2021-12-08 15:16:48 +00:00
|
|
|
package projection
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"time"
|
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
|
2022-10-20 12:36:52 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
2022-11-30 16:01:17 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/project"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
2021-12-08 15:16:48 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2022-11-30 16:01:17 +00:00
|
|
|
AuthNKeyTable = "projections.authn_keys2"
|
2021-12-08 15:16:48 +00:00
|
|
|
AuthNKeyIDCol = "id"
|
|
|
|
|
AuthNKeyCreationDateCol = "creation_date"
|
2022-11-30 16:01:17 +00:00
|
|
|
AuthNKeyChangeDateCol = "change_date"
|
2021-12-08 15:16:48 +00:00
|
|
|
AuthNKeyResourceOwnerCol = "resource_owner"
|
2022-03-23 08:02:39 +00:00
|
|
|
AuthNKeyInstanceIDCol = "instance_id"
|
2021-12-08 15:16:48 +00:00
|
|
|
AuthNKeyAggregateIDCol = "aggregate_id"
|
|
|
|
|
AuthNKeySequenceCol = "sequence"
|
|
|
|
|
AuthNKeyObjectIDCol = "object_id"
|
|
|
|
|
AuthNKeyExpirationCol = "expiration"
|
|
|
|
|
AuthNKeyIdentifierCol = "identifier"
|
|
|
|
|
AuthNKeyPublicKeyCol = "public_key"
|
|
|
|
|
AuthNKeyTypeCol = "type"
|
|
|
|
|
AuthNKeyEnabledCol = "enabled"
|
2022-11-30 16:01:17 +00:00
|
|
|
AuthNKeyOwnerRemovedCol = "owner_removed"
|
2021-12-08 15:16:48 +00:00
|
|
|
)
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
type authNKeyProjection struct {
|
2021-12-08 15:16:48 +00:00
|
|
|
crdb.StatementHandler
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
func newAuthNKeyProjection(ctx context.Context, config crdb.StatementHandlerConfig) *authNKeyProjection {
|
|
|
|
|
p := new(authNKeyProjection)
|
2021-12-08 15:16:48 +00:00
|
|
|
config.ProjectionName = AuthNKeyTable
|
|
|
|
|
config.Reducers = p.reducers()
|
2022-03-23 08:02:39 +00:00
|
|
|
config.InitCheck = crdb.NewTableCheck(
|
|
|
|
|
crdb.NewTable([]*crdb.Column{
|
|
|
|
|
crdb.NewColumn(AuthNKeyIDCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeyCreationDateCol, crdb.ColumnTypeTimestamp),
|
2022-11-30 16:01:17 +00:00
|
|
|
crdb.NewColumn(AuthNKeyChangeDateCol, crdb.ColumnTypeTimestamp),
|
2022-03-23 08:02:39 +00:00
|
|
|
crdb.NewColumn(AuthNKeyResourceOwnerCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeyInstanceIDCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeyAggregateIDCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeySequenceCol, crdb.ColumnTypeInt64),
|
|
|
|
|
crdb.NewColumn(AuthNKeyObjectIDCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeyExpirationCol, crdb.ColumnTypeTimestamp),
|
|
|
|
|
crdb.NewColumn(AuthNKeyIdentifierCol, crdb.ColumnTypeText),
|
|
|
|
|
crdb.NewColumn(AuthNKeyPublicKeyCol, crdb.ColumnTypeBytes),
|
|
|
|
|
crdb.NewColumn(AuthNKeyEnabledCol, crdb.ColumnTypeBool, crdb.Default(true)),
|
|
|
|
|
crdb.NewColumn(AuthNKeyTypeCol, crdb.ColumnTypeEnum, crdb.Default(0)),
|
2022-11-30 16:01:17 +00:00
|
|
|
crdb.NewColumn(AuthNKeyOwnerRemovedCol, crdb.ColumnTypeBool, crdb.Default(false)),
|
2022-03-23 08:02:39 +00:00
|
|
|
},
|
|
|
|
|
crdb.NewPrimaryKey(AuthNKeyInstanceIDCol, AuthNKeyIDCol),
|
2022-11-30 16:01:17 +00:00
|
|
|
crdb.WithIndex(crdb.NewIndex("enabled", []string{AuthNKeyEnabledCol})),
|
|
|
|
|
crdb.WithIndex(crdb.NewIndex("identifier", []string{AuthNKeyIdentifierCol})),
|
|
|
|
|
crdb.WithIndex(crdb.NewIndex("owner_removed", []string{AuthNKeyOwnerRemovedCol})),
|
2022-03-23 08:02:39 +00:00
|
|
|
),
|
|
|
|
|
)
|
2021-12-08 15:16:48 +00:00
|
|
|
p.StatementHandler = crdb.NewStatementHandler(ctx, config)
|
|
|
|
|
return p
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
func (p *authNKeyProjection) reducers() []handler.AggregateReducer {
|
2021-12-08 15:16:48 +00:00
|
|
|
return []handler.AggregateReducer{
|
|
|
|
|
{
|
|
|
|
|
Aggregate: project.AggregateType,
|
|
|
|
|
EventRedusers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: project.ApplicationKeyAddedEventType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyAdded,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: project.ApplicationKeyRemovedEventType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyRemoved,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: project.APIConfigChangedType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyEnabledChanged,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: project.OIDCConfigChangedType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyEnabledChanged,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: project.ApplicationRemovedType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyRemoved,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: project.ProjectRemovedType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyRemoved,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Aggregate: user.AggregateType,
|
|
|
|
|
EventRedusers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: user.MachineKeyAddedEventType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyAdded,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user.MachineKeyRemovedEventType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyRemoved,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Event: user.UserRemovedType,
|
|
|
|
|
Reduce: p.reduceAuthNKeyRemoved,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2022-11-30 16:01:17 +00:00
|
|
|
{
|
|
|
|
|
Aggregate: org.AggregateType,
|
|
|
|
|
EventRedusers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: org.OrgRemovedEventType,
|
|
|
|
|
Reduce: p.reduceOwnerRemoved,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2022-10-20 12:36:52 +00:00
|
|
|
{
|
|
|
|
|
Aggregate: instance.AggregateType,
|
|
|
|
|
EventRedusers: []handler.EventReducer{
|
|
|
|
|
{
|
|
|
|
|
Event: instance.InstanceRemovedEventType,
|
|
|
|
|
Reduce: reduceInstanceRemovedHelper(AuthNKeyInstanceIDCol),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2021-12-08 15:16:48 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
func (p *authNKeyProjection) reduceAuthNKeyAdded(event eventstore.Event) (*handler.Statement, error) {
|
2021-12-08 15:16:48 +00:00
|
|
|
var authNKeyEvent struct {
|
|
|
|
|
eventstore.BaseEvent
|
|
|
|
|
keyID string
|
|
|
|
|
objectID string
|
|
|
|
|
expiration time.Time
|
|
|
|
|
identifier string
|
|
|
|
|
publicKey []byte
|
|
|
|
|
keyType domain.AuthNKeyType
|
|
|
|
|
}
|
|
|
|
|
switch e := event.(type) {
|
|
|
|
|
case *project.ApplicationKeyAddedEvent:
|
|
|
|
|
authNKeyEvent.BaseEvent = e.BaseEvent
|
|
|
|
|
authNKeyEvent.keyID = e.KeyID
|
|
|
|
|
authNKeyEvent.objectID = e.AppID
|
|
|
|
|
authNKeyEvent.expiration = e.ExpirationDate
|
|
|
|
|
authNKeyEvent.identifier = e.ClientID
|
|
|
|
|
authNKeyEvent.publicKey = e.PublicKey
|
|
|
|
|
authNKeyEvent.keyType = e.KeyType
|
|
|
|
|
case *user.MachineKeyAddedEvent:
|
|
|
|
|
authNKeyEvent.BaseEvent = e.BaseEvent
|
|
|
|
|
authNKeyEvent.keyID = e.KeyID
|
|
|
|
|
authNKeyEvent.objectID = e.Aggregate().ID
|
|
|
|
|
authNKeyEvent.expiration = e.ExpirationDate
|
|
|
|
|
authNKeyEvent.identifier = e.Aggregate().ID
|
|
|
|
|
authNKeyEvent.publicKey = e.PublicKey
|
|
|
|
|
authNKeyEvent.keyType = e.KeyType
|
|
|
|
|
default:
|
2022-03-23 08:02:39 +00:00
|
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dgb32", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyAddedEventType, user.MachineKeyAddedEventType})
|
2021-12-08 15:16:48 +00:00
|
|
|
}
|
2022-11-30 16:01:17 +00:00
|
|
|
return crdb.NewCreateStatement(
|
2021-12-08 15:16:48 +00:00
|
|
|
&authNKeyEvent,
|
2022-11-30 16:01:17 +00:00
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(AuthNKeyIDCol, authNKeyEvent.keyID),
|
|
|
|
|
handler.NewCol(AuthNKeyCreationDateCol, authNKeyEvent.CreationDate()),
|
|
|
|
|
handler.NewCol(AuthNKeyChangeDateCol, authNKeyEvent.CreationDate()),
|
|
|
|
|
handler.NewCol(AuthNKeyResourceOwnerCol, authNKeyEvent.Aggregate().ResourceOwner),
|
|
|
|
|
handler.NewCol(AuthNKeyInstanceIDCol, authNKeyEvent.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCol(AuthNKeyAggregateIDCol, authNKeyEvent.Aggregate().ID),
|
|
|
|
|
handler.NewCol(AuthNKeySequenceCol, authNKeyEvent.Sequence()),
|
|
|
|
|
handler.NewCol(AuthNKeyObjectIDCol, authNKeyEvent.objectID),
|
|
|
|
|
handler.NewCol(AuthNKeyExpirationCol, authNKeyEvent.expiration),
|
|
|
|
|
handler.NewCol(AuthNKeyIdentifierCol, authNKeyEvent.identifier),
|
|
|
|
|
handler.NewCol(AuthNKeyPublicKeyCol, authNKeyEvent.publicKey),
|
|
|
|
|
handler.NewCol(AuthNKeyTypeCol, authNKeyEvent.keyType),
|
|
|
|
|
},
|
2021-12-08 15:16:48 +00:00
|
|
|
), nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
func (p *authNKeyProjection) reduceAuthNKeyEnabledChanged(event eventstore.Event) (*handler.Statement, error) {
|
2021-12-08 15:16:48 +00:00
|
|
|
var appID string
|
|
|
|
|
var enabled bool
|
2022-11-30 16:01:17 +00:00
|
|
|
var changeDate time.Time
|
|
|
|
|
var sequence uint64
|
2021-12-08 15:16:48 +00:00
|
|
|
switch e := event.(type) {
|
|
|
|
|
case *project.APIConfigChangedEvent:
|
|
|
|
|
if e.AuthMethodType == nil {
|
|
|
|
|
return crdb.NewNoOpStatement(event), nil
|
|
|
|
|
}
|
|
|
|
|
appID = e.AppID
|
|
|
|
|
enabled = *e.AuthMethodType == domain.APIAuthMethodTypePrivateKeyJWT
|
2022-11-30 16:01:17 +00:00
|
|
|
changeDate = e.CreationDate()
|
|
|
|
|
sequence = e.Sequence()
|
2021-12-08 15:16:48 +00:00
|
|
|
case *project.OIDCConfigChangedEvent:
|
|
|
|
|
if e.AuthMethodType == nil {
|
|
|
|
|
return crdb.NewNoOpStatement(event), nil
|
|
|
|
|
}
|
|
|
|
|
appID = e.AppID
|
|
|
|
|
enabled = *e.AuthMethodType == domain.OIDCAuthMethodTypePrivateKeyJWT
|
2022-11-30 16:01:17 +00:00
|
|
|
changeDate = e.CreationDate()
|
|
|
|
|
sequence = e.Sequence()
|
2021-12-08 15:16:48 +00:00
|
|
|
default:
|
2022-03-23 08:02:39 +00:00
|
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dbrt1", "reduce.wrong.event.type %v", []eventstore.EventType{project.APIConfigChangedType, project.OIDCConfigChangedType})
|
2021-12-08 15:16:48 +00:00
|
|
|
}
|
|
|
|
|
return crdb.NewUpdateStatement(
|
|
|
|
|
event,
|
2022-11-30 16:01:17 +00:00
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(AuthNKeyChangeDateCol, changeDate),
|
|
|
|
|
handler.NewCol(AuthNKeySequenceCol, sequence),
|
|
|
|
|
handler.NewCol(AuthNKeyEnabledCol, enabled),
|
|
|
|
|
},
|
2022-11-10 10:59:33 +00:00
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(AuthNKeyObjectIDCol, appID),
|
|
|
|
|
handler.NewCond(AuthNKeyInstanceIDCol, event.Aggregate().InstanceID),
|
|
|
|
|
},
|
2021-12-08 15:16:48 +00:00
|
|
|
), nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 05:51:00 +00:00
|
|
|
func (p *authNKeyProjection) reduceAuthNKeyRemoved(event eventstore.Event) (*handler.Statement, error) {
|
2021-12-08 15:16:48 +00:00
|
|
|
var condition handler.Condition
|
|
|
|
|
switch e := event.(type) {
|
|
|
|
|
case *project.ApplicationKeyRemovedEvent:
|
|
|
|
|
condition = handler.NewCond(AuthNKeyIDCol, e.KeyID)
|
|
|
|
|
case *project.ApplicationRemovedEvent:
|
|
|
|
|
condition = handler.NewCond(AuthNKeyObjectIDCol, e.AppID)
|
|
|
|
|
case *project.ProjectRemovedEvent:
|
|
|
|
|
condition = handler.NewCond(AuthNKeyAggregateIDCol, e.Aggregate().ID)
|
|
|
|
|
case *user.MachineKeyRemovedEvent:
|
|
|
|
|
condition = handler.NewCond(AuthNKeyIDCol, e.KeyID)
|
|
|
|
|
case *user.UserRemovedEvent:
|
|
|
|
|
condition = handler.NewCond(AuthNKeyAggregateIDCol, e.Aggregate().ID)
|
|
|
|
|
default:
|
2022-03-23 08:02:39 +00:00
|
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-BGge42", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyRemovedEventType, project.ApplicationRemovedType, project.ProjectRemovedType, user.MachineKeyRemovedEventType, user.UserRemovedType})
|
2021-12-08 15:16:48 +00:00
|
|
|
}
|
|
|
|
|
return crdb.NewDeleteStatement(
|
|
|
|
|
event,
|
2022-11-10 10:59:33 +00:00
|
|
|
[]handler.Condition{
|
|
|
|
|
condition,
|
|
|
|
|
handler.NewCond(AuthNKeyInstanceIDCol, event.Aggregate().InstanceID),
|
|
|
|
|
},
|
2021-12-08 15:16:48 +00:00
|
|
|
), nil
|
|
|
|
|
}
|
2022-11-30 16:01:17 +00:00
|
|
|
|
|
|
|
|
func (p *authNKeyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
|
|
|
e, ok := event.(*org.OrgRemovedEvent)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return crdb.NewUpdateStatement(
|
|
|
|
|
e,
|
|
|
|
|
[]handler.Column{
|
|
|
|
|
handler.NewCol(AuthNKeyChangeDateCol, e.CreationDate()),
|
|
|
|
|
handler.NewCol(AuthNKeySequenceCol, e.Sequence()),
|
|
|
|
|
handler.NewCol(AuthNKeyOwnerRemovedCol, true),
|
|
|
|
|
},
|
|
|
|
|
[]handler.Condition{
|
|
|
|
|
handler.NewCond(AuthNKeyInstanceIDCol, e.Aggregate().InstanceID),
|
|
|
|
|
handler.NewCond(AuthNKeyResourceOwnerCol, e.Aggregate().ID),
|
|
|
|
|
},
|
|
|
|
|
), nil
|
|
|
|
|
}
|
