zitadel/internal/command/instance_policy_security.go

package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command/preparation"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/instance"
)

func (c *Commands) SetSecurityPolicy(ctx context.Context, enabled bool, allowedOrigins []string) (*domain.ObjectDetails, error) {
	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
	validation := c.prepareSetSecurityPolicy(instanceAgg, enabled, allowedOrigins)
	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
	if err != nil {
		return nil, err
	}
	events, err := c.eventstore.Push(ctx, cmds...)
	if err != nil {
		return nil, err
	}
	return &domain.ObjectDetails{
		Sequence:      events[len(events)-1].Sequence(),
		EventDate:     events[len(events)-1].CreatedAt(),
		ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
	}, nil
}

func (c *Commands) prepareSetSecurityPolicy(a *instance.Aggregate, enabled bool, allowedOrigins []string) preparation.Validation {
	return func() (preparation.CreateCommands, error) {
		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
			writeModel, err := c.getSecurityPolicyWriteModel(ctx, filter)
			if err != nil {
				return nil, err
			}
			cmd, err := writeModel.NewSetEvent(ctx, &a.Aggregate, enabled, allowedOrigins)
			if err != nil {
				return nil, err
			}
			return []eventstore.Command{cmd}, nil
		}, nil
	}
}

func (c *Commands) getSecurityPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (_ *InstanceSecurityPolicyWriteModel, err error) {
	writeModel := NewInstanceSecurityPolicyWriteModel(ctx)
	events, err := filter(ctx, writeModel.Query())
	if err != nil {
		return nil, err
	}
	if len(events) == 0 {
		return writeModel, nil
	}
	writeModel.AppendEvents(events...)
	err = writeModel.Reduce()
	return writeModel, err
}
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`package command`

			`import (`
			`"context"`

			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/command/preparation"`
			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/instance"`
			`)`

			`func (c Commands) SetSecurityPolicy(ctx context.Context, enabled bool, allowedOrigins []string) (domain.ObjectDetails, error) {`
			`instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())`
			`validation := c.prepareSetSecurityPolicy(instanceAgg, enabled, allowedOrigins)`
			`cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)`
			`if err != nil {`
			`return nil, err`
			`}`
			`events, err := c.eventstore.Push(ctx, cmds...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &domain.ObjectDetails{`
			`Sequence: events[len(events)-1].Sequence(),`
feat(eventstore): increase parallel write capabilities (#5940) This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events. 2023-10-19 10:19:10 +00:00			`EventDate: events[len(events)-1].CreatedAt(),`
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`ResourceOwner: events[len(events)-1].Aggregate().InstanceID,`
			`}, nil`
			`}`

			`func (c Commands) prepareSetSecurityPolicy(a instance.Aggregate, enabled bool, allowedOrigins []string) preparation.Validation {`
			`return func() (preparation.CreateCommands, error) {`
			`return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {`
			`writeModel, err := c.getSecurityPolicyWriteModel(ctx, filter)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cmd, err := writeModel.NewSetEvent(ctx, &a.Aggregate, enabled, allowedOrigins)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return []eventstore.Command{cmd}, nil`
			`}, nil`
			`}`
			`}`

			`func (c Commands) getSecurityPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (_ InstanceSecurityPolicyWriteModel, err error) {`
			`writeModel := NewInstanceSecurityPolicyWriteModel(ctx)`
			`events, err := filter(ctx, writeModel.Query())`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(events) == 0 {`
			`return writeModel, nil`
			`}`
			`writeModel.AppendEvents(events...)`
			`err = writeModel.Reduce()`
			`return writeModel, err`
			`}`