fix(eventstore): use decimal, correct mirror (#9914)

# Eventstore fixes - `event.Position` used float64 before which can lead to [precision loss](https://github.com/golang/go/issues/47300). The type got replaced by [a type without precision loss](https://github.com/jackc/pgx-shopspring-decimal) - the handler reported the wrong error if the current state was updated and therefore took longer to retry failed events. # Mirror fixes - max age of auth requests can be configured to speed up copying data from `auth.auth_requests` table. Auth requests last updated before the set age will be ignored. Default is 1 month - notification projections are skipped because notifications should be sent by the source system. The projections are set to the latest position - ensure that mirror can be executed multiple times --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:07:31 +00:00 · 2025-05-28 23:54:18 +02:00
parent 046b165db8
commit 131f70db34
51 changed files with 436 additions and 236 deletions
--- a/internal/api/saml/certificate.go
+++ b/internal/api/saml/certificate.go
@@ -6,6 +6,7 @@ import (
 	"time"

 	"github.com/go-jose/go-jose/v4"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/saml/pkg/provider/key"

@@ -76,7 +77,7 @@ func (p *Storage) getCertificateAndKey(ctx context.Context, usage crypto.KeyUsag
 		return p.certificateToCertificateAndKey(selectCertificate(certs.Certificates))
 	}

-	var position float64
+	var position decimal.Decimal
 	if certs.State != nil {
 		position = certs.State.Position
 	}
@@ -87,7 +88,7 @@ func (p *Storage) getCertificateAndKey(ctx context.Context, usage crypto.KeyUsag
 func (p *Storage) refreshCertificate(
 	ctx context.Context,
 	usage crypto.KeyUsage,
-	position float64,
+	position decimal.Decimal,
 ) error {
 	ok, err := p.ensureIsLatestCertificate(ctx, position)
 	if err != nil {
@@ -103,12 +104,12 @@ func (p *Storage) refreshCertificate(
 	return nil
 }

-func (p *Storage) ensureIsLatestCertificate(ctx context.Context, position float64) (bool, error) {
-	maxSequence, err := p.getMaxKeySequence(ctx)
+func (p *Storage) ensureIsLatestCertificate(ctx context.Context, position decimal.Decimal) (bool, error) {
+	maxSequence, err := p.getMaxKeyPosition(ctx)
 	if err != nil {
 		return false, fmt.Errorf("error retrieving new events: %w", err)
 	}
-	return position >= maxSequence, nil
+	return position.GreaterThanOrEqual(maxSequence), nil
 }

 func (p *Storage) lockAndGenerateCertificateAndKey(ctx context.Context, usage crypto.KeyUsage) error {
@@ -151,9 +152,9 @@ func (p *Storage) lockAndGenerateCertificateAndKey(ctx context.Context, usage cr
 	}
 }

-func (p *Storage) getMaxKeySequence(ctx context.Context) (float64, error) {
-	return p.eventstore.LatestSequence(ctx,
-		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
+func (p *Storage) getMaxKeyPosition(ctx context.Context) (decimal.Decimal, error) {
+	return p.eventstore.LatestPosition(ctx,
+		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
 			ResourceOwner(authz.GetInstance(ctx).InstanceID()).
 			AwaitOpenTransactions().
 			AddQuery().