zitadel/internal/repository/instance/policy_security.go

package instance

import (
	"context"
	"encoding/json"

	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/eventstore/repository"
)

const (
	securityPolicyPrefix       = "policy.security."
	SecurityPolicySetEventType = instanceEventTypePrefix + securityPolicyPrefix + "set"
)

type SecurityPolicySetEvent struct {
	eventstore.BaseEvent `json:"-"`

	Enabled        *bool     `json:"enabled,omitempty"`
	AllowedOrigins *[]string `json:"allowedOrigins,omitempty"`
}

func NewSecurityPolicySetEvent(
	ctx context.Context,
	aggregate *eventstore.Aggregate,
	changes []SecurityPolicyChanges,
) (*SecurityPolicySetEvent, error) {
	if len(changes) == 0 {
		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound")
	}
	event := &SecurityPolicySetEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			SecurityPolicySetEventType,
		),
	}
	for _, change := range changes {
		change(event)
	}
	return event, nil
}

type SecurityPolicyChanges func(event *SecurityPolicySetEvent)

func ChangeSecurityPolicyEnabled(enabled bool) func(event *SecurityPolicySetEvent) {
	return func(e *SecurityPolicySetEvent) {
		e.Enabled = &enabled
	}
}

func ChangeSecurityPolicyAllowedOrigins(allowedOrigins []string) func(event *SecurityPolicySetEvent) {
	return func(e *SecurityPolicySetEvent) {
		if len(allowedOrigins) == 0 {
			allowedOrigins = []string{}
		}
		e.AllowedOrigins = &allowedOrigins
	}
}

func (e *SecurityPolicySetEvent) Data() interface{} {
	return e
}

func (e *SecurityPolicySetEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func SecurityPolicySetEventMapper(event *repository.Event) (eventstore.Event, error) {
	securityPolicyAdded := &SecurityPolicySetEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}
	err := json.Unmarshal(event.Data, securityPolicyAdded)
	if err != nil {
		return nil, errors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added")
	}

	return securityPolicyAdded, nil
}
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`package instance`

			`import (`
			`"context"`
			`"encoding/json"`

			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/eventstore/repository"`
			`)`

			`const (`
			`securityPolicyPrefix = "policy.security."`
			`SecurityPolicySetEventType = instanceEventTypePrefix + securityPolicyPrefix + "set"`
			`)`

			`type SecurityPolicySetEvent struct {`
			eventstore.BaseEvent `json:"-"`

			Enabled *bool `json:"enabled,omitempty"`
			AllowedOrigins *[]string `json:"allowedOrigins,omitempty"`
			`}`

			`func NewSecurityPolicySetEvent(`
			`ctx context.Context,`
			`aggregate *eventstore.Aggregate,`
			`changes []SecurityPolicyChanges,`
			`) (*SecurityPolicySetEvent, error) {`
			`if len(changes) == 0 {`
			`return nil, errors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound")`
			`}`
			`event := &SecurityPolicySetEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`SecurityPolicySetEventType,`
			`),`
			`}`
			`for _, change := range changes {`
			`change(event)`
			`}`
			`return event, nil`
			`}`

			`type SecurityPolicyChanges func(event *SecurityPolicySetEvent)`

			`func ChangeSecurityPolicyEnabled(enabled bool) func(event *SecurityPolicySetEvent) {`
			`return func(e *SecurityPolicySetEvent) {`
			`e.Enabled = &enabled`
			`}`
			`}`

			`func ChangeSecurityPolicyAllowedOrigins(allowedOrigins []string) func(event *SecurityPolicySetEvent) {`
			`return func(e *SecurityPolicySetEvent) {`
			`if len(allowedOrigins) == 0 {`
			`allowedOrigins = []string{}`
			`}`
			`e.AllowedOrigins = &allowedOrigins`
			`}`
			`}`

			`func (e *SecurityPolicySetEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e SecurityPolicySetEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func SecurityPolicySetEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`securityPolicyAdded := &SecurityPolicySetEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`
			`err := json.Unmarshal(event.Data, securityPolicyAdded)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added")`
			`}`

			`return securityPolicyAdded, nil`
			`}`