mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-16 11:39:57 +00:00
- **Wails v3 application** (`client/ui`) with a React + TypeScript + Tailwind frontend replacing the Fyne UI: main connection view, exit-node switcher, networks/peers browser with detail panels, profile management, settings (general, network, SSH, security, troubleshooting, appearance), debug-bundle creation, and a first-run welcome flow. - **Internationalization**: go-i18n bundle with 9 locales (en, de, es, fr, hu, it, pt, ru, zh-CN) shared between the tray and the frontend. - **New system tray** implementation with per-platform theme-aware icons, including a native XEmbed host for Linux (`xembed_tray_linux.c`) and a Linux theme watcher. - **Session handling**: auth session watcher (`client/internal/auth/sessionwatch`), pending login flow, session-expiration dialog and tray notifications, and `netbird login` improvements. - **Daemon API extensions** (`daemon.proto`): status stream subscription, event stream, networks/exit-node selection endpoints, and richer full status — with probe throttling on the daemon side to protect against UI-driven request storms. - **UI preferences store** persisted per profile, autostart management via the daemon (single source of truth in HKCU on Windows). - **Build system**: Taskfile-based builds per platform (macOS, Linux, Windows), Docker cross-compilation images, MSIX/NSIS/nfpm/AppImage packaging, and a new `frontend-ui` CI workflow. Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> Co-authored-by: Eduard Gert <kontakt@eduardgert.de> Co-authored-by: braginini <bangvalo@gmail.com> Co-authored-by: Pascal Fischer <32096965+pascal-fischer@users.noreply.github.com> Co-authored-by: riccardom <riccardomanfrin@gmail.com>
117 lines
3.2 KiB
Go
117 lines
3.2 KiB
Go
//go:build !android && !ios && !freebsd && !js
|
|
|
|
package authsession
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
gstatus "google.golang.org/grpc/status"
|
|
|
|
"github.com/netbirdio/netbird/client/proto"
|
|
)
|
|
|
|
type ExtendStartParams struct {
|
|
// Hint is the OIDC login_hint, typically the user's email.
|
|
Hint string `json:"hint"`
|
|
}
|
|
|
|
type ExtendStartResult struct {
|
|
VerificationURI string `json:"verificationUri"`
|
|
VerificationURIComplete string `json:"verificationUriComplete"`
|
|
UserCode string `json:"userCode"`
|
|
DeviceCode string `json:"deviceCode"`
|
|
ExpiresIn int64 `json:"expiresIn"`
|
|
}
|
|
|
|
type ExtendWaitParams struct {
|
|
DeviceCode string `json:"deviceCode"`
|
|
UserCode string `json:"userCode"`
|
|
}
|
|
|
|
// ExtendResult: ExpiresAt is nil when the peer is ineligible for extension.
|
|
// Preempted means a newer WaitExtend took over the IdP poll — a no-op, not a failure.
|
|
type ExtendResult struct {
|
|
ExpiresAt *time.Time `json:"sessionExpiresAt,omitempty"`
|
|
Preempted bool `json:"preempted,omitempty"`
|
|
}
|
|
|
|
// DaemonConn duplicates services.DaemonConn to avoid an import cycle.
|
|
type DaemonConn interface {
|
|
Client() (proto.DaemonServiceClient, error)
|
|
}
|
|
|
|
// Session bundles the session-auth daemon RPCs the UI drives.
|
|
type Session struct {
|
|
conn DaemonConn
|
|
}
|
|
|
|
func NewSession(conn DaemonConn) *Session {
|
|
return &Session{conn: conn}
|
|
}
|
|
|
|
// RequestExtend starts the SSO session-extension flow on the daemon.
|
|
func (s *Session) RequestExtend(ctx context.Context, p ExtendStartParams) (ExtendStartResult, error) {
|
|
cli, err := s.conn.Client()
|
|
if err != nil {
|
|
return ExtendStartResult{}, err
|
|
}
|
|
|
|
req := &proto.RequestExtendAuthSessionRequest{}
|
|
if p.Hint != "" {
|
|
h := p.Hint
|
|
req.Hint = &h
|
|
}
|
|
|
|
resp, err := cli.RequestExtendAuthSession(ctx, req)
|
|
if err != nil {
|
|
return ExtendStartResult{}, err
|
|
}
|
|
|
|
return ExtendStartResult{
|
|
VerificationURI: resp.GetVerificationURI(),
|
|
VerificationURIComplete: resp.GetVerificationURIComplete(),
|
|
UserCode: resp.GetUserCode(),
|
|
DeviceCode: resp.GetDeviceCode(),
|
|
ExpiresIn: resp.GetExpiresIn(),
|
|
}, nil
|
|
}
|
|
|
|
// WaitExtend blocks until the user completes the SSO flow started by RequestExtend.
|
|
func (s *Session) WaitExtend(ctx context.Context, p ExtendWaitParams) (ExtendResult, error) {
|
|
cli, err := s.conn.Client()
|
|
if err != nil {
|
|
return ExtendResult{}, err
|
|
}
|
|
|
|
resp, err := cli.WaitExtendAuthSession(ctx, &proto.WaitExtendAuthSessionRequest{
|
|
DeviceCode: p.DeviceCode,
|
|
UserCode: p.UserCode,
|
|
})
|
|
if err != nil {
|
|
if st, ok := gstatus.FromError(err); ok && st.Code() == codes.Canceled {
|
|
return ExtendResult{Preempted: true}, nil
|
|
}
|
|
return ExtendResult{}, err
|
|
}
|
|
|
|
out := ExtendResult{}
|
|
if ts := resp.GetSessionExpiresAt(); ts.IsValid() && !ts.AsTime().IsZero() {
|
|
t := ts.AsTime().UTC()
|
|
out.ExpiresAt = &t
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// DismissWarning suppresses the daemon's T-FinalWarningLead fallback dialog for
|
|
// the current deadline. Best-effort: a stale call is silently swallowed daemon-side.
|
|
func (s *Session) DismissWarning(ctx context.Context) error {
|
|
cli, err := s.conn.Client()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = cli.DismissSessionWarning(ctx, &proto.DismissSessionWarningRequest{})
|
|
return err
|
|
}
|