mirror of
https://github.com/netbirdio/netbird.git
synced 2026-05-29 20:19:56 +00:00
627ee71fa8
- openapi.yml: declare default: false on ServiceTargetOptions.direct_upstream so generated clients/validators reflect the documented default. - proto/proxy_service.proto: ValidateTunnelPeer doc + denied_reason list said "distribution_groups" (bearer-auth field) but the actual gate is service.access_groups. Replaced both occurrences to match the code path in checkPeerGroupAccess. - peers/manager.go (GetPeerWithGroups) + users/manager.go (GetUserWithGroups): on store error after a successful first lookup, both now return (nil, nil, err) so callers can't get a valid entity alongside a non-nil error. Findings skipped with reasons: - embedded.go merged CLI/Dashboard redirect URIs: pre-existing on origin/main, not introduced by this PR. - account_mock.go MarkPeerDisconnected zero-time UnixNano: same — pre-existing. - openapi Service schema if/then conditionals: Go-side Validate() already enforces these invariants (Private + non-empty AccessGroups, mode=http, mutually-exclusive with bearer), and oapi-codegen on OpenAPI 3.1.x doesn't honour allOf/if/then anyway. - *.patch / *.diff / b-n-p.sh: untracked personal artifacts, not part of any commit.