zitadel/internal/api/auth/context.go

package auth

import (
	"context"
	"github.com/caos/logging"
	"github.com/caos/zitadel/internal/api"
	grpc_util "github.com/caos/zitadel/internal/api/grpc"
	"google.golang.org/grpc/metadata"
	"strconv"
)

type key int

var (
	permissionsKey key
	dataKey        key
)

type CtxData struct {
	UserID    string
	OrgID     string
	ProjectID string
	AgentID   string
}

func (ctxData CtxData) IsZero() bool {
	return ctxData.UserID == "" || ctxData.OrgID == ""
}

type Grants []*Grant

type Grant struct {
	OrgID string
	Roles []string
}

type TokenVerifier interface {
	VerifyAccessToken(ctx context.Context, token string) (string, string, string, error)
	ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error)
	GetProjectIDByClientID(ctx context.Context, clientID string) (string, error)
}

func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {
	var userID, projectID, clientID, agentID string
	//TODO: Remove as soon an authentification is implemented
	if CheckInternal(ctx) {
		userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)
		projectID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
		agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)
	} else {
		userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)
		if err != nil {
			return nil, err
		}

		projectID, err = t.GetProjectIDByClientID(ctx, clientID)
		logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
	}
	return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
}

func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {
	return context.WithValue(ctx, dataKey, ctxData)
}

func GetCtxData(ctx context.Context) CtxData {
	ctxData, _ := ctx.Value(dataKey).(CtxData)
	return ctxData
}

func GetPermissionsFromCtx(ctx context.Context) []string {
	ctxPermission, _ := ctx.Value(permissionsKey).([]string)
	return ctxPermission
}

//TODO: Remove as soon an authentification is implemented
func CheckInternal(ctx context.Context) bool {
	md, ok := metadata.FromIncomingContext(ctx)
	if !ok {
		return false
	}
	v, ok := md[api.LoginKey]
	if !ok {
		return false
	}
	ok, _ = strconv.ParseBool(v[0])
	return ok
}
feat: add some api packages 2020-03-23 07:01:59 +01:00			`package auth`

			`import (`
			`"context"`
			`"github.com/caos/logging"`
Project commands (#26) * feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com> 2020-04-07 13:23:04 +02:00			`"github.com/caos/zitadel/internal/api"`
			`grpc_util "github.com/caos/zitadel/internal/api/grpc"`
			`"google.golang.org/grpc/metadata"`
			`"strconv"`
feat: add some api packages 2020-03-23 07:01:59 +01:00			`)`

change context keys and fix tests 2020-03-30 11:52:08 +02:00			`type key int`

			`var (`
			`permissionsKey key`
			`dataKey key`
			`)`
feat: add some api packages 2020-03-23 07:01:59 +01:00
			`type CtxData struct {`
			`UserID string`
			`OrgID string`
			`ProjectID string`
			`AgentID string`
			`}`

			`func (ctxData CtxData) IsZero() bool {`
			`return ctxData.UserID == "" \|\| ctxData.OrgID == ""`
			`}`

			`type Grants []*Grant`

			`type Grant struct {`
			`OrgID string`
			`Roles []string`
			`}`

			`type TokenVerifier interface {`
			`VerifyAccessToken(ctx context.Context, token string) (string, string, string, error)`
			`ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error)`
			`GetProjectIDByClientID(ctx context.Context, clientID string) (string, error)`
			`}`

			`func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {`
Project commands (#26) * feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com> 2020-04-07 13:23:04 +02:00			`var userID, projectID, clientID, agentID string`
			`//TODO: Remove as soon an authentification is implemented`
			`if CheckInternal(ctx) {`
			`userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)`
			`projectID = grpc_util.GetHeader(ctx, api.ZitadelClientID)`
			`agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)`
			`} else {`
			`userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)`
			`if err != nil {`
			`return nil, err`
			`}`
feat: add some api packages 2020-03-23 07:01:59 +01:00
Project commands (#26) * feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com> 2020-04-07 13:23:04 +02:00			`projectID, err = t.GetProjectIDByClientID(ctx, clientID)`
			`logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")`
			`}`
change context keys and fix tests 2020-03-30 11:52:08 +02:00			`return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil`
feat: add some api packages 2020-03-23 07:01:59 +01:00			`}`

feat: setup and iam commands (#99) * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(eventstore): check preconditions in repository * test(eventstore): test precondition in models * test(eventstore): precondition-tests * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(admin): start implement org * feat(eventstore): check preconditions in repository * fix(eventstore): data as NULL if empty refactor(eventstore): naming in sequence methods * feat(admin): org command side * feat(management): start org-repo * feat(org): member * fix: replace ObjectRoot.ID with ObjectRoot.AggregateID * aggregateID * add remove,change member * refactor(org): namings * refactor(eventstore): querier as type * fix(precondition): rename validation from precondition to validation * test(eventstore): isErr func instead of wantErr bool * fix(tests): Data * fix(eventstore): correct check for existing events in push, simplify insert statement * fix(eventstore): aggregate id public * test(org): eventsourcing * test(org): eventstore * test(org): deactivate, reactivate, orgbyid * test(org): getMemberByIDs * tests * running tests * add config * add user repo to admin * thorw not found if no org found * iam setup * eventstore tests done * setup iam * lauft * iam eventstore * validate if user is already member of org * modules * delete unused file * iam member * add member validation test * iam member * return error if unable to validat member * generate org id once, set resourceowner of org * start iam repo * set resourceowner on unique aggregates * setup user const * better code * generate files * fix tests * Update internal/admin/repository/eventsourcing/repository.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * set ctx data Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2020-05-18 11:32:16 +02:00			`func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {`
			`return context.WithValue(ctx, dataKey, ctxData)`
			`}`

feat: add some api packages 2020-03-23 07:01:59 +01:00			`func GetCtxData(ctx context.Context) CtxData {`
change context keys and fix tests 2020-03-30 11:52:08 +02:00			`ctxData, _ := ctx.Value(dataKey).(CtxData)`
remove pointer on ctxData 2020-03-30 10:06:48 +02:00			`return ctxData`
feat: add some api packages 2020-03-23 07:01:59 +01:00			`}`

			`func GetPermissionsFromCtx(ctx context.Context) []string {`
change context keys and fix tests 2020-03-30 11:52:08 +02:00			`ctxPermission, _ := ctx.Value(permissionsKey).([]string)`
remove pointer on ctxData 2020-03-30 10:06:48 +02:00			`return ctxPermission`
feat: add some api packages 2020-03-23 07:01:59 +01:00			`}`
Project commands (#26) * feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com> 2020-04-07 13:23:04 +02:00
			`//TODO: Remove as soon an authentification is implemented`
			`func CheckInternal(ctx context.Context) bool {`
			`md, ok := metadata.FromIncomingContext(ctx)`
			`if !ok {`
			`return false`
			`}`
			`v, ok := md[api.LoginKey]`
			`if !ok {`
			`return false`
			`}`
			`ok, _ = strconv.ParseBool(v[0])`
			`return ok`
			`}`