* fix(go): set persistent keep alive when registering host using sso;
* fix(go): run posture check violations on delete;
* fix(go): upsert node on approving pending host;
* fix(go): resolve concurrency issues during group delete cleanup;
* fix(go): update doc links;
* fix(go): add created and updated fields to host;
* fix(go): skip delete and update superadmin on sync users;
* fix(go): use conn directly for now;
* fix(go): remove acl for idp groups;
* fix(go): quote fields;
* fix(go): use filters with count;
* feat(go): add a search query;
* fix(go): cleanup acls;
* fix(go): review fixes;
* fix(go): remove additional loop;
* fix(go): fix
* v1.5.1: separate out idp sync and reset signals for HA
* v1.5.1: add grps with name for logging
* v1.5.1: clear posture check violations when all checks are deleted
* v1.5.1: set static when default host
* v1.5.1: fix db status check
* rm set max conns
* v1.5.1: reset auto assigned gw when disconnected
* fix(go): skip global network admin and user groups when splitting;
* v1.5.1: fix update node call from client
* fix(go): separate out migration from normal usage;
* fix(go): skip default groups;
* fix(go): create policies for existing groups on network create;
* fix(go): skip fatal log on clickhouse conn;
* fix(go): add posture check cleanup;
* NM-288: populate relevant name for acl types for UI
* NM-288: populate grp names for posture check apis
* NM-228: add network grps api
* NM-288: add network users api
* now check each group's NetworkRoles for either the specific network ID or schema.AllNetworks (all_networks)
* NM-288: check and unassign auto gw when node is disconnected from cli
* NM-288: optimise network users api call
* NM-288: block auto assign when set to use inet gw
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
* feat(go): add user schema;
* feat(go): migrate to user schema;
* feat(go): add audit fields;
* feat(go): remove unused fields from the network model;
* feat(go): add network schema;
* feat(go): migrate to network schema;
* refactor(go): add comment to clarify migration logic;
* fix(go): test failures;
* fix(go): test failures;
* feat(go): change membership table to store memberships at all scopes;
* feat(go): add schema for access grants;
* feat(go): remove nameservers from new networks table; ensure db passed for schema functions;
* feat(go): set max conns for sqlite to 1;
* fix(go): issues updating user account status;
* NM-236: streamline operations in HA mode
* NM-236: only master pod should subscribe to updates from clients
* refactor(go): remove converters and access grants;
* refactor(go): add json tags in schema models;
* refactor(go): rename file to migrate_v1_6_0.go;
* refactor(go): add user groups and user roles tables; use schema tables;
* refactor(go): inline get and list from schema package;
* refactor(go): inline get network and list users from schema package;
* fix(go): staticcheck issues;
* fix(go): remove test not in use; fix test case;
* fix(go): validate network;
* fix(go): resolve static checks;
* fix(go): new models errors;
* fix(go): test errors;
* fix(go): handle no records;
* fix(go): add validations for user object;
* fix(go): set correct extclient status;
* fix(go): test error;
* feat(go): make schema the base package;
* feat(go): add host schema;
* feat(go): use schema host everywhere;
* feat(go): inline get host, list hosts and delete host;
* feat(go): use non-ptr value;
* feat(go): use save to upsert all fields;
* feat(go): use save to upsert all fields;
* feat(go): save turn endpoint as string;
* feat(go): check for gorm error record not found;
* fix(go): test failures;
* fix(go): update all network fields;
* fix(go): update all network fields;
* feat(go): add paginated list networks api;
* feat(go): add paginated list users api;
* feat(go): add paginated list hosts api;
* feat(go): add pagination to list groups api;
* fix(go): comment;
* fix(go): implement marshal and unmarshal text for custom types;
* fix(go): implement marshal and unmarshal json for custom types;
* fix(go): just use the old model for unmarshalling;
* fix(go): implement marshal and unmarshal json for custom types;
* NM-271:Import swap: compress/gzip replaced with github.com/klauspost/compress/gzip (2-4x faster, wire-compatible output). Added sync import.
Two sync.Pool variables (gzipWriterPool, bufferPool): reuse gzip.Writer and bytes.Buffer across calls instead of allocating fresh ones per publish.
compressPayload rewritten: pulls writer + buffer from pools, resets them, compresses at gzip.BestSpeed (level 1), copies the result out of the pooled buffer, and returns both objects to the pools.
* feat(go): remove paginated list networks api;
* feat(go): use custom paginated response object;
* NM-271: Improve server scalability under high host count
- Replace stdlib compress/gzip with klauspost/compress at BestSpeed and
pool gzip writers and buffers via sync.Pool to eliminate compression
as the dominant CPU hotspot.
- Debounce peer update broadcasts with a 500ms resettable window capped
at 3s max-wait, coalescing rapid-fire PublishPeerUpdate calls into a
single broadcast cycle.
- Cache HostPeerInfo (batch-refreshed by debounce worker) and
HostPeerUpdate (stored as side-effect of each publish) so the pull API
and peer_info API serve from pre-computed maps instead of triggering
expensive per-host computations under thundering herd conditions.
- Warm both caches synchronously at startup before the first publish
cycle so early pull requests are served instantly.
- Bound concurrent MQTT publishes to 5 via semaphore to prevent
broker TCP buffer overflows that caused broken pipe disconnects.
- Remove manual Disconnect+SetupMQTT from ConnectionLostHandler and
rely on the paho client's built-in AutoReconnect; add a 5s retry
wait in publish() to ride out brief reconnection windows.
* NM-271: Reduce server CPU contention under high concurrent load
- Cache ServerSettings with atomic.Value to eliminate repeated DB reads
on every pull request (was 32+ goroutines blocked on read lock)
- Batch UpdateNodeCheckin writes in memory, flush every 30s to reduce
per-checkin write lock contention (was 88+ goroutines blocked)
- Enable SQLite WAL mode + busy_timeout and remove global dbMutex;
let SQLite handle concurrency natively (reads no longer block writes)
- Move ResetFailedOverPeer/ResetAutoRelayedPeer to async in pull()
handler since results don't affect the cached response
- Skip no-op UpsertNode writes in failover/relay reset functions
(early return when node has no failover/relay state)
- Remove CheckHostPorts from hostUpdateFallback hot path
- Switch to pure-Go SQLite driver (glebarez/sqlite), set CGO_ENABLED=0
* fix(go): ensure default values for page and per_page are used when not passed;
* fix(go): rename v1.6.0 to v1.5.1;
* fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord;
* fix(go): use host id, not pending host id;
* NM-271: Revert pure-Go SQLite and FIPS disable to verify impact
Revert to CGO-based mattn/go-sqlite3 driver and re-enable FIPS to
isolate whether these changes are still needed now that the global
dbMutex has been removed and WAL mode is enabled. Keep WAL mode
pragma with mattn-compatible DSN format.
* feat(go): add filters to paginated apis;
* feat(go): add filters to paginated apis;
* feat(go): remove check for max username length;
* feat(go): add filters to count as well;
* feat(go): use library to check email address validity;
* feat(go): ignore pagination if params not passed;
* fix(go): pagination issues;
* fix(go): check exists before using;
* fix(go): remove debug log;
* NM-271: rm debug logs
* NM-271: check if caching is enabled
* NM-271: add server sync mq topic for HA mode
* NM-271: fix build
* NM-271: push metrics in batch to exproter over api
* NM-271: use basic auth for exporter metrics api
* fix(go): use gorm err record not found;
* NM-271: Add monitoring stack on demand
* NM-271: -m arg for install script should only add monitoring stack
* fix(go): use gorm err record not found;
* NM-271: update docker compose file for prometheus
* NM-271: update docker compose file for prometheus
* fix(go): use user principal name when creating pending user;
* fix(go): use schema package for consts;
* NM-236: rm duplicate network hook
* NM-271: add server topic to reset idp hooks on master node
* fix(go): prevent disabling superadmin user;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): swap is admin and is superadmin;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): remove dead code block;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937
* fix(go): incorrect message when trying to disable self;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934
* NM-271: fix stale peers on reset_failovered pull and add HTTP timeout to metrics exporter
Run the failover/relay reset synchronously in the pull handler so the
response reflects post-reset topology instead of serving stale cached
peers. Add a 30s timeout to the metrics exporter HTTP client to prevent
PushAllMetricsToExporter from blocking the Keepalive loop.
* NM-271: fix gzip pool corruption, MQTT topic mismatch, stale settings cache, and reduce redundant DB fetches
- Only return gzip.Writer to pool after successful Close to prevent
silently malformed MQTT payloads from a previously errored writer.
- Fix serversync subscription to exact topic match since syncType is
now in the message payload, not the topic path.
- Prevent zero-value ServerSettings from being cached indefinitely
when the DB record is missing or unmarshal fails on startup.
- Return fetched hosts/nodes from RefreshHostPeerInfoCache so
warmPeerCaches reuses them instead of querying the DB twice.
- Compute fresh HostPeerUpdate on reset_failovered pull instead of
serving stale cache, and store result back for subsequent requests.
* NM-271: fix gzip writer pool leak, log checkin flush errors, and fix master pod ordinal parsing
- Reset gzip.Writer to io.Discard before returning to pool so errored
writers are never leaked or silently reused with corrupt state.
- Track and log failed DB inserts in FlushNodeCheckins so operators
have visibility when check-in timestamps are lost.
- Parse StatefulSet pod ordinal as integer instead of using HasSuffix
to prevent netmaker-10 from being misidentified as master pod.
* NM-271: simplify masterpod logic
* fix(go): use correct header;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): return after error response;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): use correct order of params;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036
* fix(go): set default values for page and page size; use v2 instead of /list;
* NM-271: use host name
* Update mq/serversync.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-271: fix duplicate serversynce case
* NM-271: streamline gw updates
* Update logic/auth.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update schema/user_roles.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): syntax error;
* fix(go): set default values when page and per_page are not passed or 0;
* fix(go): use uuid.parse instead of uuid.must parse;
* fix(go): review errors;
* fix(go): review errors;
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: fix errors:
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): persist return user in event;
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-271: signal pull on ip changes
* NM-163: duplicate lines of code
* NM-163: fix(go): fix missing return and filter parsing in user controller
- Add missing return after error response in updateUserAccountStatus
to prevent double-response and spurious ext-client side-effects
- Use switch statements in listUsers to skip unrecognized
account_status and mfa_status filter values
* NM-271: signal pull req on node ip change
* fix(go): check for both min and max page size;
* NM-271: refresh node object before update
* fix(go): enclose transfer superadmin in transaction;
* fix(go): review errors;
* fix(go): remove free tier checks;
* fix(go): review fixes;
* NM-271: streamline ip pool ops
* NM-271: fix tests, set max idle conns
* NM-271: fix(go): fix data races in settings cache and peer update worker
- Use pointer type in atomic.Value for serverSettingsCache to avoid
replacing the variable non-atomically in InvalidateServerSettingsCache
- Swap peerUpdateReplace flag before draining the channel to prevent
a concurrent replacePeers=true from being consumed by the wrong cycle
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* feat(go): add user schema;
* feat(go): migrate to user schema;
* feat(go): add audit fields;
* feat(go): remove unused fields from the network model;
* feat(go): add network schema;
* feat(go): migrate to network schema;
* refactor(go): add comment to clarify migration logic;
* fix(go): test failures;
* fix(go): test failures;
* feat(go): change membership table to store memberships at all scopes;
* feat(go): add schema for access grants;
* feat(go): remove nameservers from new networks table; ensure db passed for schema functions;
* feat(go): set max conns for sqlite to 1;
* fix(go): issues updating user account status;
* refactor(go): remove converters and access grants;
* refactor(go): add json tags in schema models;
* refactor(go): rename file to migrate_v1_6_0.go;
* refactor(go): add user groups and user roles tables; use schema tables;
* refactor(go): inline get and list from schema package;
* refactor(go): inline get network and list users from schema package;
* fix(go): staticcheck issues;
* fix(go): remove test not in use; fix test case;
* fix(go): validate network;
* fix(go): resolve static checks;
* fix(go): new models errors;
* fix(go): test errors;
* fix(go): handle no records;
* fix(go): add validations for user object;
* fix(go): set correct extclient status;
* fix(go): test error;
* feat(go): make schema the base package;
* feat(go): add host schema;
* feat(go): use schema host everywhere;
* feat(go): inline get host, list hosts and delete host;
* feat(go): use non-ptr value;
* feat(go): use save to upsert all fields;
* feat(go): use save to upsert all fields;
* feat(go): save turn endpoint as string;
* feat(go): check for gorm error record not found;
* fix(go): test failures;
* fix(go): update all network fields;
* fix(go): update all network fields;
* feat(go): add paginated list networks api;
* feat(go): add paginated list users api;
* feat(go): add paginated list hosts api;
* feat(go): add pagination to list groups api;
* fix(go): comment;
* fix(go): implement marshal and unmarshal text for custom types;
* fix(go): implement marshal and unmarshal json for custom types;
* fix(go): just use the old model for unmarshalling;
* fix(go): implement marshal and unmarshal json for custom types;
* feat(go): remove paginated list networks api;
* feat(go): use custom paginated response object;
* fix(go): ensure default values for page and per_page are used when not passed;
* fix(go): rename v1.6.0 to v1.5.1;
* fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord;
* fix(go): use host id, not pending host id;
* feat(go): add filters to paginated apis;
* feat(go): add filters to paginated apis;
* feat(go): remove check for max username length;
* feat(go): add filters to count as well;
* feat(go): use library to check email address validity;
* feat(go): ignore pagination if params not passed;
* fix(go): pagination issues;
* fix(go): check exists before using;
* fix(go): remove debug log;
* fix(go): use gorm err record not found;
* fix(go): use gorm err record not found;
* fix(go): use user principal name when creating pending user;
* fix(go): use schema package for consts;
* fix(go): prevent disabling superadmin user;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): swap is admin and is superadmin;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): remove dead code block;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937
* fix(go): incorrect message when trying to disable self;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934
* fix(go): use correct header;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): return after error response;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): use correct order of params;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036
* fix(go): set default values for page and page size; use v2 instead of /list;
* Update logic/auth.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update schema/user_roles.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): syntax error;
* fix(go): set default values when page and per_page are not passed or 0;
* fix(go): use uuid.parse instead of uuid.must parse;
* fix(go): review errors;
* fix(go): review errors;
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: fix errors:
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): persist return user in event;
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: duplicate lines of code
* NM-163: fix(go): fix missing return and filter parsing in user controller
- Add missing return after error response in updateUserAccountStatus
to prevent double-response and spurious ext-client side-effects
- Use switch statements in listUsers to skip unrecognized
account_status and mfa_status filter values
* fix(go): check for both min and max page size;
* fix(go): enclose transfer superadmin in transaction;
* fix(go): review errors;
* fix(go): remove free tier checks;
* fix(go): review fixes;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* force update host dns field if node is acting as inet gw
* add old acl support checks
* move auto relay migration to pro pkg
* add check to avoid unsetting relayed node
* simplify auto assign gw logic
* send auto assign update on un relay
* set checking time to latest on updates
* fix HA auto Relay logic
* add relay node metrics to peer signal
* move auto relay peer check
* publish host peer update
* check and unset unrelayed auto peers
* use relay node mutex to avoid rac condition
* reset autorelayed peers on auto assign gw
* add auto realy handlers and logic funcs
* add pro func connectors
* Add auto relayed peer ips on peer update, set auto relay on gw creation
* add network id to signal, add autorelay nodes to peerudpate
* add autorelay peer update logic
* add nodes to peer update
* revert node model change
* reset auto relayed peers on the relay node on reset, add auto relay nodes to pull
* add logic api to update auto relay node
* add autoassigngw field to node, add logic to swith relay node in relayme udpate api
* add gw nodes to pull
* intilaise gw map
* HA relay functionality
* add autoassign gw option to enrollment key
* publish intant action to auto assign gw
* fix static checks
* unset relay if auto assign removed
* add host node model to auto relay info
* add host node model to auto relay info
* only use hostNode model for gws info
* handle autoassigned gw peer in the update
* handle autoassigned gw peer in the update
* handle peer updates for autoassigned gw peer
* unset auto assigned peer if relayed or failedovered
* move relevant acl and tag code to CE and Pro pkgs
* intialise pro acl funcs
* list gateways by user access
* check user gw access by policies
* filter out user policies on CE
* filter out tagged policies on CE
* fix ce acl comms
* allow gateways tag
* allow gateway tag on CE, remove failover and gw check on acl policy
* add gw rules func to pro
* add inet gw support on CE
* add egress acl API
* add egress acl API
* fix(go): set is_gw when converting api node to server node;
* fix(go): set is_gw when converting api node to server node;
* fix policy validity checker for inet gws
* move dns option to host model
* fix node removal from egress policy on delete
* add migration logic for ManageDNS
* fix dns json field
* fix nil error on node tags
* add egress info to relayed nodes
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* feat: api access tokens
* revoke all user tokens
* redefine access token api routes, add auto egress option to enrollment keys
* add server settings apis, add db table for settigs
* handle server settings updates
* switch to using settings from DB
* fix sever settings migration
* revet force migration for settings
* fix server settings database write
* egress model
* fix revoked tokens to be unauthorized
* update egress model
* remove unused functions
* convert access token to sql schema
* switch access token to sql schema
* fix merge conflicts
* fix server settings types
* bypass basic auth setting for super admin
* add TODO comment
* setup api handlers for egress revamp
* use single DB, fix update nat boolean field
* extend validaiton checks for egress ranges
* add migration to convert to new egress model
* fix panic interface conversion
* publish peer update on settings update
* revoke token generated by an user
* add user token creation restriction by user role
* add forbidden check for access token creation
* revoke user token when group or role is changed
* add default group to admin users on update
* chore(go): import style changes from migration branch;
1. Singular file names for table schema.
2. No table name method.
3. Use .Model instead of .Table.
4. No unnecessary tagging.
* remove nat check on egress gateway request
* Revert "remove nat check on egress gateway request"
This reverts commit 0aff12a189.
* remove nat check on egress gateway request
* feat(go): add db middleware;
* feat(go): restore method;
* feat(go): add user access token schema;
* add inet gw status to egress model
* fetch node ids in the tag, add inet gw info clients
* add inet gw info to node from egress list
* add migration logic internet gws
* create default acl policies
* add egress info
* add egress TODO
* add egress TODO
* fix user auth api:
* add reference id to acl policy
* add egress response from DB
* publish peer update on egress changes
* re initalise oauth and email config
* set verbosity
* normalise cidr on egress req
* add egress id to acl group
* change acls to use egress id
* resolve merge conflicts
* fix egress reference errors
* move egress model to schema
* add api context to DB
* sync auto update settings with hosts
* sync auto update settings with hosts
* check acl for egress node
* check for egress policy in the acl dst groups
* fix acl rules for egress policies with new models
* add status to egress model
* fix inet node func
* mask secret and convert jwt duration to minutes
* enable egress policies on creation
* convert jwt duration to minutes
* add relevant ranges to inet egress
* skip non active egress routes
* resolve merge conflicts
* fix static check
* notify peers after settings update
* define schema for activity, add api handler to list network activity
* setup event channel and logger
* setup event logger, add event for user login
* change activity model to event
* add api error constants
* add logout event
* log user crud events
* add login events for oauth
* add user related events
* log events for invites and user approvals
* order user activity event by timestamp
* fix logout api
* add user and network events api, add addtional events triggers
* add filters to all events api
* fix events filter
* add diff to event logs
* update user logout api
* log settigns updates
* log events for network and host updates
* check for diff on events
* log host del event
* add user loc info to desktop app connection events
* fix authorize middleware check
* add gateway events
* resolve merge conflicts
---------
Co-authored-by: Vishal Dalwadi <dalwadivishal26@gmail.com>
* add gw apis, move relays into CE
* set gw field on relay and ingress creation
* add gw handlers to relay and ingress apis
* if node is inetgw and gw add dns
* remove pro check on relays
* fetch node before updating
Vishal Dalwadi