	assert.Equal(t, newMeta, p.Meta)
-}
+}*/
 
 func TestAccount_GetPeerRules(t *testing.T) {
 
@@ -1294,6 +1290,144 @@ func TestDefaultAccountManager_DefaultAccountSettings(t *testing.T) {
 	assert.Equal(t, account.Settings.PeerLoginExpirationEnabled, true)
 	assert.Equal(t, account.Settings.PeerLoginExpiration, 24*time.Hour)
 }
+func TestDefaultAccountManager_UpdatePeer_PeerLoginExpiration(t *testing.T) {
+	manager, err := createManager(t)
+	require.NoError(t, err, "unable to create account manager")
+	account, err := manager.GetAccountByUserOrAccountID(userID, "", "")
+	require.NoError(t, err, "unable to create an account")
+
+	key, err := wgtypes.GenerateKey()
+	require.NoError(t, err, "unable to generate WireGuard key")
+	peer, err := manager.AddPeer("", userID, &Peer{
+		Key:                    key.PublicKey().String(),
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
+		LoginExpirationEnabled: true,
+	})
+	require.NoError(t, err, "unable to add peer")
+	err = manager.MarkPeerConnected(key.PublicKey().String(), true)
+	require.NoError(t, err, "unable to mark peer connected")
+	account, err = manager.UpdateAccountSettings(account.Id, userID, &Settings{
+		PeerLoginExpiration:        time.Hour,
+		PeerLoginExpirationEnabled: true})
+	require.NoError(t, err, "expecting to update account settings successfully but got error")
+
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+	manager.peerLoginExpiry = &MockScheduler{
+		CancelFunc: func(IDs []string) {
+			wg.Done()
+		},
+		ScheduleFunc: func(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool)) {
+			wg.Done()
+		},
+	}
+
+	// disable expiration first
+	update := peer.Copy()
+	update.LoginExpirationEnabled = false
+	_, err = manager.UpdatePeer(account.Id, userID, update)
+	require.NoError(t, err, "unable to update peer")
+	// enabling expiration should trigger the routine
+	update.LoginExpirationEnabled = true
+	_, err = manager.UpdatePeer(account.Id, userID, update)
+	require.NoError(t, err, "unable to update peer")
+
+	failed := waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timeout while waiting for test to finish")
+	}
+}
+
+func TestDefaultAccountManager_MarkPeerConnected_PeerLoginExpiration(t *testing.T) {
+	manager, err := createManager(t)
+	require.NoError(t, err, "unable to create account manager")
+	account, err := manager.GetAccountByUserOrAccountID(userID, "", "")
+	require.NoError(t, err, "unable to create an account")
+
+	key, err := wgtypes.GenerateKey()
+	require.NoError(t, err, "unable to generate WireGuard key")
+	_, err = manager.AddPeer("", userID, &Peer{
+		Key:                    key.PublicKey().String(),
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
+		LoginExpirationEnabled: true,
+	})
+	require.NoError(t, err, "unable to add peer")
+	_, err = manager.UpdateAccountSettings(account.Id, userID, &Settings{
+		PeerLoginExpiration:        time.Hour,
+		PeerLoginExpirationEnabled: true})
+	require.NoError(t, err, "expecting to update account settings successfully but got error")
+
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+	manager.peerLoginExpiry = &MockScheduler{
+		CancelFunc: func(IDs []string) {
+			wg.Done()
+		},
+		ScheduleFunc: func(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool)) {
+			wg.Done()
+		},
+	}
+
+	// when we mark peer as connected, the peer login expiration routine should trigger
+	err = manager.MarkPeerConnected(key.PublicKey().String(), true)
+	require.NoError(t, err, "unable to mark peer connected")
+
+	failed := waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timeout while waiting for test to finish")
+	}
+
+}
+
+func TestDefaultAccountManager_UpdateAccountSettings_PeerLoginExpiration(t *testing.T) {
+	manager, err := createManager(t)
+	require.NoError(t, err, "unable to create account manager")
+	account, err := manager.GetAccountByUserOrAccountID(userID, "", "")
+	require.NoError(t, err, "unable to create an account")
+
+	key, err := wgtypes.GenerateKey()
+	require.NoError(t, err, "unable to generate WireGuard key")
+	_, err = manager.AddPeer("", userID, &Peer{
+		Key:                    key.PublicKey().String(),
+		Meta:                   PeerSystemMeta{Hostname: "test-peer"},
+		LoginExpirationEnabled: true,
+	})
+	require.NoError(t, err, "unable to add peer")
+	err = manager.MarkPeerConnected(key.PublicKey().String(), true)
+	require.NoError(t, err, "unable to mark peer connected")
+
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+	manager.peerLoginExpiry = &MockScheduler{
+		CancelFunc: func(IDs []string) {
+			wg.Done()
+		},
+		ScheduleFunc: func(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool)) {
+			wg.Done()
+		},
+	}
+	// enabling PeerLoginExpirationEnabled should trigger the expiration job
+	account, err = manager.UpdateAccountSettings(account.Id, userID, &Settings{
+		PeerLoginExpiration:        time.Hour,
+		PeerLoginExpirationEnabled: true})
+	require.NoError(t, err, "expecting to update account settings successfully but got error")
+
+	failed := waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timeout while waiting for test to finish")
+	}
+	wg.Add(1)
+
+	// disabling PeerLoginExpirationEnabled should trigger cancel
+	_, err = manager.UpdateAccountSettings(account.Id, userID, &Settings{
+		PeerLoginExpiration:        time.Hour,
+		PeerLoginExpirationEnabled: false})
+	require.NoError(t, err, "expecting to update account settings successfully but got error")
+	failed = waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timeout while waiting for test to finish")
+	}
+}
 
 func TestDefaultAccountManager_UpdateAccountSettings(t *testing.T) {
 	manager, err := createManager(t)
@@ -1326,6 +1460,286 @@ func TestDefaultAccountManager_UpdateAccountSettings(t *testing.T) {
 	require.Error(t, err, "expecting to fail when providing PeerLoginExpiration more than 180 days")
 }
 
+func TestAccount_GetExpiredPeers(t *testing.T) {
+	type test struct {
+		name          string
+		peers         map[string]*Peer
+		expectedPeers map[string]struct{}
+	}
+	testCases := []test{
+		{
+			name: "Peers with login expiration disabled, no expired peers",
+			peers: map[string]*Peer{
+				"peer-1": {
+					LoginExpirationEnabled: false,
+				},
+				"peer-2": {
+					LoginExpirationEnabled: false,
+				},
+			},
+			expectedPeers: map[string]struct{}{},
+		},
+		{
+			name: "Two peers expired",
+			peers: map[string]*Peer{
+				"peer-1": {
+					ID:                     "peer-1",
+					LoginExpirationEnabled: true,
+					Status: &PeerStatus{
+						LastSeen:     time.Now(),
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LastLogin: time.Now().Add(-30 * time.Minute),
+				},
+				"peer-2": {
+					ID:                     "peer-2",
+					LoginExpirationEnabled: true,
+					Status: &PeerStatus{
+						LastSeen:     time.Now(),
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LastLogin: time.Now().Add(-2 * time.Hour),
+				},
+
+				"peer-3": {
+					ID:                     "peer-3",
+					LoginExpirationEnabled: true,
+					Status: &PeerStatus{
+						LastSeen:     time.Now(),
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LastLogin: time.Now().Add(-1 * time.Hour),
+				},
+			},
+			expectedPeers: map[string]struct{}{
+				"peer-2": {},
+				"peer-3": {},
+			},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			account := &Account{
+				Peers: testCase.peers,
+				Settings: &Settings{
+					PeerLoginExpirationEnabled: true,
+					PeerLoginExpiration:        time.Hour,
+				},
+			}
+
+			expiredPeers := account.GetExpiredPeers()
+			assert.Len(t, expiredPeers, len(testCase.expectedPeers))
+			for _, peer := range expiredPeers {
+				if _, ok := testCase.expectedPeers[peer.ID]; !ok {
+					t.Fatalf("expected to have peer %s expired", peer.ID)
+				}
+			}
+		})
+	}
+
+}
+
+func TestAccount_GetPeersWithExpiration(t *testing.T) {
+	type test struct {
+		name          string
+		peers         map[string]*Peer
+		expectedPeers map[string]struct{}
+	}
+
+	testCases := []test{
+		{
+			name:          "No account peers, no peers with expiration",
+			peers:         map[string]*Peer{},
+			expectedPeers: map[string]struct{}{},
+		},
+		{
+			name: "Peers with login expiration disabled, no peers with expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					LoginExpirationEnabled: false,
+				},
+				"peer-2": {
+					LoginExpirationEnabled: false,
+				},
+			},
+			expectedPeers: map[string]struct{}{},
+		},
+		{
+			name: "Peers with login expiration enabled, return peers with expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					ID:                     "peer-1",
+					LoginExpirationEnabled: true,
+				},
+				"peer-2": {
+					LoginExpirationEnabled: false,
+				},
+			},
+			expectedPeers: map[string]struct{}{
+				"peer-1": {},
+			},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			account := &Account{
+				Peers: testCase.peers,
+			}
+
+			actual := account.GetPeersWithExpiration()
+			assert.Len(t, actual, len(testCase.expectedPeers))
+			if len(testCase.expectedPeers) > 0 {
+				for k := range testCase.expectedPeers {
+					contains := false
+					for _, peer := range actual {
+						if k == peer.ID {
+							contains = true
+						}
+					}
+					assert.True(t, contains)
+				}
+			}
+		})
+	}
+
+}
+
+func TestAccount_GetNextPeerExpiration(t *testing.T) {
+
+	type test struct {
+		name                   string
+		peers                  map[string]*Peer
+		expiration             time.Duration
+		expirationEnabled      bool
+		expectedNextRun        bool
+		expectedNextExpiration time.Duration
+	}
+
+	expectedNextExpiration := time.Minute
+	testCases := []test{
+		{
+			name:                   "No peers, no expiration",
+			peers:                  map[string]*Peer{},
+			expiration:             time.Second,
+			expirationEnabled:      false,
+			expectedNextRun:        false,
+			expectedNextExpiration: time.Duration(0),
+		},
+		{
+			name: "No connected peers, no expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					Status: &PeerStatus{
+						Connected: false,
+					},
+					LoginExpirationEnabled: true,
+				},
+				"peer-2": {
+					Status: &PeerStatus{
+						Connected: true,
+					},
+					LoginExpirationEnabled: false,
+				},
+			},
+			expiration:             time.Second,
+			expirationEnabled:      false,
+			expectedNextRun:        false,
+			expectedNextExpiration: time.Duration(0),
+		},
+		{
+			name: "Connected peers with disabled expiration, no expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					Status: &PeerStatus{
+						Connected: true,
+					},
+					LoginExpirationEnabled: false,
+				},
+				"peer-2": {
+					Status: &PeerStatus{
+						Connected: true,
+					},
+					LoginExpirationEnabled: false,
+				},
+			},
+			expiration:             time.Second,
+			expirationEnabled:      false,
+			expectedNextRun:        false,
+			expectedNextExpiration: time.Duration(0),
+		},
+		{
+			name: "Expired peers, no expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: true,
+					},
+					LoginExpirationEnabled: true,
+				},
+				"peer-2": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: true,
+					},
+					LoginExpirationEnabled: true,
+				},
+			},
+			expiration:             time.Second,
+			expirationEnabled:      false,
+			expectedNextRun:        false,
+			expectedNextExpiration: time.Duration(0),
+		},
+		{
+			name: "To be expired peer, return expiration",
+			peers: map[string]*Peer{
+				"peer-1": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: false,
+					},
+					LoginExpirationEnabled: true,
+					LastLogin:              time.Now(),
+				},
+				"peer-2": {
+					Status: &PeerStatus{
+						Connected:    true,
+						LoginExpired: true,
+					},
+					LoginExpirationEnabled: true,
+				},
+			},
+			expiration:             time.Minute,
+			expirationEnabled:      false,
+			expectedNextRun:        true,
+			expectedNextExpiration: expectedNextExpiration,
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			account := &Account{
+				Peers:    testCase.peers,
+				Settings: &Settings{PeerLoginExpiration: testCase.expiration, PeerLoginExpirationEnabled: testCase.expirationEnabled},
+			}
+
+			expiration, ok := account.GetNextPeerExpiration()
+			assert.Equal(t, ok, testCase.expectedNextRun)
+			if testCase.expectedNextRun {
+				assert.True(t, expiration >= 0 && expiration <= testCase.expectedNextExpiration)
+			} else {
+				assert.Equal(t, expiration, testCase.expectedNextExpiration)
+			}
+
+		})
+	}
+
+}
+
 func createManager(t *testing.T) (*DefaultAccountManager, error) {
 	store, err := createStore(t)
 	if err != nil {
@@ -1344,3 +1758,17 @@ func createStore(t *testing.T) (Store, error) {
 
 	return store, nil
 }
+
+func waitTimeout(wg *sync.WaitGroup, timeout time.Duration) bool {
+	c := make(chan struct{})
+	go func() {
+		defer close(c)
+		wg.Wait()
+	}()
+	select {
+	case <-c:
+		return false
+	case <-time.After(timeout):
+		return true
+	}
+}

management/server/file_store.go

@@ -225,7 +225,6 @@ func (s *FileStore) SaveAccount(account *Account) error {
 
 	accountCopy := account.Copy()
 
-	// todo will override, handle existing keys
 	s.Accounts[accountCopy.Id] = accountCopy
 
 	// todo check that account.Id and keyId are not exist already
@@ -354,6 +353,14 @@ func (s *FileStore) GetAccountByPeerID(peerID string) (*Account, error) {
 		return nil, err
 	}
 
+	// this protection is needed because when we delete a peer, we don't really remove index peerID -> accountID.
+	// check Account.Peers for a match
+	if _, ok := account.Peers[peerID]; !ok {
+		delete(s.PeerID2AccountID, peerID)
+		log.Warnf("removed stale peerID %s to accountID %s index", peerID, accountID)
+		return nil, status.Errorf(status.NotFound, "provided peer doesn't exists %s", peerID)
+	}
+
 	return account.Copy(), nil
 }
 
@@ -372,6 +379,21 @@ func (s *FileStore) GetAccountByPeerPubKey(peerKey string) (*Account, error) {
 		return nil, err
 	}
 
+	// this protection is needed because when we delete a peer, we don't really remove index peerKey -> accountID.
+	// check Account.Peers for a match
+	stale := true
+	for _, peer := range account.Peers {
+		if peer.Key == peerKey {
+			stale = false
+			break
+		}
+	}
+	if stale {
+		delete(s.PeerKeyID2AccountID, peerKey)
+		log.Warnf("removed stale peerKey %s to accountID %s index", peerKey, accountID)
+		return nil, status.Errorf(status.NotFound, "provided peer doesn't exists %s", peerKey)
+	}
+
 	return account.Copy(), nil
 }
 

management/server/file_store_test.go

@@ -14,6 +14,44 @@ type accounts struct {
 	Accounts map[string]*Account
 }
 
+func TestStalePeerIndices(t *testing.T) {
+	storeDir := t.TempDir()
+
+	err := util.CopyFileContents("testdata/store.json", filepath.Join(storeDir, "store.json"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	store, err := NewFileStore(storeDir)
+	if err != nil {
+		return
+	}
+
+	account, err := store.GetAccount("bf1c8084-ba50-4ce7-9439-34653001fc3b")
+	require.NoError(t, err)
+
+	peerID := "some_peer"
+	peerKey := "some_peer_key"
+	account.Peers[peerID] = &Peer{
+		ID:  peerID,
+		Key: peerKey,
+	}
+
+	err = store.SaveAccount(account)
+	require.NoError(t, err)
+
+	account.DeletePeer(peerID)
+
+	err = store.SaveAccount(account)
+	require.NoError(t, err)
+
+	_, err = store.GetAccountByPeerID(peerID)
+	require.Error(t, err, "expecting to get an error when found stale index")
+
+	_, err = store.GetAccountByPeerPubKey(peerKey)
+	require.Error(t, err, "expecting to get an error when found stale index")
+}
+
 func TestNewStore(t *testing.T) {
 	store := newStore(t)
 

management/server/grpcserver.go

@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	pb "github.com/golang/protobuf/proto" //nolint
 	"strings"
 	"time"
 
@@ -118,43 +119,18 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
 		log.Debugf("Sync request from peer [%s] [%s]", req.WgPubKey, p.Addr.String())
 	}
 
-	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
-	if err != nil {
-		log.Warnf("error while parsing peer's Wireguard public key %s on Sync request.", peerKey.String())
-		return status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", peerKey.String())
-	}
-
-	peer, err := s.accountManager.GetPeerByKey(peerKey.String())
-	if err != nil {
-		p, _ := gRPCPeer.FromContext(srv.Context())
-		msg := status.Errorf(codes.PermissionDenied, "provided peer with the key wgPubKey %s is not registered, remote addr is %s", peerKey.String(), p.Addr.String())
-		log.Debug(msg)
-		return msg
-	}
-
-	account, err := s.accountManager.GetAccountByPeerID(peer.ID)
-	if err != nil {
-		return status.Error(codes.Internal, "internal server error")
-	}
-	expired, left := peer.LoginExpired(account.Settings)
-	if peer.UserID != "" && (expired || peer.Status.LoginExpired) {
-		err = s.accountManager.MarkPeerLoginExpired(peerKey.String(), true)
-		if err != nil {
-			log.Warnf("failed marking peer login expired %s %v", peerKey, err)
-		}
-		return status.Errorf(codes.PermissionDenied, "peer login has expired %v ago. Please log in once more", left)
-	}
-
 	syncReq := &proto.SyncRequest{}
-	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, syncReq)
+	peerKey, err := s.parseRequest(req, syncReq)
 	if err != nil {
-		p, _ := gRPCPeer.FromContext(srv.Context())
-		msg := status.Errorf(codes.InvalidArgument, "invalid request message from %s,remote addr is %s", peerKey.String(), p.Addr.String())
-		log.Debug(msg)
-		return msg
+		return err
 	}
 
-	err = s.sendInitialSync(peerKey, peer, srv)
+	peer, netMap, err := s.accountManager.SyncPeer(PeerSync{WireGuardPubKey: peerKey.String()})
+	if err != nil {
+		return mapError(err)
+	}
+
+	err = s.sendInitialSync(peerKey, peer, netMap, srv)
 	if err != nil {
 		log.Debugf("error while sending initial sync for %s: %v", peerKey.String(), err)
 		return err
@@ -176,6 +152,7 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
 		case update, open := <-updates:
 			if !open {
 				log.Debugf("updates channel for peer %s was closed", peerKey.String())
+				s.cancelPeerRoutines(peer)
 				return nil
 			}
 			log.Debugf("recevied an update for peer %s", peerKey.String())
@@ -197,18 +174,18 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
 		case <-srv.Context().Done():
 			// happens when connection drops, e.g. client disconnects
 			log.Debugf("stream of peer %s has been closed", peerKey.String())
-			s.peersUpdateManager.CloseChannel(peer.ID)
-			s.turnCredentialsManager.CancelRefresh(peerKey.String())
-			err = s.accountManager.MarkPeerConnected(peerKey.String(), false)
-			if err != nil {
-				log.Warnf("failed marking peer as disconnected %s %v", peerKey, err)
-			}
-			// todo stop turn goroutine
+			s.cancelPeerRoutines(peer)
 			return srv.Context().Err()
 		}
 	}
 }
 
+func (s *GRPCServer) cancelPeerRoutines(peer *Peer) {
+	s.peersUpdateManager.CloseChannel(peer.ID)
+	s.turnCredentialsManager.CancelRefresh(peer.ID)
+	_ = s.accountManager.MarkPeerConnected(peer.Key, false)
+}
+
 func (s *GRPCServer) validateToken(jwtToken string) (string, error) {
 	if s.jwtMiddleware == nil {
 		return "", status.Error(codes.Internal, "no jwt middleware set")
@@ -216,7 +193,7 @@ func (s *GRPCServer) validateToken(jwtToken string) (string, error) {
 
 	token, err := s.jwtMiddleware.ValidateAndParse(jwtToken)
 	if err != nil {
-		return "", status.Errorf(codes.Internal, "invalid jwt token, err: %v", err)
+		return "", status.Errorf(codes.InvalidArgument, "invalid jwt token, err: %v", err)
 	}
 	claims := s.jwtClaimsExtractor.FromToken(token)
 	// we need to call this method because if user is new, we will automatically add it to existing or create a new account
@@ -228,84 +205,52 @@ func (s *GRPCServer) validateToken(jwtToken string) (string, error) {
 	return claims.UserId, nil
 }
 
-func (s *GRPCServer) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest) (*Peer, error) {
-	var (
-		reqSetupKey string
-		userID      string
-		err         error
-	)
-
-	if req.GetJwtToken() != "" {
-		log.Debugln("using jwt token to register peer")
-		userID, err = s.validateToken(req.JwtToken)
-		if err != nil {
-			return nil, err
+// maps internal internalStatus.Error to gRPC status.Error
+func mapError(err error) error {
+	if e, ok := internalStatus.FromError(err); ok {
+		switch e.Type() {
+		case internalStatus.PermissionDenied:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.Unauthorized:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.Unauthenticated:
+			return status.Errorf(codes.PermissionDenied, e.Message)
+		case internalStatus.PreconditionFailed:
+			return status.Errorf(codes.FailedPrecondition, e.Message)
+		case internalStatus.NotFound:
+			return status.Errorf(codes.NotFound, e.Message)
+		default:
 		}
-	} else {
-		log.Debugln("using setup key to register peer")
-		reqSetupKey = req.GetSetupKey()
-		userID = ""
 	}
+	return status.Errorf(codes.Internal, "failed handling request")
+}
 
-	meta := req.GetMeta()
-	if meta == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "peer meta data was not provided")
+func extractPeerMeta(loginReq *proto.LoginRequest) PeerSystemMeta {
+	return PeerSystemMeta{
+		Hostname:  loginReq.GetMeta().GetHostname(),
+		GoOS:      loginReq.GetMeta().GetGoOS(),
+		Kernel:    loginReq.GetMeta().GetKernel(),
+		Core:      loginReq.GetMeta().GetCore(),
+		Platform:  loginReq.GetMeta().GetPlatform(),
+		OS:        loginReq.GetMeta().GetOS(),
+		WtVersion: loginReq.GetMeta().GetWiretrusteeVersion(),
+		UIVersion: loginReq.GetMeta().GetUiVersion(),
 	}
+}
 
-	var sshKey []byte
-	if req.GetPeerKeys() != nil {
-		sshKey = req.GetPeerKeys().GetSshPubKey()
-	}
-
-	peer, err := s.accountManager.AddPeer(reqSetupKey, userID, &Peer{
-		Key:    peerKey.String(),
-		Name:   meta.GetHostname(),
-		SSHKey: string(sshKey),
-		Meta: PeerSystemMeta{
-			Hostname:  meta.GetHostname(),
-			GoOS:      meta.GetGoOS(),
-			Kernel:    meta.GetKernel(),
-			Core:      meta.GetCore(),
-			Platform:  meta.GetPlatform(),
-			OS:        meta.GetOS(),
-			WtVersion: meta.GetWiretrusteeVersion(),
-			UIVersion: meta.GetUiVersion(),
-		},
-	})
+func (s *GRPCServer) parseRequest(req *proto.EncryptedMessage, parsed pb.Message) (wgtypes.Key, error) {
+	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
 	if err != nil {
-		if e, ok := internalStatus.FromError(err); ok {
-			switch e.Type() {
-			case internalStatus.PreconditionFailed:
-				return nil, status.Errorf(codes.FailedPrecondition, e.Message)
-			case internalStatus.NotFound:
-				return nil, status.Errorf(codes.NotFound, e.Message)
-			default:
-			}
-		}
-		return nil, status.Errorf(codes.Internal, "failed registering new peer")
+		log.Warnf("error while parsing peer's WireGuard public key %s.", req.WgPubKey)
+		return wgtypes.Key{}, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", req.WgPubKey)
 	}
 
-	// todo move to DefaultAccountManager the code below
-	networkMap, err := s.accountManager.GetNetworkMap(peer.ID)
+	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, parsed)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, "unable to fetch network map after registering peer, error: %v", err)
-	}
-	// notify other peers of our registration
-	for _, remotePeer := range networkMap.Peers {
-		remotePeerNetworkMap, err := s.accountManager.GetNetworkMap(remotePeer.ID)
-		if err != nil {
-			return nil, status.Errorf(codes.Internal, "unable to fetch network map after registering peer, error: %v", err)
-		}
-
-		update := toSyncResponse(s.config, remotePeer, nil, remotePeerNetworkMap, s.accountManager.GetDNSDomain())
-		err = s.peersUpdateManager.SendUpdate(remotePeer.ID, &UpdateMessage{Update: update})
-		if err != nil {
-			// todo rethink if we should keep this return
-			return nil, status.Errorf(codes.Internal, "unable to send update after registering peer, error: %v", err)
-		}
+		return wgtypes.Key{}, status.Errorf(codes.InvalidArgument, "invalid request message")
 	}
 
-	return peer, nil
+	return peerKey, nil
 }
 
 // Login endpoint first checks whether peer is registered under any account
@@ -321,101 +266,51 @@ func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*p
 		log.Debugf("Login request from peer [%s] [%s]", req.WgPubKey, p.Addr.String())
 	}
 
-	peerKey, err := wgtypes.ParseKey(req.GetWgPubKey())
-	if err != nil {
-		log.Warnf("error while parsing peer's Wireguard public key %s on Sync request.", req.WgPubKey)
-		return nil, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", req.WgPubKey)
-	}
-
 	loginReq := &proto.LoginRequest{}
-	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, loginReq)
+	peerKey, err := s.parseRequest(req, loginReq)
 	if err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, "invalid request message")
+		return nil, err
 	}
 
-	peer, err := s.accountManager.GetPeerByKey(peerKey.String())
-	if err != nil {
-		if errStatus, ok := internalStatus.FromError(err); ok && errStatus.Type() == internalStatus.NotFound {
-			// peer doesn't exist -> check if setup key was provided
-			if loginReq.GetJwtToken() == "" && loginReq.GetSetupKey() == "" {
-				// absent setup key or jwt -> permission denied
-				p, _ := gRPCPeer.FromContext(ctx)
-				msg := status.Errorf(codes.PermissionDenied,
-					"provided peer with the key wgPubKey %s is not registered and no setup key or jwt was provided,"+
-						" remote addr is %s", peerKey.String(), p.Addr.String())
-				log.Debug(msg)
-				return nil, msg
-			}
+	if loginReq.GetMeta() == nil {
+		msg := status.Errorf(codes.FailedPrecondition,
+			"peer system meta has to be provided to log in. Peer %s, remote addr %s", peerKey.String(),
+			p.Addr.String())
+		log.Warn(msg)
+		return nil, msg
+	}
 
-			// setup key or jwt is present -> try normal registration flow
-			peer, err = s.registerPeer(peerKey, loginReq)
-			if err != nil {
-				return nil, err
-			}
-
-		} else {
-			return nil, status.Error(codes.Internal, "internal server error")
-		}
-	} else if loginReq.GetMeta() != nil {
-		// update peer's system meta data on Login
-		err = s.accountManager.UpdatePeerMeta(peer.ID, PeerSystemMeta{
-			Hostname:  loginReq.GetMeta().GetHostname(),
-			GoOS:      loginReq.GetMeta().GetGoOS(),
-			Kernel:    loginReq.GetMeta().GetKernel(),
-			Core:      loginReq.GetMeta().GetCore(),
-			Platform:  loginReq.GetMeta().GetPlatform(),
-			OS:        loginReq.GetMeta().GetOS(),
-			WtVersion: loginReq.GetMeta().GetWiretrusteeVersion(),
-			UIVersion: loginReq.GetMeta().GetUiVersion(),
-		},
-		)
+	userID := ""
+	// JWT token is not always provided, it is fine for userID to be empty cuz it might be that peer is already registered,
+	// or it uses a setup key to register.
+	if loginReq.GetJwtToken() != "" {
+		// todo what about the case when JWT provided is expired?
+		userID, err = s.validateToken(loginReq.GetJwtToken())
 		if err != nil {
-			log.Errorf("failed updating peer system meta data %s", peerKey.String())
-			return nil, status.Error(codes.Internal, "internal server error")
+			log.Warnf("failed validating JWT token sent from peer %s", peerKey)
+			return nil, mapError(err)
 		}
 	}
-
-	// check if peer login has expired
-	account, err := s.accountManager.GetAccountByPeerID(peer.ID)
-	if err != nil {
-		return nil, status.Error(codes.Internal, "internal server error")
-	}
-	expired, left := peer.LoginExpired(account.Settings)
-	if peer.UserID != "" && (expired || peer.Status.LoginExpired) {
-		// it might be that peer expired but user has logged in already, check token then
-		if loginReq.GetJwtToken() == "" {
-			err = s.accountManager.MarkPeerLoginExpired(peerKey.String(), true)
-			if err != nil {
-				log.Warnf("failed marking peer login expired %s %v", peerKey, err)
-			}
-			return nil, status.Errorf(codes.PermissionDenied,
-				"peer login has expired %v ago. Please log in once more", left)
-		}
-		_, err = s.validateToken(loginReq.GetJwtToken())
-		if err != nil {
-			return nil, err
-		}
-
-		err = s.accountManager.UpdatePeerLastLogin(peer.ID)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	var sshKey []byte
 	if loginReq.GetPeerKeys() != nil {
 		sshKey = loginReq.GetPeerKeys().GetSshPubKey()
 	}
 
-	if len(sshKey) > 0 {
-		err = s.accountManager.UpdatePeerSSHKey(peer.ID, string(sshKey))
-		if err != nil {
-			return nil, err
-		}
+	peer, err := s.accountManager.LoginPeer(PeerLogin{
+		WireGuardPubKey: peerKey.String(),
+		SSHKey:          string(sshKey),
+		Meta:            extractPeerMeta(loginReq),
+		UserID:          userID,
+		SetupKey:        loginReq.GetSetupKey(),
+	})
+	if err != nil {
+		log.Warnf("failed logging in peer %s", peerKey)
+		return nil, mapError(err)
 	}
 
 	network, err := s.accountManager.GetPeerNetwork(peer.ID)
 	if err != nil {
+		log.Warnf("failed getting peer %s network on login", peer.ID)
 		return nil, status.Errorf(codes.Internal, "failed getting peer network on login")
 	}
 
@@ -426,6 +321,7 @@ func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*p
 	}
 	encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, loginResp)
 	if err != nil {
+		log.Warnf("failed encrypting peer %s message", peer.ID)
 		return nil, status.Errorf(codes.Internal, "failed logging in peer")
 	}
 
@@ -551,13 +447,7 @@ func (s *GRPCServer) IsHealthy(ctx context.Context, req *proto.Empty) (*proto.Em
 }
 
 // sendInitialSync sends initial proto.SyncResponse to the peer requesting synchronization
-func (s *GRPCServer) sendInitialSync(peerKey wgtypes.Key, peer *Peer, srv proto.ManagementService_SyncServer) error {
-	networkMap, err := s.accountManager.GetNetworkMap(peer.ID)
-	if err != nil {
-		log.Warnf("error getting a list of peers for a peer %s", peer.ID)
-		return err
-	}
-
+func (s *GRPCServer) sendInitialSync(peerKey wgtypes.Key, peer *Peer, networkMap *NetworkMap, srv proto.ManagementService_SyncServer) error {
 	// make secret time based TURN credentials optional
 	var turnCredentials *TURNCredentials
 	if s.config.TURNConfig.TimeBasedCredentials {

management/server/http/accounts_handler.go

@@ -2,25 +2,27 @@ package http
 
 import (
 	"encoding/json"
+	"net/http"
+	"time"
+
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
-	"net/http"
-	"time"
 )
 
-// Accounts is a handler that handles the server.Account HTTP endpoints
-type Accounts struct {
+// AccountsHandler is a handler that handles the server.Account HTTP endpoints
+type AccountsHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewAccounts creates a new Accounts HTTP handler
-func NewAccounts(accountManager server.AccountManager, authCfg AuthCfg) *Accounts {
-	return &Accounts{
+// NewAccountsHandler creates a new AccountsHandler HTTP handler
+func NewAccountsHandler(accountManager server.AccountManager, authCfg AuthCfg) *AccountsHandler {
+	return &AccountsHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,8 +31,8 @@ func NewAccounts(accountManager server.AccountManager, authCfg AuthCfg) *Account
 	}
 }
 
-// GetAccountsHandler is HTTP GET handler that returns a list of accounts. Effectively returns just a single account.
-func (h *Accounts) GetAccountsHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllAccounts is HTTP GET handler that returns a list of accounts. Effectively returns just a single account.
+func (h *AccountsHandler) GetAllAccounts(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -47,8 +49,8 @@ func (h *Accounts) GetAccountsHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, []*api.Account{resp})
 }
 
-// UpdateAccountHandler is HTTP PUT handler that updates the provided account. Updates only account settings (server.Settings)
-func (h *Accounts) UpdateAccountHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateAccount is HTTP PUT handler that updates the provided account. Updates only account settings (server.Settings)
+func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	_, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/accounts_handler_test.go

@@ -3,22 +3,24 @@ package http
 import (
 	"bytes"
 	"encoding/json"
-	"github.com/gorilla/mux"
-	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/stretchr/testify/assert"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/jwtclaims"
+	"github.com/netbirdio/netbird/management/server/mock_server"
+	"github.com/netbirdio/netbird/management/server/status"
 )
 
-func initAccountsTestData(account *server.Account, admin *server.User) *Accounts {
-	return &Accounts{
+func initAccountsTestData(account *server.Account, admin *server.User) *AccountsHandler {
+	return &AccountsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
 				return account, admin, nil
@@ -81,7 +83,7 @@ func TestAccounts_AccountsHandler(t *testing.T) {
 		requestBody      io.Reader
 	}{
 		{
-			name:           "GetAccounts OK",
+			name:           "GetAllAccounts OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/accounts",
@@ -133,8 +135,8 @@ func TestAccounts_AccountsHandler(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/accounts", handler.GetAccountsHandler).Methods("GET")
-			router.HandleFunc("/api/accounts/{id}", handler.UpdateAccountHandler).Methods("PUT")
+			router.HandleFunc("/api/accounts", handler.GetAllAccounts).Methods("GET")
+			router.HandleFunc("/api/accounts/{id}", handler.UpdateAccount).Methods("PUT")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/dns_settings_handler.go

@@ -4,22 +4,23 @@ import (
 	"encoding/json"
 	"net/http"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	log "github.com/sirupsen/logrus"
 )
 
-// DNSSettings is a handler that returns the DNS settings of the account
-type DNSSettings struct {
+// DNSSettingsHandler is a handler that returns the DNS settings of the account
+type DNSSettingsHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewDNSSettings returns a new instance of DNSSettings handler
-func NewDNSSettings(accountManager server.AccountManager, authCfg AuthCfg) *DNSSettings {
-	return &DNSSettings{
+// NewDNSSettingsHandler returns a new instance of DNSSettingsHandler handler
+func NewDNSSettingsHandler(accountManager server.AccountManager, authCfg AuthCfg) *DNSSettingsHandler {
+	return &DNSSettingsHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,7 +30,7 @@ func NewDNSSettings(accountManager server.AccountManager, authCfg AuthCfg) *DNSS
 }
 
 // GetDNSSettings returns the DNS settings for the account
-func (h *DNSSettings) GetDNSSettings(w http.ResponseWriter, r *http.Request) {
+func (h *DNSSettingsHandler) GetDNSSettings(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -52,7 +53,7 @@ func (h *DNSSettings) GetDNSSettings(w http.ResponseWriter, r *http.Request) {
 }
 
 // UpdateDNSSettings handles update to DNS settings of an account
-func (h *DNSSettings) UpdateDNSSettings(w http.ResponseWriter, r *http.Request) {
+func (h *DNSSettingsHandler) UpdateDNSSettings(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/dns_settings_handler_test.go

@@ -8,11 +8,13 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/netbirdio/netbird/management/server/http/api"
-	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/netbirdio/netbird/management/server/http/api"
+	"github.com/netbirdio/netbird/management/server/status"
+
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
@@ -37,8 +39,8 @@ var testingDNSSettingsAccount = &server.Account{
 	DNSSettings: baseExistingDNSSettings,
 }
 
-func initDNSSettingsTestData() *DNSSettings {
-	return &DNSSettings{
+func initDNSSettingsTestData() *DNSSettingsHandler {
+	return &DNSSettingsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetDNSSettingsFunc: func(accountID string, userID string) (*server.DNSSettings, error) {
 				return testingDNSSettingsAccount.DNSSettings, nil

management/server/http/events_handler.go

@@ -4,23 +4,24 @@ import (
 	"fmt"
 	"net/http"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	log "github.com/sirupsen/logrus"
 )
 
-// Events HTTP handler
-type Events struct {
+// EventsHandler HTTP handler
+type EventsHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewEvents creates a new Events HTTP handler
-func NewEvents(accountManager server.AccountManager, authCfg AuthCfg) *Events {
-	return &Events{
+// NewEventsHandler creates a new EventsHandler HTTP handler
+func NewEventsHandler(accountManager server.AccountManager, authCfg AuthCfg) *EventsHandler {
+	return &EventsHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,8 +30,8 @@ func NewEvents(accountManager server.AccountManager, authCfg AuthCfg) *Events {
 	}
 }
 
-// GetEvents list of the given account
-func (h *Events) GetEvents(w http.ResponseWriter, r *http.Request) {
+// GetAllEvents list of the given account
+func (h *EventsHandler) GetAllEvents(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/events_handler_test.go

@@ -10,16 +10,17 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/stretchr/testify/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/stretchr/testify/assert"
 )
 
-func initEventsTestData(account string, user *server.User, events ...*activity.Event) *Events {
-	return &Events{
+func initEventsTestData(account string, user *server.User, events ...*activity.Event) *EventsHandler {
+	return &EventsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetEventsFunc: func(accountID, userID string) ([]*activity.Event, error) {
 				if accountID == account {
@@ -184,7 +185,7 @@ func TestEvents_GetEvents(t *testing.T) {
 		requestBody    io.Reader
 	}{
 		{
-			name:           "GetEvents OK",
+			name:           "GetAllEvents OK",
 			expectedBody:   true,
 			requestType:    http.MethodGet,
 			requestPath:    "/api/events/",
@@ -202,7 +203,7 @@ func TestEvents_GetEvents(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/events/", handler.GetEvents).Methods("GET")
+			router.HandleFunc("/api/events/", handler.GetAllEvents).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/groups_handler.go

@@ -8,22 +8,24 @@ import (
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/status"
 
+	"github.com/rs/xid"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	"github.com/rs/xid"
 
 	"github.com/gorilla/mux"
 	log "github.com/sirupsen/logrus"
 )
 
-// Groups is a handler that returns groups of the account
-type Groups struct {
+// GroupsHandler is a handler that returns groups of the account
+type GroupsHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-func NewGroups(accountManager server.AccountManager, authCfg AuthCfg) *Groups {
-	return &Groups{
+// NewGroupsHandler creates a new GroupsHandler HTTP handler
+func NewGroupsHandler(accountManager server.AccountManager, authCfg AuthCfg) *GroupsHandler {
+	return &GroupsHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -32,8 +34,8 @@ func NewGroups(accountManager server.AccountManager, authCfg AuthCfg) *Groups {
 	}
 }
 
-// GetAllGroupsHandler list for the account
-func (h *Groups) GetAllGroupsHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllGroups list for the account
+func (h *GroupsHandler) GetAllGroups(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -50,8 +52,8 @@ func (h *Groups) GetAllGroupsHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, groups)
 }
 
-// UpdateGroupHandler handles update to a group identified by a given ID
-func (h *Groups) UpdateGroupHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateGroup handles update to a group identified by a given ID
+func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -119,8 +121,8 @@ func (h *Groups) UpdateGroupHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toGroupResponse(account, &group))
 }
 
-// PatchGroupHandler handles patch updates to a group identified by a given ID
-func (h *Groups) PatchGroupHandler(w http.ResponseWriter, r *http.Request) {
+// PatchGroup handles patch updates to a group identified by a given ID
+func (h *GroupsHandler) PatchGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -205,7 +207,7 @@ func (h *Groups) PatchGroupHandler(w http.ResponseWriter, r *http.Request) {
 				})
 			default:
 				util.WriteError(status.Errorf(status.InvalidArgument,
-					"invalid operation, \"%v\", for Peers field", patch.Op), w)
+					"invalid operation, \"%v\", for PeersHandler field", patch.Op), w)
 				return
 			}
 		default:
@@ -223,8 +225,8 @@ func (h *Groups) PatchGroupHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toGroupResponse(account, group))
 }
 
-// CreateGroupHandler handles group creation request
-func (h *Groups) CreateGroupHandler(w http.ResponseWriter, r *http.Request) {
+// CreateGroup handles group creation request
+func (h *GroupsHandler) CreateGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -265,8 +267,8 @@ func (h *Groups) CreateGroupHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toGroupResponse(account, &group))
 }
 
-// DeleteGroupHandler handles group deletion request
-func (h *Groups) DeleteGroupHandler(w http.ResponseWriter, r *http.Request) {
+// DeleteGroup handles group deletion request
+func (h *GroupsHandler) DeleteGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -301,8 +303,8 @@ func (h *Groups) DeleteGroupHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, "")
 }
 
-// GetGroupHandler returns a group
-func (h *Groups) GetGroupHandler(w http.ResponseWriter, r *http.Request) {
+// GetGroup returns a group
+func (h *GroupsHandler) GetGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/groups_handler_test.go

@@ -15,9 +15,11 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 
 	"github.com/magiconair/properties/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
@@ -27,8 +29,8 @@ var TestPeers = map[string]*server.Peer{
 	"B": {Key: "B", ID: "peer-B-ID", IP: net.ParseIP("200.200.200.200")},
 }
 
-func initGroupTestData(user *server.User, groups ...*server.Group) *Groups {
-	return &Groups{
+func initGroupTestData(user *server.User, groups ...*server.Group) *GroupsHandler {
+	return &GroupsHandler{
 		accountManager: &mock_server.MockAccountManager{
 			SaveGroupFunc: func(accountID, userID string, group *server.Group) error {
 				if !strings.HasPrefix(group.ID, "id-") {
@@ -134,7 +136,7 @@ func TestGetGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups/{id}", p.GetGroupHandler).Methods("GET")
+			router.HandleFunc("/api/groups/{id}", p.GetGroup).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -259,7 +261,7 @@ func TestWriteGroup(t *testing.T) {
 			expectedBody:   false,
 		},
 		{
-			name:        "Write Group PATCH Peers OK",
+			name:        "Write Group PATCH PeersHandler OK",
 			requestType: http.MethodPatch,
 			requestPath: "/api/groups/id-existed",
 			requestBody: bytes.NewBuffer(
@@ -286,9 +288,9 @@ func TestWriteGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups", p.CreateGroupHandler).Methods("POST")
-			router.HandleFunc("/api/groups/{id}", p.UpdateGroupHandler).Methods("PUT")
-			router.HandleFunc("/api/groups/{id}", p.PatchGroupHandler).Methods("PATCH")
+			router.HandleFunc("/api/groups", p.CreateGroup).Methods("POST")
+			router.HandleFunc("/api/groups/{id}", p.UpdateGroup).Methods("PUT")
+			router.HandleFunc("/api/groups/{id}", p.PatchGroup).Methods("PATCH")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/handler.go

@@ -4,10 +4,11 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+	"github.com/rs/cors"
+
 	s "github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/middleware"
 	"github.com/netbirdio/netbird/management/server/telemetry"
-	"github.com/rs/cors"
 )
 
 // AuthCfg contains parameters for authentication middleware
@@ -18,6 +19,12 @@ type AuthCfg struct {
 	KeysLocation string
 }
 
+type apiHandler struct {
+	Router         *mux.Router
+	AccountManager s.AccountManager
+	AuthCfg        AuthCfg
+}
+
 // APIHandler creates the Management service HTTP API handler registering all the available endpoints.
 func APIHandler(accountManager s.AccountManager, appMetrics telemetry.AppMetrics, authCfg AuthCfg) (http.Handler, error) {
 	jwtMiddleware, err := middleware.NewJwtMiddleware(
@@ -38,69 +45,27 @@ func APIHandler(accountManager s.AccountManager, appMetrics telemetry.AppMetrics
 	rootRouter := mux.NewRouter()
 	metricsMiddleware := appMetrics.HTTPMiddleware()
 
-	apiHandler := rootRouter.PathPrefix("/api").Subrouter()
-	apiHandler.Use(metricsMiddleware.Handler, corsMiddleware.Handler, jwtMiddleware.Handler, acMiddleware.Handler)
+	router := rootRouter.PathPrefix("/api").Subrouter()
+	router.Use(metricsMiddleware.Handler, corsMiddleware.Handler, jwtMiddleware.Handler, acMiddleware.Handler)
 
-	groupsHandler := NewGroups(accountManager, authCfg)
-	rulesHandler := NewRules(accountManager, authCfg)
-	peersHandler := NewPeers(accountManager, authCfg)
-	keysHandler := NewSetupKeysHandler(accountManager, authCfg)
-	userHandler := NewUserHandler(accountManager, authCfg)
-	routesHandler := NewRoutes(accountManager, authCfg)
-	nameserversHandler := NewNameservers(accountManager, authCfg)
-	eventsHandler := NewEvents(accountManager, authCfg)
-	dnsSettingsHandler := NewDNSSettings(accountManager, authCfg)
-	accountsHandler := NewAccounts(accountManager, authCfg)
+	api := apiHandler{
+		Router:         router,
+		AccountManager: accountManager,
+		AuthCfg:        authCfg,
+	}
 
-	apiHandler.HandleFunc("/accounts/{id}", accountsHandler.UpdateAccountHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/accounts", accountsHandler.GetAccountsHandler).Methods("GET", "OPTIONS")
+	api.addAccountsEndpoint()
+	api.addPeersEndpoint()
+	api.addUsersEndpoint()
+	api.addSetupKeysEndpoint()
+	api.addRulesEndpoint()
+	api.addGroupsEndpoint()
+	api.addRoutesEndpoint()
+	api.addDNSNameserversEndpoint()
+	api.addDNSSettingEndpoint()
+	api.addEventsEndpoint()
 
-	apiHandler.HandleFunc("/peers", peersHandler.GetPeers).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/peers/{id}", peersHandler.HandlePeer).
-		Methods("GET", "PUT", "DELETE", "OPTIONS")
-	apiHandler.HandleFunc("/users", userHandler.GetUsers).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/users/{id}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/users", userHandler.CreateUserHandler).Methods("POST", "OPTIONS")
-
-	apiHandler.HandleFunc("/setup-keys", keysHandler.GetAllSetupKeysHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys", keysHandler.CreateSetupKeyHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys/{id}", keysHandler.GetSetupKeyHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/setup-keys/{id}", keysHandler.UpdateSetupKeyHandler).Methods("PUT", "OPTIONS")
-
-	apiHandler.HandleFunc("/rules", rulesHandler.GetAllRulesHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/rules", rulesHandler.CreateRuleHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.UpdateRuleHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.PatchRuleHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.GetRuleHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/rules/{id}", rulesHandler.DeleteRuleHandler).Methods("DELETE", "OPTIONS")
-
-	apiHandler.HandleFunc("/groups", groupsHandler.GetAllGroupsHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/groups", groupsHandler.CreateGroupHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.UpdateGroupHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.PatchGroupHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.GetGroupHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/groups/{id}", groupsHandler.DeleteGroupHandler).Methods("DELETE", "OPTIONS")
-
-	apiHandler.HandleFunc("/routes", routesHandler.GetAllRoutesHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/routes", routesHandler.CreateRouteHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.UpdateRouteHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.PatchRouteHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.GetRouteHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/routes/{id}", routesHandler.DeleteRouteHandler).Methods("DELETE", "OPTIONS")
-
-	apiHandler.HandleFunc("/dns/nameservers", nameserversHandler.GetAllNameserversHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers", nameserversHandler.CreateNameserverGroupHandler).Methods("POST", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.UpdateNameserverGroupHandler).Methods("PUT", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.PatchNameserverGroupHandler).Methods("PATCH", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.GetNameserverGroupHandler).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/dns/nameservers/{id}", nameserversHandler.DeleteNameserverGroupHandler).Methods("DELETE", "OPTIONS")
-
-	apiHandler.HandleFunc("/events", eventsHandler.GetEvents).Methods("GET", "OPTIONS")
-
-	apiHandler.HandleFunc("/dns/settings", dnsSettingsHandler.GetDNSSettings).Methods("GET", "OPTIONS")
-	apiHandler.HandleFunc("/dns/settings", dnsSettingsHandler.UpdateDNSSettings).Methods("PUT", "OPTIONS")
-
-	err = apiHandler.Walk(func(route *mux.Route, _ *mux.Router, _ []*mux.Route) error {
+	err = api.Router.Walk(func(route *mux.Route, _ *mux.Router, _ []*mux.Route) error {
 		methods, err := route.GetMethods()
 		if err != nil {
 			return err
@@ -123,3 +88,82 @@ func APIHandler(accountManager s.AccountManager, appMetrics telemetry.AppMetrics
 
 	return rootRouter, nil
 }
+
+func (apiHandler *apiHandler) addAccountsEndpoint() {
+	accountsHandler := NewAccountsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/accounts/{id}", accountsHandler.UpdateAccount).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/accounts", accountsHandler.GetAllAccounts).Methods("GET", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addPeersEndpoint() {
+	peersHandler := NewPeersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/peers", peersHandler.GetAllPeers).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/peers/{id}", peersHandler.HandlePeer).
+		Methods("GET", "PUT", "DELETE", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addUsersEndpoint() {
+	userHandler := NewUsersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/users", userHandler.GetAllUsers).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/users/{id}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/users", userHandler.CreateUser).Methods("POST", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addSetupKeysEndpoint() {
+	keysHandler := NewSetupKeysHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.GetAllSetupKeys).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.CreateSetupKey).Methods("POST", "OPTIONS")
+	apiHandler.Router.HandleFunc("/setup-keys/{id}", keysHandler.GetSetupKey).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/setup-keys/{id}", keysHandler.UpdateSetupKey).Methods("PUT", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addRulesEndpoint() {
+	rulesHandler := NewRulesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/rules", rulesHandler.GetAllRules).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules", rulesHandler.CreateRule).Methods("POST", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.UpdateRule).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.PatchRule).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.GetRule).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.DeleteRule).Methods("DELETE", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addGroupsEndpoint() {
+	groupsHandler := NewGroupsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/groups", groupsHandler.GetAllGroups).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups", groupsHandler.CreateGroup).Methods("POST", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.UpdateGroup).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.PatchGroup).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.GetGroup).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.DeleteGroup).Methods("DELETE", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addRoutesEndpoint() {
+	routesHandler := NewRoutesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/routes", routesHandler.GetAllRoutes).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes", routesHandler.CreateRoute).Methods("POST", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.UpdateRoute).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.PatchRoute).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.GetRoute).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.DeleteRoute).Methods("DELETE", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addDNSNameserversEndpoint() {
+	nameserversHandler := NewNameserversHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.GetAllNameservers).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.CreateNameserverGroup).Methods("POST", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.UpdateNameserverGroup).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.PatchNameserverGroup).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.GetNameserverGroup).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.DeleteNameserverGroup).Methods("DELETE", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addDNSSettingEndpoint() {
+	dnsSettingsHandler := NewDNSSettingsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/dns/settings", dnsSettingsHandler.GetDNSSettings).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/settings", dnsSettingsHandler.UpdateDNSSettings).Methods("PUT", "OPTIONS")
+}
+
+func (apiHandler *apiHandler) addEventsEndpoint() {
+	eventsHandler := NewEventsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
+	apiHandler.Router.HandleFunc("/events", eventsHandler.GetAllEvents).Methods("GET", "OPTIONS")
+}

management/server/http/nameservers_handler.go

@@ -6,24 +6,25 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+	log "github.com/sirupsen/logrus"
+
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
-	log "github.com/sirupsen/logrus"
 )
 
-// Nameservers is the nameserver group handler of the account
-type Nameservers struct {
+// NameserversHandler is the nameserver group handler of the account
+type NameserversHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewNameservers returns a new instance of Nameservers handler
-func NewNameservers(accountManager server.AccountManager, authCfg AuthCfg) *Nameservers {
-	return &Nameservers{
+// NewNameserversHandler returns a new instance of NameserversHandler handler
+func NewNameserversHandler(accountManager server.AccountManager, authCfg AuthCfg) *NameserversHandler {
+	return &NameserversHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -32,8 +33,8 @@ func NewNameservers(accountManager server.AccountManager, authCfg AuthCfg) *Name
 	}
 }
 
-// GetAllNameserversHandler returns the list of nameserver groups for the account
-func (h *Nameservers) GetAllNameserversHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllNameservers returns the list of nameserver groups for the account
+func (h *NameserversHandler) GetAllNameservers(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -56,8 +57,8 @@ func (h *Nameservers) GetAllNameserversHandler(w http.ResponseWriter, r *http.Re
 	util.WriteJSONObject(w, apiNameservers)
 }
 
-// CreateNameserverGroupHandler handles nameserver group creation request
-func (h *Nameservers) CreateNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
+// CreateNameserverGroup handles nameserver group creation request
+func (h *NameserversHandler) CreateNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -89,8 +90,8 @@ func (h *Nameservers) CreateNameserverGroupHandler(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(w, &resp)
 }
 
-// UpdateNameserverGroupHandler handles update to a nameserver group identified by a given ID
-func (h *Nameservers) UpdateNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateNameserverGroup handles update to a nameserver group identified by a given ID
+func (h *NameserversHandler) UpdateNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -139,8 +140,8 @@ func (h *Nameservers) UpdateNameserverGroupHandler(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(w, &resp)
 }
 
-// PatchNameserverGroupHandler handles patch updates to a nameserver group identified by a given ID
-func (h *Nameservers) PatchNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
+// PatchNameserverGroup handles patch updates to a nameserver group identified by a given ID
+func (h *NameserversHandler) PatchNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -221,8 +222,8 @@ func (h *Nameservers) PatchNameserverGroupHandler(w http.ResponseWriter, r *http
 	util.WriteJSONObject(w, &resp)
 }
 
-// DeleteNameserverGroupHandler handles nameserver group deletion request
-func (h *Nameservers) DeleteNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
+// DeleteNameserverGroup handles nameserver group deletion request
+func (h *NameserversHandler) DeleteNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -245,8 +246,8 @@ func (h *Nameservers) DeleteNameserverGroupHandler(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(w, "")
 }
 
-// GetNameserverGroupHandler handles a nameserver group Get request identified by ID
-func (h *Nameservers) GetNameserverGroupHandler(w http.ResponseWriter, r *http.Request) {
+// GetNameserverGroup handles a nameserver group Get request identified by ID
+func (h *NameserversHandler) GetNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/nameservers_handler_test.go

@@ -9,12 +9,14 @@ import (
 	"net/netip"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/stretchr/testify/assert"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
@@ -55,8 +57,8 @@ var baseExistingNSGroup = &nbdns.NameServerGroup{
 	Enabled: true,
 }
 
-func initNameserversTestData() *Nameservers {
-	return &Nameservers{
+func initNameserversTestData() *NameserversHandler {
+	return &NameserversHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetNameServerGroupFunc: func(accountID, nsGroupID string) (*nbdns.NameServerGroup, error) {
 				if nsGroupID == existingNSGroupID {
@@ -260,11 +262,11 @@ func TestNameserversHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/dns/nameservers/{id}", p.GetNameserverGroupHandler).Methods("GET")
-			router.HandleFunc("/api/dns/nameservers", p.CreateNameserverGroupHandler).Methods("POST")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.DeleteNameserverGroupHandler).Methods("DELETE")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.UpdateNameserverGroupHandler).Methods("PUT")
-			router.HandleFunc("/api/dns/nameservers/{id}", p.PatchNameserverGroupHandler).Methods("PATCH")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.GetNameserverGroup).Methods("GET")
+			router.HandleFunc("/api/dns/nameservers", p.CreateNameserverGroup).Methods("POST")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.DeleteNameserverGroup).Methods("DELETE")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.UpdateNameserverGroup).Methods("PUT")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.PatchNameserverGroup).Methods("PATCH")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/peers_handler.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
@@ -13,14 +14,15 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// Peers is a handler that returns peers of the account
-type Peers struct {
+// PeersHandler is a handler that returns peers of the account
+type PeersHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-func NewPeers(accountManager server.AccountManager, authCfg AuthCfg) *Peers {
-	return &Peers{
+// NewPeersHandler creates a new PeersHandler HTTP handler
+func NewPeersHandler(accountManager server.AccountManager, authCfg AuthCfg) *PeersHandler {
+	return &PeersHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,7 +31,7 @@ func NewPeers(accountManager server.AccountManager, authCfg AuthCfg) *Peers {
 	}
 }
 
-func (h *Peers) getPeer(account *server.Account, peerID, userID string, w http.ResponseWriter) {
+func (h *PeersHandler) getPeer(account *server.Account, peerID, userID string, w http.ResponseWriter) {
 	peer, err := h.accountManager.GetPeer(account.Id, peerID, userID)
 	if err != nil {
 		util.WriteError(err, w)
@@ -39,7 +41,7 @@ func (h *Peers) getPeer(account *server.Account, peerID, userID string, w http.R
 	util.WriteJSONObject(w, toPeerResponse(peer, account, h.accountManager.GetDNSDomain()))
 }
 
-func (h *Peers) updatePeer(account *server.Account, user *server.User, peerID string, w http.ResponseWriter, r *http.Request) {
+func (h *PeersHandler) updatePeer(account *server.Account, user *server.User, peerID string, w http.ResponseWriter, r *http.Request) {
 	req := &api.PutApiPeersIdJSONBody{}
 	err := json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
@@ -58,7 +60,7 @@ func (h *Peers) updatePeer(account *server.Account, user *server.User, peerID st
 	util.WriteJSONObject(w, toPeerResponse(peer, account, dnsDomain))
 }
 
-func (h *Peers) deletePeer(accountID, userID string, peerID string, w http.ResponseWriter) {
+func (h *PeersHandler) deletePeer(accountID, userID string, peerID string, w http.ResponseWriter) {
 	_, err := h.accountManager.DeletePeer(accountID, peerID, userID)
 	if err != nil {
 		util.WriteError(err, w)
@@ -67,7 +69,8 @@ func (h *Peers) deletePeer(accountID, userID string, peerID string, w http.Respo
 	util.WriteJSONObject(w, "")
 }
 
-func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
+// HandlePeer handles all peer requests for GET, PUT and DELETE operations
+func (h *PeersHandler) HandlePeer(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -96,7 +99,8 @@ func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func (h *Peers) GetPeers(w http.ResponseWriter, r *http.Request) {
+// GetAllPeers returns a list of all peers associated with a provided account
+func (h *PeersHandler) GetAllPeers(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
 		claims := h.claimsExtractor.FromRequestContext(r)

management/server/http/peers_handler_test.go

@@ -3,7 +3,6 @@ package http
 import (
 	"bytes"
 	"encoding/json"
-	"github.com/gorilla/mux"
 	"io"
 	"net"
 	"net/http"
@@ -11,19 +10,22 @@ import (
 	"testing"
 	"time"
 
+	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server/http/api"
 
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 
 	"github.com/magiconair/properties/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
 
 const testPeerID = "test_peer"
 
-func initTestMetaData(peers ...*server.Peer) *Peers {
-	return &Peers{
+func initTestMetaData(peers ...*server.Peer) *PeersHandler {
+	return &PeersHandler{
 		accountManager: &mock_server.MockAccountManager{
 			UpdatePeerFunc: func(accountID, userID string, update *server.Peer) (*server.Peer, error) {
 				p := peers[0].Copy()
@@ -68,7 +70,7 @@ func initTestMetaData(peers ...*server.Peer) *Peers {
 	}
 }
 
-// Tests the GetPeers endpoint reachable in the route /api/peers
+// Tests the GetAllPeers endpoint reachable in the route /api/peers
 // Use the metadata generated by initTestMetaData() to check for values
 func TestGetPeers(t *testing.T) {
 
@@ -143,7 +145,7 @@ func TestGetPeers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/peers/", p.GetPeers).Methods("GET")
+			router.HandleFunc("/api/peers/", p.GetAllPeers).Methods("GET")
 			router.HandleFunc("/api/peers/{id}", p.HandlePeer).Methods("GET")
 			router.HandleFunc("/api/peers/{id}", p.HandlePeer).Methods("PUT")
 			router.ServeHTTP(recorder, req)

management/server/http/routes_handler.go

@@ -6,6 +6,7 @@ import (
 	"unicode/utf8"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
@@ -14,15 +15,15 @@ import (
 	"github.com/netbirdio/netbird/route"
 )
 
-// Routes is the routes handler of the account
-type Routes struct {
+// RoutesHandler is the routes handler of the account
+type RoutesHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-// NewRoutes returns a new instance of Routes handler
-func NewRoutes(accountManager server.AccountManager, authCfg AuthCfg) *Routes {
-	return &Routes{
+// NewRoutesHandler returns a new instance of RoutesHandler handler
+func NewRoutesHandler(accountManager server.AccountManager, authCfg AuthCfg) *RoutesHandler {
+	return &RoutesHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -31,8 +32,8 @@ func NewRoutes(accountManager server.AccountManager, authCfg AuthCfg) *Routes {
 	}
 }
 
-// GetAllRoutesHandler returns the list of routes for the account
-func (h *Routes) GetAllRoutesHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllRoutes returns the list of routes for the account
+func (h *RoutesHandler) GetAllRoutes(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -53,8 +54,8 @@ func (h *Routes) GetAllRoutesHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, apiRoutes)
 }
 
-// CreateRouteHandler handles route creation request
-func (h *Routes) CreateRouteHandler(w http.ResponseWriter, r *http.Request) {
+// CreateRoute handles route creation request
+func (h *RoutesHandler) CreateRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -92,8 +93,8 @@ func (h *Routes) CreateRouteHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// UpdateRouteHandler handles update to a route identified by a given ID
-func (h *Routes) UpdateRouteHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateRoute handles update to a route identified by a given ID
+func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -158,8 +159,8 @@ func (h *Routes) UpdateRouteHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// PatchRouteHandler handles patch updates to a route identified by a given ID
-func (h *Routes) PatchRouteHandler(w http.ResponseWriter, r *http.Request) {
+// PatchRoute handles patch updates to a route identified by a given ID
+func (h *RoutesHandler) PatchRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -299,8 +300,8 @@ func (h *Routes) PatchRouteHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// DeleteRouteHandler handles route deletion request
-func (h *Routes) DeleteRouteHandler(w http.ResponseWriter, r *http.Request) {
+// DeleteRoute handles route deletion request
+func (h *RoutesHandler) DeleteRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -323,8 +324,8 @@ func (h *Routes) DeleteRouteHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, "")
 }
 
-// GetRouteHandler handles a route Get request identified by ID
-func (h *Routes) GetRouteHandler(w http.ResponseWriter, r *http.Request) {
+// GetRoute handles a route Get request identified by ID
+func (h *RoutesHandler) GetRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/routes_handler_test.go

@@ -17,6 +17,7 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/magiconair/properties/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
@@ -60,8 +61,8 @@ var testingAccount = &server.Account{
 	},
 }
 
-func initRoutesTestData() *Routes {
-	return &Routes{
+func initRoutesTestData() *RoutesHandler {
+	return &RoutesHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetRouteFunc: func(_, routeID, _ string) (*route.Route, error) {
 				if routeID == existingRouteID {
@@ -352,11 +353,11 @@ func TestRoutesHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/routes/{id}", p.GetRouteHandler).Methods("GET")
-			router.HandleFunc("/api/routes/{id}", p.DeleteRouteHandler).Methods("DELETE")
-			router.HandleFunc("/api/routes", p.CreateRouteHandler).Methods("POST")
-			router.HandleFunc("/api/routes/{id}", p.UpdateRouteHandler).Methods("PUT")
-			router.HandleFunc("/api/routes/{id}", p.PatchRouteHandler).Methods("PATCH")
+			router.HandleFunc("/api/routes/{id}", p.GetRoute).Methods("GET")
+			router.HandleFunc("/api/routes/{id}", p.DeleteRoute).Methods("DELETE")
+			router.HandleFunc("/api/routes", p.CreateRoute).Methods("POST")
+			router.HandleFunc("/api/routes/{id}", p.UpdateRoute).Methods("PUT")
+			router.HandleFunc("/api/routes/{id}", p.PatchRoute).Methods("PATCH")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/rules_handler.go

@@ -5,22 +5,24 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+	"github.com/rs/xid"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/rs/xid"
 )
 
-// Rules is a handler that returns rules of the account
-type Rules struct {
+// RulesHandler is a handler that returns rules of the account
+type RulesHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-func NewRules(accountManager server.AccountManager, authCfg AuthCfg) *Rules {
-	return &Rules{
+// NewRulesHandler creates a new RulesHandler HTTP handler
+func NewRulesHandler(accountManager server.AccountManager, authCfg AuthCfg) *RulesHandler {
+	return &RulesHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,8 +31,8 @@ func NewRules(accountManager server.AccountManager, authCfg AuthCfg) *Rules {
 	}
 }
 
-// GetAllRulesHandler list for the account
-func (h *Rules) GetAllRulesHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllRules list for the account
+func (h *RulesHandler) GetAllRules(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -51,8 +53,8 @@ func (h *Rules) GetAllRulesHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, rules)
 }
 
-// UpdateRuleHandler handles update to a rule identified by a given ID
-func (h *Rules) UpdateRuleHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateRule handles update to a rule identified by a given ID
+func (h *RulesHandler) UpdateRule(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -122,8 +124,8 @@ func (h *Rules) UpdateRuleHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// PatchRuleHandler handles patch updates to a rule identified by a given ID
-func (h *Rules) PatchRuleHandler(w http.ResponseWriter, r *http.Request) {
+// PatchRule handles patch updates to a rule identified by a given ID
+func (h *RulesHandler) PatchRule(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, _, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -265,8 +267,8 @@ func (h *Rules) PatchRuleHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// CreateRuleHandler handles rule creation request
-func (h *Rules) CreateRuleHandler(w http.ResponseWriter, r *http.Request) {
+// CreateRule handles rule creation request
+func (h *RulesHandler) CreateRule(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -324,8 +326,8 @@ func (h *Rules) CreateRuleHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }
 
-// DeleteRuleHandler handles rule deletion request
-func (h *Rules) DeleteRuleHandler(w http.ResponseWriter, r *http.Request) {
+// DeleteRule handles rule deletion request
+func (h *RulesHandler) DeleteRule(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -349,8 +351,8 @@ func (h *Rules) DeleteRuleHandler(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, "")
 }
 
-// GetRuleHandler handles a group Get request identified by ID
-func (h *Rules) GetRuleHandler(w http.ResponseWriter, r *http.Request) {
+// GetRule handles a group Get request identified by ID
+func (h *RulesHandler) GetRule(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/rules_handler_test.go

@@ -13,15 +13,17 @@ import (
 	"github.com/netbirdio/netbird/management/server/http/api"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 
 	"github.com/magiconair/properties/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
 
-func initRulesTestData(rules ...*server.Rule) *Rules {
-	return &Rules{
+func initRulesTestData(rules ...*server.Rule) *RulesHandler {
+	return &RulesHandler{
 		accountManager: &mock_server.MockAccountManager{
 			SaveRuleFunc: func(_, _ string, rule *server.Rule) error {
 				if !strings.HasPrefix(rule.ID, "id-") {
@@ -132,7 +134,7 @@ func TestRulesGetRule(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/rules/{id}", p.GetRuleHandler).Methods("GET")
+			router.HandleFunc("/api/rules/{id}", p.GetRule).Methods("GET")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()
@@ -278,9 +280,9 @@ func TestRulesWriteRule(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/rules", p.CreateRuleHandler).Methods("POST")
-			router.HandleFunc("/api/rules/{id}", p.UpdateRuleHandler).Methods("PUT")
-			router.HandleFunc("/api/rules/{id}", p.PatchRuleHandler).Methods("PATCH")
+			router.HandleFunc("/api/rules", p.CreateRule).Methods("POST")
+			router.HandleFunc("/api/rules/{id}", p.UpdateRule).Methods("PUT")
+			router.HandleFunc("/api/rules/{id}", p.PatchRule).Methods("PATCH")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/setupkeys_handler.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
@@ -13,14 +14,15 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-// SetupKeys is a handler that returns a list of setup keys of the account
-type SetupKeys struct {
+// SetupKeysHandler is a handler that returns a list of setup keys of the account
+type SetupKeysHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-func NewSetupKeysHandler(accountManager server.AccountManager, authCfg AuthCfg) *SetupKeys {
-	return &SetupKeys{
+// NewSetupKeysHandler creates a new SetupKeysHandler HTTP handler
+func NewSetupKeysHandler(accountManager server.AccountManager, authCfg AuthCfg) *SetupKeysHandler {
+	return &SetupKeysHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,8 +31,8 @@ func NewSetupKeysHandler(accountManager server.AccountManager, authCfg AuthCfg)
 	}
 }
 
-// CreateSetupKeyHandler is a POST requests that creates a new SetupKey
-func (h *SetupKeys) CreateSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
+// CreateSetupKey is a POST requests that creates a new SetupKey
+func (h *SetupKeysHandler) CreateSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -72,8 +74,8 @@ func (h *SetupKeys) CreateSetupKeyHandler(w http.ResponseWriter, r *http.Request
 	writeSuccess(w, setupKey)
 }
 
-// GetSetupKeyHandler is a GET request to get a SetupKey by ID
-func (h *SetupKeys) GetSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
+// GetSetupKey is a GET request to get a SetupKey by ID
+func (h *SetupKeysHandler) GetSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -97,8 +99,8 @@ func (h *SetupKeys) GetSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
 	writeSuccess(w, key)
 }
 
-// UpdateSetupKeyHandler is a PUT request to update server.SetupKey
-func (h *SetupKeys) UpdateSetupKeyHandler(w http.ResponseWriter, r *http.Request) {
+// UpdateSetupKey is a PUT request to update server.SetupKey
+func (h *SetupKeysHandler) UpdateSetupKey(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {
@@ -144,8 +146,8 @@ func (h *SetupKeys) UpdateSetupKeyHandler(w http.ResponseWriter, r *http.Request
 	writeSuccess(w, newKey)
 }
 
-// GetAllSetupKeysHandler is a GET request that returns a list of SetupKey
-func (h *SetupKeys) GetAllSetupKeysHandler(w http.ResponseWriter, r *http.Request) {
+// GetAllSetupKeys is a GET request that returns a list of SetupKey
+func (h *SetupKeysHandler) GetAllSetupKeys(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
 	account, user, err := h.accountManager.GetAccountFromToken(claims)
 	if err != nil {

management/server/http/setupkeys_handler_test.go

@@ -11,9 +11,10 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/stretchr/testify/assert"
+
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/stretchr/testify/assert"
 
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 
@@ -30,8 +31,8 @@ const (
 
 func initSetupKeysTestMetaData(defaultKey *server.SetupKey, newKey *server.SetupKey, updatedSetupKey *server.SetupKey,
 	user *server.User,
-) *SetupKeys {
-	return &SetupKeys{
+) *SetupKeysHandler {
+	return &SetupKeysHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
 				return &server.Account{
@@ -171,10 +172,10 @@ func TestSetupKeysHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
 
 			router := mux.NewRouter()
-			router.HandleFunc("/api/setup-keys", handler.GetAllSetupKeysHandler).Methods("GET", "OPTIONS")
-			router.HandleFunc("/api/setup-keys", handler.CreateSetupKeyHandler).Methods("POST", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{id}", handler.GetSetupKeyHandler).Methods("GET", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{id}", handler.UpdateSetupKeyHandler).Methods("PUT", "OPTIONS")
+			router.HandleFunc("/api/setup-keys", handler.GetAllSetupKeys).Methods("GET", "OPTIONS")
+			router.HandleFunc("/api/setup-keys", handler.CreateSetupKey).Methods("POST", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{id}", handler.GetSetupKey).Methods("GET", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{id}", handler.UpdateSetupKey).Methods("PUT", "OPTIONS")
 			router.ServeHTTP(recorder, req)
 
 			res := recorder.Result()

management/server/http/users_handler.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/status"
@@ -13,13 +14,15 @@ import (
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )
 
-type UserHandler struct {
+// UsersHandler is a handler that returns users of the account
+type UsersHandler struct {
 	accountManager  server.AccountManager
 	claimsExtractor *jwtclaims.ClaimsExtractor
 }
 
-func NewUserHandler(accountManager server.AccountManager, authCfg AuthCfg) *UserHandler {
-	return &UserHandler{
+// NewUsersHandler creates a new UsersHandler HTTP handler
+func NewUsersHandler(accountManager server.AccountManager, authCfg AuthCfg) *UsersHandler {
+	return &UsersHandler{
 		accountManager: accountManager,
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(authCfg.Audience),
@@ -29,7 +32,7 @@ func NewUserHandler(accountManager server.AccountManager, authCfg AuthCfg) *User
 }
 
 // UpdateUser is a PUT requests to update User data
-func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
+func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPut {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -74,8 +77,8 @@ func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toUserResponse(newUser, claims.UserId))
 }
 
-// CreateUserHandler creates a User in the system with a status "invited" (effectively this is a user invite).
-func (h *UserHandler) CreateUserHandler(w http.ResponseWriter, r *http.Request) {
+// CreateUser creates a User in the system with a status "invited" (effectively this is a user invite).
+func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return
@@ -113,9 +116,9 @@ func (h *UserHandler) CreateUserHandler(w http.ResponseWriter, r *http.Request)
 	util.WriteJSONObject(w, toUserResponse(newUser, claims.UserId))
 }
 
-// GetUsers returns a list of users of the account this user belongs to.
+// GetAllUsers returns a list of users of the account this user belongs to.
 // It also gathers additional user data (like email and name) from the IDP manager.
-func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
+func (h *UsersHandler) GetAllUsers(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodGet {
 		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
 		return

management/server/http/users_handler_test.go

@@ -8,13 +8,14 @@ import (
 	"testing"
 
 	"github.com/magiconair/properties/assert"
+
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 )
 
-func initUsers(user ...*server.User) *UserHandler {
-	return &UserHandler{
+func initUsers(user ...*server.User) *UsersHandler {
+	return &UsersHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
 				users := make(map[string]*server.User, 0)
@@ -72,7 +73,7 @@ func TestGetUsers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
 			rr := httptest.NewRecorder()
 
-			userHandler.GetUsers(rr, req)
+			userHandler.GetAllUsers(rr, req)
 
 			res := rr.Result()
 			defer res.Body.Close()

management/server/management_test.go

@@ -240,7 +240,8 @@ var _ = Describe("Management service", func() {
 		Context("with an invalid setup key", func() {
 			Specify("an error is returned", func() {
 				key, _ := wgtypes.GenerateKey()
-				message, err := encryption.EncryptMessage(serverPubKey, key, &mgmtProto.LoginRequest{SetupKey: "invalid setup key"})
+				message, err := encryption.EncryptMessage(serverPubKey, key, &mgmtProto.LoginRequest{SetupKey: "invalid setup key",
+					Meta: &mgmtProto.PeerSystemMeta{}})
 				Expect(err).NotTo(HaveOccurred())
 
 				resp, err := client.Login(context.TODO(), &mgmtProto.EncryptedMessage{
@@ -269,7 +270,7 @@ var _ = Describe("Management service", func() {
 				Expect(regResp).NotTo(BeNil())
 
 				// just login without registration
-				message, err := encryption.EncryptMessage(serverPubKey, key, &mgmtProto.LoginRequest{})
+				message, err := encryption.EncryptMessage(serverPubKey, key, &mgmtProto.LoginRequest{Meta: &mgmtProto.PeerSystemMeta{}})
 				Expect(err).NotTo(HaveOccurred())
 				loginResp, err := client.Login(context.TODO(), &mgmtProto.EncryptedMessage{
 					WgPubKey: key.PublicKey().String(),

management/server/mock_server/account_mock.go

@@ -1,14 +1,16 @@
 package mock_server
 
 import (
+	"time"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/route"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"time"
 )
 
 type MockAccountManager struct {
@@ -69,8 +71,9 @@ type MockAccountManager struct {
 	SaveDNSSettingsFunc             func(accountID, userID string, dnsSettingsToSave *server.DNSSettings) error
 	GetPeerFunc                     func(accountID, peerID, userID string) (*server.Peer, error)
 	GetAccountByPeerIDFunc          func(peerID string) (*server.Account, error)
-	UpdatePeerLastLoginFunc         func(peerID string) error
 	UpdateAccountSettingsFunc       func(accountID, userID string, newSettings *server.Settings) (*server.Account, error)
+	LoginPeerFunc                   func(login server.PeerLogin) (*server.Peer, error)
+	SyncPeerFunc                    func(sync server.PeerSync) (*server.Peer, *server.NetworkMap, error)
 }
 
 // GetUsersFromAccount mock implementation of GetUsersFromAccount from server.AccountManager interface
@@ -496,7 +499,7 @@ func (am *MockAccountManager) GetPeers(accountID, userID string) ([]*server.Peer
 	if am.GetAccountFromTokenFunc != nil {
 		return am.GetPeersFunc(accountID, userID)
 	}
-	return nil, status.Errorf(codes.Unimplemented, "method GetPeers is not implemented")
+	return nil, status.Errorf(codes.Unimplemented, "method GetAllPeers is not implemented")
 }
 
 // GetDNSDomain mocks GetDNSDomain of the AccountManager interface
@@ -512,7 +515,7 @@ func (am *MockAccountManager) GetEvents(accountID, userID string) ([]*activity.E
 	if am.GetEventsFunc != nil {
 		return am.GetEventsFunc(accountID, userID)
 	}
-	return nil, status.Errorf(codes.Unimplemented, "method GetEvents is not implemented")
+	return nil, status.Errorf(codes.Unimplemented, "method GetAllEvents is not implemented")
 }
 
 // GetDNSSettings mocks GetDNSSettings of the AccountManager interface
@@ -547,14 +550,6 @@ func (am *MockAccountManager) GetAccountByPeerID(peerID string) (*server.Account
 	return nil, status.Errorf(codes.Unimplemented, "method GetAccountByPeerID is not implemented")
 }
 
-// UpdatePeerLastLogin mocks UpdatePeerLastLogin of the AccountManager interface
-func (am *MockAccountManager) UpdatePeerLastLogin(peerID string) error {
-	if am.UpdatePeerLastLoginFunc != nil {
-		return am.UpdatePeerLastLoginFunc(peerID)
-	}
-	return status.Errorf(codes.Unimplemented, "method UpdatePeerLastLogin is not implemented")
-}
-
 // UpdateAccountSettings mocks UpdateAccountSettings of the AccountManager interface
 func (am *MockAccountManager) UpdateAccountSettings(accountID, userID string, newSettings *server.Settings) (*server.Account, error) {
 	if am.UpdateAccountSettingsFunc != nil {
@@ -562,3 +557,19 @@ func (am *MockAccountManager) UpdateAccountSettings(accountID, userID string, ne
 	}
 	return nil, status.Errorf(codes.Unimplemented, "method UpdateAccountSettings is not implemented")
 }
+
+// LoginPeer mocks LoginPeer of the AccountManager interface
+func (am *MockAccountManager) LoginPeer(login server.PeerLogin) (*server.Peer, error) {
+	if am.LoginPeerFunc != nil {
+		return am.LoginPeerFunc(login)
+	}
+	return nil, status.Errorf(codes.Unimplemented, "method LoginPeer is not implemented")
+}
+
+// SyncPeer mocks SyncPeer of the AccountManager interface
+func (am *MockAccountManager) SyncPeer(sync server.PeerSync) (*server.Peer, *server.NetworkMap, error) {
+	if am.SyncPeerFunc != nil {
+		return am.SyncPeerFunc(sync)
+	}
+	return nil, nil, status.Errorf(codes.Unimplemented, "method SyncPeer is not implemented")
+}

management/server/peer.go

@@ -36,6 +36,26 @@ type PeerStatus struct {
 	LoginExpired bool
 }
 
+// PeerSync used as a data object between the gRPC API and AccountManager on Sync request.
+type PeerSync struct {
+	// WireGuardPubKey is a peers WireGuard public key
+	WireGuardPubKey string
+}
+
+// PeerLogin used as a data object between the gRPC API and AccountManager on Login request.
+type PeerLogin struct {
+	// WireGuardPubKey is a peers WireGuard public key
+	WireGuardPubKey string
+	// SSHKey is a peer's ssh key. Can be empty (e.g., old version do not provide it, or this feature is disabled)
+	SSHKey string
+	// Meta is the system information passed by peer, must be always present.
+	Meta PeerSystemMeta
+	// UserID indicates that JWT was used to log in, and it was valid. Can be empty when SetupKey is used or auth is not required.
+	UserID string
+	// SetupKey references to a server.SetupKey to log in. Can be empty when UserID is used or auth is not required.
+	SetupKey string
+}
+
 // Peer represents a machine connected to the network.
 // The Peer is a WireGuard peer identified by a public key
 type Peer struct {
@@ -93,17 +113,35 @@ func (p *Peer) Copy() *Peer {
 	}
 }
 
+// UpdateMeta updates peer's system meta data
+func (p *Peer) UpdateMeta(meta PeerSystemMeta) {
+	// Avoid overwriting UIVersion if the update was triggered sole by the CLI client
+	if meta.UIVersion == "" {
+		meta.UIVersion = p.Meta.UIVersion
+	}
+	p.Meta = meta
+}
+
+// MarkLoginExpired marks peer's status expired or not
+func (p *Peer) MarkLoginExpired(expired bool) {
+	newStatus := p.Status.Copy()
+	newStatus.LoginExpired = expired
+	if expired {
+		newStatus.Connected = false
+	}
+	p.Status = newStatus
+}
+
 // LoginExpired indicates whether the peer's login has expired or not.
 // If Peer.LastLogin plus the expiresIn duration has happened already; then login has expired.
 // Return true if a login has expired, false otherwise, and time left to expiration (negative when expired).
 // Login expiration can be disabled/enabled on a Peer level via Peer.LoginExpirationEnabled property.
-// Login expiration can also be disabled/enabled globally on the Account level via Settings.PeerLoginExpirationEnabled
-// and if disabled on the Account level, then Peer.LoginExpirationEnabled is ineffective.
-func (p *Peer) LoginExpired(accountSettings *Settings) (bool, time.Duration) {
-	expiresAt := p.LastLogin.Add(accountSettings.PeerLoginExpiration)
+// Login expiration can also be disabled/enabled globally on the Account level via Settings.PeerLoginExpirationEnabled.
+func (p *Peer) LoginExpired(expiresIn time.Duration) (bool, time.Duration) {
+	expiresAt := p.LastLogin.Add(expiresIn)
 	now := time.Now()
 	timeLeft := expiresAt.Sub(now)
-	return accountSettings.PeerLoginExpirationEnabled && p.LoginExpirationEnabled && (timeLeft <= 0), timeLeft
+	return p.LoginExpirationEnabled && (timeLeft <= 0), timeLeft
 }
 
 // FQDN returns peers FQDN combined of the peer's DNS label and the system's DNS domain
@@ -181,6 +219,18 @@ func (am *DefaultAccountManager) GetPeers(accountID, userID string) ([]*Peer, er
 	return peers, nil
 }
 
+func (am *DefaultAccountManager) markPeerLoginExpired(peer *Peer, account *Account, expired bool) (*Peer, error) {
+	peer.MarkLoginExpired(expired)
+	account.UpdatePeer(peer)
+
+	err := am.Store.SavePeerStatus(account.Id, peer.ID, *peer.Status)
+	if err != nil {
+		return nil, err
+	}
+
+	return peer, nil
+}
+
 // MarkPeerLoginExpired when peer login has expired
 func (am *DefaultAccountManager) MarkPeerLoginExpired(peerPubKey string, loginExpired bool) error {
 	account, err := am.Store.GetAccountByPeerPubKey(peerPubKey)
@@ -202,13 +252,10 @@ func (am *DefaultAccountManager) MarkPeerLoginExpired(peerPubKey string, loginEx
 		return err
 	}
 
-	newStatus := peer.Status.Copy()
-	newStatus.LastSeen = time.Now()
-	newStatus.LoginExpired = loginExpired
-	peer.Status = newStatus
+	peer.MarkLoginExpired(loginExpired)
 	account.UpdatePeer(peer)
 
-	err = am.Store.SavePeerStatus(account.Id, peer.ID, *newStatus)
+	err = am.Store.SavePeerStatus(account.Id, peer.ID, *peer.Status)
 	if err != nil {
 		return err
 	}
@@ -237,7 +284,8 @@ func (am *DefaultAccountManager) MarkPeerConnected(peerPubKey string, connected
 		return err
 	}
 
-	newStatus := peer.Status.Copy()
+	oldStatus := peer.Status.Copy()
+	newStatus := oldStatus
 	newStatus.LastSeen = time.Now()
 	newStatus.Connected = connected
 	// whenever peer got connected that means that it logged in successfully
@@ -251,6 +299,20 @@ func (am *DefaultAccountManager) MarkPeerConnected(peerPubKey string, connected
 	if err != nil {
 		return err
 	}
+
+	if peer.AddedWithSSOLogin() && peer.LoginExpirationEnabled && account.Settings.PeerLoginExpirationEnabled {
+		am.checkAndSchedulePeerLoginExpiration(account)
+	}
+
+	if oldStatus.LoginExpired {
+		// we need to update other peers because when peer login expires all other peers are notified to disconnect from
+		//the expired one. Here we notify them that connection is now allowed again.
+		err = am.updateAccountPeers(account)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -307,6 +369,10 @@ func (am *DefaultAccountManager) UpdatePeer(accountID, userID string, update *Pe
 			event = activity.PeerLoginExpirationDisabled
 		}
 		am.storeEvent(userID, peer.IP.String(), accountID, event, peer.EventMeta(am.GetDNSDomain()))
+
+		if peer.AddedWithSSOLogin() && peer.LoginExpirationEnabled && account.Settings.PeerLoginExpirationEnabled {
+			am.checkAndSchedulePeerLoginExpiration(account)
+		}
 	}
 
 	account.UpdatePeer(peer)
@@ -394,6 +460,34 @@ func (am *DefaultAccountManager) GetPeerByIP(accountID string, peerIP string) (*
 	return nil, status.Errorf(status.NotFound, "peer with IP %s not found", peerIP)
 }
 
+func (am *DefaultAccountManager) getNetworkMap(peer *Peer, account *Account) *NetworkMap {
+	aclPeers := account.getPeersByACL(peer.ID)
+	// Please mind, that the returned route.Route objects will contain Peer.Key instead of Peer.ID.
+	routesUpdate := account.getRoutesToSync(peer.ID, aclPeers)
+
+	dnsManagementStatus := account.getPeerDNSManagementStatus(peer.ID)
+	dnsUpdate := nbdns.Config{
+		ServiceEnable: dnsManagementStatus,
+	}
+
+	if dnsManagementStatus {
+		var zones []nbdns.CustomZone
+		peersCustomZone := getPeersCustomZone(account, am.dnsDomain)
+		if peersCustomZone.Domain != "" {
+			zones = append(zones, peersCustomZone)
+		}
+		dnsUpdate.CustomZones = zones
+		dnsUpdate.NameServerGroups = getPeerNSGroups(account, peer.ID)
+	}
+
+	return &NetworkMap{
+		Peers:     aclPeers,
+		Network:   account.Network.Copy(),
+		Routes:    routesUpdate,
+		DNSConfig: dnsUpdate,
+	}
+}
+
 // GetNetworkMap returns Network map for a given peer (omits original peer from the Peers result)
 func (am *DefaultAccountManager) GetNetworkMap(peerID string) (*NetworkMap, error) {
 
@@ -407,31 +501,7 @@ func (am *DefaultAccountManager) GetNetworkMap(peerID string) (*NetworkMap, erro
 		return nil, status.Errorf(status.NotFound, "peer with ID %s not found", peerID)
 	}
 
-	aclPeers := account.getPeersByACL(peerID)
-	// Please mind, that the returned route.Route objects will contain Peer.Key instead of Peer.ID.
-	routesUpdate := account.getRoutesToSync(peerID, aclPeers)
-
-	dnsManagementStatus := account.getPeerDNSManagementStatus(peerID)
-	dnsUpdate := nbdns.Config{
-		ServiceEnable: dnsManagementStatus,
-	}
-
-	if dnsManagementStatus {
-		var zones []nbdns.CustomZone
-		peersCustomZone := getPeersCustomZone(account, am.dnsDomain)
-		if peersCustomZone.Domain != "" {
-			zones = append(zones, peersCustomZone)
-		}
-		dnsUpdate.CustomZones = zones
-		dnsUpdate.NameServerGroups = getPeerNSGroups(account, peerID)
-	}
-
-	return &NetworkMap{
-		Peers:     aclPeers,
-		Network:   account.Network.Copy(),
-		Routes:    routesUpdate,
-		DNSConfig: dnsUpdate,
-	}, err
+	return am.getNetworkMap(peer, account), nil
 }
 
 // GetPeerNetwork returns the Network for a given peer
@@ -446,13 +516,17 @@ func (am *DefaultAccountManager) GetPeerNetwork(peerID string) (*Network, error)
 }
 
 // AddPeer adds a new peer to the Store.
-// Each Account has a list of pre-authorised SetupKey and if no Account has a given key err with a code codes.Unauthenticated
-// will be returned, meaning the key is invalid
+// Each Account has a list of pre-authorized SetupKey and if no Account has a given key err with a code status.PermissionDenied
+// will be returned, meaning the setup key is invalid or not found.
 // If a User ID is provided, it means that we passed the authentication using JWT, then we look for account by User ID and register the peer
-// to it. We also add the User ID to the peer metadata to identify registrant.
+// to it. We also add the User ID to the peer metadata to identify registrant. If no userID provided, then fail with status.PermissionDenied
 // Each new Peer will be assigned a new next net.IP from the Account.Network and Account.Network.LastIP will be updated (IP's are not reused).
 // The peer property is just a placeholder for the Peer properties to pass further
 func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *Peer) (*Peer, error) {
+	if setupKey == "" && userID == "" {
+		// no auth method provided => reject access
+		return nil, status.Errorf(status.Unauthenticated, "no peer auth method provided, please use a setup key or interactive SSO login")
+	}
 
 	upperKey := strings.ToUpper(setupKey)
 	var account *Account
@@ -504,7 +578,7 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *Peer) (*
 	takenIps := account.getTakenIPs()
 	existingLabels := account.getPeerDNSLabels()
 
-	newLabel, err := getPeerHostLabel(peer.Name, existingLabels)
+	newLabel, err := getPeerHostLabel(peer.Meta.Hostname, existingLabels)
 	if err != nil {
 		return nil, err
 	}
@@ -522,14 +596,14 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *Peer) (*
 		SetupKey:               upperKey,
 		IP:                     nextIp,
 		Meta:                   peer.Meta,
-		Name:                   peer.Name,
+		Name:                   peer.Meta.Hostname,
 		DNSLabel:               newLabel,
 		UserID:                 userID,
 		Status:                 &PeerStatus{Connected: false, LastSeen: time.Now()},
 		SSHEnabled:             false,
 		SSHKey:                 peer.SSHKey,
 		LastLogin:              time.Now(),
-		LoginExpirationEnabled: false,
+		LoginExpirationEnabled: true,
 	}
 
 	// add peer to 'All' group
@@ -571,43 +645,163 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *Peer) (*
 	opEvent.Meta = newPeer.EventMeta(am.GetDNSDomain())
 	am.storeEvent(opEvent.InitiatorID, opEvent.TargetID, opEvent.AccountID, opEvent.Activity, opEvent.Meta)
 
+	err = am.updateAccountPeers(account)
+	if err != nil {
+		return nil, err
+	}
+
 	return newPeer, nil
 }
 
-// UpdatePeerLastLogin sets Peer.LastLogin to the current timestamp.
-func (am *DefaultAccountManager) UpdatePeerLastLogin(peerID string) error {
-	account, err := am.Store.GetAccountByPeerID(peerID)
-	if err != nil {
-		return err
+func (am *DefaultAccountManager) checkPeerLoginExpiration(loginUserID string, peer *Peer, account *Account) error {
+	if peer.AddedWithSSOLogin() {
+		expired, expiresIn := peer.LoginExpired(account.Settings.PeerLoginExpiration)
+		expired = account.Settings.PeerLoginExpirationEnabled && expired
+		if expired || peer.Status.LoginExpired {
+			log.Debugf("peer %s login expired", peer.ID)
+			if loginUserID == "" {
+				// absence of a user ID indicates that JWT wasn't provided.
+				_, err := am.markPeerLoginExpired(peer, account, true)
+				if err != nil {
+					return err
+				}
+				return status.Errorf(status.PermissionDenied,
+					"peer login has expired %v ago. Please log in once more", expiresIn)
+			} else {
+				// user ID is there meaning that JWT validation passed successfully in the API layer.
+				if peer.UserID != loginUserID {
+					log.Warnf("user mismatch when loggin in peer %s: peer user %s, login user %s ", peer.ID, peer.UserID, loginUserID)
+					return status.Errorf(status.Unauthenticated, "can't login")
+				}
+				_ = am.updatePeerLastLogin(peer, account)
+			}
+		}
 	}
 
+	return nil
+}
+
+// SyncPeer checks whether peer is eligible for receiving NetworkMap (authenticated) and returns its NetworkMap if eligible
+func (am *DefaultAccountManager) SyncPeer(sync PeerSync) (*Peer, *NetworkMap, error) {
+	account, err := am.Store.GetAccountByPeerPubKey(sync.WireGuardPubKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// we found the peer, and we follow a normal login flow
 	unlock := am.Store.AcquireAccountLock(account.Id)
 	defer unlock()
 
-	// ensure that we consider modification happened meanwhile (because we were outside the account lock when we fetched the account)
+	// fetch the account from the store once more after acquiring lock to avoid concurrent updates inconsistencies
 	account, err = am.Store.GetAccount(account.Id)
 	if err != nil {
-		return err
+		return nil, nil, err
 	}
 
-	peer := account.GetPeer(peerID)
-	if peer == nil {
-		return status.Errorf(status.NotFound, "peer with ID %s not found", peerID)
+	peer, err := account.FindPeerByPubKey(sync.WireGuardPubKey)
+	if err != nil {
+		return nil, nil, err
 	}
 
+	err = am.checkPeerLoginExpiration("", peer, account)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return peer, am.getNetworkMap(peer, account), nil
+
+}
+
+// LoginPeer logs in or registers a peer.
+// If peer doesn't exist the function checks whether a setup key or a user is present and registers a new peer if so.
+func (am *DefaultAccountManager) LoginPeer(login PeerLogin) (*Peer, error) {
+
+	account, err := am.Store.GetAccountByPeerPubKey(login.WireGuardPubKey)
+	if err != nil {
+		if errStatus, ok := status.FromError(err); ok && errStatus.Type() == status.NotFound {
+			// we couldn't find this peer by its public key which can mean that peer hasn't been registered yet.
+			// Try registering it.
+			return am.AddPeer(login.SetupKey, login.UserID, &Peer{
+				Key:    login.WireGuardPubKey,
+				Meta:   login.Meta,
+				SSHKey: login.SSHKey,
+			})
+		}
+		log.Errorf("failed while logging in peer %s: %v", login.WireGuardPubKey, err)
+		return nil, status.Errorf(status.Internal, "failed while logging in peer")
+	}
+
+	// we found the peer, and we follow a normal login flow
+	unlock := am.Store.AcquireAccountLock(account.Id)
+	defer unlock()
+
+	// fetch the account from the store once more after acquiring lock to avoid concurrent updates inconsistencies
+	account, err = am.Store.GetAccount(account.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	peer, err := account.FindPeerByPubKey(login.WireGuardPubKey)
+	if err != nil {
+		return nil, err
+	}
+
+	err = am.checkPeerLoginExpiration(login.UserID, peer, account)
+	if err != nil {
+		return nil, err
+	}
+
+	peer = am.updatePeerMeta(peer, peer.Meta, account)
+
+	peer, err = am.checkAndUpdatePeerSSHKey(peer, account, login.SSHKey)
+	if err != nil {
+		return nil, err
+	}
+
+	err = am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, err
+	}
+
+	return peer, nil
+
+}
+
+func (am *DefaultAccountManager) updatePeerLastLogin(peer *Peer, account *Account) *Peer {
 	peer.LastLogin = time.Now()
 	newStatus := peer.Status.Copy()
 	newStatus.LoginExpired = false
 	peer.Status = newStatus
-
 	account.UpdatePeer(peer)
+	return peer
+}
 
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return err
+func (am *DefaultAccountManager) checkAndUpdatePeerSSHKey(peer *Peer, account *Account, newSshKey string) (*Peer, error) {
+	if len(newSshKey) == 0 {
+		log.Debugf("no new SSH key provided for peer %s, skipping update", peer.ID)
+		return peer, nil
 	}
 
-	return nil
+	if peer.SSHKey == newSshKey {
+		log.Debugf("same SSH key provided for peer %s, skipping update", peer.ID)
+		return peer, nil
+	}
+
+	peer.SSHKey = newSshKey
+	account.UpdatePeer(peer)
+
+	err := am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, err
+	}
+
+	// trigger network map update
+	err = am.updateAccountPeers(account)
+	if err != nil {
+		return nil, err
+	}
+
+	return peer, nil
 }
 
 // UpdatePeerSSHKey updates peer's public SSH key
@@ -699,35 +893,10 @@ func (am *DefaultAccountManager) GetPeer(accountID, peerID, userID string) (*Pee
 	return nil, status.Errorf(status.Internal, "user %s has no access to peer %s under account %s", userID, peerID, accountID)
 }
 
-// UpdatePeerMeta updates peer's system metadata
-func (am *DefaultAccountManager) UpdatePeerMeta(peerID string, meta PeerSystemMeta) error {
-
-	account, err := am.Store.GetAccountByPeerID(peerID)
-	if err != nil {
-		return err
-	}
-
-	unlock := am.Store.AcquireAccountLock(account.Id)
-	defer unlock()
-
-	peer := account.GetPeer(peerID)
-	if peer == nil {
-		return status.Errorf(status.NotFound, "peer with ID %s not found", peerID)
-	}
-
-	// Avoid overwriting UIVersion if the update was triggered sole by the CLI client
-	if meta.UIVersion == "" {
-		meta.UIVersion = peer.Meta.UIVersion
-	}
-
-	peer.Meta = meta
+func (am *DefaultAccountManager) updatePeerMeta(peer *Peer, meta PeerSystemMeta, account *Account) *Peer {
+	peer.UpdateMeta(meta)
 	account.UpdatePeer(peer)
-
-	err = am.Store.SaveAccount(account)
-	if err != nil {
-		return err
-	}
-	return nil
+	return peer
 }
 
 // getPeersByACL returns all peers that given peer has access to.
@@ -775,6 +944,10 @@ func (a *Account) getPeersByACL(peerID string) []*Peer {
 				)
 				continue
 			}
+			expired, _ := peer.LoginExpired(a.Settings.PeerLoginExpiration)
+			if expired {
+				continue
+			}
 			// exclude original peer
 			if _, ok := peersSet[peer.ID]; peer.ID != peerID && !ok {
 				peersSet[peer.ID] = struct{}{}

management/server/peer_test.go

@@ -57,7 +57,7 @@ func TestPeer_LoginExpired(t *testing.T) {
 				LastLogin:              c.lastLogin,
 			}
 
-			expired, _ := peer.LoginExpired(c.accountSettings)
+			expired, _ := peer.LoginExpired(c.accountSettings.PeerLoginExpiration)
 			assert.Equal(t, expired, c.expected)
 		})
 	}
@@ -92,8 +92,7 @@ func TestAccountManager_GetNetworkMap(t *testing.T) {
 
 	peer1, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey1.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-1"},
 	})
 
 	if err != nil {
@@ -108,8 +107,7 @@ func TestAccountManager_GetNetworkMap(t *testing.T) {
 	}
 	_, err = manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey2.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-2"},
 	})
 
 	if err != nil {
@@ -165,8 +163,7 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 
 	peer1, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey1.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-1"},
 	})
 
 	if err != nil {
@@ -181,8 +178,7 @@ func TestAccountManager_GetNetworkMapWithRule(t *testing.T) {
 	}
 	peer2, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey2.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-2"},
 	})
 
 	if err != nil {
@@ -334,8 +330,7 @@ func TestAccountManager_GetPeerNetwork(t *testing.T) {
 
 	peer1, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey1.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-1"},
 	})
 
 	if err != nil {
@@ -350,8 +345,7 @@ func TestAccountManager_GetPeerNetwork(t *testing.T) {
 	}
 	_, err = manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey2.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-2"},
 	})
 
 	if err != nil {
@@ -403,8 +397,7 @@ func TestDefaultAccountManager_GetPeer(t *testing.T) {
 
 	peer1, err := manager.AddPeer("", someUser, &Peer{
 		Key:  peerKey1.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-2"},
 	})
 
 	if err != nil {
@@ -421,8 +414,7 @@ func TestDefaultAccountManager_GetPeer(t *testing.T) {
 	// the second peer added with a setup key
 	peer2, err := manager.AddPeer(setupKey.Key, "", &Peer{
 		Key:  peerKey2.PublicKey().String(),
-		Meta: PeerSystemMeta{},
-		Name: "test-peer-2",
+		Meta: PeerSystemMeta{Hostname: "test-peer-2"},
 	})
 
 	if err != nil {

management/server/scheduler.go

@@ -0,0 +1,114 @@
+package server
+
+import (
+	log "github.com/sirupsen/logrus"
+	"sync"
+	"time"
+)
+
+// Scheduler is an interface which implementations can schedule and cancel jobs
+type Scheduler interface {
+	Cancel(IDs []string)
+	Schedule(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
+}
+
+// MockScheduler is a mock implementation of  Scheduler
+type MockScheduler struct {
+	CancelFunc   func(IDs []string)
+	ScheduleFunc func(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
+}
+
+// Cancel mocks the Cancel function of the Scheduler interface
+func (mock *MockScheduler) Cancel(IDs []string) {
+	if mock.CancelFunc != nil {
+		mock.CancelFunc(IDs)
+		return
+	}
+	log.Errorf("MockScheduler doesn't have Cancel function defined ")
+}
+
+// Schedule mocks the Schedule function of the Scheduler interface
+func (mock *MockScheduler) Schedule(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool)) {
+	if mock.ScheduleFunc != nil {
+		mock.ScheduleFunc(in, ID, job)
+		return
+	}
+	log.Errorf("MockScheduler doesn't have Schedule function defined")
+}
+
+// DefaultScheduler is a generic structure that allows to schedule jobs (functions) to run in the future and cancel them.
+type DefaultScheduler struct {
+	// jobs map holds cancellation channels indexed by the job ID
+	jobs map[string]chan struct{}
+	mu   *sync.Mutex
+}
+
+// NewDefaultScheduler creates an instance of a DefaultScheduler
+func NewDefaultScheduler() *DefaultScheduler {
+	return &DefaultScheduler{
+		jobs: make(map[string]chan struct{}),
+		mu:   &sync.Mutex{},
+	}
+}
+
+func (wm *DefaultScheduler) cancel(ID string) bool {
+	cancel, ok := wm.jobs[ID]
+	if ok {
+		delete(wm.jobs, ID)
+		select {
+		case cancel <- struct{}{}:
+			log.Debugf("cancelled scheduled job %s", ID)
+		default:
+			log.Warnf("couldn't cancel job %s because there was no routine listening on the cancel event", ID)
+			return false
+		}
+
+	}
+	return ok
+}
+
+// Cancel cancels the scheduled job by ID if present.
+// If job wasn't found the function returns false.
+func (wm *DefaultScheduler) Cancel(IDs []string) {
+	wm.mu.Lock()
+	defer wm.mu.Unlock()
+
+	for _, id := range IDs {
+		wm.cancel(id)
+	}
+}
+
+// Schedule a job to run in some time in the future. If job returns true then it will be scheduled one more time.
+// If job with the provided ID already exists, a new one won't be scheduled.
+func (wm *DefaultScheduler) Schedule(in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool)) {
+	wm.mu.Lock()
+	defer wm.mu.Unlock()
+	cancel := make(chan struct{})
+	if _, ok := wm.jobs[ID]; ok {
+		log.Debugf("couldn't schedule a job %s because it already exists. There are %d total jobs scheduled.",
+			ID, len(wm.jobs))
+		return
+	}
+
+	wm.jobs[ID] = cancel
+	log.Debugf("scheduled a job %s to run in %s. There are %d total jobs scheduled.", ID, in.String(), len(wm.jobs))
+	go func() {
+		select {
+		case <-time.After(in):
+			log.Debugf("time to do a scheduled job %s", ID)
+			runIn, reschedule := job()
+			wm.mu.Lock()
+			defer wm.mu.Unlock()
+			delete(wm.jobs, ID)
+			if reschedule {
+				go wm.Schedule(runIn, ID, job)
+			}
+		case <-cancel:
+			log.Debugf("stopped scheduled job %s ", ID)
+			wm.mu.Lock()
+			defer wm.mu.Unlock()
+			delete(wm.jobs, ID)
+			return
+		}
+	}()
+}

management/server/scheduler_test.go

@@ -0,0 +1,94 @@
+package server
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"math/rand"
+	"sync"
+	"testing"
+	"time"
+)
+
+func TestScheduler_Performance(t *testing.T) {
+	scheduler := NewDefaultScheduler()
+	n := 500
+	wg := &sync.WaitGroup{}
+	wg.Add(n)
+	maxMs := 500
+	minMs := 50
+	for i := 0; i < n; i++ {
+		millis := time.Duration(rand.Intn(maxMs-minMs)+minMs) * time.Millisecond
+		go scheduler.Schedule(millis, fmt.Sprintf("test-scheduler-job-%d", i), func() (nextRunIn time.Duration, reschedule bool) {
+			time.Sleep(millis)
+			wg.Done()
+			return 0, false
+		})
+	}
+	failed := waitTimeout(wg, 3*time.Second)
+	if failed {
+		t.Fatal("timed out while waiting for test to finish")
+		return
+	}
+	assert.Len(t, scheduler.jobs, 0)
+}
+
+func TestScheduler_Cancel(t *testing.T) {
+	jobID1 := "test-scheduler-job-1"
+	jobID2 := "test-scheduler-job-2"
+	scheduler := NewDefaultScheduler()
+	scheduler.Schedule(2*time.Second, jobID1, func() (nextRunIn time.Duration, reschedule bool) {
+		return 0, false
+	})
+	scheduler.Schedule(2*time.Second, jobID2, func() (nextRunIn time.Duration, reschedule bool) {
+		return 0, false
+	})
+
+	assert.Len(t, scheduler.jobs, 2)
+	scheduler.Cancel([]string{jobID1})
+	assert.Len(t, scheduler.jobs, 1)
+	assert.NotNil(t, scheduler.jobs[jobID2])
+}
+
+func TestScheduler_Schedule(t *testing.T) {
+	jobID := "test-scheduler-job-1"
+	scheduler := NewDefaultScheduler()
+	wg := &sync.WaitGroup{}
+	wg.Add(1)
+	// job without reschedule should be triggered once
+	job := func() (nextRunIn time.Duration, reschedule bool) {
+		wg.Done()
+		return 0, false
+	}
+	scheduler.Schedule(300*time.Millisecond, jobID, job)
+	failed := waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timed out while waiting for test to finish")
+		return
+	}
+
+	// job with reschedule should be triggered at least twice
+	wg = &sync.WaitGroup{}
+	mx := &sync.Mutex{}
+	scheduledTimes := 0
+	wg.Add(2)
+	job = func() (nextRunIn time.Duration, reschedule bool) {
+		mx.Lock()
+		defer mx.Unlock()
+		// ensure we repeat only twice
+		if scheduledTimes < 2 {
+			wg.Done()
+			scheduledTimes++
+			return 300 * time.Millisecond, true
+		}
+		return 0, false
+	}
+
+	scheduler.Schedule(300*time.Millisecond, jobID, job)
+	failed = waitTimeout(wg, time.Second)
+	if failed {
+		t.Fatal("timed out while waiting for test to finish")
+		return
+	}
+	scheduler.cancel(jobID)
+
+}

management/server/status/error.go

@@ -31,6 +31,9 @@ const (
 
 	// BadRequest indicates that user is not authorized
 	BadRequest Type = 9
+
+	// Unauthenticated indicates that user is not authenticated due to absence of valid credentials
+	Unauthenticated Type = 10
 )
 
 // Type is a type of the Error

management/server/turncredentials.go

@@ -63,18 +63,18 @@ func (m *TimeBasedAuthSecretsManager) GenerateCredentials() TURNCredentials {
 
 }
 
-func (m *TimeBasedAuthSecretsManager) cancel(peerKey string) {
-	if channel, ok := m.cancelMap[peerKey]; ok {
+func (m *TimeBasedAuthSecretsManager) cancel(peerID string) {
+	if channel, ok := m.cancelMap[peerID]; ok {
 		close(channel)
-		delete(m.cancelMap, peerKey)
+		delete(m.cancelMap, peerID)
 	}
 }
 
 // CancelRefresh cancels scheduled peer credentials refresh
-func (m *TimeBasedAuthSecretsManager) CancelRefresh(peerKey string) {
+func (m *TimeBasedAuthSecretsManager) CancelRefresh(peerID string) {
 	m.mux.Lock()
 	defer m.mux.Unlock()
-	m.cancel(peerKey)
+	m.cancel(peerID)
 }
 
 // SetupRefresh starts peer credentials refresh. Since credentials are expiring (TTL) it is necessary to always generate them and send to the peer.
@@ -115,6 +115,7 @@ func (m *TimeBasedAuthSecretsManager) SetupRefresh(peerID string) {
 						Turns: turns,
 					},
 				}
+				log.Debugf("sending new TURN credentials to peer %s", peerID)
 				err := m.updateManager.SendUpdate(peerID, &UpdateMessage{Update: update})
 				if err != nil {
 					log.Errorf("error while sending TURN update to peer %s %v", peerID, err)

management/server/updatechannel.go

@@ -60,10 +60,7 @@ func (p *PeersUpdateManager) CreateChannel(peerID string) chan *UpdateMessage {
 	return channel
 }
 
-// CloseChannel closes updates channel of a given peer
-func (p *PeersUpdateManager) CloseChannel(peerID string) {
-	p.channelsMux.Lock()
-	defer p.channelsMux.Unlock()
+func (p *PeersUpdateManager) closeChannel(peerID string) {
 	if channel, ok := p.peerChannels[peerID]; ok {
 		delete(p.peerChannels, peerID)
 		close(channel)
@@ -72,6 +69,22 @@ func (p *PeersUpdateManager) CloseChannel(peerID string) {
 	log.Debugf("closed updates channel of a peer %s", peerID)
 }
 
+// CloseChannels closes updates channel for each given peer
+func (p *PeersUpdateManager) CloseChannels(peerIDs []string) {
+	p.channelsMux.Lock()
+	defer p.channelsMux.Unlock()
+	for _, id := range peerIDs {
+		p.closeChannel(id)
+	}
+}
+
+// CloseChannel closes updates channel of a given peer
+func (p *PeersUpdateManager) CloseChannel(peerID string) {
+	p.channelsMux.Lock()
+	defer p.channelsMux.Unlock()
+	p.closeChannel(peerID)
+}
+
 // GetAllConnectedPeers returns a copy of the connected peers map
 func (p *PeersUpdateManager) GetAllConnectedPeers() map[string]struct{} {
 	p.channelsMux.Lock()

util/file.go

@@ -11,8 +11,7 @@ import (
 // The output JSON is pretty-formatted
 func WriteJson(file string, obj interface{}) error {
 
-	configDir, configFileName := filepath.Split(file)
-	err := os.MkdirAll(configDir, 0750)
+	configDir, configFileName, err := prepareConfigFileDir(file)
 	if err != nil {
 		return err
 	}
@@ -100,3 +99,13 @@ func CopyFileContents(src, dst string) (err error) {
 	err = out.Sync()
 	return
 }
+
+func prepareConfigFileDir(file string) (string, string, error) {
+	configDir, configFileName := filepath.Split(file)
+	if configDir == "" {
+		return filepath.Dir(file), configFileName, nil
+	}
+
+	err := os.MkdirAll(configDir, 0750)
+	return configDir, configFileName, err
+}

util/file_test.go

@@ -3,11 +3,13 @@ package util_test
 import (
 	"crypto/md5"
 	"encoding/hex"
-	"github.com/netbirdio/netbird/util"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
 	"io"
 	"os"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+
+	"github.com/netbirdio/netbird/util"
 )
 
 var _ = Describe("Client", func() {
@@ -102,4 +104,23 @@ var _ = Describe("Client", func() {
 			})
 		})
 	})
+
+	Describe("Handle config file without full path", func() {
+		Context("config file handling", func() {
+			It("should be successful", func() {
+				written := &TestConfig{
+					SomeField: 123,
+				}
+				cfgFile := "test_cfg.json"
+				defer os.Remove(cfgFile)
+
+				err := util.WriteJson(cfgFile, written)
+				Expect(err).NotTo(HaveOccurred())
+
+				read, err := util.ReadJson(cfgFile, &TestConfig{})
+				Expect(err).NotTo(HaveOccurred())
+				Expect(read).NotTo(BeNil())
+			})
+		})
+	})
 })

util/log.go

@@ -1,14 +1,13 @@
 package util
 
 import (
+	"io"
+	"path/filepath"
+
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/natefinch/lumberjack.v2"
-	"io"
-	"path"
-	"path/filepath"
-	"runtime"
-	"strconv"
-	"time"
+
+	"github.com/netbirdio/netbird/formatter"
 )
 
 // InitLog parses and sets log-level input
@@ -31,21 +30,7 @@ func InitLog(logLevel string, logPath string) error {
 		log.SetOutput(io.Writer(lumberjackLogger))
 	}
 
-	logFormatter := new(log.TextFormatter)
-	logFormatter.TimestampFormat = time.RFC3339 // or RFC3339
-	logFormatter.FullTimestamp = true
-	logFormatter.CallerPrettyfier = func(frame *runtime.Frame) (function string, file string) {
-		fileName := path.Base(frame.File) + ":" + strconv.Itoa(frame.Line)
-		//return frame.Function, fileName
-		return "", fileName
-	}
-
-	if level > log.WarnLevel {
-		log.SetReportCaller(true)
-	}
-
-	log.SetFormatter(logFormatter)
+	formatter.SetTextFormatter(log.StandardLogger())
 	log.SetLevel(level)
-
 	return nil
 }