fix(app): move queries to query package (#2612)

* fix: move queries to query package * fix(auth): switch project role requests to query pkg * refactor: delete unused project role code * remove repo * implement sql queries * fix(database): oidc config change type to int2 * fix(queries): implement app queries * refactor: simplify code * fix: correct app query * Update app.go * fix token check * fix mock * test: app prepares * test: oidc compliance * test: OIDCOriginAllowList * fix: converter * resolve unsupported oidc version Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 01:47:33 +00:00 · 2021-11-26 07:57:05 +01:00
parent a9035def0f
commit 3473156c7e
39 changed files with 3150 additions and 1066 deletions
--- a/internal/api/grpc/management/project_application.go
+++ b/internal/api/grpc/management/project_application.go
@@ -12,7 +12,7 @@ import (
 )

 func (s *Server) GetAppByID(ctx context.Context, req *mgmt_pb.GetAppByIDRequest) (*mgmt_pb.GetAppByIDResponse, error) {
-	app, err := s.project.ApplicationByID(ctx, req.ProjectId, req.AppId)
+	app, err := s.query.AppByProjectAndAppID(ctx, req.ProjectId, req.AppId)
 	if err != nil {
 		return nil, err
 	}
@@ -26,16 +26,16 @@ func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*m
 	if err != nil {
 		return nil, err
 	}
-	domains, err := s.project.SearchApplications(ctx, queries)
+	apps, err := s.query.SearchApps(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListAppsResponse{
-		Result: project_grpc.AppsToPb(domains.Result),
+		Result: project_grpc.AppsToPb(apps.Apps),
 		Details: object_grpc.ToListDetails(
-			domains.TotalResult,
-			domains.Sequence,
-			domains.Timestamp,
+			apps.Count,
+			apps.Sequence,
+			apps.Timestamp,
 		),
 	}, nil
 }
@@ -196,16 +196,16 @@ func (s *Server) ListAppKeys(ctx context.Context, req *mgmt_pb.ListAppKeysReques
 	if err != nil {
 		return nil, err
 	}
-	domains, err := s.project.SearchClientKeys(ctx, queries)
+	keys, err := s.project.SearchClientKeys(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListAppKeysResponse{
-		Result: authn_grpc.KeyViewsToPb(domains.Result),
+		Result: authn_grpc.KeyViewsToPb(keys.Result),
 		Details: object_grpc.ToListDetails(
-			domains.TotalResult,
-			domains.Sequence,
-			domains.Timestamp,
+			keys.TotalResult,
+			keys.Sequence,
+			keys.Timestamp,
 		),
 	}, nil
 }
--- a/internal/api/grpc/management/project_application_converter.go
+++ b/internal/api/grpc/management/project_application_converter.go
@@ -9,25 +9,27 @@ import (
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	key_model "github.com/caos/zitadel/internal/key/model"
-	proj_model "github.com/caos/zitadel/internal/project/model"
+	"github.com/caos/zitadel/internal/query"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

-func ListAppsRequestToModel(req *mgmt_pb.ListAppsRequest) (*proj_model.ApplicationSearchRequest, error) {
+func ListAppsRequestToModel(req *mgmt_pb.ListAppsRequest) (*query.AppSearchQueries, error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
 	queries, err := app_grpc.AppQueriesToModel(req.Queries)
 	if err != nil {
 		return nil, err
 	}
-	queries = append(queries, &proj_model.ApplicationSearchQuery{
-		Key:    proj_model.AppSearchKeyProjectID,
-		Method: domain.SearchMethodEquals,
-		Value:  req.ProjectId,
-	})
-	return &proj_model.ApplicationSearchRequest{
-		Offset: offset,
-		Limit:  limit,
-		Asc:    asc,
+	projectQuery, err := query.NewAppProjectIDSearchQuery(req.ProjectId)
+	if err != nil {
+		return nil, err
+	}
+	queries = append(queries, projectQuery)
+	return &query.AppSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
 		//SortingColumn: //TODO: sorting
 		Queries: queries,
 	}, nil
--- a/internal/api/grpc/project/application.go
+++ b/internal/api/grpc/project/application.go
@@ -7,11 +7,12 @@ import (
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
 	proj_model "github.com/caos/zitadel/internal/project/model"
+	"github.com/caos/zitadel/internal/query"
 	app_pb "github.com/caos/zitadel/pkg/grpc/app"
 	message_pb "github.com/caos/zitadel/pkg/grpc/message"
 )

-func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
+func AppsToPb(apps []*query.App) []*app_pb.App {
 	a := make([]*app_pb.App, len(apps))
 	for i, app := range apps {
 		a[i] = AppToPb(app)
@@ -19,7 +20,7 @@ func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
 	return a
 }

-func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
+func AppToPb(app *query.App) *app_pb.App {
 	return &app_pb.App{
 		Id:      app.ID,
 		Details: object_grpc.ToViewDetailsPb(app.Sequence, app.CreationDate, app.ChangeDate, app.ResourceOwner),
@@ -29,68 +30,68 @@ func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
 	}
 }

-func AppConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
-	if app.IsOIDC {
-		return AppOIDCConfigToPb(app)
+func AppConfigToPb(app *query.App) app_pb.AppConfig {
+	if app.OIDCConfig != nil {
+		return AppOIDCConfigToPb(app.OIDCConfig)
 	}
-	return AppAPIConfigToPb(app)
+	return AppAPIConfigToPb(app.APIConfig)
 }

-func AppOIDCConfigToPb(app *proj_model.ApplicationView) *app_pb.App_OidcConfig {
+func AppOIDCConfigToPb(app *query.OIDCApp) *app_pb.App_OidcConfig {
 	return &app_pb.App_OidcConfig{
 		OidcConfig: &app_pb.OIDCConfig{
-			RedirectUris:             app.OIDCRedirectUris,
-			ResponseTypes:            OIDCResponseTypesFromModel(app.OIDCResponseTypes),
-			GrantTypes:               OIDCGrantTypesFromModel(app.OIDCGrantTypes),
-			AppType:                  OIDCApplicationTypeToPb(domain.OIDCApplicationType(app.OIDCApplicationType)),
-			ClientId:                 app.OIDCClientID,
-			AuthMethodType:           OIDCAuthMethodTypeToPb(domain.OIDCAuthMethodType(app.OIDCAuthMethodType)),
-			PostLogoutRedirectUris:   app.OIDCPostLogoutRedirectUris,
-			Version:                  OIDCVersionToPb(domain.OIDCVersion(app.OIDCVersion)),
-			NoneCompliant:            app.NoneCompliant,
+			RedirectUris:             app.RedirectURIs,
+			ResponseTypes:            OIDCResponseTypesFromModel(app.ResponseTypes),
+			GrantTypes:               OIDCGrantTypesFromModel(app.GrantTypes),
+			AppType:                  OIDCApplicationTypeToPb(app.AppType),
+			ClientId:                 app.ClientID,
+			AuthMethodType:           OIDCAuthMethodTypeToPb(app.AuthMethodType),
+			PostLogoutRedirectUris:   app.PostLogoutRedirectURIs,
+			Version:                  OIDCVersionToPb(domain.OIDCVersion(app.Version)),
+			NoneCompliant:            len(app.ComplianceProblems) != 0,
 			ComplianceProblems:       ComplianceProblemsToLocalizedMessages(app.ComplianceProblems),
-			DevMode:                  app.DevMode,
-			AccessTokenType:          oidcTokenTypeToPb(domain.OIDCTokenType(app.AccessTokenType)),
-			AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
-			IdTokenRoleAssertion:     app.IDTokenRoleAssertion,
-			IdTokenUserinfoAssertion: app.IDTokenUserinfoAssertion,
+			DevMode:                  app.IsDevMode,
+			AccessTokenType:          oidcTokenTypeToPb(app.AccessTokenType),
+			AccessTokenRoleAssertion: app.AssertAccessTokenRole,
+			IdTokenRoleAssertion:     app.AssertIDTokenRole,
+			IdTokenUserinfoAssertion: app.AssertIDTokenUserinfo,
 			ClockSkew:                durationpb.New(app.ClockSkew),
 			AdditionalOrigins:        app.AdditionalOrigins,
-			AllowedOrigins:           app.OriginAllowList,
+			AllowedOrigins:           app.AllowedOrigins,
 		},
 	}
 }

-func AppAPIConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
+func AppAPIConfigToPb(app *query.APIApp) app_pb.AppConfig {
 	return &app_pb.App_ApiConfig{
 		ApiConfig: &app_pb.APIConfig{
-			ClientId:       app.OIDCClientID,
+			ClientId:       app.ClientID,
 			ClientSecret:   "", //TODO: remove from proto
-			AuthMethodType: APIAuthMethodeTypeToPb(domain.APIAuthMethodType(app.OIDCAuthMethodType)),
+			AuthMethodType: APIAuthMethodeTypeToPb(app.AuthMethodType),
 		},
 	}
 }

-func AppStateToPb(state proj_model.AppState) app_pb.AppState {
+func AppStateToPb(state domain.AppState) app_pb.AppState {
 	switch state {
-	case proj_model.AppStateActive:
+	case domain.AppStateActive:
 		return app_pb.AppState_APP_STATE_ACTIVE
-	case proj_model.AppStateInactive:
+	case domain.AppStateInactive:
 		return app_pb.AppState_APP_STATE_INACTIVE
 	default:
 		return app_pb.AppState_APP_STATE_UNSPECIFIED
 	}
 }

-func OIDCResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []app_pb.OIDCResponseType {
+func OIDCResponseTypesFromModel(responseTypes []domain.OIDCResponseType) []app_pb.OIDCResponseType {
 	oidcResponseTypes := make([]app_pb.OIDCResponseType, len(responseTypes))
 	for i, responseType := range responseTypes {
 		switch responseType {
-		case proj_model.OIDCResponseTypeCode:
+		case domain.OIDCResponseTypeCode:
 			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE
-		case proj_model.OIDCResponseTypeIDToken:
+		case domain.OIDCResponseTypeIDToken:
 			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN
-		case proj_model.OIDCResponseTypeIDTokenToken:
+		case domain.OIDCResponseTypeIDTokenToken:
 			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
 		}
 	}
@@ -98,7 +99,7 @@ func OIDCResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []a
 }

 func OIDCResponseTypesToDomain(responseTypes []app_pb.OIDCResponseType) []domain.OIDCResponseType {
-	if responseTypes == nil || len(responseTypes) == 0 {
+	if len(responseTypes) == 0 {
 		return []domain.OIDCResponseType{domain.OIDCResponseTypeCode}
 	}
 	oidcResponseTypes := make([]domain.OIDCResponseType, len(responseTypes))
@@ -115,15 +116,15 @@ func OIDCResponseTypesToDomain(responseTypes []app_pb.OIDCResponseType) []domain
 	return oidcResponseTypes
 }

-func OIDCGrantTypesFromModel(grantTypes []proj_model.OIDCGrantType) []app_pb.OIDCGrantType {
+func OIDCGrantTypesFromModel(grantTypes []domain.OIDCGrantType) []app_pb.OIDCGrantType {
 	oidcGrantTypes := make([]app_pb.OIDCGrantType, len(grantTypes))
 	for i, grantType := range grantTypes {
 		switch grantType {
-		case proj_model.OIDCGrantTypeAuthorizationCode:
+		case domain.OIDCGrantTypeAuthorizationCode:
 			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE
-		case proj_model.OIDCGrantTypeImplicit:
+		case domain.OIDCGrantTypeImplicit:
 			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT
-		case proj_model.OIDCGrantTypeRefreshToken:
+		case domain.OIDCGrantTypeRefreshToken:
 			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN
 		}
 	}
@@ -272,8 +273,8 @@ func APIAuthMethodTypeToDomain(authType app_pb.APIAuthMethodType) domain.APIAuth
 	}
 }

-func AppQueriesToModel(queries []*app_pb.AppQuery) (_ []*proj_model.ApplicationSearchQuery, err error) {
-	q := make([]*proj_model.ApplicationSearchQuery, len(queries))
+func AppQueriesToModel(queries []*app_pb.AppQuery) (q []query.SearchQuery, err error) {
+	q = make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
 		q[i], err = AppQueryToModel(query)
 		if err != nil {
@@ -283,10 +284,10 @@ func AppQueriesToModel(queries []*app_pb.AppQuery) (_ []*proj_model.ApplicationS
 	return q, nil
 }

-func AppQueryToModel(query *app_pb.AppQuery) (*proj_model.ApplicationSearchQuery, error) {
-	switch q := query.Query.(type) {
+func AppQueryToModel(appQuery *app_pb.AppQuery) (query.SearchQuery, error) {
+	switch q := appQuery.Query.(type) {
 	case *app_pb.AppQuery_NameQuery:
-		return AppQueryNameToModel(q.NameQuery), nil
+		return query.NewAppNameSearchQuery(object_grpc.TextMethodToQuery(q.NameQuery.Method), q.NameQuery.Name)
 	default:
 		return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid")
 	}
--- a/internal/api/grpc/server/middleware/auth_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor_test.go
@@ -21,7 +21,7 @@ var (

 type verifierMock struct{}

-func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, string, string, string, error) {
+func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID, projectID string) (string, string, string, string, string, error) {
 	return "", "", "", "", "", nil
 }
 func (v *verifierMock) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
@@ -34,8 +34,8 @@ func (v *verifierMock) ProjectIDAndOriginsByClientID(ctx context.Context, client
 func (v *verifierMock) ExistsOrg(ctx context.Context, orgID string) error {
 	return nil
 }
-func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
-	return "", nil
+func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, string, error) {
+	return "", "", nil
 }
 func (v *verifierMock) CheckOrgFeatures(context.Context, string, ...string) error {
 	return nil