Commit Graph

260 Commits

Author SHA1 Message Date
Adam Ierymenko
e1ee3eb494
Merge branch 'dev' into lel-amri-fix-mac-handling-in-rules-parser 2024-09-11 12:13:32 -04:00
Adam Ierymenko
1982071d46 1.14.0 version bump for Linux and macOS, date update. 2024-03-19 14:38:48 -07:00
travisladuke
b4eb39fb16 feat: static file server
this lets you host web apps out of
:9993/app/{app_name}
:9993/app/{other_app}

from $ZT_HOME/app/{app_name}
2024-03-13 12:39:21 -07:00
Joseph Henry
b9d0cf9c89
Don't pass result of void function to string constructor 2024-03-05 12:14:12 -08:00
Joseph Henry
43b141547e
Merge branch 'dev' into fix-mac-handling-in-rules-parser 2024-03-05 10:48:58 -08:00
travisladuke
6e8fcce777 Fix unstable network member list endpoint
It was returning an array of array instead of
just array
2024-03-01 09:54:13 -08:00
travisladuke
559e8a907b Improve full controller network list api
it was counting incorrectly in some cases and
returning empty objects.
Basically just handling if network data is null
2024-03-01 09:54:13 -08:00
travisladuke
d1a306a021 Prevent creating members on non-existent networks.
```sh
curl -s -X POST "http://localhost:9993/controller/network/abcdabcdabcdabcd/member/1122334455"
```

Would return 200 and ZT_HOME/controller.d/abcdabcdabcdabcd/members/1122334455
would be created. Without a ZT_HOME/controller.d/abcdabcdabcdabcd.json

Then other parts of the system mistakenly think a abcdabcdabcdabcd
network sorta kinda exists and then fail in weird ways.
2024-02-22 11:46:50 -08:00
travisladuke
0ca8ae7970 Create an alternate networks list endpoint
Add /unstable/controller/network endpoint

Similar to /unstable/controller/network/{id}/member, it returns actual network objects,
instead of just network ids.
Also includes the total network count,
and each network has it's member counts in meta{}.
2024-02-01 13:12:24 -08:00
travisladuke
0b83f850e4 Create an alternate members list endpoint
The current api at /controller/network/1111111111767f2f/member
Lists only the members' ID and revision number.
If you want details, you have to query each specific member.
So if you want to make a members list, and you have
10000 members on a network, you need to make
10000 http requests.

It's also in a hard to specify and use shape
{ [member-id-1]: 13, [member-id-2]: 14, ... }

GET http://localhost:9993/unstable/controller/network/1111111111767f2f/member ->

```
{
  data: [ {...member1}, {...member2}, ...],
  meta: { totalCount: 4, authorizedCount: 3 }
}

```
2024-02-01 12:47:51 -08:00
travisladuke
06399c86f6 Store a network members name
Because the GET request to get a specific member just dumps
the whole member object, `name` is included there too for free.
2024-02-01 12:31:44 -08:00
Léo El Amri
1aa31e0414 Fix how MAC addresses are handled by the rules parser
It wasn't ignoring separator characters such as the colon and hyphen.
The rules compiler automatically add a colon to separate bytes, which is
not compatible with how they are parsed.
2023-11-15 16:51:03 +01:00
Grant Limberg
8426677c55
fix /controller endpoint 2023-09-06 09:44:25 -07:00
Grant Limberg
c974a159af
fix for issue #2114 2023-08-28 08:10:17 -07:00
Joseph Henry
7637ef10d7
Fix primary port binding issue in 1.12 (#2107)
* Add test for primary port bindings to validator - See #2105

* Add delay to binding test

* Remove TCP binding logic from Binder to fix #2105

* add second control plane socket for ipv6

* fix controller network post endpoint

* exit if we can't bind at least one of IPV4 or IPV6 for control plane port

---------

Co-authored-by: Grant Limberg <grant.limberg@zerotier.com>
2023-08-25 12:51:33 -04:00
Grant Limberg
f42841a6ab
fix init order for EmbeddedNetworkController (#2014) 2023-05-25 11:09:08 -07:00
Grant Limberg
17f6b3a10b
central controller metrics & request path updates (#2012)
* internal db metrics

* use shared mutexes for read/write locks

* remove this lock. only used for a metric

* more metrics

* remove exploratory metrics

place controller request benchmarks behind ifdef
2023-05-23 12:11:26 -07:00
Brenton Bostick
da71e2524c
fix typos (#2010) 2023-05-19 19:21:24 +02:00
Brenton Bostick
f3da2b4031
Capture setContent by-value instead of by-reference (#2006)
Co-authored-by: Grant Limberg <glimberg@users.noreply.github.com>
2023-05-17 17:55:32 -07:00
Grant Limberg
adfbbc3fb0
Controller Metrics & Network Config Request Fix (#2003)
* add new metrics for network config request queue size and sso expirations
* move sso expiration to its own thread in the controller
* fix potential undefined behavior when modifying a set
2023-05-16 11:56:58 -07:00
Grant Limberg
e5fc89821f
use cpp-httplib for HTTP control plane (#1979)
refactored the old control plane code to use [cpp-httplib](https://github.com/yhirose/cpp-httplib) instead of a hand rolled HTTP server.  Makes the control plane code much more legible.  Also no longer randomly stops responding.
2023-04-28 11:03:28 -07:00
Grant Limberg
64b7f8e445
quiet down logs more 2022-06-15 16:58:11 -07:00
Adam Ierymenko
ef08346a74
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node. 2022-04-19 19:59:54 -04:00
Adam Ierymenko
912036b260
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups. 2022-04-19 12:41:38 -04:00
Adam Ierymenko
a4e8847664
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes. 2022-04-19 10:37:58 -04:00
Adam Ierymenko
c492bf7eea
Forgot to send error on v0 auth expiry. 2022-04-18 16:36:09 -04:00
Adam Ierymenko
cb086ff97f
Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot. 2022-04-18 16:32:05 -04:00
Adam Ierymenko
55a99f34d0
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine. 2022-04-15 14:23:26 -04:00
Adam Ierymenko
58119598ae
comment out some new deauth code 2022-04-13 23:10:11 -04:00
Adam Ierymenko
42a2afaef9
This may improve controller behavior with SSO and mixed SSO, needs testing! 2022-04-13 21:39:56 -04:00
Grant Limberg
b3fbbd3124
refresh tokens now working
Still investigating the best way to do a couple things, but we have something working
2021-12-07 16:29:50 -08:00
Grant Limberg
7cce23ae79
wip 2021-12-01 10:44:29 -08:00
Grant Limberg
a33d7c64fe
more fixin 2021-11-30 17:27:13 -08:00
Grant Limberg
fa21fdc1cc
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
2021-11-11 16:19:26 -08:00
Grant Limberg
43433cdb5a integrate rust build of zeroidc to linux 2021-11-04 17:16:23 -07:00
Grant Limberg
8d39c9a861
plumbing full flow from controller -> client network 2021-11-04 15:40:08 -07:00
Adam Ierymenko
134d33c218
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring. 2021-09-20 15:40:55 -07:00
Grant Limberg
20721491e8
kill some noisy logs 2021-08-19 13:03:56 -07:00
Grant Limberg
9eae444104
kill some verbose logs 2021-08-19 09:21:52 -07:00
Adam Ierymenko
576b4f03a5
Adjust deauth time window and send revocation when SSO members expire. 2021-08-18 12:17:40 -04:00
Adam Ierymenko
461810b06a
Move return so record gets created before URL. 2021-08-10 11:22:29 -04:00
Grant Limberg
613d7b5ece
fix backwards logic 2021-08-04 09:16:04 -07:00
Adam Ierymenko
663e748b8d
Deauth expiring members right away. 2021-07-26 23:45:18 -04:00
Adam Ierymenko
0cf62d334d
Remove pointless check. 2021-07-26 13:38:35 -04:00
Adam Ierymenko
0310bfa3e3
Include authentication URL in config 2021-07-23 19:17:42 -04:00
Adam Ierymenko
efe0e8aa7b
Notification of about-to-expire status... almost there. 2021-07-23 19:05:59 -04:00
Adam Ierymenko
5c7e51feaf
Merge branch 'dev' of github.com:zerotier/ZeroTierOne into dev 2021-07-23 18:49:05 -04:00
Adam Ierymenko
34de579c91
Handling of soon-to-expire members 2021-07-23 18:49:00 -04:00
Grant Limberg
10215af96d
whoops 2021-07-06 13:18:08 -07:00
Grant Limberg
e67fee0264
debug logging 2021-07-06 13:08:21 -07:00