resolve merge conflicts

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -2,7 +2,7 @@ name: Bug Report
 description: File a bug report
 title: "[Bug]: "
 labels: ["bug", "triage"]
-assignees: ["ok-john", "0xdcarns", "afeiszli",  "mattkasun"]
+assignees: ["abhishek9686","VishalDalwadi","Aceix","dentadlp"]
 body:
   - type: markdown
     attributes:

controllers/hosts.go

@@ -235,7 +235,7 @@ func pull(w http.ResponseWriter, r *http.Request) {
 			slog.Error("failed to get node:", "id", node.ID, "error", err)
 			continue
 		}
-		if node.FailedOverBy != uuid.Nil {
+		if node.FailedOverBy != uuid.Nil && r.URL.Query().Get("reset_failovered") == "true" {
 			logic.ResetFailedOverPeer(&node)
 			sendPeerUpdate = true
 		}

logic/acls.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 	"sort"
 	"sync"
 	"time"
@@ -680,6 +681,8 @@ func IsUserAllowedToCommunicate(userName string, peer models.Node) (bool, []mode
 // IsPeerAllowed - checks if peer needs to be added to the interface
 func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 	var nodeId, peerId string
+	peerTags := maps.Clone(peer.Tags)
+	nodeTags := maps.Clone(node.Tags)
 	if node.IsStatic {
 		nodeId = node.StaticNode.ClientID
 		node = node.StaticNode.ConvertToStaticNode()
@@ -692,8 +695,8 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 	} else {
 		peerId = peer.ID.String()
 	}
-	node.Tags[models.TagID(nodeId)] = struct{}{}
-	peer.Tags[models.TagID(peerId)] = struct{}{}
+	nodeTags[models.TagID(nodeId)] = struct{}{}
+	peerTags[models.TagID(peerId)] = struct{}{}
 	if checkDefaultPolicy {
 		// check default policy if all allowed return true
 		defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
@@ -718,7 +721,7 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 		}
 		srcMap = convAclTagToValueMap(policy.Src)
 		dstMap = convAclTagToValueMap(policy.Dst)
-		if checkTagGroupPolicy(srcMap, dstMap, node, peer) {
+		if checkTagGroupPolicy(srcMap, dstMap, node, peer, nodeTags, peerTags) {
 			return true
 		}
 
@@ -726,7 +729,7 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 	return false
 }
 
-func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node) bool {
+func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node, nodeTags, peerTags map[models.TagID]struct{}) bool {
 	// check for node ID
 	if _, ok := srcMap[node.ID.String()]; ok {
 		if _, ok = dstMap[peer.ID.String()]; ok {
@@ -740,12 +743,12 @@ func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.N
 		}
 	}
 
-	for tagID := range node.Tags {
+	for tagID := range nodeTags {
 		if _, ok := dstMap[tagID.String()]; ok {
 			if _, ok := srcMap["*"]; ok {
 				return true
 			}
-			for tagID := range peer.Tags {
+			for tagID := range peerTags {
 				if _, ok := srcMap[tagID.String()]; ok {
 					return true
 				}
@@ -755,19 +758,19 @@ func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.N
 			if _, ok := dstMap["*"]; ok {
 				return true
 			}
-			for tagID := range peer.Tags {
+			for tagID := range peerTags {
 				if _, ok := dstMap[tagID.String()]; ok {
 					return true
 				}
 			}
 		}
 	}
-	for tagID := range peer.Tags {
+	for tagID := range peerTags {
 		if _, ok := dstMap[tagID.String()]; ok {
 			if _, ok := srcMap["*"]; ok {
 				return true
 			}
-			for tagID := range node.Tags {
+			for tagID := range nodeTags {
 
 				if _, ok := srcMap[tagID.String()]; ok {
 					return true
@@ -778,7 +781,7 @@ func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.N
 			if _, ok := dstMap["*"]; ok {
 				return true
 			}
-			for tagID := range node.Tags {
+			for tagID := range nodeTags {
 				if _, ok := dstMap[tagID.String()]; ok {
 					return true
 				}

logic/extpeers.go

@@ -456,17 +456,12 @@ func GetStaticNodeIps(node models.Node) (ips []net.IP) {
 
 func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 	// fetch user access to static clients via policies
-	defer func() {
-		logger.Log(0, fmt.Sprintf("node.ID: %s, Rules: %+v\n", node.ID, rules))
-	}()
 
 	defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 	defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
 	nodes, _ := GetNetworkNodes(node.Network)
 	nodes = append(nodes, GetStaticNodesByNetwork(models.NetworkID(node.Network), true)...)
-	//fmt.Printf("=====> NODES: %+v \n\n", nodes)
 	userNodes := GetStaticUserNodesByNetwork(models.NetworkID(node.Network))
-	//fmt.Printf("=====> USER NODES %+v \n\n", userNodes)
 	for _, userNodeI := range userNodes {
 		for _, peer := range nodes {
 			if peer.IsUserNode {

pro/controllers/failover.go

@@ -267,7 +267,6 @@ func failOverME(w http.ResponseWriter, r *http.Request) {
 		)
 		return
 	}
-
 	err = proLogic.SetFailOverCtx(failOverNode, node, peerNode)
 	if err != nil {
 		slog.Debug("failed to create failover", "id", node.ID.String(),
@@ -296,7 +295,7 @@ func failOverME(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "relayed successfully")
 }
 
-// @Summary     Failover me
+// @Summary     checkfailOverCtx
 // @Router      /api/v1/node/{nodeid}/failover_check [get]
 // @Tags        PRO
 // @Param       nodeid path string true "Node ID"