feat: complete dynamic domain handling (#3482)

* feat: dynamic issuer * feat: default language from context * remove zitadel docs from defaults * remove ConsoleOverwriteDir * remove notification endpoints from defaults * custom domains in emails * remove (external) domain * external domain completely removed, console handling fixed * fix test * fix defaults.yaml
2025-08-12 04:37:31 +00:00 · 2022-04-25 11:16:36 +02:00
parent 75ec73ca4a
commit 2c4799c223
97 changed files with 478 additions and 381 deletions
--- a/internal/api/grpc/admin/custom_text.go
+++ b/internal/api/grpc/admin/custom_text.go
@@ -3,9 +3,9 @@ package admin
 import (
 	"context"

-	"github.com/caos/zitadel/internal/api/authz"
 	"golang.org/x/text/language"

+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	text_grpc "github.com/caos/zitadel/internal/api/grpc/text"
 	"github.com/caos/zitadel/internal/domain"
@@ -13,7 +13,7 @@ import (
 )

 func (s *Server) GetDefaultInitMessageText(ctx context.Context, req *admin_pb.GetDefaultInitMessageTextRequest) (*admin_pb.GetDefaultInitMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.InitCodeMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.InitCodeMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
@@ -61,7 +61,7 @@ func (s *Server) ResetCustomInitMessageTextToDefault(ctx context.Context, req *a
 }

 func (s *Server) GetDefaultPasswordResetMessageText(ctx context.Context, req *admin_pb.GetDefaultPasswordResetMessageTextRequest) (*admin_pb.GetDefaultPasswordResetMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.PasswordResetMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.PasswordResetMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
@@ -109,7 +109,7 @@ func (s *Server) ResetCustomPasswordResetMessageTextToDefault(ctx context.Contex
 }

 func (s *Server) GetDefaultVerifyEmailMessageText(ctx context.Context, req *admin_pb.GetDefaultVerifyEmailMessageTextRequest) (*admin_pb.GetDefaultVerifyEmailMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.VerifyEmailMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.VerifyEmailMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
@@ -157,7 +157,7 @@ func (s *Server) ResetCustomVerifyEmailMessageTextToDefault(ctx context.Context,
 }

 func (s *Server) GetDefaultVerifyPhoneMessageText(ctx context.Context, req *admin_pb.GetDefaultVerifyPhoneMessageTextRequest) (*admin_pb.GetDefaultVerifyPhoneMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.VerifyPhoneMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.VerifyPhoneMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
@@ -205,7 +205,7 @@ func (s *Server) ResetCustomVerifyPhoneMessageTextToDefault(ctx context.Context,
 }

 func (s *Server) GetDefaultDomainClaimedMessageText(ctx context.Context, req *admin_pb.GetDefaultDomainClaimedMessageTextRequest) (*admin_pb.GetDefaultDomainClaimedMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.DomainClaimedMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.DomainClaimedMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
@@ -253,7 +253,7 @@ func (s *Server) ResetCustomDomainClaimedMessageTextToDefault(ctx context.Contex
 }

 func (s *Server) GetDefaultPasswordlessRegistrationMessageText(ctx context.Context, req *admin_pb.GetDefaultPasswordlessRegistrationMessageTextRequest) (*admin_pb.GetDefaultPasswordlessRegistrationMessageTextResponse, error) {
-	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(domain.PasswordlessRegistrationMessageType, req.Language)
+	msg, err := s.query.DefaultMessageTextByTypeAndLanguageFromFileSystem(ctx, domain.PasswordlessRegistrationMessageType, req.Language)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/admin/language.go
+++ b/internal/api/grpc/admin/language.go
@@ -5,6 +5,7 @@ import (

 	"golang.org/x/text/language"

+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/text"
 	caos_errors "github.com/caos/zitadel/internal/errors"
 	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
@@ -34,6 +35,6 @@ func (s *Server) SetDefaultLanguage(ctx context.Context, req *admin_pb.SetDefaul
 	return nil, nil
 }

-func (s *Server) GetDefaultLanguage(ctx context.Context, req *admin_pb.GetDefaultLanguageRequest) (*admin_pb.GetDefaultLanguageResponse, error) {
-	return &admin_pb.GetDefaultLanguageResponse{Language: s.query.GetDefaultLanguage(ctx).String()}, nil
+func (s *Server) GetDefaultLanguage(ctx context.Context, _ *admin_pb.GetDefaultLanguageRequest) (*admin_pb.GetDefaultLanguageResponse, error) {
+	return &admin_pb.GetDefaultLanguageResponse{Language: authz.GetInstance(ctx).DefaultLanguage().String()}, nil
 }
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -5,6 +5,7 @@ import (

 	"google.golang.org/protobuf/types/known/timestamppb"

+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
 	"github.com/caos/zitadel/internal/command"
@@ -47,7 +48,7 @@ func (s *Server) ListOrgs(ctx context.Context, req *admin_pb.ListOrgsRequest) (*
 }

 func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*admin_pb.SetUpOrgResponse, error) {
-	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Org.Name, s.iamDomain))
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Org.Name, authz.GetInstance(ctx).RequestedDomain()))
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/admin/server.go
+++ b/internal/api/grpc/admin/server.go
@@ -24,7 +24,6 @@ type Server struct {
 	command         *command.Commands
 	query           *query.Queries
 	administrator   repository.AdministratorRepository
-	iamDomain       string
 	assetsAPIDomain string
 	userCodeAlg     crypto.EncryptionAlgorithm
 }
@@ -36,7 +35,6 @@ type Config struct {
 func CreateServer(command *command.Commands,
 	query *query.Queries,
 	repo repository.Repository,
-	iamDomain,
 	assetsAPIDomain string,
 	userCodeAlg crypto.EncryptionAlgorithm,
 ) *Server {
@@ -44,7 +42,6 @@ func CreateServer(command *command.Commands,
 		command:         command,
 		query:           query,
 		administrator:   repo,
-		iamDomain:       iamDomain,
 		assetsAPIDomain: assetsAPIDomain,
 		userCodeAlg:     userCodeAlg,
 	}
--- a/internal/api/grpc/auth/passwordless.go
+++ b/internal/api/grpc/auth/passwordless.go
@@ -8,6 +8,8 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/api/http"
+	"github.com/caos/zitadel/internal/api/ui/login"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/query"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
@@ -65,9 +67,10 @@ func (s *Server) AddMyPasswordlessLink(ctx context.Context, _ *auth_pb.AddMyPass
 	if err != nil {
 		return nil, err
 	}
+	origin := http.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), s.externalSecure)
 	return &auth_pb.AddMyPasswordlessLinkResponse{
 		Details:    object.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
-		Link:       initCode.Link(s.defaults.Notifications.Endpoints.PasswordlessRegistration),
+		Link:       initCode.Link(origin + login.HandlerPrefix + login.EndpointPasswordlessRegistration),
 		Expiration: durationpb.New(initCode.Expiration),
 	}, nil
 }
--- a/internal/api/grpc/auth/server.go
+++ b/internal/api/grpc/auth/server.go
@@ -28,6 +28,7 @@ type Server struct {
 	defaults        systemdefaults.SystemDefaults
 	assetsAPIDomain string
 	userCodeAlg     crypto.EncryptionAlgorithm
+	externalSecure  bool
 }

 type Config struct {
@@ -40,6 +41,7 @@ func CreateServer(command *command.Commands,
 	defaults systemdefaults.SystemDefaults,
 	assetsAPIDomain string,
 	userCodeAlg crypto.EncryptionAlgorithm,
+	externalSecure bool,
 ) *Server {
 	return &Server{
 		command:         command,
@@ -48,6 +50,7 @@ func CreateServer(command *command.Commands,
 		defaults:        defaults,
 		assetsAPIDomain: assetsAPIDomain,
 		userCodeAlg:     userCodeAlg,
+		externalSecure:  externalSecure,
 	}
 }

--- a/internal/api/grpc/management/information.go
+++ b/internal/api/grpc/management/information.go
@@ -3,6 +3,10 @@ package management
 import (
 	"context"

+	"github.com/caos/oidc/v2/pkg/oidc"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/api/http"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

@@ -10,9 +14,10 @@ func (s *Server) Healthz(context.Context, *mgmt_pb.HealthzRequest) (*mgmt_pb.Hea
 	return &mgmt_pb.HealthzResponse{}, nil
 }

-func (s *Server) GetOIDCInformation(ctx context.Context, req *mgmt_pb.GetOIDCInformationRequest) (*mgmt_pb.GetOIDCInformationResponse, error) {
+func (s *Server) GetOIDCInformation(ctx context.Context, _ *mgmt_pb.GetOIDCInformationRequest) (*mgmt_pb.GetOIDCInformationResponse, error) {
+	issuer := http.BuildOrigin(authz.GetInstance(ctx).RequestedDomain(), s.externalSecure) + s.issuerPath
 	return &mgmt_pb.GetOIDCInformationResponse{
-		Issuer:            s.systemDefaults.ZitadelDocs.Issuer,
-		DiscoveryEndpoint: s.systemDefaults.ZitadelDocs.DiscoveryEndpoint,
+		Issuer:            issuer,
+		DiscoveryEndpoint: issuer + oidc.DiscoveryEndpoint,
 	}, nil
 }
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -48,7 +48,7 @@ func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChanges
 }

 func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_pb.AddOrgResponse, error) {
-	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Name, s.systemDefaults.Domain), "")
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Name, authz.GetInstance(ctx).RequestedDomain()), "")
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/server.go
+++ b/internal/api/grpc/management/server.go
@@ -26,6 +26,8 @@ type Server struct {
 	assetAPIPrefix  string
 	passwordHashAlg crypto.HashAlgorithm
 	userCodeAlg     crypto.EncryptionAlgorithm
+	externalSecure  bool
+	issuerPath      string
 }

 func CreateServer(
@@ -34,6 +36,8 @@ func CreateServer(
 	sd systemdefaults.SystemDefaults,
 	assetAPIPrefix string,
 	userCodeAlg crypto.EncryptionAlgorithm,
+	externalSecure bool,
+	issuerPath string,
 ) *Server {
 	return &Server{
 		command:         command,
@@ -42,6 +46,8 @@ func CreateServer(
 		assetAPIPrefix:  assetAPIPrefix,
 		passwordHashAlg: crypto.NewBCrypt(sd.SecretGenerators.PasswordSaltCost),
 		userCodeAlg:     userCodeAlg,
+		externalSecure:  externalSecure,
+		issuerPath:      issuerPath,
 	}
 }

--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -16,7 +16,9 @@ import (
 	"github.com/caos/zitadel/internal/api/grpc/metadata"
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/api/http"
 	z_oidc "github.com/caos/zitadel/internal/api/oidc"
+	"github.com/caos/zitadel/internal/api/ui/login"
 	"github.com/caos/zitadel/internal/command"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/query"
@@ -259,8 +261,9 @@ func (s *Server) ImportHumanUser(ctx context.Context, req *mgmt_pb.ImportHumanUs
 		),
 	}
 	if code != nil {
+		origin := http.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), s.externalSecure)
 		resp.PasswordlessRegistration = &mgmt_pb.ImportHumanUserResponse_PasswordlessRegistration{
-			Link:       code.Link(s.systemDefaults.Notifications.Endpoints.PasswordlessRegistration),
+			Link:       code.Link(origin + login.HandlerPrefix + login.EndpointPasswordlessRegistration),
 			Lifetime:   durationpb.New(code.Expiration),
 			Expiration: durationpb.New(code.Expiration),
 		}
@@ -654,9 +657,10 @@ func (s *Server) AddPasswordlessRegistration(ctx context.Context, req *mgmt_pb.A
 	if err != nil {
 		return nil, err
 	}
+	origin := http.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), s.externalSecure)
 	return &mgmt_pb.AddPasswordlessRegistrationResponse{
 		Details:    obj_grpc.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
-		Link:       initCode.Link(s.systemDefaults.Notifications.Endpoints.PasswordlessRegistration),
+		Link:       initCode.Link(origin + login.HandlerPrefix + login.EndpointPasswordlessRegistration),
 		Expiration: durationpb.New(initCode.Expiration),
 	}, nil
 }
--- a/internal/api/grpc/server/middleware/instance_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/instance_interceptor_test.go
@@ -6,6 +6,7 @@ import (
 	"reflect"
 	"testing"

+	"golang.org/x/text/language"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"

@@ -177,6 +178,14 @@ func (m *mockInstance) ConsoleApplicationID() string {
 	return "consoleApplicationID"
 }

+func (m *mockInstance) DefaultLanguage() language.Tag {
+	return language.English
+}
+
 func (m *mockInstance) RequestedDomain() string {
 	return "localhost"
 }
+
+func (m *mockInstance) RequestedHost() string {
+	return "localhost:8080"
+}
--- a/internal/api/grpc/server/middleware/translation_interceptor.go
+++ b/internal/api/grpc/server/middleware/translation_interceptor.go
@@ -3,17 +3,17 @@ package middleware
 import (
 	"context"

-	"github.com/caos/zitadel/internal/query"
 	"google.golang.org/grpc"

+	"github.com/caos/zitadel/internal/api/authz"
+
 	_ "github.com/caos/zitadel/internal/statik"
 )

-func TranslationHandler(query *query.Queries) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
-	translator := newZitadelTranslator(query.GetDefaultLanguage(context.Background()))
-
+func TranslationHandler() func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
 		resp, err := handler(ctx, req)
+		translator := newZitadelTranslator(authz.GetInstance(ctx).DefaultLanguage())
 		if loc, ok := resp.(localizers); ok && resp != nil {
 			translateFields(ctx, loc, translator)
 		}
--- a/internal/api/grpc/server/middleware/translator.go
+++ b/internal/api/grpc/server/middleware/translator.go
@@ -48,7 +48,7 @@ func translatorFromNamespace(namespace string, defaultLanguage language.Tag) *i1
 	dir, err := fs.NewWithNamespace(namespace)
 	logging.LogWithFields("ERROR-7usEW", "namespace", namespace).OnError(err).Panic("unable to get namespace")

-	translator, err := i18n.NewTranslator(dir, i18n.TranslatorConfig{DefaultLanguage: defaultLanguage})
+	translator, err := i18n.NewTranslator(dir, defaultLanguage, "")
 	logging.Log("ERROR-Sk8sf").OnError(err).Panic("unable to get i18n translator")

 	return translator
--- a/internal/api/grpc/server/server.go
+++ b/internal/api/grpc/server/server.go
@@ -1,15 +1,14 @@
 package server

 import (
-	grpc_api "github.com/caos/zitadel/internal/api/grpc"
-	"github.com/caos/zitadel/internal/query"
-	"github.com/caos/zitadel/internal/telemetry/metrics"
-
 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"google.golang.org/grpc"

 	"github.com/caos/zitadel/internal/api/authz"
+	grpc_api "github.com/caos/zitadel/internal/api/grpc"
 	"github.com/caos/zitadel/internal/api/grpc/server/middleware"
+	"github.com/caos/zitadel/internal/query"
+	"github.com/caos/zitadel/internal/telemetry/metrics"
 )

 type Server interface {
@@ -33,7 +32,7 @@ func CreateServer(verifier *authz.TokenVerifier, authConfig authz.Config, querie
 				//TODO: Handle Ignored Services
 				middleware.InstanceInterceptor(queries, hostHeaderName, "/zitadel.system.v1.SystemService"),
 				middleware.AuthorizationInterceptor(verifier, authConfig),
-				middleware.TranslationHandler(queries),
+				middleware.TranslationHandler(),
 				middleware.ValidationHandler(),
 				middleware.ServiceHandler(),
 			),
--- a/internal/api/grpc/system/instance.go
+++ b/internal/api/grpc/system/instance.go
@@ -40,7 +40,7 @@ func (s *Server) GetInstance(ctx context.Context, req *system_pb.GetInstanceRequ
 }

 func (s *Server) AddInstance(ctx context.Context, req *system_pb.AddInstanceRequest) (*system_pb.AddInstanceResponse, error) {
-	id, details, err := s.command.SetUpInstance(ctx, AddInstancePbToSetupInstance(req, s.DefaultInstance), s.ExternalSecure, s.BaseURL)
+	id, details, err := s.command.SetUpInstance(ctx, AddInstancePbToSetupInstance(req, s.DefaultInstance), s.ExternalSecure)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/system/server.go
+++ b/internal/api/grpc/system/server.go
@@ -1,10 +1,10 @@
 package system

 import (
-	"github.com/caos/zitadel/internal/admin/repository"
-	http_util "github.com/caos/zitadel/internal/api/http"
 	"google.golang.org/grpc"

+	"github.com/caos/zitadel/internal/admin/repository"
+
 	"github.com/caos/zitadel/internal/admin/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/server"
@@ -26,7 +26,6 @@ type Server struct {
 	administrator   repository.AdministratorRepository
 	DefaultInstance command.InstanceSetup
 	ExternalSecure  bool
-	BaseURL         string
 }

 type Config struct {
@@ -37,8 +36,6 @@ func CreateServer(command *command.Commands,
 	query *query.Queries,
 	repo repository.Repository,
 	defaultInstance command.InstanceSetup,
-	externalPort uint16,
-	externalDomain string,
 	externalSecure bool) *Server {
 	return &Server{
 		command:         command,
@@ -46,7 +43,6 @@ func CreateServer(command *command.Commands,
 		administrator:   repo,
 		DefaultInstance: defaultInstance,
 		ExternalSecure:  externalSecure,
-		BaseURL:         http_util.BuildHTTP(externalDomain, externalPort, externalSecure),
 	}
 }