zitadel/internal/api/authz/context.go

package authz

import (
	"context"
	"github.com/caos/zitadel/internal/errors"

	"github.com/caos/logging"
)

type key int

const (
	requestPermissionsKey key = 1
	dataKey               key = 2
	allPermissionsKey     key = 3
)

type CtxData struct {
	UserID            string
	OrgID             string
	ProjectID         string
	AgentID           string
	PreferredLanguage string
}

func (ctxData CtxData) IsZero() bool {
	return ctxData.UserID == "" || ctxData.OrgID == ""
}

type Grants []*Grant

type Grant struct {
	OrgID string
	Roles []string
}

func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
	if orgID != "" {
		err = t.ExistsOrg(ctx, orgID)
		if err != nil {
			return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
		}
	}

	userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
	if err != nil {
		return nil, err
	}
	projectID, err := t.GetProjectIDByClientID(ctx, clientID)
	logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
	return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
}

func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {
	return context.WithValue(ctx, dataKey, ctxData)
}

func GetCtxData(ctx context.Context) CtxData {
	ctxData, _ := ctx.Value(dataKey).(CtxData)
	return ctxData
}

func GetRequestPermissionsFromCtx(ctx context.Context) []string {
	ctxPermission, _ := ctx.Value(requestPermissionsKey).([]string)
	return ctxPermission
}

func GetAllPermissionsFromCtx(ctx context.Context) []string {
	ctxPermission, _ := ctx.Value(allPermissionsKey).([]string)
	return ctxPermission
}
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`package authz`

			`import (`
			`"context"`
feat: check if org exists (#480) * feat: check if org exists * feat: check if org exists * Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err handling Co-authored-by: Silvan <silvan.reusser@gmail.com> 2020-07-16 11:27:36 +00:00			`"github.com/caos/zitadel/internal/errors"`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00
			`"github.com/caos/logging"`
			`)`

			`type key int`

			`const (`
feat: usergrant (#489) * fix: search usergrants only for allowed projects * fix: check permissions * fix: check permissions * fix: check permissions * Update internal/management/repository/eventsourcing/eventstore/project.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: merge request changes * fix: variable name Co-authored-by: Silvan <silvan.reusser@gmail.com> 2020-07-22 12:00:29 +00:00			`requestPermissionsKey key = 1`
			`dataKey key = 2`
			`allPermissionsKey key = 3`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`)`

			`type CtxData struct {`
			`UserID string`
			`OrgID string`
			`ProjectID string`
			`AgentID string`
			`PreferredLanguage string`
			`}`

			`func (ctxData CtxData) IsZero() bool {`
			`return ctxData.UserID == "" \|\| ctxData.OrgID == ""`
			`}`

			`type Grants []*Grant`

			`type Grant struct {`
			`OrgID string`
			`Roles []string`
			`}`

			`func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {`
fix: check if org id not empty before checking if it exists (#482) 2020-07-16 11:51:37 +00:00			`if orgID != "" {`
			`err = t.ExistsOrg(ctx, orgID)`
			`if err != nil {`
			`return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")`
			`}`
feat: check if org exists (#480) * feat: check if org exists * feat: check if org exists * Update internal/authz/repository/eventsourcing/eventstore/token_verifier.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: err handling Co-authored-by: Silvan <silvan.reusser@gmail.com> 2020-07-16 11:27:36 +00:00			`}`
fix: check if org id not empty before checking if it exists (#482) 2020-07-16 11:51:37 +00:00
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)`
			`if err != nil {`
			`return nil, err`
			`}`
			`projectID, err := t.GetProjectIDByClientID(ctx, clientID)`
			`logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")`
			`return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil`
			`}`

			`func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {`
			`return context.WithValue(ctx, dataKey, ctxData)`
			`}`

			`func GetCtxData(ctx context.Context) CtxData {`
			`ctxData, _ := ctx.Value(dataKey).(CtxData)`
			`return ctxData`
			`}`

feat: usergrant (#489) * fix: search usergrants only for allowed projects * fix: check permissions * fix: check permissions * fix: check permissions * Update internal/management/repository/eventsourcing/eventstore/project.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: merge request changes * fix: variable name Co-authored-by: Silvan <silvan.reusser@gmail.com> 2020-07-22 12:00:29 +00:00			`func GetRequestPermissionsFromCtx(ctx context.Context) []string {`
			`ctxPermission, _ := ctx.Value(requestPermissionsKey).([]string)`
			`return ctxPermission`
			`}`

			`func GetAllPermissionsFromCtx(ctx context.Context) []string {`
			`ctxPermission, _ := ctx.Value(allPermissionsKey).([]string)`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`return ctxPermission`
			`}`