2022-12-14 07:17:36 +01:00
|
|
|
package query
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"database/sql"
|
2023-12-08 16:30:55 +02:00
|
|
|
"errors"
|
2022-12-14 07:17:36 +01:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
2023-12-08 16:30:55 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2022-12-14 07:17:36 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
securityPolicyTable = table{
|
|
|
|
|
name: projection.SecurityPolicyProjectionTable,
|
|
|
|
|
instanceIDCol: projection.SecurityPolicyColumnInstanceID,
|
|
|
|
|
}
|
|
|
|
|
SecurityPolicyColumnCreationDate = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnCreationDate,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
|
|
|
|
SecurityPolicyColumnChangeDate = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnChangeDate,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
|
|
|
|
SecurityPolicyColumnInstanceID = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnInstanceID,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
|
|
|
|
SecurityPolicyColumnSequence = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnSequence,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
2024-02-28 12:21:11 +02:00
|
|
|
SecurityPolicyColumnEnableIframeEmbedding = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnEnableIframeEmbedding,
|
2022-12-14 07:17:36 +01:00
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
|
|
|
|
SecurityPolicyColumnAllowedOrigins = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnAllowedOrigins,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
2024-02-28 12:21:11 +02:00
|
|
|
SecurityPolicyColumnEnableImpersonation = Column{
|
|
|
|
|
name: projection.SecurityPolicyColumnEnableImpersonation,
|
|
|
|
|
table: securityPolicyTable,
|
|
|
|
|
}
|
2022-12-14 07:17:36 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type SecurityPolicy struct {
|
|
|
|
|
AggregateID string
|
|
|
|
|
CreationDate time.Time
|
|
|
|
|
ChangeDate time.Time
|
|
|
|
|
ResourceOwner string
|
|
|
|
|
Sequence uint64
|
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
EnableIframeEmbedding bool
|
|
|
|
|
AllowedOrigins database.TextArray[string]
|
|
|
|
|
EnableImpersonation bool
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
2023-08-22 14:49:02 +02:00
|
|
|
func (q *Queries) SecurityPolicy(ctx context.Context) (policy *SecurityPolicy, err error) {
|
2025-04-02 16:53:06 +02:00
|
|
|
stmt, scan := prepareSecurityPolicyQuery()
|
2022-12-14 07:17:36 +01:00
|
|
|
query, args, err := stmt.Where(sq.Eq{
|
|
|
|
|
SecurityPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
}).ToSql()
|
|
|
|
|
if err != nil {
|
2025-06-06 10:48:29 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatement")
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
2023-08-22 14:49:02 +02:00
|
|
|
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
|
|
|
|
policy, err = scan(row)
|
|
|
|
|
return err
|
|
|
|
|
}, query, args...)
|
|
|
|
|
return policy, err
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
func prepareSecurityPolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*SecurityPolicy, error)) {
|
2022-12-14 07:17:36 +01:00
|
|
|
return sq.Select(
|
|
|
|
|
SecurityPolicyColumnInstanceID.identifier(),
|
|
|
|
|
SecurityPolicyColumnCreationDate.identifier(),
|
|
|
|
|
SecurityPolicyColumnChangeDate.identifier(),
|
|
|
|
|
SecurityPolicyColumnInstanceID.identifier(),
|
|
|
|
|
SecurityPolicyColumnSequence.identifier(),
|
2024-02-28 12:21:11 +02:00
|
|
|
SecurityPolicyColumnEnableIframeEmbedding.identifier(),
|
|
|
|
|
SecurityPolicyColumnAllowedOrigins.identifier(),
|
|
|
|
|
SecurityPolicyColumnEnableImpersonation.identifier()).
|
2025-04-02 16:53:06 +02:00
|
|
|
From(securityPolicyTable.identifier()).
|
2023-02-27 22:36:43 +01:00
|
|
|
PlaceholderFormat(sq.Dollar),
|
2022-12-14 07:17:36 +01:00
|
|
|
func(row *sql.Row) (*SecurityPolicy, error) {
|
|
|
|
|
securityPolicy := new(SecurityPolicy)
|
|
|
|
|
err := row.Scan(
|
|
|
|
|
&securityPolicy.AggregateID,
|
|
|
|
|
&securityPolicy.CreationDate,
|
|
|
|
|
&securityPolicy.ChangeDate,
|
|
|
|
|
&securityPolicy.ResourceOwner,
|
|
|
|
|
&securityPolicy.Sequence,
|
2024-02-28 12:21:11 +02:00
|
|
|
&securityPolicy.EnableIframeEmbedding,
|
2022-12-14 07:17:36 +01:00
|
|
|
&securityPolicy.AllowedOrigins,
|
2024-02-28 12:21:11 +02:00
|
|
|
&securityPolicy.EnableImpersonation,
|
2022-12-14 07:17:36 +01:00
|
|
|
)
|
2023-12-08 16:30:55 +02:00
|
|
|
if err != nil && !errors.Is(err, sql.ErrNoRows) { // ignore not found errors
|
|
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-Dfrt2", "Errors.Internal")
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
return securityPolicy, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
