* fix(go): set persistent keep alive when registering host using sso;
* fix(go): run posture check violations on delete;
* fix(go): upsert node on approving pending host;
* fix(go): resolve concurrency issues during group delete cleanup;
* fix(go): update doc links;
* fix(go): add created and updated fields to host;
* fix(go): skip delete and update superadmin on sync users;
* fix(go): use conn directly for now;
* fix(go): remove acl for idp groups;
* fix(go): quote fields;
* fix(go): use filters with count;
* feat(go): add a search query;
* fix(go): cleanup acls;
* fix(go): review fixes;
* fix(go): remove additional loop;
* fix(go): fix
* v1.5.1: separate out idp sync and reset signals for HA
* v1.5.1: add grps with name for logging
* v1.5.1: clear posture check violations when all checks are deleted
* v1.5.1: set static when default host
* v1.5.1: fix db status check
* rm set max conns
* v1.5.1: reset auto assigned gw when disconnected
* fix(go): skip global network admin and user groups when splitting;
* v1.5.1: fix update node call from client
* fix(go): separate out migration from normal usage;
* fix(go): skip default groups;
* fix(go): create policies for existing groups on network create;
* fix(go): skip fatal log on clickhouse conn;
* fix(go): add posture check cleanup;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
* feat(go): add user schema;
* feat(go): migrate to user schema;
* feat(go): add audit fields;
* feat(go): remove unused fields from the network model;
* feat(go): add network schema;
* feat(go): migrate to network schema;
* refactor(go): add comment to clarify migration logic;
* fix(go): test failures;
* fix(go): test failures;
* feat(go): change membership table to store memberships at all scopes;
* feat(go): add schema for access grants;
* feat(go): remove nameservers from new networks table; ensure db passed for schema functions;
* feat(go): set max conns for sqlite to 1;
* fix(go): issues updating user account status;
* refactor(go): remove converters and access grants;
* refactor(go): add json tags in schema models;
* refactor(go): rename file to migrate_v1_6_0.go;
* refactor(go): add user groups and user roles tables; use schema tables;
* refactor(go): inline get and list from schema package;
* refactor(go): inline get network and list users from schema package;
* fix(go): staticcheck issues;
* fix(go): remove test not in use; fix test case;
* fix(go): validate network;
* fix(go): resolve static checks;
* fix(go): new models errors;
* fix(go): test errors;
* fix(go): handle no records;
* fix(go): add validations for user object;
* fix(go): set correct extclient status;
* fix(go): test error;
* feat(go): make schema the base package;
* feat(go): add host schema;
* feat(go): use schema host everywhere;
* feat(go): inline get host, list hosts and delete host;
* feat(go): use non-ptr value;
* feat(go): use save to upsert all fields;
* feat(go): use save to upsert all fields;
* feat(go): save turn endpoint as string;
* feat(go): check for gorm error record not found;
* fix(go): test failures;
* fix(go): update all network fields;
* fix(go): update all network fields;
* feat(go): add paginated list networks api;
* feat(go): add paginated list users api;
* feat(go): add paginated list hosts api;
* feat(go): add pagination to list groups api;
* fix(go): comment;
* fix(go): implement marshal and unmarshal text for custom types;
* fix(go): implement marshal and unmarshal json for custom types;
* fix(go): just use the old model for unmarshalling;
* fix(go): implement marshal and unmarshal json for custom types;
* feat(go): remove paginated list networks api;
* feat(go): use custom paginated response object;
* fix(go): ensure default values for page and per_page are used when not passed;
* fix(go): rename v1.6.0 to v1.5.1;
* fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord;
* fix(go): use host id, not pending host id;
* feat(go): add filters to paginated apis;
* feat(go): add filters to paginated apis;
* feat(go): remove check for max username length;
* feat(go): add filters to count as well;
* feat(go): use library to check email address validity;
* feat(go): ignore pagination if params not passed;
* fix(go): pagination issues;
* fix(go): check exists before using;
* fix(go): remove debug log;
* fix(go): use gorm err record not found;
* fix(go): use gorm err record not found;
* fix(go): use user principal name when creating pending user;
* fix(go): use schema package for consts;
* fix(go): prevent disabling superadmin user;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): swap is admin and is superadmin;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): remove dead code block;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937
* fix(go): incorrect message when trying to disable self;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934
* fix(go): use correct header;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): return after error response;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): use correct order of params;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036
* fix(go): set default values for page and page size; use v2 instead of /list;
* Update logic/auth.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update schema/user_roles.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): syntax error;
* fix(go): set default values when page and per_page are not passed or 0;
* fix(go): use uuid.parse instead of uuid.must parse;
* fix(go): review errors;
* fix(go): review errors;
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: fix errors:
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): persist return user in event;
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: duplicate lines of code
* NM-163: fix(go): fix missing return and filter parsing in user controller
- Add missing return after error response in updateUserAccountStatus
to prevent double-response and spurious ext-client side-effects
- Use switch statements in listUsers to skip unrecognized
account_status and mfa_status filter values
* fix(go): check for both min and max page size;
* fix(go): enclose transfer superadmin in transaction;
* fix(go): review errors;
* fix(go): remove free tier checks;
* fix(go): review fixes;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* add auto realy handlers and logic funcs
* add pro func connectors
* Add auto relayed peer ips on peer update, set auto relay on gw creation
* add network id to signal, add autorelay nodes to peerudpate
* add autorelay peer update logic
* add nodes to peer update
* revert node model change
* reset auto relayed peers on the relay node on reset, add auto relay nodes to pull
* add logic api to update auto relay node
* add autoassigngw field to node, add logic to swith relay node in relayme udpate api
* add gw nodes to pull
* intilaise gw map
* HA relay functionality
* add autoassign gw option to enrollment key
* publish intant action to auto assign gw
* fix static checks
* unset relay if auto assign removed
* add host node model to auto relay info
* add host node model to auto relay info
* only use hostNode model for gws info
* handle autoassigned gw peer in the update
* handle autoassigned gw peer in the update
* handle peer updates for autoassigned gw peer
* unset auto assigned peer if relayed or failedovered
* add host node update action
* add peer signal action to fallback api
* add replace peers to host pull
* add delete host action to fallback api
* update base go builder image
* update go builder tag
* check host port to avoid conflicts behind NAT
* fix connect/disconnect on api
* send pull signal on disconnect from UI
* fix panic on host join via user auth
* reset failover on disconnect
* add pending hosts apis, migration logic for network auto join field
* fix pending hosts logic on join
* delete pending hosts on host delete
* ignore pedning device request if host in the network already
* add peer update on host approval
* feat(go): allow different session durations for client apps;
* feat(go): assume call is from netdesk app if header absent;
* feat(go): allow header;
* feat(go): set client jwt validity duration on migration.
* check host ports on join
* if 443 not available fallback to 51821
* if 443 not available fallback to 51821
* add config for auto delete of offline nodes
* autocleanup offline nodes
* delete offline nodes on startup
* fix relay via join token
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* egress model
* fix revoked tokens to be unauthorized
* update egress model
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* setup api handlers for egress revamp
* use single DB, fix update nat boolean field
* extend validaiton checks for egress ranges
* add migration to convert to new egress model
* fix panic interface conversion
* publish peer update on settings update
* revoke token generated by an user
* add user token creation restriction by user role
* add forbidden check for access token creation
* revoke user token when group or role is changed
* add default group to admin users on update
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* remove nat check on egress gateway request
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* add inet gw status to egress model
* fetch node ids in the tag, add inet gw info clients
* add inet gw info to node from egress list
* add migration logic internet gws
* create default acl policies
* add egress info
* add egress TODO
* add egress TODO
* fix user auth api:
* add reference id to acl policy
* add egress response from DB
* publish peer update on egress changes
* re initalise oauth and email config
* set verbosity
* normalise cidr on egress req
* add egress id to acl group
* change acls to use egress id
* resolve merge conflicts
* fix egress reference errors
* move egress model to schema
* add api context to DB
* sync auto update settings with hosts
* sync auto update settings with hosts
* check acl for egress node
* check for egress policy in the acl dst groups
* fix acl rules for egress policies with new models
* add status to egress model
* fix inet node func
* mask secret and convert jwt duration to minutes
* enable egress policies on creation
* convert jwt duration to minutes
* add relevant ranges to inet egress
* skip non active egress routes
* resolve merge conflicts
* fix static check
* update gorm tag for primary key on egress model
* create user policies for egress resources
* resolve merge conflicts
* get egress info on failover apis, add egress src validation for inet gws
* add additional validation checks on egress req
* add additional validation checks on egress req
* skip all resources for inet policy
* delete associated egress acl policies
* fix failover of inetclient
* avoid setting inet client asd inet gw
* fix all resource egress policy
* fix inet gw egress rule
* check for node egress on relay req
* fix egress acl rules comms
* add new field for egress info on node
* check acl policy in failover ctx
* avoid default host to be set as inet client
* fix relayed egress node
* add valid error messaging for egress validate func
* return if inet default host
* jump port detection to 51821
* check host ports on pull
* check user access gws via acls
* add validation check for default host and failover for inet clients
* add error messaging for acl policy check
* fix inet gw status
* ignore failover req for peer using inet gw
* check for allowed egress ranges for a peer
* add egress routes to static nodes by access
* avoid setting failvoer as inet client
* fix egress error messaging
* fix extclients egress comms
* fix inet gw acting as inet client
* return formatted error on update acl validation
* add default route for static nodes on inetclient
* check relay node acting as inetclient
* move inet node info to separate field, fix all resouces policy
* remove debug logs
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* fix revoked tokens to be unauthorized
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* publish peer update on settings update
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* fix user auth api:
* re initalise oauth and email config
* set verbosity
* sync auto update settings with hosts
* sync auto update settings with hosts
* mask secret and convert jwt duration to minutes
* convert jwt duration to minutes
* notify peers after settings update
* compare with curr settings before updating
* send host update to devices on auto update
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* user mgmt models
* define user roles
* define models for new user mgmt and groups
* oauth debug log
* initialize user role after db conn
* print oauth token in debug log
* user roles CRUD apis
* user groups CRUD Apis
* additional api checks
* add additional scopes
* add additional scopes url
* add additional scopes url
* rm additional scopes url
* setup middlleware permission checks
* integrate permission check into middleware
* integrate permission check into middleware
* check for headers for subjects
* refactor user role models
* refactor user groups models
* add new user to pending user via RAC login
* untracked
* allow multiple groups for an user
* change json tag
* add debug headers
* refer network controls form roles, add debug headers
* refer network controls form roles, add debug headers
* replace auth checks, add network id to role model
* nodes handler
* migration funcs
* invoke sync users migration func
* add debug logs
* comment middleware
* fix get all nodes api
* add debug logs
* fix middleware error nil check
* add new func to get username from jwt
* fix jwt parsing
* abort on error
* allow multiple network roles
* allow multiple network roles
* add migration func
* return err if jwt parsing fails
* set global check to true when accessing user apis
* set netid for acls api calls
* set netid for acls api calls
* update role and groups routes
* add validation checks
* add invite flow apis and magic links
* add invited user via oauth signup automatically
* create invited user on oauth signup, with groups in the invite
* add group validation for user invite
* update create user handler with new role mgmt
* add validation checks
* create user invites tables
* add error logging for email invite
* fix invite singup url
* debug log
* get query params from url
* get query params from url
* add query escape
* debug log
* debug log
* fix user signup via invite api
* set admin field for backward compatbility
* use new role id for user apis
* deprecate use of old admin fields
* deprecate usage of old user fields
* add user role as service user if empty
* setup email sender
* delete invite after user singup
* add plaform user role
* redirect on invite verification link
* fix invite redirect
* temporary redirect
* fix invite redirect
* point invite link to frontend
* fix query params lookup
* add resend support, configure email interface types
* fix groups and user creation
* validate user groups, add check for metrics api in middleware
* add invite url to invite model
* migrate rac apis to new user mgmt
* handle network nodes
* add platform user to default role
* fix user role migration
* add default on rag creation and cleanup after deletion
* fix rac apis
* change to invite code param
* filter nodes and hosts based on user network access
* extend create user group req to accomodate users
* filter network based on user access
* format oauth error
* move user roles and groups
* fix get user v1 api
* move user mgmt func to pro
* add user auth type to user model
* fix roles init
* remove platform role from group object
* list only platform roles
* add network roles to invite req
* create default groups and roles
* fix middleware for global access
* create default role
* fix nodes filter with global network roles
* block selfupdate of groups and network roles
* delete netID if net roles are empty
* validate user roles nd groups on update
* set extclient permission scope when rag vpn access is set
* allow deletion of roles and groups
* replace _ with - in role naming convention
* fix failover middleware mgmt
* format oauth templates
* fetch route temaplate
* return err if user wrong login type
* check user groups on rac apis
* fix rac apis
* fix resp msg
* add validation checks for admin invite
* return oauth type
* format group err msg
* fix html tag
* clean up default groups
* create default rag role
* add UI name to roles
* remove default net group from user when deleted
* reorder migration funcs
* fix duplicacy of hosts
* check old field for migration
* from pro to ce make all secondary users admins
* from pro to ce make all secondary users admins
* revert: from pro to ce make all secondary users admins
* make sure downgrades work
* fix pending users approval
* fix duplicate hosts
* fix duplicate hosts entries
* fix cache reference issue
* feat: configure FRONTEND_URL during installation
* disable user vpn access when network roles are modified
* rm vpn acces when roles or groups are deleted
* add http to frontend url
* revert crypto version
* downgrade crytpo version
* add platform id check on user invites
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* add api to check if failover node existed
* remove 5 minute peerUpdate
* update peerUpdate to trigger pull
* update Action name to SignalPull
* revert the peerUpdate from SignalPull
* fix getfailover error issue
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* NET-1165: Remove creation of acls on emqx (#2996)
* rm acls creation for on-prem emqx
* remove use of acls
* add additional broker status field on status api
* comment out mq reconnect logic
* configure mq conn params
* add metric_interval in ENV for publishing metrics
* add metric_interval in ENV for publishing metrics
* update PUBLISH_METRIC_INTERVAL env name
* revert the mq setttings back
* fix error nil issue
---------
Co-authored-by: abhishek9686 <abhi281342@gmail.com>
Co-authored-by: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
* move oauth from CE build block to pro
* move oauth code and api handler under pro
* move common func back to auth from pro/auth
* change log level to Info for information logs
* fix import issue
* add debug logs
* check if user exists, handle oauth not configured for host SSO
* check if user exists, handle oauth not configured for host SSO
* check if user exists, handle oauth not configured for host SSO
* quit when websocket is closed
* quit when websocket is closed
* quit when websocket is closed
* avoid sending msg onb closed channel
* add debug log
* exit when oauth state is deleted
* add debug log
* handle oauth state not valid with appropirate message
* handle oauth state not valid with appropirate message
* check for invalid oauth state
* rm debug logs
Abhishek Kondur