github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,140 Commits 1 Branch 0 Tags
34ab093dbc3b144080300a23825d414e22fc00a8
Commit Graph

214 Commits

Author SHA1 Message Date
Jamil
34ab093dbc security(gateway): Don't run systemd gateways as root (#2943) 
Docker-based gateways won't have working IPv6 (good point @AndrewDryga),
so I started testing the systemd gateways more and found some issues I
fixed.

* Update default tab order for Deploy gateways page to prefer systemd
* Update unit file to run gateway as unprivileged user
* Remove dependency on `wget` in unit file
* Fix iptables logic so rules as re-created on reboot
* Use `/var/lib/firezone` instead of `/etc/firezone` for writing runtime
files (`/etc/` is often mounted read-only on hardened systems)

---------

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
 2023-12-21 18:29:10 +00:00
Jamil
d3f45b5285 Rename Authorizations -> Activity (#2979) 
Authorizations creates confusion with Authentication. What this is
referring to most closely resembles "Network Activity", so renaming to
Activity.

Fixes
https://firezonehq.slack.com/archives/C04HRQTFY0Z/p1703141913585009?thread_ts=1703105862.234659&cid=C04HRQTFY0Z

---------

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
 2023-12-21 18:25:35 +00:00
Andrew Dryga
2c169d58ff Remove client names unique constraint (#2982) 
Closes #2980
 2023-12-21 10:44:09 -06:00
Jamil
0c25ad57cb Add link to status on website (#2974) 
Fixes #2953
 2023-12-20 22:56:40 +00:00
Andrew Dryga
0133b507d2 Hotfix: ensure gateway name fits varchar(255) 2023-12-19 11:33:25 -06:00
Andrew Dryga
fa35658db6 Hotfix: increase gateway name length 2023-12-19 11:12:44 -06:00
Jamil
b28e99cdab chore(ci): Use 1.0.0 as version base (#2949) 
Fixes #2948 

So it seems that it's easiest just to use an old-fashioned semver
string. This means we'll need to keep a version matrix in the docs of
which components are supported and for how long, but it's better than
having different version schemes for different Firezone components
altogether.
 2023-12-19 14:19:16 +00:00
Andrew Dryga
ded5feee9e Fix user-reported errors (#2954) 2023-12-18 16:15:49 -06:00
Jamil
c0904aa96f Update README.md 
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
 2023-12-15 17:15:55 -08:00
Jamil
3773d5f79d Update README.md 
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
 2023-12-15 17:15:11 -08:00
bmanifold
751df8b3f3 Update styling for Sign In/Up emails (#2907) 
Updated the styling for the outbound emails from the portal.

## Preview of the Sign Up Email
<img width="589" alt="sign_up_email"
src="https://github.com/firezone/firezone/assets/2646332/4fdc04de-bc49-4d31-b818-ec5eb546d4b8">

## Preview of the Sign In Email
<img width="592" alt="sign_in_email"
src="https://github.com/firezone/firezone/assets/2646332/c3a21424-0de2-404a-a8e2-f2ae926ddeaf">

This will close #2132
 2023-12-15 17:04:13 +00:00
Jamil
de71e7060f Reduce webrtc log level to error (#2911) 2023-12-15 01:07:48 +00:00
Jamil
de0a0b911b Use more informative log filepath (#2910) 
* Sort clients list by `last_seen_at` desc. This handles the `online?`
case too. Before, they were sorted by `asc` which made it hard to see
which recent clients were connected
* Scope the client log filename by account slug and actor name so it's
easier to find.
 2023-12-14 19:45:50 +00:00
Andrew Dryga
82c013a1eb Replace eth+ with e+ in the unitfile 2023-12-13 15:19:31 -06:00
Andrew Dryga
af7730337c Fix service account tokens and unifile deployment scripts (#2900) 2023-12-13 14:45:59 -06:00
Jamil
33bcbbee45 Add a detailed Google Workspace setup guide and other docs (#2876) 
- Added google workspace docs at `/kb/authenticate/google`
- Updated in-product Provider creation form with more details and a link
to docs
- Fixed bg-color for unauthenticated layouts

---------

Co-authored-by: Brian Manifold <bmanifold@gmail.com>
 2023-12-13 07:16:11 +00:00
Andrew Dryga
52b284abd9 Terraform improvements for production (#2873) 2023-12-11 19:41:01 -06:00
Jamil
ba44b2cbad Usability iteration 1 (#2869) 
* Fix numerous typos and grammar
* Align all next/continue action buttons to the right side of the form
* Rework the Gateway deploy page to be more readable and use consistent
colors
* Link to `Troubleshooting` guide for gateway deployments
* Add spacing between `:sections` so they stand out more
* Move help paragraphs into `:help`s
* Make links consistent to `text-accent-500` to match website/docs
(buttons unchanged)
* Add `warning` style button

More to come in further PRs

---------

Co-authored-by: Brian Manifold <bmanifold@gmail.com>
 2023-12-11 21:12:53 +00:00
Jamil
786e156337 Elixir/domain ops (#2837) 
Adds a helper method we can call from a live IEX to provision an account
when signups are disabled.
 2023-12-10 01:35:48 +00:00
Jamil
845707bd09 Update README.md 
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
 2023-12-08 12:27:21 -05:00
Andrew Dryga
79e1a7582d Fix resources auth query (#2835) 2023-12-08 12:22:37 -05:00
Gabi
8e34457340 Add support for DNS sudomains (#2735) 
This PR changes the protocol and adds support for DNS subdomains, now
when a DNS resource is added all its subdomains are automatically
tunneled too. Later we will add support for `*.domain` or `?.domain` but
currently there is an Apple split tunnel implementation limitation which
is too labor-intensive to fix right away.

Fixes #2661 

Co-authored-by: Andrew Dryga <andrew@dryga.com>
 2023-12-08 00:16:42 -05:00
bmanifold
6ab445555a Update synced group badge color on actor pages (#2827) 2023-12-08 00:00:10 -05:00
Andrew Dryga
00380cc59e Fix small bugs with colors (#2828) 2023-12-07 23:59:55 -05:00
Andrew Dryga
3280827a18 Do not show danger zone when group is synced 2023-12-07 22:49:53 -05:00
Andrew Dryga
0eee8a7c26 Show error when policy is created with no groups available (#2825) 2023-12-07 22:25:44 -05:00
Andrew Dryga
8312779813 Do not crash when request did not container user-agent 2023-12-07 19:06:41 -05:00
Andrew Dryga
3b94152edd Do not log a crash when client token is expired 2023-12-07 19:06:41 -05:00
bmanifold
acbb8bcf44 Update all tailwind classes to use primary/accent/neutral (#2805) 
Updated portal to make sure we use primary/accent/neutral in as many
places as possible.

Updated our neutral color palette to only have grayscale colors.

Also aliased the main colors (i.e. red/green/blue/yellow/orange) to use
an `fz_` prefix to allow for easier find/replace if needed, as well as
allowing easy customization of the colors later if needed.
 2023-12-07 20:31:38 +00:00
Andrew Dryga
af91bf3ffe Fix policy authorization query (#2818) 2023-12-07 10:16:20 -05:00
Jamil
abc5f43c97 Source Code 3 for website, logo, and helptext updates (#2799) 
* Use Source Sans 3 as font
* Add `:help` slot to sections
* Fix other minor grammar / typos
 2023-12-06 11:32:29 +00:00
bmanifold
3d43b33105 Add email confirmation field in portal (#2759) 
Why:

* When using the Email Auth Provider (a.k.a. Magic Link), a mistyped
email address when adding a new identity or signing up could allow an
unauthorized person access to your Firezone account. To help prevent
this, an email confirmation field has been added during signup and
during identity creation in the portal.
 2023-12-05 13:00:36 +00:00
Jamil
8e3d9f1501 Add plan badges to enterprise features (#2756) 
Fixes #2287 

<img width="754" alt="Screenshot 2023-11-30 at 2 40 28 PM"
src="https://github.com/firezone/firezone/assets/167144/9c7df48c-9fae-4758-9a2e-4ba76bc21eb4">
<img width="760" alt="Screenshot 2023-11-30 at 2 40 16 PM"
src="https://github.com/firezone/firezone/assets/167144/25845dc2-9824-4ecf-851e-7289a19d90ab">
 2023-12-05 03:49:45 +00:00
Andrew Dryga
4fb101ed9f UX cleanup pt 3 (#2789) 
Closes https://github.com/firezone/firezone/issues/2601
Also addresses a lot of TODOs from
https://github.com/firezone/firezone/issues/2788
<img width="1728" alt="Screenshot 2023-12-01 at 18 25 11"
src="https://github.com/firezone/firezone/assets/1877644/95137fca-15ab-4b8c-9598-16d92a7951c7">
<img width="1728" alt="Screenshot 2023-12-01 at 18 25 16"
src="https://github.com/firezone/firezone/assets/1877644/9315b754-c3de-4336-8b59-c1d87ac83f69">
<img width="1728" alt="Screenshot 2023-12-01 at 18 25 33"
src="https://github.com/firezone/firezone/assets/1877644/65245194-c922-401e-bbc4-ff4a378520d2">
<img width="1728" alt="Screenshot 2023-12-01 at 18 25 39"
src="https://github.com/firezone/firezone/assets/1877644/3ac8c2c8-c0a8-4074-9cb1-123bc2c21e71">
<img width="1728" alt="Screenshot 2023-12-01 at 18 25 59"
src="https://github.com/firezone/firezone/assets/1877644/7a96cf74-3a9a-4215-9b22-871dee335b30">
 2023-12-04 13:56:31 -05:00
Andrew Dryga
55e8d3407f Render deleted entities on fetch (#2692) 
Since we have flows we should either delete the flow when the related
entity is deleted (making them not very useful) or allow viewing deleted
entities properly marking them and removing all action buttons in the
UI:

<img width="1728" alt="Screenshot 2023-11-22 at 13 41 51"
src="https://github.com/firezone/firezone/assets/1877644/ae7f14b9-9607-4de0-a90f-049faf7e4374">
<img width="1728" alt="Screenshot 2023-11-22 at 13 41 54"
src="https://github.com/firezone/firezone/assets/1877644/491f8e1f-6aad-459b-b038-6100c25b3bf4">
<img width="1728" alt="Screenshot 2023-11-22 at 13 41 48"
src="https://github.com/firezone/firezone/assets/1877644/9200e521-0d92-41b5-9197-355353f09a50">

<img width="1728" alt="Screenshot 2023-11-22 at 13 07 47"
src="https://github.com/firezone/firezone/assets/1877644/dca59bbd-9771-4b06-b32b-f17cf0047520">

This change only affects fetching relation by ID (eg. `actors/:id`),
rest of pages (index, edit) will not show deleted entities unless they
are a critical relation (eg. for Policy to work both actor group and
resource are needed):

<img width="1728" alt="Screenshot 2023-11-22 at 13 42 23"
src="https://github.com/firezone/firezone/assets/1877644/d8b15011-838a-477d-97c8-5c7109299cb9">

Closes #2681

Signed-off-by: Andrew Dryga <andrew@dryga.com>
 2023-11-30 13:55:07 -06:00
Andrew Dryga
af5cc38f9e Pick latest-versioned gateways (#2739) 
Closes #2733
 2023-11-30 11:52:24 -06:00
Jamil
79aa4cfb8e 1.x docs first iteration (#2688) 
Doing a first pass over documentation and minor UI cleanup. This PR
isn't meant to represent the final state of launch docs, but instead
something that will unblock #2685 and #2675

Fixes #2729
 2023-11-30 04:04:54 +00:00
bmanifold
67c14c02ed Add Relay admin feature flag (#2736) 
Why:

* Self-hosted Relays are not going to be apart of the beta release, so
hiding the functionality in the portal will allow the user not to get
confused about a feature they aren't able to use.

Closes #2178
 2023-11-29 22:02:50 +00:00
Jamil
8ad82b515e "Magic Link" -> "Email" (#2731) 
Updates user-facing terminology to `One-Time Password` to more
accurately reflect this sign in method and match docs more consistently

Refs #2688 
Refs #2021
 2023-11-28 23:58:50 +00:00
bmanifold
29709fd239 Update portal button colors, button sizing, and sign-in page spacing (#2693) 
Closes #2682 #2640 #2639 

This screenshot should demonstrate all 3 issues

<img width="670" alt="Screenshot 2023-11-22 at 3 02 13 PM"
src="https://github.com/firezone/firezone/assets/2646332/d564c6ac-2482-40b1-92c8-0ee961b0ec78">

---------

Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
 2023-11-27 21:04:45 +00:00
Andrew Dryga
b9cd94ec82 Show online clients first on the page (#2698) 2023-11-24 12:02:43 -06:00
Andrew Dryga
c6b64403db Fix unit file (#2684) 
Keep in mind it will not work until we release a binary on the GitHub.
 2023-11-24 15:01:57 +00:00
Andrew Dryga
484b5a49ce Fix OIDC form and redirect urls (#2695) 
Closes #2674
 2023-11-24 15:01:10 +00:00
bmanifold
ef480e1acd Add routing option for sites (#2610) 
Why:

* As sites are created, the default behavior right now is to route
traffic through whichever path is easiest/fastest. This commit adds the
ability to allow the admin to choose a routing policy for a given site.
 2023-11-22 19:59:54 +00:00
Jamil
a5b6929fbf Capitalize logo (#2666) 
Forgot to make this consistent. Alternatively we could use a text logo
with the text in-place.
 2023-11-18 16:50:29 +00:00
Andrew Dryga
c9f062c7c7 Remove flow logs from gateway page and some of TODOs (#2662) 2023-11-17 12:10:54 -06:00
Andrew Dryga
1ab3fdd3b5 Ephemeral gateways (#2656) 
- [x] Fixed docker run command to mount a volume at `/etc/firezone`
- [x] Fixed systemd unit file to prope setcap, create writeable
`/etc/firezone` directory, use non-root user, etc
- [x] Removed `FIREZONE_ID` from our terraform scripts

Now on Sites index we only show online gateways:
<img width="1728" alt="Screenshot 2023-11-15 at 18 04 12"
src="https://github.com/firezone/firezone/assets/1877644/b532f200-0420-4427-acff-a3b8623560c5">

On the Site view we also show only online ones with a link to see all:
<img width="1728" alt="Screenshot 2023-11-15 at 18 02 33"
src="https://github.com/firezone/firezone/assets/1877644/9774dfac-4340-41d4-8404-586e081505f5">

All can be seen on a separate page:
<img width="1728" alt="Screenshot 2023-11-15 at 18 02 27"
src="https://github.com/firezone/firezone/assets/1877644/5d135f60-c7af-4e48-9ebb-626ff7461316">

Some of the functions I've added are pretty dirty hacks, we really need
to implement filters from #2029 to properly implement those and remove
code duplicates.
 2023-11-16 11:17:22 -06:00
bmanifold
141d4c801e Update resource index to link to individual site (#2648) 
Small bug fix in the Resource index view. All the entries in the `SITES`
column were linking to the sites index, rather than an individual site
show page.

Closes: #2624
 2023-11-15 14:44:36 +00:00
Andrew Dryga
d1d07e8401 Hotfix merged typos, Sign In form content, Sign Up email content (#2645) 
I fixed a few typos that slipped in in the last UX PR. Also a few minor
changes:

Sign In as a client doesn't show the "client" link in the bottom any
more:
<img width="1728" alt="Screenshot 2023-11-14 at 13 46 24"
src="https://github.com/firezone/firezone/assets/1877644/7226078c-7f66-41b5-9fd4-e6e44b56fd35">

Extra ---or--- separator is removed when there are no recently used
accounts:
<img width="1728" alt="Screenshot 2023-11-14 at 13 46 29"
src="https://github.com/firezone/firezone/assets/1877644/c2463ca5-0967-4fe7-ac60-5f5179ea30d8">

Emails send after you sign up don't include sign in link right away,
just a link to a form so that you won't loose in in future. Addresses
"Session token is expired/incognito windows" in #2631
<img width="1728" alt="Screenshot 2023-11-14 at 14 32 30"
src="https://github.com/firezone/firezone/assets/1877644/4f6d4c79-b5ed-448a-9915-2616ed71c9b9">

I've allowed email token to be used along with magic link when signing
in as @jefferenced requested multiple times:
<img width="1728" alt="Screenshot 2023-11-14 at 14 23 58"
src="https://github.com/firezone/firezone/assets/1877644/8b9b5afe-5c65-4893-b6ef-107a0b683c31">
<img width="1728" alt="Screenshot 2023-11-14 at 14 24 50"
src="https://github.com/firezone/firezone/assets/1877644/c02db5df-5158-4bf3-93ff-80d9d6c82cbe">

Closes #2299
 2023-11-14 14:57:16 -06:00
Andrew Dryga
33ab23b636 Cleanup UX and fix a bunch of TODOs (#2641) 
This PR cleans up a lot of TODO and some issues I've discovered while
fixing them, there are _a few_ UI changes.

We show `(you)` next to your name on the actor view page, where
`Profile` link goes from the dropdown menu:
<img width="1728" alt="Screenshot 2023-11-13 at 19 05 35"
src="https://github.com/firezone/firezone/assets/1877644/f52b2531-e3be-4d3a-a587-4f9f54ca2c49">

Relays were way behind Gateways in terms of view code, so I changed them
to be exactly the same:
<img width="1728" alt="Screenshot 2023-11-13 at 18 54 39"
src="https://github.com/firezone/firezone/assets/1877644/a9f0905d-80d2-4e91-a744-c4baf7ad4a7c">

We also show authorizations on the Actor page because previously to find
"what this user did" you had to go through all user clients
individually:
<img width="1728" alt="Screenshot 2023-11-13 at 18 54 27"
src="https://github.com/firezone/firezone/assets/1877644/02ada445-e175-427e-99de-f9fa5bdd5aab">

I've noticed there is some confusion around sign-in slugs so I added a
home page where you can use ID or slug to get the in link (not all the
clients will know you need to put that in the URL) and recently used
accounts:
<img width="1728" alt="Screenshot 2023-11-13 at 18 54 06"
src="https://github.com/firezone/firezone/assets/1877644/ccfb9198-ed1f-4b3e-a26f-b76bab24243c">

Buttons to copy the code are more visible now, I've used our accent
color but am open to better ideas:
<img width="1728" alt="Screenshot 2023-11-13 at 19 10 29"
src="https://github.com/firezone/firezone/assets/1877644/a2c0658e-1003-409b-b5ad-d5d3ade60a10">

When code is copied it's also more visible:
<img width="699" alt="Screenshot 2023-11-13 at 19 11 41"
src="https://github.com/firezone/firezone/assets/1877644/62e793d2-d760-4aa7-9a42-92a6bbfcbf52">

We also do not redirect from that page automatically, but the large
button becomes green with the text changed:
<img width="660" alt="Screenshot 2023-11-13 at 19 12 11"
src="https://github.com/firezone/firezone/assets/1877644/780dcde3-8018-4405-91e5-984288431ec1">
 2023-11-14 13:02:21 -06:00