zitadel/internal/api/api.go

package api

import (
	"context"
	"net/http"

	"github.com/caos/logging"
	"google.golang.org/grpc"

	"github.com/caos/zitadel/internal/api/authz"
	grpc_util "github.com/caos/zitadel/internal/api/grpc"
	"github.com/caos/zitadel/internal/api/grpc/server"
	http_util "github.com/caos/zitadel/internal/api/http"
	"github.com/caos/zitadel/internal/api/oidc"
	authz_es "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
	"github.com/caos/zitadel/internal/config/systemdefaults"
	"github.com/caos/zitadel/internal/errors"
	iam_model "github.com/caos/zitadel/internal/iam/model"
)

type Config struct {
	GRPC grpc_util.Config
	OIDC oidc.OPHandlerConfig
}

type API struct {
	grpcServer     *grpc.Server
	gatewayHandler *server.GatewayHandler
	verifier       *authz.TokenVerifier
	serverPort     string
	health         health
}
type health interface {
	Health(ctx context.Context) error
	IamByID(ctx context.Context) (*iam_model.IAM, error)
	VerifierClientID(ctx context.Context, appName string) (string, error)
}

func Create(config Config, authZ authz.Config, authZRepo *authz_es.EsRepository, sd systemdefaults.SystemDefaults) *API {
	api := &API{
		serverPort: config.GRPC.ServerPort,
	}
	api.verifier = authz.Start(authZRepo)
	api.health = authZRepo
	api.grpcServer = server.CreateServer(api.verifier, authZ, sd.DefaultLanguage)
	api.gatewayHandler = server.CreateGatewayHandler(config.GRPC)
	api.RegisterHandler("", api.healthHandler())

	return api
}

func (a *API) RegisterServer(ctx context.Context, server server.Server) {
	server.RegisterServer(a.grpcServer)
	a.gatewayHandler.RegisterGateway(ctx, server)
	a.verifier.RegisterServer(server.AppName(), server.MethodPrefix(), server.AuthMethods())
}

func (a *API) RegisterHandler(prefix string, handler http.Handler) {
	a.gatewayHandler.RegisterHandler(prefix, handler)
}

func (a *API) Start(ctx context.Context) {
	server.Serve(ctx, a.grpcServer, a.serverPort)
	a.gatewayHandler.Serve(ctx)
}

func (a *API) healthHandler() http.Handler {
	checks := []ValidationFunction{
		func(ctx context.Context) error {
			if err := a.health.Health(ctx); err != nil {
				return errors.ThrowInternal(err, "API-F24h2", "DB CONNECTION ERROR")
			}
			return nil
		},
		func(ctx context.Context) error {
			iam, err := a.health.IamByID(ctx)
			if err != nil && !errors.IsNotFound(err) {
				return errors.ThrowPreconditionFailed(err, "API-dsgT2", "IAM SETUP CHECK FAILED")
			}
			if iam == nil || !iam.SetUpStarted {
				return errors.ThrowPreconditionFailed(nil, "API-HBfs3", "IAM NOT SET UP")
			}
			if !iam.SetUpDone {
				return errors.ThrowPreconditionFailed(nil, "API-DASs2", "IAM SETUP RUNNING")
			}
			return nil
		},
	}
	handler := http.NewServeMux()
	handler.HandleFunc("/healthz", handleHealth)
	handler.HandleFunc("/ready", handleReadiness(checks))
	handler.HandleFunc("/clientID", a.handleClientID)

	return handler
}

func handleHealth(w http.ResponseWriter, r *http.Request) {
	_, err := w.Write([]byte("ok"))
	logging.Log("API-Hfss2").OnError(err).Error("error writing ok for health")
}

func handleReadiness(checks []ValidationFunction) func(w http.ResponseWriter, r *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		err := validate(r.Context(), checks)
		if err == nil {
			http_util.MarshalJSON(w, "ok")
			return
		}
		http_util.MarshalJSON(w, err)
	}
}

func (a *API) handleClientID(w http.ResponseWriter, r *http.Request) {
	id, err := a.health.VerifierClientID(r.Context(), "Zitadel Console")
	if err != nil {
		http_util.MarshalJSON(w, err)
		return
	}
	http_util.MarshalJSON(w, id)
}

type ValidationFunction func(ctx context.Context) error

func validate(ctx context.Context, validations []ValidationFunction) error {
	for _, validation := range validations {
		if err := validation(ctx); err != nil {
			logging.Log("API-vf823").WithError(err).Error("validation failed")
			return err
		}
	}
	return nil
}
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`package api`

			`import (`
			`"context"`
			`"net/http"`

feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`"github.com/caos/logging"`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`"google.golang.org/grpc"`

			`"github.com/caos/zitadel/internal/api/authz"`
			`grpc_util "github.com/caos/zitadel/internal/api/grpc"`
			`"github.com/caos/zitadel/internal/api/grpc/server"`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`http_util "github.com/caos/zitadel/internal/api/http"`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`"github.com/caos/zitadel/internal/api/oidc"`
			`authz_es "github.com/caos/zitadel/internal/authz/repository/eventsourcing"`
			`"github.com/caos/zitadel/internal/config/systemdefaults"`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`"github.com/caos/zitadel/internal/errors"`
			`iam_model "github.com/caos/zitadel/internal/iam/model"`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`)`

			`type Config struct {`
			`GRPC grpc_util.Config`
			`OIDC oidc.OPHandlerConfig`
			`}`

			`type API struct {`
			`grpcServer *grpc.Server`
			`gatewayHandler *server.GatewayHandler`
			`verifier *authz.TokenVerifier`
			`serverPort string`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`health health`
			`}`
			`type health interface {`
			`Health(ctx context.Context) error`
feat: idp and login policy configurations (#619) * feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2020-08-26 07:56:23 +00:00			`IamByID(ctx context.Context) (*iam_model.IAM, error)`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`VerifierClientID(ctx context.Context, appName string) (string, error)`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`}`

			`func Create(config Config, authZ authz.Config, authZRepo authz_es.EsRepository, sd systemdefaults.SystemDefaults) API {`
			`api := &API{`
			`serverPort: config.GRPC.ServerPort,`
			`}`
			`api.verifier = authz.Start(authZRepo)`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`api.health = authZRepo`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`api.grpcServer = server.CreateServer(api.verifier, authZ, sd.DefaultLanguage)`
			`api.gatewayHandler = server.CreateGatewayHandler(config.GRPC)`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00			`api.RegisterHandler("", api.healthHandler())`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00
			`return api`
			`}`

			`func (a *API) RegisterServer(ctx context.Context, server server.Server) {`
			`server.RegisterServer(a.grpcServer)`
			`a.gatewayHandler.RegisterGateway(ctx, server)`
			`a.verifier.RegisterServer(server.AppName(), server.MethodPrefix(), server.AuthMethods())`
			`}`

			`func (a *API) RegisterHandler(prefix string, handler http.Handler) {`
			`a.gatewayHandler.RegisterHandler(prefix, handler)`
			`}`

			`func (a *API) Start(ctx context.Context) {`
			`server.Serve(ctx, a.grpcServer, a.serverPort)`
			`a.gatewayHandler.Serve(ctx)`
			`}`
feat: setup as separate command (#604) * feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit 2020-08-18 08:04:56 +00:00
			`func (a *API) healthHandler() http.Handler {`
			`checks := []ValidationFunction{`
			`func(ctx context.Context) error {`
			`if err := a.health.Health(ctx); err != nil {`
			`return errors.ThrowInternal(err, "API-F24h2", "DB CONNECTION ERROR")`
			`}`
			`return nil`
			`},`
			`func(ctx context.Context) error {`
			`iam, err := a.health.IamByID(ctx)`
			`if err != nil && !errors.IsNotFound(err) {`
			`return errors.ThrowPreconditionFailed(err, "API-dsgT2", "IAM SETUP CHECK FAILED")`
			`}`
			`if iam == nil \|\| !iam.SetUpStarted {`
			`return errors.ThrowPreconditionFailed(nil, "API-HBfs3", "IAM NOT SET UP")`
			`}`
			`if !iam.SetUpDone {`
			`return errors.ThrowPreconditionFailed(nil, "API-DASs2", "IAM SETUP RUNNING")`
			`}`
			`return nil`
			`},`
			`}`
			`handler := http.NewServeMux()`
			`handler.HandleFunc("/healthz", handleHealth)`
			`handler.HandleFunc("/ready", handleReadiness(checks))`
			`handler.HandleFunc("/clientID", a.handleClientID)`

			`return handler`
			`}`

			`func handleHealth(w http.ResponseWriter, r *http.Request) {`
			`_, err := w.Write([]byte("ok"))`
			`logging.Log("API-Hfss2").OnError(err).Error("error writing ok for health")`
			`}`

			`func handleReadiness(checks []ValidationFunction) func(w http.ResponseWriter, r *http.Request) {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`err := validate(r.Context(), checks)`
			`if err == nil {`
			`http_util.MarshalJSON(w, "ok")`
			`return`
			`}`
			`http_util.MarshalJSON(w, err)`
			`}`
			`}`

			`func (a API) handleClientID(w http.ResponseWriter, r http.Request) {`
			`id, err := a.health.VerifierClientID(r.Context(), "Zitadel Console")`
			`if err != nil {`
			`http_util.MarshalJSON(w, err)`
			`return`
			`}`
			`http_util.MarshalJSON(w, id)`
			`}`

			`type ValidationFunction func(ctx context.Context) error`

			`func validate(ctx context.Context, validations []ValidationFunction) error {`
			`for _, validation := range validations {`
			`if err := validation(ctx); err != nil {`
			`logging.Log("API-vf823").WithError(err).Error("validation failed")`
			`return err`
			`}`
			`}`
			`return nil`
			`}`