netbirdio · bcmmbaga · Mar 14, 2024 · Mar 14, 2024 · Mar 14, 2024 · Mar 14, 2024
diff --git a/management/server/http/geolocations_handler.go b/management/server/http/geolocations_handler.go
@@ -2,6 +2,7 @@ package http
 
 import (
 	"net/http"
+	"regexp"
 
 	"github.com/gorilla/mux"
 
@@ -13,6 +14,10 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
+var (
+	countryCodeRegex = regexp.MustCompile("^[a-zA-Z]{2}$")
+)
+
 // GeolocationsHandler is a handler that returns locations.
 type GeolocationsHandler struct {
 	accountManager     server.AccountManager
@@ -73,8 +78,8 @@ func (l *GeolocationsHandler) GetCitiesByCountry(w http.ResponseWriter, r *http.
 	}
 
 	if l.geolocationManager == nil {
-		// TODO: update error message to include geo db self hosted doc link when ready
-		util.WriteError(status.Errorf(status.PreconditionFailed, "Geo location database is not initialized"), w)
+		util.WriteError(status.Errorf(status.PreconditionFailed, "Geo location database is not initialized. "+
+			"Check the self-hosted Geo database documentation at https://docs.netbird.io/selfhosted/geo-support"), w)
 		return
 	}
 

diff --git a/management/server/http/posture_checks_handler.go b/management/server/http/posture_checks_handler.go
@@ -4,8 +4,6 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/netip"
-	"regexp"
-	"slices"
 
 	"github.com/gorilla/mux"
 	"github.com/rs/xid"
@@ -19,10 +17,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/status"
 )
 
-var (
-	countryCodeRegex = regexp.MustCompile("^[a-zA-Z]{2}$")
-)
-
 // PostureChecksHandler is a handler that returns posture checks of the account.
 type PostureChecksHandler struct {
 	accountManager     server.AccountManager
@@ -165,19 +159,16 @@ func (p *PostureChecksHandler) savePostureChecks(
 	user *server.User,
 	postureChecksID string,
 ) {
+	var (
+		err error
+		req api.PostureCheckUpdate
+	)
 
-	var req api.PostureCheckUpdate
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+	if err = json.NewDecoder(r.Body).Decode(&req); err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
 		return
 	}
 
-	err := validatePostureChecksUpdate(req)
-	if err != nil {
-		util.WriteErrorResponse(err.Error(), http.StatusBadRequest, w)
-		return
-	}
-
 	if postureChecksID == "" {
 		postureChecksID = xid.New().String()
 	}
@@ -206,8 +197,8 @@ func (p *PostureChecksHandler) savePostureChecks(
 
 	if geoLocationCheck := req.Checks.GeoLocationCheck; geoLocationCheck != nil {
 		if p.geolocationManager == nil {
-			// TODO: update error message to include geo db self hosted doc link when ready
-			util.WriteError(status.Errorf(status.PreconditionFailed, "Geo location database is not initialized"), w)
+			util.WriteError(status.Errorf(status.PreconditionFailed, "Geo location database is not initialized. "+
+				"Check the self-hosted Geo database documentation at https://docs.netbird.io/selfhosted/geo-support"), w)
 			return
 		}
 		postureChecks.Checks.GeoLocationCheck = toPostureGeoLocationCheck(geoLocationCheck)
@@ -233,84 +224,6 @@ func (p *PostureChecksHandler) savePostureChecks(
 	util.WriteJSONObject(w, toPostureChecksResponse(&postureChecks))
 }
 
-func validatePostureChecksUpdate(req api.PostureCheckUpdate) error {
-	if req.Name == "" {
-		return status.Errorf(status.InvalidArgument, "posture checks name shouldn't be empty")
-	}
-
-	if req.Checks == nil || (req.Checks.NbVersionCheck == nil && req.Checks.OsVersionCheck == nil &&
-		req.Checks.GeoLocationCheck == nil && req.Checks.PeerNetworkRangeCheck == nil && req.Checks.ProcessCheck == nil) {
-		return status.Errorf(status.InvalidArgument, "posture checks shouldn't be empty")
-	}
-
-	if req.Checks.NbVersionCheck != nil && req.Checks.NbVersionCheck.MinVersion == "" {
-		return status.Errorf(status.InvalidArgument, "minimum version for NetBird's version check shouldn't be empty")
-	}
-
-	if osVersionCheck := req.Checks.OsVersionCheck; osVersionCheck != nil {
-		emptyOS := osVersionCheck.Android == nil && osVersionCheck.Darwin == nil && osVersionCheck.Ios == nil &&
-			osVersionCheck.Linux == nil && osVersionCheck.Windows == nil
-		emptyMinVersion := osVersionCheck.Android != nil && osVersionCheck.Android.MinVersion == "" ||
-			osVersionCheck.Darwin != nil && osVersionCheck.Darwin.MinVersion == "" ||
-			osVersionCheck.Ios != nil && osVersionCheck.Ios.MinVersion == "" ||
-			osVersionCheck.Linux != nil && osVersionCheck.Linux.MinKernelVersion == "" ||
-			osVersionCheck.Windows != nil && osVersionCheck.Windows.MinKernelVersion == ""
-		if emptyOS || emptyMinVersion {
-			return status.Errorf(status.InvalidArgument,
-				"minimum version for at least one OS in the OS version check shouldn't be empty")
-		}
-	}
-
-	if geoLocationCheck := req.Checks.GeoLocationCheck; geoLocationCheck != nil {
-		if geoLocationCheck.Action == "" {
-			return status.Errorf(status.InvalidArgument, "action for geolocation check shouldn't be empty")
-		}
-		allowedActions := []api.GeoLocationCheckAction{api.GeoLocationCheckActionAllow, api.GeoLocationCheckActionDeny}
-		if !slices.Contains(allowedActions, geoLocationCheck.Action) {
-			return status.Errorf(status.InvalidArgument, "action for geolocation check is not valid value")
-		}
-		if len(geoLocationCheck.Locations) == 0 {
-			return status.Errorf(status.InvalidArgument, "locations for geolocation check shouldn't be empty")
-		}
-		for _, loc := range geoLocationCheck.Locations {
-			if loc.CountryCode == "" {
-				return status.Errorf(status.InvalidArgument, "country code for geolocation check shouldn't be empty")
-			}
-			if !countryCodeRegex.MatchString(loc.CountryCode) {
-				return status.Errorf(status.InvalidArgument, "country code must be 2 letters (ISO 3166-1 alpha-2 format)")
-			}
-		}
-	}
-
-	if peerNetworkRangeCheck := req.Checks.PeerNetworkRangeCheck; peerNetworkRangeCheck != nil {
-		if peerNetworkRangeCheck.Action == "" {
-			return status.Errorf(status.InvalidArgument, "action for peer network range check shouldn't be empty")
-		}
-
-		allowedActions := []api.PeerNetworkRangeCheckAction{api.PeerNetworkRangeCheckActionAllow, api.PeerNetworkRangeCheckActionDeny}
-		if !slices.Contains(allowedActions, peerNetworkRangeCheck.Action) {
-			return status.Errorf(status.InvalidArgument, "action for peer network range check is not valid value")
-		}
-		if len(peerNetworkRangeCheck.Ranges) == 0 {
-			return status.Errorf(status.InvalidArgument, "network ranges for peer network range check shouldn't be empty")
-		}
-	}
-
-	if processCheck := req.Checks.ProcessCheck; processCheck != nil {
-		if len(processCheck.Processes) == 0 {
-			return status.Errorf(status.InvalidArgument, "processes for process check shouldn't be empty")
-		}
-
-		for _, process := range processCheck.Processes {
-			if process.Path == nil && process.WindowsPath == nil {
-				return status.Errorf(status.InvalidArgument, "path for process check shouldn't be empty")
-			}
-		}
-	}
-
-	return nil
-}
-
 func toPostureChecksResponse(postureChecks *posture.Checks) *api.PostureCheck {
 	var checks api.Checks