server

package
v0.35.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 25, 2024 License: BSD-3-Clause Imports: 58 Imported by: 17

Documentation

Index

Constants

View Source 
const (
	CacheExpirationMax = 7 * 24 * 3600 * time.Second // 7 days
	CacheExpirationMin = 3 * 24 * 3600 * time.Second // 3 days

)
View Source 
const (
	UDP   Protocol = "udp"
	DTLS  Protocol = "dtls"
	TCP   Protocol = "tcp"
	HTTP  Protocol = "http"
	HTTPS Protocol = "https"
	NONE  Provider = "none"
)
View Source 
const (
	// DefaultDeviceAuthFlowScope defines the bare minimum scope to request in the device authorization flow
	DefaultDeviceAuthFlowScope string = "openid"
)

Variables

This section is empty.

Functions

func ConvertSliceToMap added in v0.29.3 

func ConvertSliceToMap(existingLabels []string) map[string]struct{}

func ToResponseProto 

func ToResponseProto(configProto Protocol) proto.HostConfig_Protocol

Types

type AccountManager 

type AccountManager interface {
	GetOrCreateAccountByUser(ctx context.Context, userId, domain string) (*types.Account, error)
	GetAccount(ctx context.Context, accountID string) (*types.Account, error)
	CreateSetupKey(ctx context.Context, accountID string, keyName string, keyType types.SetupKeyType, expiresIn time.Duration,
		autoGroups []string, usageLimit int, userID string, ephemeral bool) (*types.SetupKey, error)
	SaveSetupKey(ctx context.Context, accountID string, key *types.SetupKey, userID string) (*types.SetupKey, error)
	CreateUser(ctx context.Context, accountID, initiatorUserID string, key *types.UserInfo) (*types.UserInfo, error)
	DeleteUser(ctx context.Context, accountID, initiatorUserID string, targetUserID string) error
	DeleteRegularUsers(ctx context.Context, accountID, initiatorUserID string, targetUserIDs []string) error
	InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error
	ListSetupKeys(ctx context.Context, accountID, userID string) ([]*types.SetupKey, error)
	SaveUser(ctx context.Context, accountID, initiatorUserID string, update *types.User) (*types.UserInfo, error)
	SaveOrAddUser(ctx context.Context, accountID, initiatorUserID string, update *types.User, addIfNotExists bool) (*types.UserInfo, error)
	SaveOrAddUsers(ctx context.Context, accountID, initiatorUserID string, updates []*types.User, addIfNotExists bool) ([]*types.UserInfo, error)
	GetSetupKey(ctx context.Context, accountID, userID, keyID string) (*types.SetupKey, error)
	GetAccountByID(ctx context.Context, accountID string, userID string) (*types.Account, error)
	AccountExists(ctx context.Context, accountID string) (bool, error)
	GetAccountIDByUserID(ctx context.Context, userID, domain string) (string, error)
	GetAccountIDFromToken(ctx context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error)
	CheckUserAccessByJWTGroups(ctx context.Context, claims jwtclaims.AuthorizationClaims) error
	GetAccountFromPAT(ctx context.Context, pat string) (*types.Account, *types.User, *types.PersonalAccessToken, error)
	DeleteAccount(ctx context.Context, accountID, userID string) error
	MarkPATUsed(ctx context.Context, tokenID string) error
	GetUserByID(ctx context.Context, id string) (*types.User, error)
	GetUser(ctx context.Context, claims jwtclaims.AuthorizationClaims) (*types.User, error)
	ListUsers(ctx context.Context, accountID string) ([]*types.User, error)
	GetPeers(ctx context.Context, accountID, userID string) ([]*nbpeer.Peer, error)
	MarkPeerConnected(ctx context.Context, peerKey string, connected bool, realIP net.IP, account *types.Account) error
	DeletePeer(ctx context.Context, accountID, peerID, userID string) error
	UpdatePeer(ctx context.Context, accountID, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, error)
	GetNetworkMap(ctx context.Context, peerID string) (*types.NetworkMap, error)
	GetPeerNetwork(ctx context.Context, peerID string) (*types.Network, error)
	AddPeer(ctx context.Context, setupKey, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)
	CreatePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*types.PersonalAccessTokenGenerated, error)
	DeletePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) error
	GetPAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) (*types.PersonalAccessToken, error)
	GetAllPATs(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) ([]*types.PersonalAccessToken, error)
	GetUsersFromAccount(ctx context.Context, accountID, userID string) ([]*types.UserInfo, error)
	GetGroup(ctx context.Context, accountId, groupID, userID string) (*types.Group, error)
	GetAllGroups(ctx context.Context, accountID, userID string) ([]*types.Group, error)
	GetGroupByName(ctx context.Context, groupName, accountID string) (*types.Group, error)
	SaveGroup(ctx context.Context, accountID, userID string, group *types.Group) error
	SaveGroups(ctx context.Context, accountID, userID string, newGroups []*types.Group) error
	DeleteGroup(ctx context.Context, accountId, userId, groupID string) error
	DeleteGroups(ctx context.Context, accountId, userId string, groupIDs []string) error
	GroupAddPeer(ctx context.Context, accountId, groupID, peerID string) error
	GroupDeletePeer(ctx context.Context, accountId, groupID, peerID string) error
	GetPolicy(ctx context.Context, accountID, policyID, userID string) (*types.Policy, error)
	SavePolicy(ctx context.Context, accountID, userID string, policy *types.Policy) (*types.Policy, error)
	DeletePolicy(ctx context.Context, accountID, policyID, userID string) error
	ListPolicies(ctx context.Context, accountID, userID string) ([]*types.Policy, error)
	GetRoute(ctx context.Context, accountID string, routeID route.ID, userID string) (*route.Route, error)
	CreateRoute(ctx context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroupIDs []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroupIDs []string, enabled bool, userID string, keepRoute bool) (*route.Route, error)
	SaveRoute(ctx context.Context, accountID, userID string, route *route.Route) error
	DeleteRoute(ctx context.Context, accountID string, routeID route.ID, userID string) error
	ListRoutes(ctx context.Context, accountID, userID string) ([]*route.Route, error)
	GetNameServerGroup(ctx context.Context, accountID, userID, nsGroupID string) (*nbdns.NameServerGroup, error)
	CreateNameServerGroup(ctx context.Context, accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, primary bool, domains []string, enabled bool, userID string, searchDomainsEnabled bool) (*nbdns.NameServerGroup, error)
	SaveNameServerGroup(ctx context.Context, accountID, userID string, nsGroupToSave *nbdns.NameServerGroup) error
	DeleteNameServerGroup(ctx context.Context, accountID, nsGroupID, userID string) error
	ListNameServerGroups(ctx context.Context, accountID string, userID string) ([]*nbdns.NameServerGroup, error)
	GetDNSDomain() string
	StoreEvent(ctx context.Context, initiatorID, targetID, accountID string, activityID activity.ActivityDescriber, meta map[string]any)
	GetEvents(ctx context.Context, accountID, userID string) ([]*activity.Event, error)
	GetDNSSettings(ctx context.Context, accountID string, userID string) (*types.DNSSettings, error)
	SaveDNSSettings(ctx context.Context, accountID string, userID string, dnsSettingsToSave *types.DNSSettings) error
	GetPeer(ctx context.Context, accountID, peerID, userID string) (*nbpeer.Peer, error)
	UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *types.Settings) (*types.Account, error)
	LoginPeer(ctx context.Context, login PeerLogin) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)                      // used by peer gRPC API
	SyncPeer(ctx context.Context, sync PeerSync, account *types.Account) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error) // used by peer gRPC API
	GetAllConnectedPeers() (map[string]struct{}, error)
	HasConnectedChannel(peerID string) bool
	GetExternalCacheManager() ExternalCacheManager
	GetPostureChecks(ctx context.Context, accountID, postureChecksID, userID string) (*posture.Checks, error)
	SavePostureChecks(ctx context.Context, accountID, userID string, postureChecks *posture.Checks) (*posture.Checks, error)
	DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error
	ListPostureChecks(ctx context.Context, accountID, userID string) ([]*posture.Checks, error)
	GetIdpManager() idp.Manager
	UpdateIntegratedValidatorGroups(ctx context.Context, accountID string, userID string, groups []string) error
	GroupValidation(ctx context.Context, accountId string, groups []string) (bool, error)
	GetValidatedPeers(account *types.Account) (map[string]struct{}, error)
	SyncAndMarkPeer(ctx context.Context, accountID string, peerPubKey string, meta nbpeer.PeerSystemMeta, realIP net.IP) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)
	OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error
	SyncPeerMeta(ctx context.Context, peerPubKey string, meta nbpeer.PeerSystemMeta) error
	FindExistingPostureCheck(accountID string, checks *posture.ChecksDefinition) (*posture.Checks, error)
	GetAccountIDForPeerKey(ctx context.Context, peerKey string) (string, error)
	GetAccountSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error)
	DeleteSetupKey(ctx context.Context, accountID, userID, keyID string) error
	UpdateAccountPeers(ctx context.Context, accountID string)
}

type AccountRequest added in v0.28.8 

type AccountRequest struct {
	AccountID  string
	ResultChan chan *AccountResult
}

AccountRequest holds the result channel to return the requested account.

type AccountRequestBuffer added in v0.28.9 

type AccountRequestBuffer struct {
	// contains filtered or unexported fields
}

func NewAccountRequestBuffer added in v0.28.9 

func NewAccountRequestBuffer(ctx context.Context, store store.Store) *AccountRequestBuffer

func (*AccountRequestBuffer) GetAccountWithBackpressure added in v0.28.9 

func (ac *AccountRequestBuffer) GetAccountWithBackpressure(ctx context.Context, accountID string) (*types.Account, error)

type AccountResult added in v0.28.8 

type AccountResult struct {
	Account *types.Account
	Err     error
}

AccountResult holds the account data or an error.

type Config 

type Config struct {
	Stuns      []*Host
	TURNConfig *TURNConfig
	Relay      *Relay
	Signal     *Host

	Datadir                string
	DataStoreEncryptionKey string

	HttpConfig *HttpServerConfig

	IdpManagerConfig *idp.Config

	DeviceAuthorizationFlow *DeviceAuthorizationFlow

	PKCEAuthorizationFlow *PKCEAuthorizationFlow

	StoreConfig StoreConfig

	ReverseProxy ReverseProxy
}

Config of the Management service

func (Config) GetAuthAudiences added in v0.15.0 

func (c Config) GetAuthAudiences() []string

GetAuthAudiences returns the audience from the http config and device authorization flow config

type DNSConfigCache added in v0.28.8 

type DNSConfigCache struct {
	CustomZones      sync.Map
	NameServerGroups sync.Map
}

DNSConfigCache is a thread-safe cache for DNS configuration components

func (*DNSConfigCache) GetCustomZone added in v0.28.8 

func (c *DNSConfigCache) GetCustomZone(key string) (*proto.CustomZone, bool)

GetCustomZone retrieves a cached custom zone

func (*DNSConfigCache) GetNameServerGroup added in v0.28.8 

func (c *DNSConfigCache) GetNameServerGroup(key string) (*proto.NameServerGroup, bool)

GetNameServerGroup retrieves a cached name server group

func (*DNSConfigCache) SetCustomZone added in v0.28.8 

func (c *DNSConfigCache) SetCustomZone(key string, value *proto.CustomZone)

SetCustomZone stores a custom zone in the cache

func (*DNSConfigCache) SetNameServerGroup added in v0.28.8 

func (c *DNSConfigCache) SetNameServerGroup(key string, value *proto.NameServerGroup)

SetNameServerGroup stores a name server group in the cache

type DefaultAccountManager 

type DefaultAccountManager struct {
	Store store.Store
	// contains filtered or unexported fields
}

func BuildManager 

func BuildManager(
	ctx context.Context,
	store store.Store,
	peersUpdateManager *PeersUpdateManager,
	idpManager idp.Manager,
	singleAccountModeDomain string,
	dnsDomain string,
	eventStore activity.Store,
	geo *geolocation.Geolocation,
	userDeleteFromIDPEnabled bool,
	integratedPeerValidator integrated_validator.IntegratedValidator,
	metrics telemetry.AppMetrics,
) (*DefaultAccountManager, error)

BuildManager creates a new DefaultAccountManager with a provided Store

func (*DefaultAccountManager) AccountExists 

func (am *DefaultAccountManager) AccountExists(ctx context.Context, accountID string) (bool, error)

AccountExists checks if an account exists.

func (*DefaultAccountManager) AddPeer 

func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID string, peer *nbpeer.Peer) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

AddPeer adds a new peer to the Store. Each Account has a list of pre-authorized SetupKey and if no Account has a given key err with a code status.PermissionDenied will be returned, meaning the setup key is invalid or not found. If a User ID is provided, it means that we passed the authentication using JWT, then we look for account by User ID and register the peer to it. We also add the User ID to the peer metadata to identify registrant. If no userID provided, then fail with status.PermissionDenied Each new Peer will be assigned a new next net.IP from the Account.Network and Account.Network.LastIP will be updated (IP's are not reused). The peer property is just a placeholder for the Peer properties to pass further

func (*DefaultAccountManager) CheckGroupPermissions added in v0.30.0 

func (am *DefaultAccountManager) CheckGroupPermissions(ctx context.Context, accountID, userID string) error

CheckGroupPermissions validates if a user has the necessary permissions to view groups

func (*DefaultAccountManager) CheckUserAccessByJWTGroups added in v0.25.0 

func (am *DefaultAccountManager) CheckUserAccessByJWTGroups(ctx context.Context, claims jwtclaims.AuthorizationClaims) error

CheckUserAccessByJWTGroups checks if the user has access, particularly in cases where the admin enabled JWT group propagation and set the list of groups with access permissions.

func (*DefaultAccountManager) CreateNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, primary bool, domains []string, enabled bool, userID string, searchDomainEnabled bool) (*nbdns.NameServerGroup, error)

CreateNameServerGroup creates and saves a new nameserver group

func (*DefaultAccountManager) CreatePAT added in v0.14.6 

func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*types.PersonalAccessTokenGenerated, error)

CreatePAT creates a new PAT for the given user

func (*DefaultAccountManager) CreateRoute added in v0.8.9 

func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroupIDs []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroupIDs []string, enabled bool, userID string, keepRoute bool) (*route.Route, error)

CreateRoute creates and saves a new route

func (*DefaultAccountManager) CreateSetupKey added in v0.9.2 

func (am *DefaultAccountManager) CreateSetupKey(ctx context.Context, accountID string, keyName string, keyType types.SetupKeyType,
	expiresIn time.Duration, autoGroups []string, usageLimit int, userID string, ephemeral bool) (*types.SetupKey, error)

CreateSetupKey generates a new setup key with a given name, type, list of groups IDs to auto-assign to peers registered with this key, and adds it to the specified account. A list of autoGroups IDs can be empty.

func (*DefaultAccountManager) CreateUser added in v0.9.8 

func (am *DefaultAccountManager) CreateUser(ctx context.Context, accountID, userID string, user *types.UserInfo) (*types.UserInfo, error)

CreateUser creates a new user under the given account. Effectively this is a user invite.

func (*DefaultAccountManager) DeleteAccount added in v0.24.4 

func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, userID string) error

DeleteAccount deletes an account and all its users from local store and from the remote IDP if the requester is an admin and account owner

func (*DefaultAccountManager) DeleteGroup 

func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountID, userID, groupID string) error

DeleteGroup object of the peers.

func (*DefaultAccountManager) DeleteGroups added in v0.28.8 

func (am *DefaultAccountManager) DeleteGroups(ctx context.Context, accountID, userID string, groupIDs []string) error

DeleteGroups deletes groups from an account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

If an error occurs while deleting a group, the function skips it and continues deleting other groups. Errors are collected and returned at the end.

func (*DefaultAccountManager) DeleteNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, accountID, nsGroupID, userID string) error

DeleteNameServerGroup deletes nameserver group with nsGroupID

func (*DefaultAccountManager) DeletePAT added in v0.14.5 

func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) error

DeletePAT deletes a specific PAT from a user

func (*DefaultAccountManager) DeletePeer 

func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peerID, userID string) error

DeletePeer removes peer from the account by its IP

func (*DefaultAccountManager) DeletePolicy added in v0.14.5 

func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, policyID, userID string) error

DeletePolicy from the store

func (*DefaultAccountManager) DeletePostureChecks added in v0.26.0 

func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error

DeletePostureChecks deletes a posture check by ID.

func (*DefaultAccountManager) DeleteRegularUsers added in v0.28.8 

func (am *DefaultAccountManager) DeleteRegularUsers(ctx context.Context, accountID, initiatorUserID string, targetUserIDs []string) error

DeleteRegularUsers deletes regular users from an account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

If an error occurs while deleting the user, the function skips it and continues deleting other users. Errors are collected and returned at the end.

func (*DefaultAccountManager) DeleteRoute added in v0.8.9 

func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID string, routeID route.ID, userID string) error

DeleteRoute deletes route with routeID

func (*DefaultAccountManager) DeleteSetupKey added in v0.31.0 

func (am *DefaultAccountManager) DeleteSetupKey(ctx context.Context, accountID, userID, keyID string) error

DeleteSetupKey removes the setup key from the account

func (*DefaultAccountManager) DeleteUser added in v0.17.0 

func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, initiatorUserID string, targetUserID string) error

DeleteUser deletes a user from the given account.

func (*DefaultAccountManager) FindExistingPostureCheck added in v0.28.0 

func (am *DefaultAccountManager) FindExistingPostureCheck(accountID string, checks *posture.ChecksDefinition) (*posture.Checks, error)

func (*DefaultAccountManager) GetAccount added in v0.30.0 

func (am *DefaultAccountManager) GetAccount(ctx context.Context, accountID string) (*types.Account, error)

GetAccount returns an account associated with this account ID.

func (*DefaultAccountManager) GetAccountByID added in v0.30.0 

func (am *DefaultAccountManager) GetAccountByID(ctx context.Context, accountID string, userID string) (*types.Account, error)

GetAccountByID returns an account associated with this account ID.

func (*DefaultAccountManager) GetAccountFromPAT added in v0.14.5 

func (am *DefaultAccountManager) GetAccountFromPAT(ctx context.Context, token string) (*types.Account, *types.User, *types.PersonalAccessToken, error)

GetAccountFromPAT returns Account and User associated with a personal access token

func (*DefaultAccountManager) GetAccountIDByUserID added in v0.30.0 

func (am *DefaultAccountManager) GetAccountIDByUserID(ctx context.Context, userID, domain string) (string, error)

GetAccountIDByUserID retrieves the account ID based on the userID provided. If user does have an account, it returns the user's account ID. If the user doesn't have an account, it creates one using the provided domain. Returns the account ID or an error if none is found or created.

func (*DefaultAccountManager) GetAccountIDForPeerKey added in v0.28.4 

func (am *DefaultAccountManager) GetAccountIDForPeerKey(ctx context.Context, peerKey string) (string, error)

func (*DefaultAccountManager) GetAccountIDFromToken added in v0.30.0 

func (am *DefaultAccountManager) GetAccountIDFromToken(ctx context.Context, claims jwtclaims.AuthorizationClaims) (string, string, error)

GetAccountIDFromToken returns an account ID associated with this token.

func (*DefaultAccountManager) GetAccountSettings added in v0.30.0 

func (am *DefaultAccountManager) GetAccountSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error)

func (*DefaultAccountManager) GetAllConnectedPeers added in v0.23.9 

func (am *DefaultAccountManager) GetAllConnectedPeers() (map[string]struct{}, error)

GetAllConnectedPeers returns connected peers based on peersUpdateManager.GetAllConnectedPeers()

func (*DefaultAccountManager) GetAllGroups added in v0.26.4 

func (am *DefaultAccountManager) GetAllGroups(ctx context.Context, accountID, userID string) ([]*types.Group, error)

GetAllGroups returns all groups in an account

func (*DefaultAccountManager) GetAllPATs added in v0.14.6 

func (am *DefaultAccountManager) GetAllPATs(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) ([]*types.PersonalAccessToken, error)

GetAllPATs returns all PATs for a user

func (*DefaultAccountManager) GetDNSDomain added in v0.10.10 

func (am *DefaultAccountManager) GetDNSDomain() string

GetDNSDomain returns the configured dnsDomain

func (*DefaultAccountManager) GetDNSSettings added in v0.12.0 

func (am *DefaultAccountManager) GetDNSSettings(ctx context.Context, accountID string, userID string) (*types.DNSSettings, error)

GetDNSSettings validates a user role and returns the DNS settings for the provided account ID

func (*DefaultAccountManager) GetEvents added in v0.12.0 

func (am *DefaultAccountManager) GetEvents(ctx context.Context, accountID, userID string) ([]*activity.Event, error)

GetEvents returns a list of activity events of an account

func (*DefaultAccountManager) GetExternalCacheManager added in v0.24.3 

func (am *DefaultAccountManager) GetExternalCacheManager() ExternalCacheManager

func (*DefaultAccountManager) GetGroup 

func (am *DefaultAccountManager) GetGroup(ctx context.Context, accountID, groupID, userID string) (*types.Group, error)

GetGroup returns a specific group by groupID in an account

func (*DefaultAccountManager) GetGroupByName added in v0.25.5 

func (am *DefaultAccountManager) GetGroupByName(ctx context.Context, groupName, accountID string) (*types.Group, error)

GetGroupByName filters all groups in an account by name and returns the one with the most peers

func (*DefaultAccountManager) GetIdpManager added in v0.26.3 

func (am *DefaultAccountManager) GetIdpManager() idp.Manager

func (*DefaultAccountManager) GetNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) GetNameServerGroup(ctx context.Context, accountID, userID, nsGroupID string) (*nbdns.NameServerGroup, error)

GetNameServerGroup gets a nameserver group object from account and nameserver group IDs

func (*DefaultAccountManager) GetNetworkMap 

func (am *DefaultAccountManager) GetNetworkMap(ctx context.Context, peerID string) (*types.NetworkMap, error)

GetNetworkMap returns Network map for a given peer (omits original peer from the Peers result)

func (*DefaultAccountManager) GetOrCreateAccountByUser 

func (am *DefaultAccountManager) GetOrCreateAccountByUser(ctx context.Context, userID, domain string) (*types.Account, error)

GetOrCreateAccountByUser returns an existing account for a given user id or creates a new one if doesn't exist

func (*DefaultAccountManager) GetPAT added in v0.14.6 

func (am *DefaultAccountManager) GetPAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) (*types.PersonalAccessToken, error)

GetPAT returns a specific PAT from a user

func (*DefaultAccountManager) GetPeer 

func (am *DefaultAccountManager) GetPeer(ctx context.Context, accountID, peerID, userID string) (*nbpeer.Peer, error)

GetPeer for a given accountID, peerID and userID error if not found.

func (*DefaultAccountManager) GetPeerNetwork added in v0.8.0 

func (am *DefaultAccountManager) GetPeerNetwork(ctx context.Context, peerID string) (*types.Network, error)

GetPeerNetwork returns the Network for a given peer

func (*DefaultAccountManager) GetPeers added in v0.10.5 

func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID string) ([]*nbpeer.Peer, error)

GetPeers returns a list of peers under the given account filtering out peers that do not belong to a user if the current user is not an admin.

func (*DefaultAccountManager) GetPolicy added in v0.14.5 

func (am *DefaultAccountManager) GetPolicy(ctx context.Context, accountID, policyID, userID string) (*types.Policy, error)

GetPolicy from the store

func (*DefaultAccountManager) GetPostureChecks added in v0.26.0 

func (am *DefaultAccountManager) GetPostureChecks(ctx context.Context, accountID, postureChecksID, userID string) (*posture.Checks, error)

func (*DefaultAccountManager) GetRoute added in v0.8.9 

func (am *DefaultAccountManager) GetRoute(ctx context.Context, accountID string, routeID route.ID, userID string) (*route.Route, error)

GetRoute gets a route object from account and route IDs

func (*DefaultAccountManager) GetSetupKey added in v0.9.2 

func (am *DefaultAccountManager) GetSetupKey(ctx context.Context, accountID, userID, keyID string) (*types.SetupKey, error)

GetSetupKey looks up a SetupKey by KeyID, returns NotFound error if not found.

func (*DefaultAccountManager) GetUser added in v0.20.0 

func (am *DefaultAccountManager) GetUser(ctx context.Context, claims jwtclaims.AuthorizationClaims) (*types.User, error)

GetUser looks up a user by provided authorization claims. It will also create an account if didn't exist for this user before.

func (*DefaultAccountManager) GetUserByID added in v0.30.0 

func (am *DefaultAccountManager) GetUserByID(ctx context.Context, id string) (*types.User, error)

func (*DefaultAccountManager) GetUsersFromAccount 

func (am *DefaultAccountManager) GetUsersFromAccount(ctx context.Context, accountID, userID string) ([]*types.UserInfo, error)

GetUsersFromAccount performs a batched request for users from IDP by account ID apply filter on what data to return based on provided user role.

func (*DefaultAccountManager) GetValidatedPeers added in v0.26.5 

func (am *DefaultAccountManager) GetValidatedPeers(account *types.Account) (map[string]struct{}, error)

func (*DefaultAccountManager) GroupAddPeer 

func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, groupID, peerID string) error

GroupAddPeer appends peer to the group

func (*DefaultAccountManager) GroupAddResource added in v0.35.0 

func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID, groupID string, resource types.Resource) error

GroupAddResource appends resource to the group

func (*DefaultAccountManager) GroupDeletePeer 

func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, groupID, peerID string) error

GroupDeletePeer removes peer from the group

func (*DefaultAccountManager) GroupDeleteResource added in v0.35.0 

func (am *DefaultAccountManager) GroupDeleteResource(ctx context.Context, accountID, groupID string, resource types.Resource) error

GroupDeleteResource removes resource from the group

func (*DefaultAccountManager) GroupValidation added in v0.26.5 

func (am *DefaultAccountManager) GroupValidation(ctx context.Context, accountID string, groupIDs []string) (bool, error)

func (*DefaultAccountManager) HasConnectedChannel added in v0.24.4 

func (am *DefaultAccountManager) HasConnectedChannel(peerID string) bool

HasConnectedChannel returns true if peers has channel in update manager, otherwise false

func (*DefaultAccountManager) InviteUser added in v0.21.9 

func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error

InviteUser resend invitations to users who haven't activated their accounts prior to the expiration period.

func (*DefaultAccountManager) ListNameServerGroups added in v0.9.8 

func (am *DefaultAccountManager) ListNameServerGroups(ctx context.Context, accountID string, userID string) ([]*nbdns.NameServerGroup, error)

ListNameServerGroups returns a list of nameserver groups from account

func (*DefaultAccountManager) ListPolicies added in v0.14.5 

func (am *DefaultAccountManager) ListPolicies(ctx context.Context, accountID, userID string) ([]*types.Policy, error)

ListPolicies from the store.

func (*DefaultAccountManager) ListPostureChecks added in v0.26.0 

func (am *DefaultAccountManager) ListPostureChecks(ctx context.Context, accountID, userID string) ([]*posture.Checks, error)

ListPostureChecks returns a list of posture checks.

func (*DefaultAccountManager) ListRoutes added in v0.8.9 

func (am *DefaultAccountManager) ListRoutes(ctx context.Context, accountID, userID string) ([]*route.Route, error)

ListRoutes returns a list of routes from account

func (*DefaultAccountManager) ListSetupKeys added in v0.9.2 

func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, userID string) ([]*types.SetupKey, error)

ListSetupKeys returns a list of all setup keys of the account

func (*DefaultAccountManager) ListUsers added in v0.24.3 

func (am *DefaultAccountManager) ListUsers(ctx context.Context, accountID string) ([]*types.User, error)

ListUsers returns lists of all users under the account. It doesn't populate user information such as email or name.

func (*DefaultAccountManager) LoginPeer added in v0.14.3 

func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login PeerLogin) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

LoginPeer logs in or registers a peer. If peer doesn't exist the function checks whether a setup key or a user is present and registers a new peer if so.

func (*DefaultAccountManager) MarkPATUsed added in v0.15.0 

func (am *DefaultAccountManager) MarkPATUsed(ctx context.Context, tokenID string) error

MarkPATUsed marks a personal access token as used

func (*DefaultAccountManager) MarkPeerConnected 

func (am *DefaultAccountManager) MarkPeerConnected(ctx context.Context, peerPubKey string, connected bool, realIP net.IP, account *types.Account) error

MarkPeerConnected marks peer as connected (true) or disconnected (false)

func (*DefaultAccountManager) OnPeerDisconnected added in v0.28.7 

func (am *DefaultAccountManager) OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error

func (*DefaultAccountManager) SaveDNSSettings added in v0.12.0 

func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID string, userID string, dnsSettingsToSave *types.DNSSettings) error

SaveDNSSettings validates a user role and updates the account's DNS settings

func (*DefaultAccountManager) SaveGroup 

func (am *DefaultAccountManager) SaveGroup(ctx context.Context, accountID, userID string, newGroup *types.Group) error

SaveGroup object of the peers

func (*DefaultAccountManager) SaveGroups added in v0.28.5 

func (am *DefaultAccountManager) SaveGroups(ctx context.Context, accountID, userID string, groups []*types.Group) error

SaveGroups adds new groups to the account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

func (*DefaultAccountManager) SaveNameServerGroup added in v0.9.8 

func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accountID, userID string, nsGroupToSave *nbdns.NameServerGroup) error

SaveNameServerGroup saves nameserver group

func (*DefaultAccountManager) SaveOrAddUser added in v0.24.3 

func (am *DefaultAccountManager) SaveOrAddUser(ctx context.Context, accountID, initiatorUserID string, update *types.User, addIfNotExists bool) (*types.UserInfo, error)

SaveOrAddUser updates the given user. If addIfNotExists is set to true it will add user when no exist Only User.AutoGroups, User.Role, and User.Blocked fields are allowed to be updated for now.

func (*DefaultAccountManager) SaveOrAddUsers added in v0.28.5 

func (am *DefaultAccountManager) SaveOrAddUsers(ctx context.Context, accountID, initiatorUserID string, updates []*types.User, addIfNotExists bool) ([]*types.UserInfo, error)

SaveOrAddUsers updates existing users or adds new users to the account. Note: This function does not acquire the global lock. It is the caller's responsibility to ensure proper locking is in place before invoking this method.

func (*DefaultAccountManager) SavePolicy added in v0.14.5 

func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, userID string, policy *types.Policy) (*types.Policy, error)

SavePolicy in the store

func (*DefaultAccountManager) SavePostureChecks added in v0.26.0 

func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountID, userID string, postureChecks *posture.Checks) (*posture.Checks, error)

SavePostureChecks saves a posture check.

func (*DefaultAccountManager) SaveRoute added in v0.8.9 

func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userID string, routeToSave *route.Route) error

SaveRoute saves route

func (*DefaultAccountManager) SaveSetupKey added in v0.9.2 

func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID string, keyToSave *types.SetupKey, userID string) (*types.SetupKey, error)

SaveSetupKey saves the provided SetupKey to the database overriding the existing one. Due to the unique nature of a SetupKey certain properties must not be overwritten (e.g. the key itself, creation date, ID, etc). These properties are overwritten: AutoGroups, Revoked (only from false to true), and the UpdatedAt. The rest is copied from the existing key.

func (*DefaultAccountManager) SaveUser added in v0.9.4 

func (am *DefaultAccountManager) SaveUser(ctx context.Context, accountID, initiatorUserID string, update *types.User) (*types.UserInfo, error)

SaveUser saves updates to the given user. If the user doesn't exist, it will throw status.NotFound error.

func (*DefaultAccountManager) StoreEvent added in v0.24.3 

func (am *DefaultAccountManager) StoreEvent(ctx context.Context, initiatorID, targetID, accountID string, activityID activity.ActivityDescriber, meta map[string]any)

func (*DefaultAccountManager) SyncAndMarkPeer added in v0.27.5 

func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID string, peerPubKey string, meta nbpeer.PeerSystemMeta, realIP net.IP) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

func (*DefaultAccountManager) SyncPeer added in v0.14.3 

func (am *DefaultAccountManager) SyncPeer(ctx context.Context, sync PeerSync, account *types.Account) (*nbpeer.Peer, *types.NetworkMap, []*posture.Checks, error)

SyncPeer checks whether peer is eligible for receiving NetworkMap (authenticated) and returns its NetworkMap if eligible

func (*DefaultAccountManager) SyncPeerMeta added in v0.28.0 

func (am *DefaultAccountManager) SyncPeerMeta(ctx context.Context, peerPubKey string, meta nbpeer.PeerSystemMeta) error

func (*DefaultAccountManager) UpdateAccountPeers added in v0.35.0 

func (am *DefaultAccountManager) UpdateAccountPeers(ctx context.Context, accountID string)

UpdateAccountPeers updates all peers that belong to an account. Should be called when changes have to be synced to peers.

func (*DefaultAccountManager) UpdateAccountSettings added in v0.14.0 

func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *types.Settings) (*types.Account, error)

UpdateAccountSettings updates Account settings. Only users with role UserRoleAdmin can update the account. User that performs the update has to belong to the account. Returns an updated Account

func (*DefaultAccountManager) UpdateIntegratedValidatorGroups added in v0.26.5 

func (am *DefaultAccountManager) UpdateIntegratedValidatorGroups(ctx context.Context, accountID string, userID string, groups []string) error

UpdateIntegratedValidatorGroups updates the integrated validator groups for a specified account. It retrieves the account associated with the provided userID, then updates the integrated validator groups with the provided list of group ids. The updated account is then saved.

Parameters:

  • accountID: The ID of the account for which integrated validator groups are to be updated.
  • userID: The ID of the user whose account is being updated.
  • groups: A slice of strings representing the ids of integrated validator groups to be updated.

Returns:

  • error: An error if any occurred during the process, otherwise returns nil

func (*DefaultAccountManager) UpdatePeer added in v0.8.0 

func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error)

UpdatePeer updates peer. Only Peer.Name, Peer.SSHEnabled, Peer.LoginExpirationEnabled and Peer.InactivityExpirationEnabled can be updated.

type DefaultScheduler added in v0.14.2 

type DefaultScheduler struct {
	// contains filtered or unexported fields
}

DefaultScheduler is a generic structure that allows to schedule jobs (functions) to run in the future and cancel them.

func NewDefaultScheduler added in v0.14.2 

func NewDefaultScheduler() *DefaultScheduler

NewDefaultScheduler creates an instance of a DefaultScheduler

func (*DefaultScheduler) Cancel added in v0.14.2 

func (wm *DefaultScheduler) Cancel(ctx context.Context, IDs []string)

Cancel cancels the scheduled job by ID if present. If job wasn't found the function returns false.

func (*DefaultScheduler) Schedule added in v0.14.2 

func (wm *DefaultScheduler) Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))

Schedule a job to run in some time in the future. If job returns true then it will be scheduled one more time. If job with the provided ID already exists, a new one won't be scheduled.

type DeviceAuthorizationFlow 

type DeviceAuthorizationFlow struct {
	Provider       string
	ProviderConfig ProviderConfig
}

DeviceAuthorizationFlow represents Device Authorization Flow information that can be used by the client to login initiate a Oauth 2.0 device authorization grant flow see https://datatracker.ietf.org/doc/html/rfc8628

type EphemeralManager added in v0.23.0 

type EphemeralManager struct {
	// contains filtered or unexported fields
}

EphemeralManager keep a list of ephemeral peers. After ephemeralLifeTime inactivity the peer will be deleted automatically. Inactivity means the peer disconnected from the Management server.

func NewEphemeralManager added in v0.23.0 

func NewEphemeralManager(store store.Store, accountManager AccountManager) *EphemeralManager

NewEphemeralManager instantiate new EphemeralManager

func (*EphemeralManager) LoadInitialPeers added in v0.23.0 

func (e *EphemeralManager) LoadInitialPeers(ctx context.Context)

LoadInitialPeers load from the database the ephemeral type of peers and schedule a cleanup procedure to the head of the linked list (to the most deprecated peer). At the end of cleanup it schedules the next cleanup to the new head.

func (*EphemeralManager) OnPeerConnected added in v0.23.0 

func (e *EphemeralManager) OnPeerConnected(ctx context.Context, peer *nbpeer.Peer)

OnPeerConnected remove the peer from the linked list of ephemeral peers. Because it has been called when the peer is active the manager will not delete it while it is active.

func (*EphemeralManager) OnPeerDisconnected added in v0.23.0 

func (e *EphemeralManager) OnPeerDisconnected(ctx context.Context, peer *nbpeer.Peer)

OnPeerDisconnected add the peer to the linked list of ephemeral peers. Because of the peer is inactive it will be deleted after the ephemeralLifeTime period.

func (*EphemeralManager) Stop added in v0.23.0 

func (e *EphemeralManager) Stop()

Stop timer

type ExternalCacheManager added in v0.24.3 

type ExternalCacheManager cache.CacheInterface[*idp.UserData]

type GRPCServer added in v0.8.5 

type GRPCServer struct {
	proto.UnimplementedManagementServiceServer
	// contains filtered or unexported fields
}

GRPCServer an instance of a Management gRPC API server

func NewServer 

func NewServer(
	ctx context.Context,
	config *Config,
	accountManager AccountManager,
	settingsManager settings.Manager,
	peersUpdateManager *PeersUpdateManager,
	secretsManager SecretsManager,
	appMetrics telemetry.AppMetrics,
	ephemeralManager *EphemeralManager,
) (*GRPCServer, error)

NewServer creates a new Management server

func (*GRPCServer) GetDeviceAuthorizationFlow added in v0.8.5 

func (s *GRPCServer) GetDeviceAuthorizationFlow(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

GetDeviceAuthorizationFlow returns a device authorization flow information This is used for initiating an Oauth 2 device authorization grant flow which will be used by our clients to Login

func (*GRPCServer) GetPKCEAuthorizationFlow added in v0.22.0 

func (s *GRPCServer) GetPKCEAuthorizationFlow(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

GetPKCEAuthorizationFlow returns a pkce authorization flow information This is used for initiating an Oauth 2 pkce authorization grant flow which will be used by our clients to Login

func (*GRPCServer) GetServerKey added in v0.8.5 

func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto.ServerKeyResponse, error)

func (*GRPCServer) IsHealthy added in v0.8.5 

func (s *GRPCServer) IsHealthy(ctx context.Context, req *proto.Empty) (*proto.Empty, error)

IsHealthy indicates whether the service is healthy

func (*GRPCServer) Login added in v0.8.5 

func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error)

Login endpoint first checks whether peer is registered under any account In case it is, the login is successful In case it isn't, the endpoint checks whether setup key is provided within the request and tries to register a peer. In case of the successful registration login is also successful

func (*GRPCServer) Sync added in v0.8.5 

func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_SyncServer) error

Sync validates the existence of a connecting peer, sends an initial state (all available for the connecting peers) and notifies the connected peer of any updates (e.g. new peers under the same account)

func (*GRPCServer) SyncMeta added in v0.28.0 

func (s *GRPCServer) SyncMeta(ctx context.Context, req *proto.EncryptedMessage) (*proto.Empty, error)

SyncMeta endpoint is used to synchronize peer's system metadata and notifies the connected, peer's under the same account of any updates.

type GroupLinkError added in v0.21.9 

type GroupLinkError struct {
	Resource string
	Name     string
}

func (*GroupLinkError) Error added in v0.21.9 

func (e *GroupLinkError) Error() string

type Host 

type Host struct {
	Proto Protocol
	// URI e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000
	URI      string
	Username string
	Password string
}

Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)

type HttpServerConfig 

type HttpServerConfig struct {
	LetsEncryptDomain string
	// CertFile is the location of the certificate
	CertFile string
	// CertKey is the location of the certificate private key
	CertKey string
	// AuthAudience identifies the recipients that the JWT is intended for (aud in JWT)
	AuthAudience string
	// AuthIssuer identifies principal that issued the JWT
	AuthIssuer string
	// AuthUserIDClaim is the name of the claim that used as user ID
	AuthUserIDClaim string
	// AuthKeysLocation is a location of JWT key set containing the public keys used to verify JWT
	AuthKeysLocation string
	// OIDCConfigEndpoint is the endpoint of an IDP manager to get OIDC configuration
	OIDCConfigEndpoint string
	// IdpSignKeyRefreshEnabled identifies the signing key is currently being rotated or not
	IdpSignKeyRefreshEnabled bool
	// Extra audience
	ExtraAuthAudience string
}

HttpServerConfig is a config of the HTTP Management service server

type MockScheduler added in v0.14.2 

type MockScheduler struct {
	CancelFunc   func(ctx context.Context, IDs []string)
	ScheduleFunc func(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
}

MockScheduler is a mock implementation of Scheduler

func (*MockScheduler) Cancel added in v0.14.2 

func (mock *MockScheduler) Cancel(ctx context.Context, IDs []string)

Cancel mocks the Cancel function of the Scheduler interface

func (*MockScheduler) Schedule added in v0.14.2 

func (mock *MockScheduler) Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))

Schedule mocks the Schedule function of the Scheduler interface

type PKCEAuthorizationFlow added in v0.22.0 

type PKCEAuthorizationFlow struct {
	ProviderConfig ProviderConfig
}

PKCEAuthorizationFlow represents Authorization Code Flow information that can be used by the client to login initiate a Oauth 2.0 authorization code grant flow with Proof Key for Code Exchange (PKCE). See https://datatracker.ietf.org/doc/html/rfc7636

type PeerLogin added in v0.14.3 

type PeerLogin struct {
	// WireGuardPubKey is a peers WireGuard public key
	WireGuardPubKey string
	// SSHKey is a peer's ssh key. Can be empty (e.g., old version do not provide it, or this feature is disabled)
	SSHKey string
	// Meta is the system information passed by peer, must be always present.
	Meta nbpeer.PeerSystemMeta
	// UserID indicates that JWT was used to log in, and it was valid. Can be empty when SetupKey is used or auth is not required.
	UserID string
	// SetupKey references to a server.SetupKey to log in. Can be empty when UserID is used or auth is not required.
	SetupKey string
	// ConnectionIP is the real IP of the peer
	ConnectionIP net.IP
}

PeerLogin used as a data object between the gRPC API and AccountManager on Login request.

type PeerSync added in v0.14.3 

type PeerSync struct {
	// WireGuardPubKey is a peers WireGuard public key
	WireGuardPubKey string
	// Meta is the system information passed by peer, must be always present
	Meta nbpeer.PeerSystemMeta
	// UpdateAccountPeers indicate updating account peers,
	// which occurs when the peer's metadata is updated
	UpdateAccountPeers bool
}

PeerSync used as a data object between the gRPC API and AccountManager on Sync request.

type PeersUpdateManager 

type PeersUpdateManager struct {
	// contains filtered or unexported fields
}

func NewPeersUpdateManager 

func NewPeersUpdateManager(metrics telemetry.AppMetrics) *PeersUpdateManager

NewPeersUpdateManager returns a new instance of PeersUpdateManager

func (*PeersUpdateManager) CloseChannel 

func (p *PeersUpdateManager) CloseChannel(ctx context.Context, peerID string)

CloseChannel closes updates channel of a given peer

func (*PeersUpdateManager) CloseChannels added in v0.14.2 

func (p *PeersUpdateManager) CloseChannels(ctx context.Context, peerIDs []string)

CloseChannels closes updates channel for each given peer

func (*PeersUpdateManager) CreateChannel 

func (p *PeersUpdateManager) CreateChannel(ctx context.Context, peerID string) chan *UpdateMessage

CreateChannel creates a go channel for a given peer used to deliver updates relevant to the peer.

func (*PeersUpdateManager) GetAllConnectedPeers added in v0.10.0 

func (p *PeersUpdateManager) GetAllConnectedPeers() map[string]struct{}

GetAllConnectedPeers returns a copy of the connected peers map

func (*PeersUpdateManager) HasChannel added in v0.24.4 

func (p *PeersUpdateManager) HasChannel(peerID string) bool

HasChannel returns true if peers has channel in update manager, otherwise false

func (*PeersUpdateManager) SendUpdate 

func (p *PeersUpdateManager) SendUpdate(ctx context.Context, peerID string, update *UpdateMessage)

SendUpdate sends update message to the peer's channel

type Protocol 

type Protocol string

Protocol type

type Provider 

type Provider string

Provider authorization flow type

type ProviderConfig 

type ProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Domain An IDP API domain
	// Deprecated. Use TokenEndpoint and DeviceAuthEndpoint
	Domain string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
	DeviceAuthEndpoint string
	// AuthorizationEndpoint is the endpoint of an IDP manager where clients can obtain authorization code
	AuthorizationEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
	// RedirectURL handles authorization code from IDP manager
	RedirectURLs []string
}

ProviderConfig has all attributes needed to initiate a device/pkce authorization flow

type Relay added in v0.29.0 

type Relay struct {
	Addresses      []string
	CredentialsTTL util.Duration
	Secret         string
}

type Resource added in v0.35.0 

type Resource struct {
	Type ResourceType
	ID   string
}

type ResourceType added in v0.35.0 

type ResourceType string

func (ResourceType) String added in v0.35.0 

func (p ResourceType) String() string

type ReverseProxy added in v0.25.8 

type ReverseProxy struct {
	// TrustedHTTPProxies represents a list of trusted HTTP proxies by their IP prefixes.
	// When extracting the real IP address from request headers, the middleware will verify
	// if the peer's address falls within one of these trusted IP prefixes.
	TrustedHTTPProxies []netip.Prefix

	// TrustedHTTPProxiesCount specifies the count of trusted HTTP proxies between the internet
	// and the server. When using the trusted proxy count method to extract the real IP address,
	// the middleware will search the X-Forwarded-For IP list from the rightmost by this count
	// minus one.
	TrustedHTTPProxiesCount uint

	// TrustedPeers represents a list of trusted peers by their IP prefixes.
	// These peers are considered trustworthy by the gRPC server operator,
	// and the middleware will attempt to extract the real IP address from
	// request headers if the peer's address falls within one of these
	// trusted IP prefixes.
	TrustedPeers []netip.Prefix
}

ReverseProxy contains reverse proxy configuration in front of management.

type Scheduler added in v0.14.2 

type Scheduler interface {
	Cancel(ctx context.Context, IDs []string)
	Schedule(ctx context.Context, in time.Duration, ID string, job func() (nextRunIn time.Duration, reschedule bool))
}

Scheduler is an interface which implementations can schedule and cancel jobs

type SecretsManager added in v0.29.0 

type SecretsManager interface {
	GenerateTurnToken() (*Token, error)
	GenerateRelayToken() (*Token, error)
	SetupRefresh(ctx context.Context, peerKey string)
	CancelRefresh(peerKey string)
}

SecretsManager used to manage TURN and relay secrets

type SetupKeyUpdateOperation added in v0.9.2 

type SetupKeyUpdateOperation struct {
	Type   SetupKeyUpdateOperationType
	Values []string
}

SetupKeyUpdateOperation operation object with type and values to be applied

type SetupKeyUpdateOperationType added in v0.9.2 

type SetupKeyUpdateOperationType int

SetupKeyUpdateOperationType operation type 

const (
	// UpdateSetupKeyName indicates a setup key name update operation
	UpdateSetupKeyName SetupKeyUpdateOperationType = iota
	// UpdateSetupKeyRevoked indicates a setup key revoked filed update operation
	UpdateSetupKeyRevoked
	// UpdateSetupKeyAutoGroups indicates a setup key auto-assign groups update operation
	UpdateSetupKeyAutoGroups
	// UpdateSetupKeyExpiresAt indicates a setup key expiration time update operation
	UpdateSetupKeyExpiresAt
)

func (SetupKeyUpdateOperationType) String added in v0.9.2 

func (t SetupKeyUpdateOperationType) String() string

type StoreConfig added in v0.24.0 

type StoreConfig struct {
	Engine store.Engine
}

StoreConfig contains Store configuration

type TURNConfig 

type TURNConfig struct {
	TimeBasedCredentials bool
	CredentialsTTL       util.Duration
	Secret               string
	Turns                []*Host
}

TURNConfig is a config of the TURNCredentialsManager

type TimeBasedAuthSecretsManager 

type TimeBasedAuthSecretsManager struct {
	// contains filtered or unexported fields
}

TimeBasedAuthSecretsManager generates credentials with TTL and using pre-shared secret known to TURN server

func NewTimeBasedAuthSecretsManager 

func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *TURNConfig, relayCfg *Relay) *TimeBasedAuthSecretsManager

func (*TimeBasedAuthSecretsManager) CancelRefresh 

func (m *TimeBasedAuthSecretsManager) CancelRefresh(peerID string)

CancelRefresh cancels scheduled peer credentials refresh

func (*TimeBasedAuthSecretsManager) GenerateRelayToken added in v0.29.0 

func (m *TimeBasedAuthSecretsManager) GenerateRelayToken() (*Token, error)

GenerateRelayToken generates new time-based secret credentials for relay

func (*TimeBasedAuthSecretsManager) GenerateTurnToken added in v0.29.0 

func (m *TimeBasedAuthSecretsManager) GenerateTurnToken() (*Token, error)

GenerateTurnToken generates new time-based secret credentials for TURN

func (*TimeBasedAuthSecretsManager) SetupRefresh 

func (m *TimeBasedAuthSecretsManager) SetupRefresh(ctx context.Context, peerID string)

SetupRefresh starts peer credentials refresh

type Token added in v0.29.0 

type Token auth.Token

type UpdateMessage 

type UpdateMessage struct {
	Update     *proto.SyncResponse
	NetworkMap *types.NetworkMap
}

Source Files

View all Source files

Directories

Path Synopsis
sqlite
api
Package api provides primitives to interact with the openapi HTTP API.
 Package api provides primitives to interact with the openapi HTTP API.
configs
handlers/accounts
handlers/dns
handlers/events
handlers/groups
handlers/networks
handlers/peers
handlers/policies
handlers/routes
handlers/setup_keys
handlers/users
middleware
middleware/bypass
util
Package metrics gather anonymous information about the usage of NetBird management
 Package metrics gather anonymous information about the usage of NetBird management
resources
resources/types
routers
routers/types
types

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.