Documentation
¶
Index ¶
- Constants
- Variables
- func CtxGetState(ctx context.Context) *contextState
- func CtxInitState(ctx context.Context) context.Context
- func IsLoginRequired(ctx context.Context, privateKey string, mgmURL *url.URL, sshKey string) (bool, error)
- func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error
- func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status) error
- func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, ...) error
- func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, ...) error
- func WriteOutConfig(path string, config *Config) error
- type Claims
- type Config
- func CreateInMemoryConfig(input ConfigInput) (*Config, error)
- func ReadConfig(configPath string) (*Config, error)
- func UpdateConfig(input ConfigInput) (*Config, error)
- func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error)
- func UpdateOrCreateConfig(input ConfigInput) (*Config, error)
- type ConfigInput
- type DeviceAuthInfo
- type DeviceAuthorizationFlow
- type Engine
- type EngineConfig
- type HTTPClient
- type Hosted
- type MobileDependency
- type OAuthClient
- type Peer
- type ProviderConfig
- type RequestDeviceCodePayload
- type StatusType
- type TokenInfo
- type TokenRequestPayload
- type TokenRequestResponse
Constants ¶
const ( // ManagementLegacyPort is the port that was used before by the Management gRPC server. // It is used for backward compatibility now. // NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import ManagementLegacyPort = 33073 // DefaultManagementURL points to the NetBird's cloud management endpoint DefaultManagementURL = "https://api.wiretrustee.com:443" // DefaultAdminURL points to NetBird's cloud management console DefaultAdminURL = "https://app.netbird.io:443" )
const ( PeerConnectionTimeoutMax = 45000 // ms PeerConnectionTimeoutMin = 30000 // ms )
PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig
const ( HostedGrantType = "urn:ietf:params:oauth:grant-type:device_code" HostedRefreshGrant = "refresh_token" )
HostedGrantType grant type for device flow on Hosted
Variables ¶
var ErrResetConnection = fmt.Errorf("reset connection")
Functions ¶
func CtxGetState ¶
CtxGetState object to get/update state/errors of process.
func CtxInitState ¶
CtxInitState setup context state into the context tree.
This function should be used to initialize context before CtxGetState will be executed.
func IsLoginRequired ¶ added in v0.14.5
func IsLoginRequired(ctx context.Context, privateKey string, mgmURL *url.URL, sshKey string) (bool, error)
IsLoginRequired check that the server is support SSO or not
func RunClientMobile ¶ added in v0.21.9
func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, routeListener routemanager.RouteListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error
RunClientMobile with main logic on mobile system
func SignalOfferAnswer ¶ added in v0.8.12
func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error
SignalOfferAnswer signals either an offer or an answer to remote peer
func WriteOutConfig ¶ added in v0.14.5
WriteOutConfig write put the prepared config to the given path
Types ¶
type Claims ¶
type Claims struct {
Audience interface{} `json:"aud"`
}
Claims used when validating the access token
type Config ¶
type Config struct {
// Wireguard private key of local peer
PrivateKey string
ManagementURL *url.URL
AdminURL *url.URL
WgIface string
WgPort int
IFaceBlackList []string
DisableIPv6Discovery bool
// SSHKey is a private SSH key in a PEM format
SSHKey string
NATExternalIPs []string
// CustomDNSAddress sets the DNS resolver listening address in format ip:port
CustomDNSAddress string
}
Config Configuration type
func CreateInMemoryConfig ¶ added in v0.14.5
func CreateInMemoryConfig(input ConfigInput) (*Config, error)
CreateInMemoryConfig generate a new config but do not write out it to the store
func ReadConfig ¶
ReadConfig read config file and return with Config. If it is not exists create a new with default values
func UpdateConfig ¶ added in v0.14.2
func UpdateConfig(input ConfigInput) (*Config, error)
UpdateConfig update existing configuration according to input configuration and return with the configuration
func UpdateOldManagementPort ¶ added in v0.8.5
func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error)
UpdateOldManagementPort checks whether client can switch to the new Management port 443. If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config. The check is performed only for the NetBird's managed version.
func UpdateOrCreateConfig ¶ added in v0.14.2
func UpdateOrCreateConfig(input ConfigInput) (*Config, error)
UpdateOrCreateConfig reads existing config or generates a new one
type ConfigInput ¶ added in v0.12.0
type ConfigInput struct {
ManagementURL string
AdminURL string
ConfigPath string
NATExternalIPs []string
CustomDNSAddress []byte
}
ConfigInput carries configuration changes to the client
type DeviceAuthInfo ¶
type DeviceAuthInfo struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
}
DeviceAuthInfo holds information for the OAuth device login flow
type DeviceAuthorizationFlow ¶
type DeviceAuthorizationFlow struct {
Provider string
ProviderConfig ProviderConfig
}
DeviceAuthorizationFlow represents Device Authorization Flow information
func GetDeviceAuthorizationFlowInfo ¶
func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error)
GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it
type Engine ¶
type Engine struct {
// STUNs is a list of STUN servers used by ICE
STUNs []*ice.URL
// TURNs is a list of STUN servers used by ICE
TURNs []*ice.URL
// contains filtered or unexported fields
}
Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.
func NewEngine ¶
func NewEngine( ctx context.Context, cancel context.CancelFunc, signalClient signal.Client, mgmClient mgm.Client, config *EngineConfig, mobileDep MobileDependency, statusRecorder *peer.Status, ) *Engine
NewEngine creates a new Connection Engine
func (*Engine) Start ¶
Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service
type EngineConfig ¶
type EngineConfig struct {
WgPort int
WgIfaceName string
// WgAddr is a Wireguard local address (Netbird Network IP)
WgAddr string
// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
WgPrivateKey wgtypes.Key
// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
IFaceBlackList []string
DisableIPv6Discovery bool
// UDPMuxPort default value 0 - the system will pick an available port
UDPMuxPort int
// UDPMuxSrflxPort default value 0 - the system will pick an available port
UDPMuxSrflxPort int
// SSHKey is a private SSH key in a PEM format
SSHKey []byte
NATExternalIPs []string
CustomDNSAddress string
}
EngineConfig is a config for the Engine
type HTTPClient ¶
HTTPClient http client interface for API calls
type Hosted ¶
type Hosted struct {
HTTPClient HTTPClient
// contains filtered or unexported fields
}
Hosted client
func NewHostedDeviceFlow ¶
func NewHostedDeviceFlow(config ProviderConfig) *Hosted
NewHostedDeviceFlow returns an Hosted OAuth client
func (*Hosted) GetClientID ¶ added in v0.6.2
GetClientID returns the provider client id
func (*Hosted) RequestDeviceCode ¶
func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
RequestDeviceCode requests a device code login flow information from Hosted
type MobileDependency ¶ added in v0.17.0
type MobileDependency struct {
TunAdapter iface.TunAdapter
IFaceDiscover stdnet.ExternalIFaceDiscover
RouteListener routemanager.RouteListener
HostDNSAddresses []string
DnsReadyListener dns.ReadyListener
}
MobileDependency collect all dependencies for mobile platform
type OAuthClient ¶
type OAuthClient interface {
RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)
GetClientID(ctx context.Context) string
}
OAuthClient is a OAuth client interface for various idp providers
type ProviderConfig ¶
type ProviderConfig struct {
// ClientID An IDP application client id
ClientID string
// ClientSecret An IDP application client secret
ClientSecret string
// Domain An IDP API domain
// Deprecated. Use OIDCConfigEndpoint instead
Domain string
// Audience An Audience for to authorization validation
Audience string
// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
TokenEndpoint string
// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
DeviceAuthEndpoint string
// Scopes provides the scopes to be included in the token request
Scope string
// UseIDToken indicates if the id token should be used for authentication
UseIDToken bool
}
ProviderConfig has all attributes needed to initiate a device authorization flow
type RequestDeviceCodePayload ¶
type RequestDeviceCodePayload struct {
Audience string `json:"audience"`
ClientID string `json:"client_id"`
Scope string `json:"scope"`
}
RequestDeviceCodePayload used for request device code payload for auth0
type StatusType ¶
type StatusType string
const ( StatusIdle StatusType = "Idle" StatusConnecting StatusType = "Connecting" StatusConnected StatusType = "Connected" StatusNeedsLogin StatusType = "NeedsLogin" StatusLoginFailed StatusType = "LoginFailed" )
type TokenInfo ¶
type TokenInfo struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IDToken string `json:"id_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
UseIDToken bool `json:"-"`
}
TokenInfo holds information of issued access token
func (TokenInfo) GetTokenToUse ¶ added in v0.15.1
GetTokenToUse returns either the access or id token based on UseIDToken field
type TokenRequestPayload ¶
type TokenRequestPayload struct {
GrantType string `json:"grant_type"`
DeviceCode string `json:"device_code,omitempty"`
ClientID string `json:"client_id"`
RefreshToken string `json:"refresh_token,omitempty"`
}
TokenRequestPayload used for requesting the auth0 token
type TokenRequestResponse ¶
type TokenRequestResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
TokenInfo
}
TokenRequestResponse used for parsing Hosted token's response
Source Files
Directories