feat: tokens on user aggregate (#837)

* fix: fix remove policies in spoolers * fix: reread of token by id * fix: update oidc package * fix: possible nil pointer on token split Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 08:07:32 +00:00 · 2020-10-15 13:52:41 +02:00
parent fbb30840f1
commit 265b491696
24 changed files with 518 additions and 247 deletions
--- a/internal/user/repository/view/model/token.go
+++ b/internal/user/repository/view/model/token.go
@@ -0,0 +1,127 @@
+package model
+
+import (
+	"encoding/json"
+	"github.com/caos/logging"
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+	"time"
+
+	"github.com/lib/pq"
+)
+
+const (
+	TokenKeyTokenID       = "id"
+	TokenKeyUserID        = "user_id"
+	TokenKeyApplicationID = "application_id"
+	TokenKeyUserAgentID   = "user_agent_id"
+	TokenKeyExpiration    = "expiration"
+	TokenKeyResourceOwner = "resource_owner"
+)
+
+type TokenView struct {
+	ID                string         `json:"tokenId" gorm:"column:id;primary_key"`
+	CreationDate      time.Time      `json:"-" gorm:"column:creation_date"`
+	ChangeDate        time.Time      `json:"-" gorm:"column:change_date"`
+	ResourceOwner     string         `json:"-" gorm:"column:resource_owner"`
+	UserID            string         `json:"-" gorm:"column:user_id"`
+	ApplicationID     string         `json:"applicationId" gorm:"column:application_id"`
+	UserAgentID       string         `json:"userAgentId" gorm:"column:user_agent_id"`
+	Audience          pq.StringArray `json:"audience" gorm:"column:audience"`
+	Scopes            pq.StringArray `json:"scopes" gorm:"column:scopes"`
+	Expiration        time.Time      `json:"expiration" gorm:"column:expiration"`
+	Sequence          uint64         `json:"-" gorm:"column:sequence"`
+	PreferredLanguage string         `json:"preferredLanguage" gorm:"column:preferred_language"`
+	Deactivated       bool           `json:"-" gorm:"-"`
+}
+
+func TokenViewFromModel(token *usr_model.TokenView) *TokenView {
+	return &TokenView{
+		ID:                token.ID,
+		CreationDate:      token.CreationDate,
+		ChangeDate:        token.ChangeDate,
+		ResourceOwner:     token.ResourceOwner,
+		UserID:            token.UserID,
+		ApplicationID:     token.ApplicationID,
+		UserAgentID:       token.UserAgentID,
+		Audience:          token.Audience,
+		Scopes:            token.Scopes,
+		Expiration:        token.Expiration,
+		Sequence:          token.Sequence,
+		PreferredLanguage: token.PreferredLanguage,
+	}
+}
+
+func TokenViewToModel(token *TokenView) *usr_model.TokenView {
+	return &usr_model.TokenView{
+		ID:                token.ID,
+		CreationDate:      token.CreationDate,
+		ChangeDate:        token.ChangeDate,
+		ResourceOwner:     token.ResourceOwner,
+		UserID:            token.UserID,
+		ApplicationID:     token.ApplicationID,
+		UserAgentID:       token.UserAgentID,
+		Audience:          token.Audience,
+		Scopes:            token.Scopes,
+		Expiration:        token.Expiration,
+		Sequence:          token.Sequence,
+		PreferredLanguage: token.PreferredLanguage,
+	}
+}
+
+func (t *TokenView) AppendEventIfMyToken(event *models.Event) (err error) {
+	view := new(TokenView)
+	switch event.Type {
+	case usr_es_model.UserTokenAdded:
+		view.setRootData(event)
+		err = view.setData(event)
+	case usr_es_model.UserRemoved,
+		usr_es_model.UserDeactivated,
+		usr_es_model.UserLocked:
+		t.Deactivated = true
+		return nil
+	case usr_es_model.UserUnlocked,
+		usr_es_model.UserReactivated:
+		if t.ID != "" && event.CreationDate.Before(t.CreationDate) {
+			t.Deactivated = false
+		}
+		return nil
+	default:
+		return nil
+	}
+	if view.ID == t.ID {
+		return t.AppendEvent(event)
+	}
+	return nil
+}
+
+func (t *TokenView) AppendEvent(event *es_models.Event) error {
+	t.ChangeDate = event.CreationDate
+	t.Sequence = event.Sequence
+	switch event.Type {
+	case usr_es_model.UserTokenAdded:
+		t.setRootData(event)
+		err := t.setData(event)
+		if err != nil {
+			return err
+		}
+		t.CreationDate = event.CreationDate
+	}
+	return nil
+}
+
+func (t *TokenView) setRootData(event *models.Event) {
+	t.UserID = event.AggregateID
+	t.ResourceOwner = event.ResourceOwner
+}
+
+func (t *TokenView) setData(event *es_models.Event) error {
+	if err := json.Unmarshal(event.Data, t); err != nil {
+		logging.Log("EVEN-3Gm9s").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-5Gms9", "could not unmarshal event")
+	}
+	return nil
+}
--- a/internal/user/repository/view/model/token_query.go
+++ b/internal/user/repository/view/model/token_query.go
@@ -0,0 +1,69 @@
+package model
+
+import (
+	global_model "github.com/caos/zitadel/internal/model"
+	"github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/internal/view/repository"
+)
+
+type TokenSearchRequest model.TokenSearchRequest
+type TokenSearchQuery model.TokenSearchQuery
+type TokenSearchKey model.TokenSearchKey
+
+func (req TokenSearchRequest) GetLimit() uint64 {
+	return req.Limit
+}
+
+func (req TokenSearchRequest) GetOffset() uint64 {
+	return req.Offset
+}
+
+func (req TokenSearchRequest) GetSortingColumn() repository.ColumnKey {
+	if req.SortingColumn == model.TokenSearchKeyUnspecified {
+		return nil
+	}
+	return TokenSearchKey(req.SortingColumn)
+}
+
+func (req TokenSearchRequest) GetAsc() bool {
+	return req.Asc
+}
+
+func (req TokenSearchRequest) GetQueries() []repository.SearchQuery {
+	result := make([]repository.SearchQuery, len(req.Queries))
+	for i, q := range req.Queries {
+		result[i] = TokenSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
+	}
+	return result
+}
+
+func (req TokenSearchQuery) GetKey() repository.ColumnKey {
+	return TokenSearchKey(req.Key)
+}
+
+func (req TokenSearchQuery) GetMethod() global_model.SearchMethod {
+	return req.Method
+}
+
+func (req TokenSearchQuery) GetValue() interface{} {
+	return req.Value
+}
+
+func (key TokenSearchKey) ToColumnName() string {
+	switch model.TokenSearchKey(key) {
+	case model.TokenSearchKeyTokenID:
+		return TokenKeyTokenID
+	case model.TokenSearchKeyUserAgentID:
+		return TokenKeyUserAgentID
+	case model.TokenSearchKeyUserID:
+		return TokenKeyUserID
+	case model.TokenSearchKeyApplicationID:
+		return TokenKeyApplicationID
+	case model.TokenSearchKeyExpiration:
+		return TokenKeyExpiration
+	case model.TokenSearchKeyResourceOwner:
+		return TokenKeyResourceOwner
+	default:
+		return ""
+	}
+}
--- a/internal/user/repository/view/token_view.go
+++ b/internal/user/repository/view/token_view.go
@@ -0,0 +1,72 @@
+package view
+
+import (
+	"github.com/caos/zitadel/internal/errors"
+	global_model "github.com/caos/zitadel/internal/model"
+	"github.com/caos/zitadel/internal/user/model"
+	usr_model "github.com/caos/zitadel/internal/user/repository/view/model"
+	"github.com/caos/zitadel/internal/view/repository"
+	"github.com/jinzhu/gorm"
+	"github.com/lib/pq"
+)
+
+func TokenByID(db *gorm.DB, table, tokenID string) (*usr_model.TokenView, error) {
+	token := new(usr_model.TokenView)
+	query := repository.PrepareGetByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID)
+	err := query(db, token)
+	if errors.IsNotFound(err) {
+		return nil, errors.ThrowNotFound(nil, "VIEW-6ub3p", "Errors.Token.NotFound")
+	}
+	return token, err
+}
+
+func TokensByUserID(db *gorm.DB, table, userID string) ([]*usr_model.TokenView, error) {
+	tokens := make([]*usr_model.TokenView, 0)
+	userIDQuery := &model.TokenSearchQuery{
+		Key:    model.TokenSearchKeyUserID,
+		Method: global_model.SearchMethodEquals,
+		Value:  userID,
+	}
+	query := repository.PrepareSearchQuery(table, usr_model.TokenSearchRequest{
+		Queries: []*model.TokenSearchQuery{userIDQuery},
+	})
+	_, err := query(db, &tokens)
+	return tokens, err
+}
+
+func PutToken(db *gorm.DB, table string, token *usr_model.TokenView) error {
+	save := repository.PrepareSave(table)
+	return save(db, token)
+}
+
+func PutTokens(db *gorm.DB, table string, tokens ...*usr_model.TokenView) error {
+	save := repository.PrepareBulkSave(table)
+	t := make([]interface{}, len(tokens))
+	for i, token := range tokens {
+		t[i] = token
+	}
+	return save(db, t...)
+}
+
+func DeleteToken(db *gorm.DB, table, tokenID string) error {
+	delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID)
+	return delete(db)
+}
+
+func DeleteSessionTokens(db *gorm.DB, table, agentID, userID string) error {
+	delete := repository.PrepareDeleteByKeys(table,
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserAgentID), Value: agentID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserID), Value: userID},
+	)
+	return delete(db)
+}
+
+func DeleteUserTokens(db *gorm.DB, table, userID string) error {
+	delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyUserID), userID)
+	return delete(db)
+}
+
+func DeleteApplicationTokens(db *gorm.DB, table string, appIDs []string) error {
+	delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyApplicationID), pq.StringArray(appIDs))
+	return delete(db)
+}