send peer updates on user updates and ingress gw

controllers/node.go

@@ -590,6 +590,7 @@ func createIngressGateway(w http.ResponseWriter, r *http.Request) {
 		if err := mq.NodeUpdate(&node); err != nil {
 			slog.Error("error publishing node update to node", "node", node.ID, "error", err)
 		}
+		mq.PublishPeerUpdate(false)
 	}()
 }
 
@@ -634,6 +635,7 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
 				if err := mq.PublishSingleHostPeerUpdate(host, allNodes, nil, removedClients[:], false, nil); err != nil {
 					slog.Error("publishSingleHostUpdate", "host", host.Name, "error", err)
 				}
+				mq.PublishPeerUpdate(false)
 				if err := mq.NodeUpdate(&node); err != nil {
 					slog.Error(
 						"error publishing node update to node",

controllers/user.go

@@ -451,6 +451,7 @@ func createUser(w http.ResponseWriter, r *http.Request) {
 	}
 	logic.DeleteUserInvite(user.UserName)
 	logic.DeletePendingUser(user.UserName)
+	go mq.PublishPeerUpdate(false)
 	slog.Info("user was created", "username", user.UserName)
 	json.NewEncoder(w).Encode(logic.ToReturnUser(user))
 }
@@ -590,6 +591,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
+	go mq.PublishPeerUpdate(false)
 	logger.Log(1, username, "was updated")
 	json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
 }
@@ -692,6 +694,7 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
 				}
 			}
 		}
+		mq.PublishPeerUpdate(false)
 		if servercfg.IsDNSMode() {
 			logic.SetDNS()
 		}

logic/extpeers.go

@@ -459,11 +459,6 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 							DstIP: peer.Address.IP,
 							Allow: true,
 						})
-						// rules = append(rules, models.FwRule{
-						// 	SrcIp: peer.Address.IP,
-						// 	DstIP: userNodeI.StaticNode.AddressIPNet4().IP,
-						// 	Allow: true,
-						// })
 					}
 					if userNodeI.StaticNode.Address6 != "" {
 						rules = append(rules, models.FwRule{
@@ -471,11 +466,6 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 							DstIP: peer.Address6.IP,
 							Allow: true,
 						})
-						// rules = append(rules, models.FwRule{
-						// 	SrcIp: peer.Address6.IP,
-						// 	DstIP: userNodeI.StaticNode.AddressIPNet6().IP,
-						// 	Allow: true,
-						// })
 					}
 				}
 
@@ -483,39 +473,47 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
 		}
 	}
 
-	for _, extclientI := range nodes {
-		if !extclientI.IsStatic || extclientI.IsUserNode {
+	for _, nodeI := range nodes {
+		if !nodeI.IsStatic || nodeI.IsUserNode {
 			continue
 		}
-		for _, extclient := range nodes {
-			if extclient.StaticNode.ClientID == extclientI.StaticNode.ClientID || extclient.IsUserNode {
+		for _, peer := range nodes {
+			if peer.StaticNode.ClientID == nodeI.StaticNode.ClientID || peer.IsUserNode {
 				continue
 			}
-			if IsNodeAllowedToCommunicate(extclientI, extclient) {
-				if extclientI.StaticNode.Address != "" {
-					rules = append(rules, models.FwRule{
-						SrcIp: extclientI.StaticNode.AddressIPNet4().IP,
-						DstIP: extclient.StaticNode.AddressIPNet4().IP,
-						Allow: true,
-					})
-					// rules = append(rules, models.FwRule{
-					// 	SrcIp: extclient.StaticNode.AddressIPNet4().IP,
-					// 	DstIP: extclientI.StaticNode.AddressIPNet4().IP,
-					// 	Allow: true,
-					// })
-				}
-				if extclientI.StaticNode.Address6 != "" {
-					rules = append(rules, models.FwRule{
-						SrcIp: extclientI.StaticNode.AddressIPNet6().IP,
-						DstIP: extclient.StaticNode.AddressIPNet6().IP,
-						Allow: true,
-					})
-					// rules = append(rules, models.FwRule{
-					// 	SrcIp: extclient.StaticNode.AddressIPNet6().IP,
-					// 	DstIP: extclientI.StaticNode.AddressIPNet6().IP,
-					// 	Allow: true,
-					// })
+			if IsNodeAllowedToCommunicate(nodeI, peer) {
+				if peer.IsStatic {
+					if nodeI.StaticNode.Address != "" {
+						rules = append(rules, models.FwRule{
+							SrcIp: nodeI.StaticNode.AddressIPNet4().IP,
+							DstIP: peer.StaticNode.AddressIPNet4().IP,
+							Allow: true,
+						})
+					}
+					if nodeI.StaticNode.Address6 != "" {
+						rules = append(rules, models.FwRule{
+							SrcIp: nodeI.StaticNode.AddressIPNet6().IP,
+							DstIP: peer.StaticNode.AddressIPNet6().IP,
+							Allow: true,
+						})
+					}
+				} else {
+					if nodeI.StaticNode.Address != "" {
+						rules = append(rules, models.FwRule{
+							SrcIp: nodeI.StaticNode.AddressIPNet4().IP,
+							DstIP: peer.Address.IP,
+							Allow: true,
+						})
+					}
+					if nodeI.StaticNode.Address6 != "" {
+						rules = append(rules, models.FwRule{
+							SrcIp: nodeI.StaticNode.AddressIPNet6().IP,
+							DstIP: peer.Address6.IP,
+							Allow: true,
+						})
+					}
 				}
+
 			}
 		}
 	}