zitadel/internal/query/security_policy.go

package query

import (
	"context"
	"database/sql"
	errs "errors"
	"time"

	sq "github.com/Masterminds/squirrel"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/api/call"
	"github.com/zitadel/zitadel/internal/database"
	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/query/projection"
)

var (
	securityPolicyTable = table{
		name:          projection.SecurityPolicyProjectionTable,
		instanceIDCol: projection.SecurityPolicyColumnInstanceID,
	}
	SecurityPolicyColumnCreationDate = Column{
		name:  projection.SecurityPolicyColumnCreationDate,
		table: securityPolicyTable,
	}
	SecurityPolicyColumnChangeDate = Column{
		name:  projection.SecurityPolicyColumnChangeDate,
		table: securityPolicyTable,
	}
	SecurityPolicyColumnInstanceID = Column{
		name:  projection.SecurityPolicyColumnInstanceID,
		table: securityPolicyTable,
	}
	SecurityPolicyColumnSequence = Column{
		name:  projection.SecurityPolicyColumnSequence,
		table: securityPolicyTable,
	}
	SecurityPolicyColumnEnabled = Column{
		name:  projection.SecurityPolicyColumnEnabled,
		table: securityPolicyTable,
	}
	SecurityPolicyColumnAllowedOrigins = Column{
		name:  projection.SecurityPolicyColumnAllowedOrigins,
		table: securityPolicyTable,
	}
)

type SecurityPolicy struct {
	AggregateID   string
	CreationDate  time.Time
	ChangeDate    time.Time
	ResourceOwner string
	Sequence      uint64

	Enabled        bool
	AllowedOrigins database.StringArray
}

func (q *Queries) SecurityPolicy(ctx context.Context) (*SecurityPolicy, error) {
	stmt, scan := prepareSecurityPolicyQuery(ctx, q.client)
	query, args, err := stmt.Where(sq.Eq{
		SecurityPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
	}).ToSql()
	if err != nil {
		return nil, errors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatment")
	}

	row := q.client.QueryRowContext(ctx, query, args...)
	return scan(row)
}

func prepareSecurityPolicyQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (*SecurityPolicy, error)) {
	return sq.Select(
			SecurityPolicyColumnInstanceID.identifier(),
			SecurityPolicyColumnCreationDate.identifier(),
			SecurityPolicyColumnChangeDate.identifier(),
			SecurityPolicyColumnInstanceID.identifier(),
			SecurityPolicyColumnSequence.identifier(),
			SecurityPolicyColumnEnabled.identifier(),
			SecurityPolicyColumnAllowedOrigins.identifier()).
			From(securityPolicyTable.identifier() + db.Timetravel(call.Took(ctx))).
			PlaceholderFormat(sq.Dollar),
		func(row *sql.Row) (*SecurityPolicy, error) {
			securityPolicy := new(SecurityPolicy)
			err := row.Scan(
				&securityPolicy.AggregateID,
				&securityPolicy.CreationDate,
				&securityPolicy.ChangeDate,
				&securityPolicy.ResourceOwner,
				&securityPolicy.Sequence,
				&securityPolicy.Enabled,
				&securityPolicy.AllowedOrigins,
			)
			if err != nil && !errs.Is(err, sql.ErrNoRows) { // ignore not found errors
				return nil, errors.ThrowInternal(err, "QUERY-Dfrt2", "Errors.Internal")
			}
			return securityPolicy, nil
		}
}
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`package query`

			`import (`
			`"context"`
			`"database/sql"`
			`errs "errors"`
			`"time"`

			`sq "github.com/Masterminds/squirrel"`

			`"github.com/zitadel/zitadel/internal/api/authz"`
perf: query data `AS OF SYSTEM TIME` (#5231) Queries the data in the storage layser at the timestamp when the call hit the API layer 2023-02-27 21:36:43 +00:00			`"github.com/zitadel/zitadel/internal/api/call"`
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`"github.com/zitadel/zitadel/internal/database"`
			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/query/projection"`
			`)`

			`var (`
			`securityPolicyTable = table{`
			`name: projection.SecurityPolicyProjectionTable,`
			`instanceIDCol: projection.SecurityPolicyColumnInstanceID,`
			`}`
			`SecurityPolicyColumnCreationDate = Column{`
			`name: projection.SecurityPolicyColumnCreationDate,`
			`table: securityPolicyTable,`
			`}`
			`SecurityPolicyColumnChangeDate = Column{`
			`name: projection.SecurityPolicyColumnChangeDate,`
			`table: securityPolicyTable,`
			`}`
			`SecurityPolicyColumnInstanceID = Column{`
			`name: projection.SecurityPolicyColumnInstanceID,`
			`table: securityPolicyTable,`
			`}`
			`SecurityPolicyColumnSequence = Column{`
			`name: projection.SecurityPolicyColumnSequence,`
			`table: securityPolicyTable,`
			`}`
			`SecurityPolicyColumnEnabled = Column{`
			`name: projection.SecurityPolicyColumnEnabled,`
			`table: securityPolicyTable,`
			`}`
			`SecurityPolicyColumnAllowedOrigins = Column{`
			`name: projection.SecurityPolicyColumnAllowedOrigins,`
			`table: securityPolicyTable,`
			`}`
			`)`

			`type SecurityPolicy struct {`
			`AggregateID string`
			`CreationDate time.Time`
			`ChangeDate time.Time`
			`ResourceOwner string`
			`Sequence uint64`

			`Enabled bool`
			`AllowedOrigins database.StringArray`
			`}`

			`func (q Queries) SecurityPolicy(ctx context.Context) (SecurityPolicy, error) {`
perf: query data `AS OF SYSTEM TIME` (#5231) Queries the data in the storage layser at the timestamp when the call hit the API layer 2023-02-27 21:36:43 +00:00			`stmt, scan := prepareSecurityPolicyQuery(ctx, q.client)`
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`query, args, err := stmt.Where(sq.Eq{`
			`SecurityPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),`
			`}).ToSql()`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatment")`
			`}`

			`row := q.client.QueryRowContext(ctx, query, args...)`
			`return scan(row)`
			`}`

perf: query data `AS OF SYSTEM TIME` (#5231) Queries the data in the storage layser at the timestamp when the call hit the API layer 2023-02-27 21:36:43 +00:00			`func prepareSecurityPolicyQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(sql.Row) (SecurityPolicy, error)) {`
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`return sq.Select(`
			`SecurityPolicyColumnInstanceID.identifier(),`
			`SecurityPolicyColumnCreationDate.identifier(),`
			`SecurityPolicyColumnChangeDate.identifier(),`
			`SecurityPolicyColumnInstanceID.identifier(),`
			`SecurityPolicyColumnSequence.identifier(),`
			`SecurityPolicyColumnEnabled.identifier(),`
			`SecurityPolicyColumnAllowedOrigins.identifier()).`
perf: query data `AS OF SYSTEM TIME` (#5231) Queries the data in the storage layser at the timestamp when the call hit the API layer 2023-02-27 21:36:43 +00:00			`From(securityPolicyTable.identifier() + db.Timetravel(call.Took(ctx))).`
			`PlaceholderFormat(sq.Dollar),`
feat: enable iframe use (#4766) * feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-12-14 06:17:36 +00:00			`func(row sql.Row) (SecurityPolicy, error) {`
			`securityPolicy := new(SecurityPolicy)`
			`err := row.Scan(`
			`&securityPolicy.AggregateID,`
			`&securityPolicy.CreationDate,`
			`&securityPolicy.ChangeDate,`
			`&securityPolicy.ResourceOwner,`
			`&securityPolicy.Sequence,`
			`&securityPolicy.Enabled,`
			`&securityPolicy.AllowedOrigins,`
			`)`
			`if err != nil && !errs.Is(err, sql.ErrNoRows) { // ignore not found errors`
			`return nil, errors.ThrowInternal(err, "QUERY-Dfrt2", "Errors.Internal")`
			`}`
			`return securityPolicy, nil`
			`}`
			`}`