2023-07-10 13:27:00 +00:00
|
|
|
package oidcsession
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"time"
|
|
|
|
|
|
2023-07-12 12:24:01 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
2023-07-10 13:27:00 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/repository"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
oidcSessionEventPrefix = "oidc_session."
|
|
|
|
|
AddedType = oidcSessionEventPrefix + "added"
|
|
|
|
|
AccessTokenAddedType = oidcSessionEventPrefix + "access_token.added"
|
|
|
|
|
RefreshTokenAddedType = oidcSessionEventPrefix + "refresh_token.added"
|
|
|
|
|
RefreshTokenRenewedType = oidcSessionEventPrefix + "refresh_token.renewed"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type AddedEvent struct {
|
|
|
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
|
|
2023-07-12 12:24:01 +00:00
|
|
|
UserID string `json:"userID"`
|
|
|
|
|
SessionID string `json:"sessionID"`
|
|
|
|
|
ClientID string `json:"clientID"`
|
|
|
|
|
Audience []string `json:"audience"`
|
|
|
|
|
Scope []string `json:"scope"`
|
|
|
|
|
AuthMethods []domain.UserAuthMethodType `json:"authMethods"`
|
|
|
|
|
AuthTime time.Time `json:"authTime"`
|
2023-07-10 13:27:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *AddedEvent) Data() interface{} {
|
|
|
|
|
return e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *AddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAddedEvent(ctx context.Context,
|
|
|
|
|
aggregate *eventstore.Aggregate,
|
|
|
|
|
userID,
|
|
|
|
|
sessionID,
|
|
|
|
|
clientID string,
|
|
|
|
|
audience,
|
|
|
|
|
scope []string,
|
2023-07-12 12:24:01 +00:00
|
|
|
authMethods []domain.UserAuthMethodType,
|
2023-07-10 13:27:00 +00:00
|
|
|
authTime time.Time,
|
|
|
|
|
) *AddedEvent {
|
|
|
|
|
return &AddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
|
|
|
ctx,
|
|
|
|
|
aggregate,
|
|
|
|
|
AddedType,
|
|
|
|
|
),
|
2023-07-12 12:24:01 +00:00
|
|
|
UserID: userID,
|
|
|
|
|
SessionID: sessionID,
|
|
|
|
|
ClientID: clientID,
|
|
|
|
|
Audience: audience,
|
|
|
|
|
Scope: scope,
|
|
|
|
|
AuthMethods: authMethods,
|
|
|
|
|
AuthTime: authTime,
|
2023-07-10 13:27:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func AddedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
|
|
|
added := &AddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
|
|
|
}
|
|
|
|
|
err := json.Unmarshal(event.Data, added)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "OIDCS-DG4gn", "unable to unmarshal oidc session added")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return added, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type AccessTokenAddedEvent struct {
|
|
|
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
|
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
Scope []string `json:"scope"`
|
|
|
|
|
Lifetime time.Duration `json:"lifetime"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *AccessTokenAddedEvent) Data() interface{} {
|
|
|
|
|
return e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *AccessTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAccessTokenAddedEvent(
|
|
|
|
|
ctx context.Context,
|
|
|
|
|
aggregate *eventstore.Aggregate,
|
|
|
|
|
id string,
|
|
|
|
|
scope []string,
|
|
|
|
|
lifetime time.Duration,
|
|
|
|
|
) *AccessTokenAddedEvent {
|
|
|
|
|
return &AccessTokenAddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
|
|
|
ctx,
|
|
|
|
|
aggregate,
|
|
|
|
|
AccessTokenAddedType,
|
|
|
|
|
),
|
|
|
|
|
ID: id,
|
|
|
|
|
Scope: scope,
|
|
|
|
|
Lifetime: lifetime,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func AccessTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
|
|
|
added := &AccessTokenAddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
|
|
|
}
|
|
|
|
|
err := json.Unmarshal(event.Data, added)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "OIDCS-DSGn5", "unable to unmarshal access token added")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return added, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type RefreshTokenAddedEvent struct {
|
|
|
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
|
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
Lifetime time.Duration `json:"lifetime"`
|
|
|
|
|
IdleLifetime time.Duration `json:"idleLifetime"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *RefreshTokenAddedEvent) Data() interface{} {
|
|
|
|
|
return e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *RefreshTokenAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewRefreshTokenAddedEvent(
|
|
|
|
|
ctx context.Context,
|
|
|
|
|
aggregate *eventstore.Aggregate,
|
|
|
|
|
id string,
|
|
|
|
|
lifetime,
|
|
|
|
|
idleLifetime time.Duration,
|
|
|
|
|
) *RefreshTokenAddedEvent {
|
|
|
|
|
return &RefreshTokenAddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
|
|
|
ctx,
|
|
|
|
|
aggregate,
|
|
|
|
|
RefreshTokenAddedType,
|
|
|
|
|
),
|
|
|
|
|
ID: id,
|
|
|
|
|
Lifetime: lifetime,
|
|
|
|
|
IdleLifetime: idleLifetime,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func RefreshTokenAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
|
|
|
added := &RefreshTokenAddedEvent{
|
|
|
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
|
|
|
}
|
|
|
|
|
err := json.Unmarshal(event.Data, added)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "OIDCS-aW3gqq", "unable to unmarshal refresh token added")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return added, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type RefreshTokenRenewedEvent struct {
|
|
|
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
|
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
IdleLifetime time.Duration `json:"idleLifetime"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *RefreshTokenRenewedEvent) Data() interface{} {
|
|
|
|
|
return e
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *RefreshTokenRenewedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewRefreshTokenRenewedEvent(
|
|
|
|
|
ctx context.Context,
|
|
|
|
|
aggregate *eventstore.Aggregate,
|
|
|
|
|
id string,
|
|
|
|
|
idleLifetime time.Duration,
|
|
|
|
|
) *RefreshTokenRenewedEvent {
|
|
|
|
|
return &RefreshTokenRenewedEvent{
|
|
|
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
|
|
|
ctx,
|
|
|
|
|
aggregate,
|
|
|
|
|
RefreshTokenRenewedType,
|
|
|
|
|
),
|
|
|
|
|
ID: id,
|
|
|
|
|
IdleLifetime: idleLifetime,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func RefreshTokenRenewedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
|
|
|
added := &RefreshTokenRenewedEvent{
|
|
|
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
|
|
|
}
|
|
|
|
|
err := json.Unmarshal(event.Data, added)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "OIDCS-SF3fc", "unable to unmarshal refresh token renewed")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return added, nil
|
|
|
|
|
}
|
