2024-02-28 08:55:54 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2024-08-14 14:18:14 +00:00
|
|
|
"github.com/muhlemmer/gu"
|
|
|
|
|
2024-02-28 08:55:54 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/command/preparation"
|
2024-08-14 14:18:14 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
2024-02-28 08:55:54 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2024-05-24 11:32:57 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/feature"
|
2024-02-28 08:55:54 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/feature/feature_v2"
|
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
|
|
)
|
|
|
|
|
|
|
|
type InstanceFeatures struct {
|
|
|
|
LoginDefaultOrg *bool
|
|
|
|
TriggerIntrospectionProjections *bool
|
|
|
|
LegacyIntrospection *bool
|
2024-03-12 13:50:13 +00:00
|
|
|
UserSchema *bool
|
2024-03-20 10:18:46 +00:00
|
|
|
TokenExchange *bool
|
2024-04-09 17:21:21 +00:00
|
|
|
Actions *bool
|
2024-05-24 11:32:57 +00:00
|
|
|
ImprovedPerformance []feature.ImprovedPerformanceType
|
2024-08-14 14:18:14 +00:00
|
|
|
WebKey *bool
|
2024-08-20 06:45:24 +00:00
|
|
|
DebugOIDCParentError *bool
|
2024-09-04 10:14:50 +00:00
|
|
|
OIDCSingleV1SessionTermination *bool
|
2024-09-26 13:55:41 +00:00
|
|
|
DisableUserTokenEvent *bool
|
2024-10-31 14:57:17 +00:00
|
|
|
EnableBackChannelLogout *bool
|
2024-02-28 08:55:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (m *InstanceFeatures) isEmpty() bool {
|
|
|
|
return m.LoginDefaultOrg == nil &&
|
|
|
|
m.TriggerIntrospectionProjections == nil &&
|
2024-03-12 13:50:13 +00:00
|
|
|
m.LegacyIntrospection == nil &&
|
2024-03-20 10:18:46 +00:00
|
|
|
m.UserSchema == nil &&
|
2024-04-09 17:21:21 +00:00
|
|
|
m.TokenExchange == nil &&
|
2024-05-24 11:32:57 +00:00
|
|
|
m.Actions == nil &&
|
|
|
|
// nil check to allow unset improvements
|
2024-08-14 14:18:14 +00:00
|
|
|
m.ImprovedPerformance == nil &&
|
2024-08-20 06:45:24 +00:00
|
|
|
m.WebKey == nil &&
|
2024-09-04 10:14:50 +00:00
|
|
|
m.DebugOIDCParentError == nil &&
|
2024-09-26 13:55:41 +00:00
|
|
|
m.OIDCSingleV1SessionTermination == nil &&
|
2024-10-31 14:57:17 +00:00
|
|
|
m.DisableUserTokenEvent == nil &&
|
|
|
|
m.EnableBackChannelLogout == nil
|
2024-02-28 08:55:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Commands) SetInstanceFeatures(ctx context.Context, f *InstanceFeatures) (*domain.ObjectDetails, error) {
|
|
|
|
if f.isEmpty() {
|
|
|
|
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Vigh1", "Errors.NoChangesFound")
|
|
|
|
}
|
|
|
|
wm := NewInstanceFeaturesWriteModel(authz.GetInstance(ctx).InstanceID())
|
|
|
|
if err := c.eventstore.FilterToQueryReducer(ctx, wm); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-08-14 14:18:14 +00:00
|
|
|
if err := c.setupWebKeyFeature(ctx, wm, f); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-05-24 11:32:57 +00:00
|
|
|
commands := wm.setCommands(ctx, f)
|
|
|
|
if len(commands) == 0 {
|
2024-02-28 08:55:54 +00:00
|
|
|
return writeModelToObjectDetails(wm.WriteModel), nil
|
|
|
|
}
|
2024-05-24 11:32:57 +00:00
|
|
|
events, err := c.eventstore.Push(ctx, commands...)
|
2024-02-28 08:55:54 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return pushedEventsToObjectDetails(events), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func prepareSetFeatures(instanceID string, f *InstanceFeatures) preparation.Validation {
|
|
|
|
return func() (preparation.CreateCommands, error) {
|
|
|
|
return func(ctx context.Context, _ preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
|
|
|
wm := NewInstanceFeaturesWriteModel(instanceID)
|
|
|
|
return wm.setCommands(ctx, f), nil
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-08-14 14:18:14 +00:00
|
|
|
// setupWebKeyFeature generates the initial web keys for the instance,
|
|
|
|
// if the feature is enabled in the request and the feature wasn't enabled already in the writeModel.
|
|
|
|
// [Commands.GenerateInitialWebKeys] checks if keys already exist and does nothing if that's the case.
|
|
|
|
// The default config of a RSA key with 2048 and the SHA256 hasher is assumed.
|
|
|
|
// Users can customize this after using the webkey/v3 API.
|
|
|
|
func (c *Commands) setupWebKeyFeature(ctx context.Context, wm *InstanceFeaturesWriteModel, f *InstanceFeatures) error {
|
|
|
|
if !gu.Value(f.WebKey) || gu.Value(wm.WebKey) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return c.GenerateInitialWebKeys(ctx, &crypto.WebKeyRSAConfig{
|
|
|
|
Bits: crypto.RSABits2048,
|
|
|
|
Hasher: crypto.RSAHasherSHA256,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-02-28 08:55:54 +00:00
|
|
|
func (c *Commands) ResetInstanceFeatures(ctx context.Context) (*domain.ObjectDetails, error) {
|
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
wm := NewInstanceFeaturesWriteModel(instanceID)
|
|
|
|
if err := c.eventstore.FilterToQueryReducer(ctx, wm); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if wm.isEmpty() {
|
|
|
|
return writeModelToObjectDetails(wm.WriteModel), nil
|
|
|
|
}
|
|
|
|
aggregate := feature_v2.NewAggregate(instanceID, instanceID)
|
|
|
|
events, err := c.eventstore.Push(ctx, feature_v2.NewResetEvent(ctx, aggregate, feature_v2.InstanceResetEventType))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return pushedEventsToObjectDetails(events), nil
|
|
|
|
}
|