mirror of
https://github.com/netbirdio/netbird.git
synced 2026-05-31 13:09:55 +00:00
717c2b493d
- status_test.go TestStatus_PeerStateByIP: replace require := assert.New(t) shadowing pattern with req := require.New(t) so setup assertions are fail-fast and the require package isn't shadowed. Add TestStatus_PeerStateByIP_MatchesIPv6 for the IPv6-only path. - status.go PeerStateByIP: match against both State.IP and State.IPv6 so IPv6-only peers are found by the private-service tunnel lookup. Empty input short-circuits before the loop and empty State.IP/State.IPv6 fields are treated as non-matches. - proxy.go ValidateTunnelPeer: call enforceAccountScope(ctx, service.AccountID) after the service lookup, mirroring ValidateSession. Without it, an account-scoped (BYOP) proxy token could mint session JWTs for another account's domain. - sql_store.go getClusterCapability: thread the caller's context into the GORM query via WithContext(ctx) so the lookup is cancellable and honours request deadlines. (Pre-existing on origin/main; included here because GetClusterSupportsPrivate added by this PR is now a caller.) Skipped: - proxyAcceptsMapping SupportsCustomPorts == true: the existing != nil check is intentional. The accompanying test in this PR (TestSendServiceUpdateToCluster_FiltersOnCapability) explicitly asserts "new proxy with SupportsCustomPorts=false should still receive mapping" — the non-nil check encodes "proxy is new enough to understand the protocol", not "proxy can bind custom ports". Tightening to *bool==true would break that design and the test.