zitadel/internal/repository/oidcsession/oidc_session.go

package oidcsession

import (
	"context"
	"encoding/json"
	"time"

	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/eventstore/repository"
)

const (
	oidcSessionEventPrefix  = "oidc_session."
	AddedType               = oidcSessionEventPrefix + "added"
	AccessTokenAddedType    = oidcSessionEventPrefix + "access_token.added"
	RefreshTokenAddedType   = oidcSessionEventPrefix + "refresh_token.added"
	RefreshTokenRenewedType = oidcSessionEventPrefix + "refresh_token.renewed"
)

type AddedEvent struct {
	eventstore.BaseEvent `json:"-"`

	UserID                string    `json:"userID"`
	SessionID             string    `json:"sessionID"`
	ClientID              string    `json:"clientID"`
	Audience              []string  `json:"audience"`
	Scope                 []string  `json:"scope"`
	AuthMethodsReferences []string  `json:"authMethodsReferences"`
	AuthTime              time.Time `json:"authTime"`
}

func (e *AddedEvent) Data() interface{} {
	return e
}

func (e *AddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func NewAddedEvent(ctx context.Context,
	aggregate *eventstore.Aggregate,
	userID,
	sessionID,
	clientID string,
	audience,
	scope []string,
	authMethodsReferences []string,
	authTime time.Time,
) *AddedEvent {
	return &AddedEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			AddedType,
		),
		UserID:                userID,
		SessionID:             sessionID,
		ClientID:              clientID,
		Audience:              audience,
		Scope:                 scope,
		AuthMethodsReferences: authMethodsReferences,
		AuthTime:              authTime,
	}
}

func AddedEventMapper(event *repository.Event) (eventstore.Event, error) {
	added := &AddedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}
	err := json.Unmarshal(event.Data, added)
	if err != nil {
		return nil, errors.ThrowInternal(err, "OIDCS-DG4gn", "unable to unmarshal oidc session added")
	}

	return added, nil
}

type AccessTokenAddedEvent struct {
	eventstore.BaseEvent `json:"-"`

	ID       string        `json:"id"`
	Scope    []string      `json:"scope"`
	Lifetime time.Duration `json:"lifetime"`
}

func (e *AccessTokenAddedEvent) Data() interface{} {
	return e
}

func (e *AccessTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func NewAccessTokenAddedEvent(
	ctx context.Context,
	aggregate *eventstore.Aggregate,
	id string,
	scope []string,
	lifetime time.Duration,
) *AccessTokenAddedEvent {
	return &AccessTokenAddedEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			AccessTokenAddedType,
		),
		ID:       id,
		Scope:    scope,
		Lifetime: lifetime,
	}
}

func AccessTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
	added := &AccessTokenAddedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}
	err := json.Unmarshal(event.Data, added)
	if err != nil {
		return nil, errors.ThrowInternal(err, "OIDCS-DSGn5", "unable to unmarshal access token added")
	}

	return added, nil
}

type RefreshTokenAddedEvent struct {
	eventstore.BaseEvent `json:"-"`

	ID           string        `json:"id"`
	Lifetime     time.Duration `json:"lifetime"`
	IdleLifetime time.Duration `json:"idleLifetime"`
}

func (e *RefreshTokenAddedEvent) Data() interface{} {
	return e
}

func (e *RefreshTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func NewRefreshTokenAddedEvent(
	ctx context.Context,
	aggregate *eventstore.Aggregate,
	id string,
	lifetime,
	idleLifetime time.Duration,
) *RefreshTokenAddedEvent {
	return &RefreshTokenAddedEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			RefreshTokenAddedType,
		),
		ID:           id,
		Lifetime:     lifetime,
		IdleLifetime: idleLifetime,
	}
}

func RefreshTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
	added := &RefreshTokenAddedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}
	err := json.Unmarshal(event.Data, added)
	if err != nil {
		return nil, errors.ThrowInternal(err, "OIDCS-aW3gqq", "unable to unmarshal refresh token added")
	}

	return added, nil
}

type RefreshTokenRenewedEvent struct {
	eventstore.BaseEvent `json:"-"`

	ID           string        `json:"id"`
	IdleLifetime time.Duration `json:"idleLifetime"`
}

func (e *RefreshTokenRenewedEvent) Data() interface{} {
	return e
}

func (e *RefreshTokenRenewedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func NewRefreshTokenRenewedEvent(
	ctx context.Context,
	aggregate *eventstore.Aggregate,
	id string,
	idleLifetime time.Duration,
) *RefreshTokenRenewedEvent {
	return &RefreshTokenRenewedEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			RefreshTokenRenewedType,
		),
		ID:           id,
		IdleLifetime: idleLifetime,
	}
}

func RefreshTokenRenewedEventMapper(event *repository.Event) (eventstore.Event, error) {
	added := &RefreshTokenRenewedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}
	err := json.Unmarshal(event.Data, added)
	if err != nil {
		return nil, errors.ThrowInternal(err, "OIDCS-SF3fc", "unable to unmarshal refresh token renewed")
	}

	return added, nil
}
feat(api): add OIDC session service (#6157) This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2023-07-10 13:27:00 +00:00			`package oidcsession`

			`import (`
			`"context"`
			`"encoding/json"`
			`"time"`

			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/eventstore/repository"`
			`)`

			`const (`
			`oidcSessionEventPrefix = "oidc_session."`
			`AddedType = oidcSessionEventPrefix + "added"`
			`AccessTokenAddedType = oidcSessionEventPrefix + "access_token.added"`
			`RefreshTokenAddedType = oidcSessionEventPrefix + "refresh_token.added"`
			`RefreshTokenRenewedType = oidcSessionEventPrefix + "refresh_token.renewed"`
			`)`

			`type AddedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			UserID string `json:"userID"`
			SessionID string `json:"sessionID"`
			ClientID string `json:"clientID"`
			Audience []string `json:"audience"`
			Scope []string `json:"scope"`
			AuthMethodsReferences []string `json:"authMethodsReferences"`
			AuthTime time.Time `json:"authTime"`
			`}`

			`func (e *AddedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e AddedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func NewAddedEvent(ctx context.Context,`
			`aggregate *eventstore.Aggregate,`
			`userID,`
			`sessionID,`
			`clientID string,`
			`audience,`
			`scope []string,`
			`authMethodsReferences []string,`
			`authTime time.Time,`
			`) *AddedEvent {`
			`return &AddedEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`AddedType,`
			`),`
			`UserID: userID,`
			`SessionID: sessionID,`
			`ClientID: clientID,`
			`Audience: audience,`
			`Scope: scope,`
			`AuthMethodsReferences: authMethodsReferences,`
			`AuthTime: authTime,`
			`}`
			`}`

			`func AddedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`added := &AddedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`
			`err := json.Unmarshal(event.Data, added)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "OIDCS-DG4gn", "unable to unmarshal oidc session added")`
			`}`

			`return added, nil`
			`}`

			`type AccessTokenAddedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			ID string `json:"id"`
			Scope []string `json:"scope"`
			Lifetime time.Duration `json:"lifetime"`
			`}`

			`func (e *AccessTokenAddedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e AccessTokenAddedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func NewAccessTokenAddedEvent(`
			`ctx context.Context,`
			`aggregate *eventstore.Aggregate,`
			`id string,`
			`scope []string,`
			`lifetime time.Duration,`
			`) *AccessTokenAddedEvent {`
			`return &AccessTokenAddedEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`AccessTokenAddedType,`
			`),`
			`ID: id,`
			`Scope: scope,`
			`Lifetime: lifetime,`
			`}`
			`}`

			`func AccessTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`added := &AccessTokenAddedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`
			`err := json.Unmarshal(event.Data, added)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "OIDCS-DSGn5", "unable to unmarshal access token added")`
			`}`

			`return added, nil`
			`}`

			`type RefreshTokenAddedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			ID string `json:"id"`
			Lifetime time.Duration `json:"lifetime"`
			IdleLifetime time.Duration `json:"idleLifetime"`
			`}`

			`func (e *RefreshTokenAddedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e RefreshTokenAddedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func NewRefreshTokenAddedEvent(`
			`ctx context.Context,`
			`aggregate *eventstore.Aggregate,`
			`id string,`
			`lifetime,`
			`idleLifetime time.Duration,`
			`) *RefreshTokenAddedEvent {`
			`return &RefreshTokenAddedEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`RefreshTokenAddedType,`
			`),`
			`ID: id,`
			`Lifetime: lifetime,`
			`IdleLifetime: idleLifetime,`
			`}`
			`}`

			`func RefreshTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`added := &RefreshTokenAddedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`
			`err := json.Unmarshal(event.Data, added)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "OIDCS-aW3gqq", "unable to unmarshal refresh token added")`
			`}`

			`return added, nil`
			`}`

			`type RefreshTokenRenewedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			ID string `json:"id"`
			IdleLifetime time.Duration `json:"idleLifetime"`
			`}`

			`func (e *RefreshTokenRenewedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e RefreshTokenRenewedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func NewRefreshTokenRenewedEvent(`
			`ctx context.Context,`
			`aggregate *eventstore.Aggregate,`
			`id string,`
			`idleLifetime time.Duration,`
			`) *RefreshTokenRenewedEvent {`
			`return &RefreshTokenRenewedEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`RefreshTokenRenewedType,`
			`),`
			`ID: id,`
			`IdleLifetime: idleLifetime,`
			`}`
			`}`

			`func RefreshTokenRenewedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`added := &RefreshTokenRenewedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`
			`err := json.Unmarshal(event.Data, added)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "OIDCS-SF3fc", "unable to unmarshal refresh token renewed")`
			`}`

			`return added, nil`
			`}`