* fix: disallow netmasks in devices' ip to prevent overlaps in firewall
/32 is still allowed for ipv4 and /128 is still allowed for ipv6.
No migration is needed since netmasks for devices ips were broken
before-hand.
* chore: rename `validate_single_ip` function and reword its error message
* Update pre-commit to allow slash
* fix restore cache
* Refactor a bit
* Fix clobbered restore-keys
* Break cache
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
This commit has the exact same rationale as cc280dae, just for a
different extension that I unfortunately missed the first time around.
This time I searched the repo for occurrences of `CREATE EXTENSION`
instead of the name of the extension causing the error, so hopefully I
did not miss anything else.
The CREATE EXTENSION query requires superuser privileges, which means
that the Firezone container may not be allowed to execute it when
accessing an externally hosted database, resulting in the database
failing to initialise properly.
One potential workaround to this problem is to have the database admin
ascertain that the pgcrypto extension is already present and ready for
use, prior to starting the Firezone container for the first time.
Unfortunately, however, this currently fails in the following manner:
14:42:44.731 [info] execute "CREATE EXTENSION pgcrypto"
** (Postgrex.Error) ERROR 42710 (duplicate_object) extension "pgcrypto" already exists
Adding the IF NOT EXISTS condition to the CREATE EXTENSION query should
allow it to succeed.
* fix: use caddy in host network_mode and make sure urls have a scheme
* fix: remove unnecesary exposed ports
* fix: remove support for hostnames begining with // since caddy doesn't support it
* Fix schemeless external URLs; error on invalid ones (#1090)
* Fix schemeless external URLs; error on invalid ones
* use different dockerfile for linux vs non-linux
* Use conditional EXTERNAL_URL defaults
* suppress empty warning
* postgres volume location
* Use inline Caddyfile
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* 0.6.0
* Make OIDC and SAML user provisioning configurable per-provider (#1015)
* Got ugly migration to work
* Move auto_create_users to per-provider config
* Update deps to bust cache
* Update Process sleep
* Update docs with Auto create users
* working migration script (#1013)
* Add telem for Docker and SAML (#1020)
* Add telem for Docker and SAML
* Omit unneeded format
* Add all the config options, test should fail
* Don't show fields that can't be edited
* Remove unneeded leading match
* use str not ~r
* Choose Conf.get or @allow
* Add Docker env vars
* Remove events module from UI and trigger events on DB notifies
* Add tests and take out error flash from ui for now.
* Use FzHttp.Devices.decode in devices/rules tests and remove commented line
* address PR feedback & fix race condition in interface test
* Clean up events & notifier based on PR feedback
* Add notifications live view, broadcast them through the notification channel
* Notification improvements (#869)
* Flatten Notifications to make it more general and add timestamp
* Remove wildcard from notification channel in UserSocket
* Implement clear button for clearing notifications. Add icon helper
* Add broadcast helper
* UI fixes for notifications badge
* Add notifications live view tests
* Fix tests
* fix docs link, deleted wrong one in the merge!
* clean up tests based on pr feedback
Co-authored-by: Po Chen <chenpaul914@gmail.com>
* Add initial rough version of port based rules
* fix tests
* nftables refactor
* UI/database improvements
* UI and Int4Range improvements
* Multiple improvements
* Add tests for port rules
* minor refactor and update error message
* Fix error message for tests
* int4range refactor
