internal

package
v0.21.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2023 License: BSD-3-Clause Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ManagementLegacyPort is the port that was used before by the Management gRPC server.
	// It is used for backward compatibility now.
	// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
	ManagementLegacyPort = 33073
	// DefaultManagementURL points to the NetBird's cloud management endpoint
	DefaultManagementURL = "https://api.wiretrustee.com:443"
	// DefaultAdminURL points to NetBird's cloud management console
	DefaultAdminURL = "https://app.netbird.io:443"
)
View Source
const (
	PeerConnectionTimeoutMax = 45000 // ms
	PeerConnectionTimeoutMin = 30000 // ms
)

PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig

View Source
const (
	HostedGrantType    = "urn:ietf:params:oauth:grant-type:device_code"
	HostedRefreshGrant = "refresh_token"
)

HostedGrantType grant type for device flow on Hosted

Variables

View Source
var ErrResetConnection = fmt.Errorf("reset connection")

Functions

func CtxGetState

func CtxGetState(ctx context.Context) *contextState

CtxGetState object to get/update state/errors of process.

func CtxInitState

func CtxInitState(ctx context.Context) context.Context

CtxInitState setup context state into the context tree.

This function should be used to initialize context before CtxGetState will be executed.

func IsLoginRequired added in v0.14.5

func IsLoginRequired(ctx context.Context, privateKey string, mgmURL *url.URL, sshKey string) (bool, error)

IsLoginRequired check that the server is support SSO or not

func Login

func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error

Login or register the client

func RunClient

func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, routeListener routemanager.RouteListener) error

RunClient with main logic.

func SignalOfferAnswer added in v0.8.12

func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error

SignalOfferAnswer signals either an offer or an answer to remote peer

func WriteOutConfig added in v0.14.5

func WriteOutConfig(path string, config *Config) error

WriteOutConfig write put the prepared config to the given path

Types

type Claims

type Claims struct {
	Audience interface{} `json:"aud"`
}

Claims used when validating the access token

type Config

type Config struct {
	// Wireguard private key of local peer
	PrivateKey           string
	PreSharedKey         string
	ManagementURL        *url.URL
	AdminURL             *url.URL
	WgIface              string
	WgPort               int
	IFaceBlackList       []string
	DisableIPv6Discovery bool
	// SSHKey is a private SSH key in a PEM format
	SSHKey string

	NATExternalIPs []string
	// CustomDNSAddress sets the DNS resolver listening address in format ip:port
	CustomDNSAddress string
}

Config Configuration type

func CreateInMemoryConfig added in v0.14.5

func CreateInMemoryConfig(input ConfigInput) (*Config, error)

CreateInMemoryConfig generate a new config but do not write out it to the store

func ReadConfig

func ReadConfig(configPath string) (*Config, error)

ReadConfig read config file and return with Config. If it is not exists create a new with default values

func UpdateConfig added in v0.14.2

func UpdateConfig(input ConfigInput) (*Config, error)

UpdateConfig update existing configuration according to input configuration and return with the configuration

func UpdateOldManagementPort added in v0.8.5

func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error)

UpdateOldManagementPort checks whether client can switch to the new Management port 443. If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config. The check is performed only for the NetBird's managed version.

func UpdateOrCreateConfig added in v0.14.2

func UpdateOrCreateConfig(input ConfigInput) (*Config, error)

UpdateOrCreateConfig reads existing config or generates a new one

type ConfigInput added in v0.12.0

type ConfigInput struct {
	ManagementURL    string
	AdminURL         string
	ConfigPath       string
	PreSharedKey     *string
	NATExternalIPs   []string
	CustomDNSAddress []byte
}

ConfigInput carries configuration changes to the client

type DeviceAuthInfo

type DeviceAuthInfo struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int    `json:"expires_in"`
	Interval                int    `json:"interval"`
}

DeviceAuthInfo holds information for the OAuth device login flow

type DeviceAuthorizationFlow

type DeviceAuthorizationFlow struct {
	Provider       string
	ProviderConfig ProviderConfig
}

DeviceAuthorizationFlow represents Device Authorization Flow information

func GetDeviceAuthorizationFlowInfo

func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error)

GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it

type Engine

type Engine struct {

	// STUNs is a list of STUN servers used by ICE
	STUNs []*ice.URL
	// TURNs is a list of STUN servers used by ICE
	TURNs []*ice.URL
	// contains filtered or unexported fields
}

Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.

func NewEngine

func NewEngine(
	ctx context.Context, cancel context.CancelFunc,
	signalClient signal.Client, mgmClient mgm.Client,
	config *EngineConfig, mobileDep MobileDependency, statusRecorder *peer.Status,
) *Engine

NewEngine creates a new Connection Engine

func (*Engine) Start

func (e *Engine) Start() error

Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service

func (*Engine) Stop

func (e *Engine) Stop() error

type EngineConfig

type EngineConfig struct {
	WgPort      int
	WgIfaceName string

	// WgAddr is a Wireguard local address (Netbird Network IP)
	WgAddr string

	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
	WgPrivateKey wgtypes.Key

	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
	IFaceBlackList       []string
	DisableIPv6Discovery bool

	PreSharedKey *wgtypes.Key

	// UDPMuxPort default value 0 - the system will pick an available port
	UDPMuxPort int

	// UDPMuxSrflxPort default value 0 - the system will pick an available port
	UDPMuxSrflxPort int

	// SSHKey is a private SSH key in a PEM format
	SSHKey []byte

	NATExternalIPs []string

	CustomDNSAddress string
}

EngineConfig is a config for the Engine

type HTTPClient

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

HTTPClient http client interface for API calls

type Hosted

type Hosted struct {
	HTTPClient HTTPClient
	// contains filtered or unexported fields
}

Hosted client

func NewHostedDeviceFlow

func NewHostedDeviceFlow(config ProviderConfig) *Hosted

NewHostedDeviceFlow returns an Hosted OAuth client

func (*Hosted) GetClientID added in v0.6.2

func (h *Hosted) GetClientID(ctx context.Context) string

GetClientID returns the provider client id

func (*Hosted) RequestDeviceCode

func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)

RequestDeviceCode requests a device code login flow information from Hosted

func (*Hosted) WaitToken

func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)

WaitToken waits user's login and authorize the app. Once the user's authorize it retrieves the access token from Hosted's endpoint and validates it before returning

type MobileDependency added in v0.17.0

type MobileDependency struct {
	TunAdapter    iface.TunAdapter
	IFaceDiscover stdnet.ExternalIFaceDiscover
	RouteListener routemanager.RouteListener
}

MobileDependency collect all dependencies for mobile platform

type OAuthClient

type OAuthClient interface {
	RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
	WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)
	GetClientID(ctx context.Context) string
}

OAuthClient is a OAuth client interface for various idp providers

type Peer

type Peer struct {
	WgPubKey     string
	WgAllowedIps string
}

Peer is an instance of the Connection Peer

type ProviderConfig

type ProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Domain An IDP API domain
	// Deprecated. Use OIDCConfigEndpoint instead
	Domain string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
	DeviceAuthEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
}

ProviderConfig has all attributes needed to initiate a device authorization flow

type RequestDeviceCodePayload

type RequestDeviceCodePayload struct {
	Audience string `json:"audience"`
	ClientID string `json:"client_id"`
	Scope    string `json:"scope"`
}

RequestDeviceCodePayload used for request device code payload for auth0

type StatusType

type StatusType string
const (
	StatusIdle StatusType = "Idle"

	StatusConnecting  StatusType = "Connecting"
	StatusConnected   StatusType = "Connected"
	StatusNeedsLogin  StatusType = "NeedsLogin"
	StatusLoginFailed StatusType = "LoginFailed"
)

type TokenInfo

type TokenInfo struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	IDToken      string `json:"id_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	UseIDToken   bool   `json:"-"`
}

TokenInfo holds information of issued access token

func (TokenInfo) GetTokenToUse added in v0.15.1

func (t TokenInfo) GetTokenToUse() string

GetTokenToUse returns either the access or id token based on UseIDToken field

type TokenRequestPayload

type TokenRequestPayload struct {
	GrantType    string `json:"grant_type"`
	DeviceCode   string `json:"device_code,omitempty"`
	ClientID     string `json:"client_id"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

TokenRequestPayload used for requesting the auth0 token

type TokenRequestResponse

type TokenRequestResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
	TokenInfo
}

TokenRequestResponse used for parsing Hosted token's response

Directories

Path Synopsis
acl
mocks
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
Package stdnet is an extension of the pion's stdnet.
Package stdnet is an extension of the pion's stdnet.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL