feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-08-12 01:37:31 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/internal/api/grpc/auth/gateway.go
+++ b/internal/api/grpc/auth/gateway.go
@@ -0,0 +1,50 @@
+package auth
+
+import (
+	"strings"
+
+	"github.com/grpc-ecosystem/grpc-gateway/runtime"
+
+	grpc_util "github.com/caos/zitadel/internal/api/grpc"
+	"github.com/caos/zitadel/internal/api/grpc/server"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+type Gateway struct {
+	grpcEndpoint string
+	port         string
+	cutomHeaders []string
+}
+
+func StartGateway(conf grpc_util.GatewayConfig) *Gateway {
+	return &Gateway{
+		grpcEndpoint: conf.GRPCEndpoint,
+		port:         conf.Port,
+		cutomHeaders: conf.CustomHeaders,
+	}
+}
+
+func (gw *Gateway) Gateway() server.GatewayFunc {
+	return auth.RegisterAuthServiceHandlerFromEndpoint
+}
+
+func (gw *Gateway) GRPCEndpoint() string {
+	return ":" + gw.grpcEndpoint
+}
+
+func (gw *Gateway) GatewayPort() string {
+	return gw.port
+}
+
+func (gw *Gateway) GatewayServeMuxOptions() []runtime.ServeMuxOption {
+	return []runtime.ServeMuxOption{
+		runtime.WithIncomingHeaderMatcher(func(header string) (string, bool) {
+			for _, customHeader := range gw.cutomHeaders {
+				if strings.HasPrefix(strings.ToLower(header), customHeader) {
+					return header, true
+				}
+			}
+			return runtime.DefaultHeaderMatcher(header)
+		}),
+	}
+}
--- a/internal/api/grpc/auth/policy_complexity_converter.go
+++ b/internal/api/grpc/auth/policy_complexity_converter.go
@@ -0,0 +1,31 @@
+package auth
+
+import (
+	"github.com/caos/logging"
+	"github.com/golang/protobuf/ptypes"
+
+	"github.com/caos/zitadel/internal/policy/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *auth.PasswordComplexityPolicy {
+	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
+	logging.Log("GRPC-Lsi3d").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
+	logging.Log("GRPC-P0wr4").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.PasswordComplexityPolicy{
+		Id:           policy.AggregateID,
+		CreationDate: creationDate,
+		ChangeDate:   changeDate,
+		Description:  policy.Description,
+		Sequence:     policy.Sequence,
+		MinLength:    policy.MinLength,
+		HasLowercase: policy.HasLowercase,
+		HasUppercase: policy.HasUppercase,
+		HasNumber:    policy.HasNumber,
+		HasSymbol:    policy.HasSymbol,
+		IsDefault:    policy.AggregateID == "",
+	}
+}
--- a/internal/api/grpc/auth/probes.go
+++ b/internal/api/grpc/auth/probes.go
@@ -0,0 +1,22 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/golang/protobuf/ptypes/empty"
+	pb_struct "github.com/golang/protobuf/ptypes/struct"
+
+	"github.com/caos/zitadel/internal/errors"
+)
+
+func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
+	return nil, errors.ThrowUnimplemented(nil, "GRPC-bst5W", "Not implemented")
+}
+
+func (s *Server) Ready(ctx context.Context, e *empty.Empty) (*empty.Empty, error) {
+	return nil, errors.ThrowUnimplemented(nil, "GRPC-or0vW", "Not implemented")
+}
+
+func (s *Server) Validate(ctx context.Context, _ *empty.Empty) (*pb_struct.Struct, error) {
+	return nil, errors.ThrowUnimplemented(nil, "GRPC-lo6Eg", "Not implemented")
+}
--- a/internal/api/grpc/auth/search_converter.go
+++ b/internal/api/grpc/auth/search_converter.go
@@ -0,0 +1,25 @@
+package auth
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func searchMethodToModel(method auth.SearchMethod) model.SearchMethod {
+	switch method {
+	case auth.SearchMethod_SEARCHMETHOD_EQUALS:
+		return model.SearchMethodEquals
+	case auth.SearchMethod_SEARCHMETHOD_CONTAINS:
+		return model.SearchMethodContains
+	case auth.SearchMethod_SEARCHMETHOD_STARTS_WITH:
+		return model.SearchMethodStartsWith
+	case auth.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
+		return model.SearchMethodEqualsIgnoreCase
+	case auth.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
+		return model.SearchMethodContainsIgnoreCase
+	case auth.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
+		return model.SearchMethodStartsWithIgnoreCase
+	default:
+		return model.SearchMethodEquals
+	}
+}
--- a/internal/api/grpc/auth/server.go
+++ b/internal/api/grpc/auth/server.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"google.golang.org/grpc"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/api/grpc/server"
+	"github.com/caos/zitadel/internal/auth/repository"
+	"github.com/caos/zitadel/internal/auth/repository/eventsourcing"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+var _ auth.AuthServiceServer = (*Server)(nil)
+
+const (
+	authName = "Auth-API"
+)
+
+type Server struct {
+	repo repository.Repository
+}
+
+type Config struct {
+	Repository eventsourcing.Config
+}
+
+func CreateServer(authRepo repository.Repository) *Server {
+	return &Server{
+		repo: authRepo,
+	}
+}
+
+func (s *Server) RegisterServer(grpcServer *grpc.Server) {
+	auth.RegisterAuthServiceServer(grpcServer, s)
+}
+
+func (s *Server) AppName() string {
+	return authName
+}
+
+func (s *Server) MethodPrefix() string {
+	return auth.AuthService_MethodPrefix
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return auth.AuthService_AuthMethods
+}
+
+func (s *Server) RegisterGateway() server.GatewayFunc {
+	return auth.RegisterAuthServiceHandlerFromEndpoint
+}
+
+func (s *Server) GatewayPathPrefix() string {
+	return "/auth/v1"
+}
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -0,0 +1,153 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/golang/protobuf/ptypes/empty"
+
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func (s *Server) GetMyUser(ctx context.Context, _ *empty.Empty) (*auth.UserView, error) {
+	user, err := s.repo.MyUser(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return userViewFromModel(user), nil
+}
+
+func (s *Server) GetMyUserProfile(ctx context.Context, _ *empty.Empty) (*auth.UserProfileView, error) {
+	profile, err := s.repo.MyProfile(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return profileViewFromModel(profile), nil
+}
+
+func (s *Server) GetMyUserEmail(ctx context.Context, _ *empty.Empty) (*auth.UserEmailView, error) {
+	email, err := s.repo.MyEmail(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return emailViewFromModel(email), nil
+}
+
+func (s *Server) GetMyUserPhone(ctx context.Context, _ *empty.Empty) (*auth.UserPhoneView, error) {
+	phone, err := s.repo.MyPhone(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return phoneViewFromModel(phone), nil
+}
+
+func (s *Server) RemoveMyUserPhone(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
+	err := s.repo.RemoveMyPhone(ctx)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) GetMyUserAddress(ctx context.Context, _ *empty.Empty) (*auth.UserAddressView, error) {
+	address, err := s.repo.MyAddress(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return addressViewFromModel(address), nil
+}
+
+func (s *Server) GetMyMfas(ctx context.Context, _ *empty.Empty) (*auth.MultiFactors, error) {
+	mfas, err := s.repo.MyUserMfas(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.MultiFactors{Mfas: mfasFromModel(mfas)}, nil
+}
+
+func (s *Server) UpdateMyUserProfile(ctx context.Context, request *auth.UpdateUserProfileRequest) (*auth.UserProfile, error) {
+	profile, err := s.repo.ChangeMyProfile(ctx, updateProfileToModel(ctx, request))
+	if err != nil {
+		return nil, err
+	}
+	return profileFromModel(profile), nil
+}
+
+func (s *Server) ChangeMyUserEmail(ctx context.Context, request *auth.UpdateUserEmailRequest) (*auth.UserEmail, error) {
+	email, err := s.repo.ChangeMyEmail(ctx, updateEmailToModel(ctx, request))
+	if err != nil {
+		return nil, err
+	}
+	return emailFromModel(email), nil
+}
+
+func (s *Server) VerifyMyUserEmail(ctx context.Context, request *auth.VerifyMyUserEmailRequest) (*empty.Empty, error) {
+	err := s.repo.VerifyMyEmail(ctx, request.Code)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) ResendMyEmailVerificationMail(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
+	err := s.repo.ResendMyEmailVerificationMail(ctx)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) ChangeMyUserPhone(ctx context.Context, request *auth.UpdateUserPhoneRequest) (*auth.UserPhone, error) {
+	phone, err := s.repo.ChangeMyPhone(ctx, updatePhoneToModel(ctx, request))
+	if err != nil {
+		return nil, err
+	}
+	return phoneFromModel(phone), nil
+}
+
+func (s *Server) VerifyMyUserPhone(ctx context.Context, request *auth.VerifyUserPhoneRequest) (*empty.Empty, error) {
+	err := s.repo.VerifyMyPhone(ctx, request.Code)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) ResendMyPhoneVerificationCode(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
+	err := s.repo.ResendMyPhoneVerificationCode(ctx)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) UpdateMyUserAddress(ctx context.Context, request *auth.UpdateUserAddressRequest) (*auth.UserAddress, error) {
+	address, err := s.repo.ChangeMyAddress(ctx, updateAddressToModel(ctx, request))
+	if err != nil {
+		return nil, err
+	}
+	return addressFromModel(address), nil
+}
+
+func (s *Server) ChangeMyPassword(ctx context.Context, request *auth.PasswordChange) (*empty.Empty, error) {
+	err := s.repo.ChangeMyPassword(ctx, request.OldPassword, request.NewPassword)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) GetMyPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*auth.PasswordComplexityPolicy, error) {
+	policy, err := s.repo.GetMyPasswordComplexityPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return passwordComplexityPolicyFromModel(policy), nil
+}
+
+func (s *Server) AddMfaOTP(ctx context.Context, _ *empty.Empty) (_ *auth.MfaOtpResponse, err error) {
+	otp, err := s.repo.AddMyMfaOTP(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return otpFromModel(otp), nil
+}
+
+func (s *Server) VerifyMfaOTP(ctx context.Context, request *auth.VerifyMfaOtp) (*empty.Empty, error) {
+	err := s.repo.VerifyMyMfaOTPSetup(ctx, request.Code)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) RemoveMfaOTP(ctx context.Context, _ *empty.Empty) (_ *empty.Empty, err error) {
+	s.repo.RemoveMyMfaOTP(ctx)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) GetMyUserChanges(ctx context.Context, request *auth.ChangesRequest) (*auth.Changes, error) {
+	changes, err := s.repo.MyUserChanges(ctx, request.SequenceOffset, request.Limit, request.Asc)
+	if err != nil {
+		return nil, err
+	}
+	return userChangesToResponse(changes, request.GetSequenceOffset(), request.GetLimit()), nil
+}
--- a/internal/api/grpc/auth/user_converter.go
+++ b/internal/api/grpc/auth/user_converter.go
@@ -0,0 +1,375 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/caos/logging"
+	"github.com/golang/protobuf/ptypes"
+	"golang.org/x/text/language"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+	"github.com/caos/zitadel/pkg/grpc/message"
+)
+
+func userViewFromModel(user *usr_model.UserView) *auth.UserView {
+	creationDate, err := ptypes.TimestampProto(user.CreationDate)
+	logging.Log("GRPC-sd32g").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(user.ChangeDate)
+	logging.Log("GRPC-FJKq1").OnError(err).Debug("unable to parse timestamp")
+
+	lastLogin, err := ptypes.TimestampProto(user.LastLogin)
+	logging.Log("GRPC-Gteh2").OnError(err).Debug("unable to parse timestamp")
+
+	passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
+	logging.Log("GRPC-fgQFT").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserView{
+		Id:                 user.ID,
+		State:              userStateFromModel(user.State),
+		CreationDate:       creationDate,
+		ChangeDate:         changeDate,
+		LastLogin:          lastLogin,
+		PasswordChanged:    passwordChanged,
+		UserName:           user.UserName,
+		FirstName:          user.FirstName,
+		LastName:           user.LastName,
+		DisplayName:        user.DisplayName,
+		NickName:           user.NickName,
+		PreferredLanguage:  user.PreferredLanguage,
+		Gender:             genderFromModel(user.Gender),
+		Email:              user.Email,
+		IsEmailVerified:    user.IsEmailVerified,
+		Phone:              user.Phone,
+		IsPhoneVerified:    user.IsPhoneVerified,
+		Country:            user.Country,
+		Locality:           user.Locality,
+		PostalCode:         user.PostalCode,
+		Region:             user.Region,
+		StreetAddress:      user.StreetAddress,
+		Sequence:           user.Sequence,
+		ResourceOwner:      user.ResourceOwner,
+		LoginNames:         user.LoginNames,
+		PreferredLoginName: user.PreferredLoginName,
+	}
+}
+
+func profileFromModel(profile *usr_model.Profile) *auth.UserProfile {
+	creationDate, err := ptypes.TimestampProto(profile.CreationDate)
+	logging.Log("GRPC-56t5s").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
+	logging.Log("GRPC-K58ds").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserProfile{
+		Id:                profile.AggregateID,
+		CreationDate:      creationDate,
+		ChangeDate:        changeDate,
+		Sequence:          profile.Sequence,
+		UserName:          profile.UserName,
+		FirstName:         profile.FirstName,
+		LastName:          profile.LastName,
+		DisplayName:       profile.DisplayName,
+		NickName:          profile.NickName,
+		PreferredLanguage: profile.PreferredLanguage.String(),
+		Gender:            genderFromModel(profile.Gender),
+	}
+}
+
+func profileViewFromModel(profile *usr_model.Profile) *auth.UserProfileView {
+	creationDate, err := ptypes.TimestampProto(profile.CreationDate)
+	logging.Log("GRPC-s9iKs").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
+	logging.Log("GRPC-9sujE").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserProfileView{
+		Id:                 profile.AggregateID,
+		CreationDate:       creationDate,
+		ChangeDate:         changeDate,
+		Sequence:           profile.Sequence,
+		UserName:           profile.UserName,
+		FirstName:          profile.FirstName,
+		LastName:           profile.LastName,
+		DisplayName:        profile.DisplayName,
+		NickName:           profile.NickName,
+		PreferredLanguage:  profile.PreferredLanguage.String(),
+		Gender:             genderFromModel(profile.Gender),
+		LoginNames:         profile.LoginNames,
+		PreferredLoginName: profile.PreferredLoginName,
+	}
+}
+
+func updateProfileToModel(ctx context.Context, u *auth.UpdateUserProfileRequest) *usr_model.Profile {
+	preferredLanguage, err := language.Parse(u.PreferredLanguage)
+	logging.Log("GRPC-lk73L").OnError(err).Debug("language malformed")
+
+	return &usr_model.Profile{
+		ObjectRoot:        models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
+		FirstName:         u.FirstName,
+		LastName:          u.LastName,
+		NickName:          u.NickName,
+		PreferredLanguage: preferredLanguage,
+		Gender:            genderToModel(u.Gender),
+	}
+}
+
+func emailFromModel(email *usr_model.Email) *auth.UserEmail {
+	creationDate, err := ptypes.TimestampProto(email.CreationDate)
+	logging.Log("GRPC-sdoi3").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(email.ChangeDate)
+	logging.Log("GRPC-klJK3").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserEmail{
+		Id:              email.AggregateID,
+		CreationDate:    creationDate,
+		ChangeDate:      changeDate,
+		Sequence:        email.Sequence,
+		Email:           email.EmailAddress,
+		IsEmailVerified: email.IsEmailVerified,
+	}
+}
+
+func emailViewFromModel(email *usr_model.Email) *auth.UserEmailView {
+	creationDate, err := ptypes.TimestampProto(email.CreationDate)
+	logging.Log("GRPC-LSp8s").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(email.ChangeDate)
+	logging.Log("GRPC-6szJe").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserEmailView{
+		Id:              email.AggregateID,
+		CreationDate:    creationDate,
+		ChangeDate:      changeDate,
+		Sequence:        email.Sequence,
+		Email:           email.EmailAddress,
+		IsEmailVerified: email.IsEmailVerified,
+	}
+}
+
+func updateEmailToModel(ctx context.Context, e *auth.UpdateUserEmailRequest) *usr_model.Email {
+	return &usr_model.Email{
+		ObjectRoot:   models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
+		EmailAddress: e.Email,
+	}
+}
+
+func phoneFromModel(phone *usr_model.Phone) *auth.UserPhone {
+	creationDate, err := ptypes.TimestampProto(phone.CreationDate)
+	logging.Log("GRPC-kjn5J").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
+	logging.Log("GRPC-LKA9S").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserPhone{
+		Id:              phone.AggregateID,
+		CreationDate:    creationDate,
+		ChangeDate:      changeDate,
+		Sequence:        phone.Sequence,
+		Phone:           phone.PhoneNumber,
+		IsPhoneVerified: phone.IsPhoneVerified,
+	}
+}
+
+func phoneViewFromModel(phone *usr_model.Phone) *auth.UserPhoneView {
+	creationDate, err := ptypes.TimestampProto(phone.CreationDate)
+	logging.Log("GRPC-s5zJS").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
+	logging.Log("GRPC-s9kLe").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserPhoneView{
+		Id:              phone.AggregateID,
+		CreationDate:    creationDate,
+		ChangeDate:      changeDate,
+		Sequence:        phone.Sequence,
+		Phone:           phone.PhoneNumber,
+		IsPhoneVerified: phone.IsPhoneVerified,
+	}
+}
+
+func updatePhoneToModel(ctx context.Context, e *auth.UpdateUserPhoneRequest) *usr_model.Phone {
+	return &usr_model.Phone{
+		ObjectRoot:  models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
+		PhoneNumber: e.Phone,
+	}
+}
+
+func addressFromModel(address *usr_model.Address) *auth.UserAddress {
+	creationDate, err := ptypes.TimestampProto(address.CreationDate)
+	logging.Log("GRPC-65FRs").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(address.ChangeDate)
+	logging.Log("GRPC-aslk4").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserAddress{
+		Id:            address.AggregateID,
+		CreationDate:  creationDate,
+		ChangeDate:    changeDate,
+		Sequence:      address.Sequence,
+		Country:       address.Country,
+		StreetAddress: address.StreetAddress,
+		Region:        address.Region,
+		PostalCode:    address.PostalCode,
+		Locality:      address.Locality,
+	}
+}
+
+func addressViewFromModel(address *usr_model.Address) *auth.UserAddressView {
+	creationDate, err := ptypes.TimestampProto(address.CreationDate)
+	logging.Log("GRPC-sk4fS").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(address.ChangeDate)
+	logging.Log("GRPC-9siEs").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.UserAddressView{
+		Id:            address.AggregateID,
+		CreationDate:  creationDate,
+		ChangeDate:    changeDate,
+		Sequence:      address.Sequence,
+		Country:       address.Country,
+		StreetAddress: address.StreetAddress,
+		Region:        address.Region,
+		PostalCode:    address.PostalCode,
+		Locality:      address.Locality,
+	}
+}
+
+func updateAddressToModel(ctx context.Context, address *auth.UpdateUserAddressRequest) *usr_model.Address {
+	return &usr_model.Address{
+		ObjectRoot:    models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
+		Country:       address.Country,
+		StreetAddress: address.StreetAddress,
+		Region:        address.Region,
+		PostalCode:    address.PostalCode,
+		Locality:      address.Locality,
+	}
+}
+
+func otpFromModel(otp *usr_model.OTP) *auth.MfaOtpResponse {
+	return &auth.MfaOtpResponse{
+		UserId: otp.AggregateID,
+		Url:    otp.Url,
+		Secret: otp.SecretString,
+		State:  mfaStateFromModel(otp.State),
+	}
+}
+
+func userStateFromModel(state usr_model.UserState) auth.UserState {
+	switch state {
+	case usr_model.UserStateActive:
+		return auth.UserState_USERSTATE_ACTIVE
+	case usr_model.UserStateInactive:
+		return auth.UserState_USERSTATE_INACTIVE
+	case usr_model.UserStateLocked:
+		return auth.UserState_USERSTATE_LOCKED
+	case usr_model.UserStateInitial:
+		return auth.UserState_USERSTATE_INITIAL
+	case usr_model.UserStateSuspend:
+		return auth.UserState_USERSTATE_SUSPEND
+	default:
+		return auth.UserState_USERSTATE_UNSPECIFIED
+	}
+}
+
+func genderFromModel(gender usr_model.Gender) auth.Gender {
+	switch gender {
+	case usr_model.GenderFemale:
+		return auth.Gender_GENDER_FEMALE
+	case usr_model.GenderMale:
+		return auth.Gender_GENDER_MALE
+	case usr_model.GenderDiverse:
+		return auth.Gender_GENDER_DIVERSE
+	default:
+		return auth.Gender_GENDER_UNSPECIFIED
+	}
+}
+
+func genderToModel(gender auth.Gender) usr_model.Gender {
+	switch gender {
+	case auth.Gender_GENDER_FEMALE:
+		return usr_model.GenderFemale
+	case auth.Gender_GENDER_MALE:
+		return usr_model.GenderMale
+	case auth.Gender_GENDER_DIVERSE:
+		return usr_model.GenderDiverse
+	default:
+		return usr_model.GenderUnspecified
+	}
+}
+
+func mfaStateFromModel(state usr_model.MfaState) auth.MFAState {
+	switch state {
+	case usr_model.MfaStateReady:
+		return auth.MFAState_MFASTATE_READY
+	case usr_model.MfaStateNotReady:
+		return auth.MFAState_MFASTATE_NOT_READY
+	default:
+		return auth.MFAState_MFASTATE_UNSPECIFIED
+	}
+}
+
+func mfasFromModel(mfas []*usr_model.MultiFactor) []*auth.MultiFactor {
+	converted := make([]*auth.MultiFactor, len(mfas))
+	for i, mfa := range mfas {
+		converted[i] = mfaFromModel(mfa)
+	}
+	return converted
+}
+
+func mfaFromModel(mfa *usr_model.MultiFactor) *auth.MultiFactor {
+	return &auth.MultiFactor{
+		State: mfaStateFromModel(mfa.State),
+		Type:  mfaTypeFromModel(mfa.Type),
+	}
+}
+
+func mfaTypeFromModel(mfatype usr_model.MfaType) auth.MfaType {
+	switch mfatype {
+	case usr_model.MfaTypeOTP:
+		return auth.MfaType_MFATYPE_OTP
+	case usr_model.MfaTypeSMS:
+		return auth.MfaType_MFATYPE_SMS
+	default:
+		return auth.MfaType_MFATYPE_UNSPECIFIED
+	}
+}
+
+func userChangesToResponse(response *usr_model.UserChanges, offset uint64, limit uint64) (_ *auth.Changes) {
+	return &auth.Changes{
+		Limit:   limit,
+		Offset:  offset,
+		Changes: userChangesToAPI(response),
+	}
+}
+
+func userChangesToAPI(changes *usr_model.UserChanges) (_ []*auth.Change) {
+	result := make([]*auth.Change, len(changes.Changes))
+
+	for i, change := range changes.Changes {
+		var data *structpb.Struct
+		changedData, err := json.Marshal(change.Data)
+		if err == nil {
+			data = new(structpb.Struct)
+			err = protojson.Unmarshal(changedData, data)
+			logging.Log("GRPC-0kRsY").OnError(err).Debug("unable to marshal changed data to struct")
+		}
+		result[i] = &auth.Change{
+			ChangeDate: change.ChangeDate,
+			EventType:  message.NewLocalizedEventType(change.EventType),
+			Sequence:   change.Sequence,
+			Data:       data,
+			EditorId:   change.ModifierId,
+			Editor:     change.ModifierName,
+		}
+	}
+
+	return result
+}
--- a/internal/api/grpc/auth/user_grant.go
+++ b/internal/api/grpc/auth/user_grant.go
@@ -0,0 +1,41 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/golang/protobuf/ptypes/empty"
+
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func (s *Server) SearchMyUserGrant(ctx context.Context, in *auth.UserGrantSearchRequest) (*auth.UserGrantSearchResponse, error) {
+	response, err := s.repo.SearchMyUserGrants(ctx, userGrantSearchRequestsToModel(in))
+	if err != nil {
+		return nil, err
+	}
+	return userGrantSearchResponseFromModel(response), nil
+}
+
+func (s *Server) SearchMyProjectOrgs(ctx context.Context, in *auth.MyProjectOrgSearchRequest) (*auth.MyProjectOrgSearchResponse, error) {
+	response, err := s.repo.SearchMyProjectOrgs(ctx, myProjectOrgSearchRequestRequestsToModel(in))
+	if err != nil {
+		return nil, err
+	}
+	return projectOrgSearchResponseFromModel(response), nil
+}
+
+func (s *Server) GetMyZitadelPermissions(ctx context.Context, _ *empty.Empty) (*auth.MyPermissions, error) {
+	perms, err := s.repo.SearchMyZitadelPermissions(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.MyPermissions{Permissions: perms}, nil
+}
+
+func (s *Server) GetMyProjectPermissions(ctx context.Context, _ *empty.Empty) (*auth.MyPermissions, error) {
+	perms, err := s.repo.SearchMyProjectPermissions(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.MyPermissions{Permissions: perms}, nil
+}
--- a/internal/api/grpc/auth/user_grant_converter.go
+++ b/internal/api/grpc/auth/user_grant_converter.go
@@ -0,0 +1,127 @@
+package auth
+
+import (
+	grant_model "github.com/caos/zitadel/internal/usergrant/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func userGrantSearchRequestsToModel(request *auth.UserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:  request.Offset,
+		Limit:   request.Limit,
+		Queries: userGrantSearchQueriesToModel(request.Queries),
+	}
+}
+
+func userGrantSearchQueriesToModel(queries []*auth.UserGrantSearchQuery) []*grant_model.UserGrantSearchQuery {
+	converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
+	for i, q := range queries {
+		converted[i] = userGrantSearchQueryToModel(q)
+	}
+	return converted
+}
+
+func userGrantSearchQueryToModel(query *auth.UserGrantSearchQuery) *grant_model.UserGrantSearchQuery {
+	return &grant_model.UserGrantSearchQuery{
+		Key:    userGrantSearchKeyToModel(query.Key),
+		Method: searchMethodToModel(query.Method),
+		Value:  query.Value,
+	}
+}
+
+func userGrantSearchKeyToModel(key auth.UserGrantSearchKey) grant_model.UserGrantSearchKey {
+	switch key {
+	case auth.UserGrantSearchKey_UserGrantSearchKey_ORG_ID:
+		return grant_model.UserGrantSearchKeyResourceOwner
+	case auth.UserGrantSearchKey_UserGrantSearchKey_PROJECT_ID:
+		return grant_model.UserGrantSearchKeyProjectID
+	default:
+		return grant_model.UserGrantSearchKeyUnspecified
+	}
+}
+
+func myProjectOrgSearchRequestRequestsToModel(request *auth.MyProjectOrgSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:        request.Offset,
+		Limit:         request.Limit,
+		Asc:           request.Asc,
+		SortingColumn: grant_model.UserGrantSearchKeyResourceOwner,
+		Queries:       myProjectOrgSearchQueriesToModel(request.Queries),
+	}
+}
+
+func myProjectOrgSearchQueriesToModel(queries []*auth.MyProjectOrgSearchQuery) []*grant_model.UserGrantSearchQuery {
+	converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
+	for i, q := range queries {
+		converted[i] = myProjectOrgSearchQueryToModel(q)
+	}
+	return converted
+}
+
+func myProjectOrgSearchQueryToModel(query *auth.MyProjectOrgSearchQuery) *grant_model.UserGrantSearchQuery {
+	return &grant_model.UserGrantSearchQuery{
+		Key:    myProjectOrgSearchKeyToModel(query.Key),
+		Method: searchMethodToModel(query.Method),
+		Value:  query.Value,
+	}
+}
+
+func myProjectOrgSearchKeyToModel(key auth.MyProjectOrgSearchKey) grant_model.UserGrantSearchKey {
+	switch key {
+	case auth.MyProjectOrgSearchKey_MYPROJECTORGSEARCHKEY_ORG_NAME:
+		return grant_model.UserGrantSearchKeyOrgName
+	default:
+		return grant_model.UserGrantSearchKeyUnspecified
+	}
+}
+
+func userGrantSearchResponseFromModel(response *grant_model.UserGrantSearchResponse) *auth.UserGrantSearchResponse {
+	return &auth.UserGrantSearchResponse{
+		Offset:      response.Offset,
+		Limit:       response.Limit,
+		TotalResult: response.TotalResult,
+		Result:      userGrantViewsFromModel(response.Result),
+	}
+}
+
+func userGrantViewsFromModel(users []*grant_model.UserGrantView) []*auth.UserGrantView {
+	converted := make([]*auth.UserGrantView, len(users))
+	for i, user := range users {
+		converted[i] = userGrantViewFromModel(user)
+	}
+	return converted
+}
+
+func userGrantViewFromModel(grant *grant_model.UserGrantView) *auth.UserGrantView {
+	return &auth.UserGrantView{
+		UserId:    grant.UserID,
+		OrgId:     grant.ResourceOwner,
+		OrgName:   grant.OrgName,
+		ProjectId: grant.ProjectID,
+		Roles:     grant.RoleKeys,
+	}
+}
+
+func projectOrgSearchResponseFromModel(response *grant_model.ProjectOrgSearchResponse) *auth.MyProjectOrgSearchResponse {
+	return &auth.MyProjectOrgSearchResponse{
+		Offset:      response.Offset,
+		Limit:       response.Limit,
+		TotalResult: response.TotalResult,
+		Result:      projectOrgsFromModel(response.Result),
+	}
+}
+
+func projectOrgsFromModel(projectOrgs []*grant_model.Org) []*auth.Org {
+	converted := make([]*auth.Org, len(projectOrgs))
+	for i, org := range projectOrgs {
+		converted[i] = projectOrgFromModel(org)
+	}
+	return converted
+}
+
+func projectOrgFromModel(org *grant_model.Org) *auth.Org {
+	return &auth.Org{
+		Id:   org.OrgID,
+		Name: org.OrgName,
+	}
+}
--- a/internal/api/grpc/auth/user_session.go
+++ b/internal/api/grpc/auth/user_session.go
@@ -0,0 +1,17 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/golang/protobuf/ptypes/empty"
+
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func (s *Server) GetMyUserSessions(ctx context.Context, _ *empty.Empty) (_ *auth.UserSessionViews, err error) {
+	userSessions, err := s.repo.GetMyUserSessions(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.UserSessionViews{UserSessions: userSessionViewsFromModel(userSessions)}, nil
+}
--- a/internal/api/grpc/auth/user_session_converter.go
+++ b/internal/api/grpc/auth/user_session_converter.go
@@ -0,0 +1,38 @@
+package auth
+
+import (
+	auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func userSessionViewsFromModel(userSessions []*usr_model.UserSessionView) []*auth.UserSessionView {
+	converted := make([]*auth.UserSessionView, len(userSessions))
+	for i, s := range userSessions {
+		converted[i] = userSessionViewFromModel(s)
+	}
+	return converted
+}
+
+func userSessionViewFromModel(userSession *usr_model.UserSessionView) *auth.UserSessionView {
+	return &auth.UserSessionView{
+		Sequence:    userSession.Sequence,
+		AgentId:     userSession.UserAgentID,
+		UserId:      userSession.UserID,
+		UserName:    userSession.UserName,
+		LoginName:   userSession.LoginName,
+		DisplayName: userSession.DisplayName,
+		AuthState:   userSessionStateFromModel(userSession.State),
+	}
+}
+
+func userSessionStateFromModel(state auth_req_model.UserSessionState) auth.UserSessionState {
+	switch state {
+	case auth_req_model.UserSessionStateActive:
+		return auth.UserSessionState_USERSESSIONSTATE_ACTIVE
+	case auth_req_model.UserSessionStateTerminated:
+		return auth.UserSessionState_USERSESSIONSTATE_TERMINATED
+	default:
+		return auth.UserSessionState_USERSESSIONSTATE_UNSPECIFIED
+	}
+}