feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-08-12 03:57:32 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/internal/api/http/header.go
+++ b/internal/api/http/header.go
@@ -5,8 +5,30 @@ import (
 	"net"
 	"net/http"
 	"strings"
+)

-	"github.com/caos/zitadel/internal/api"
+const (
+	Authorization   = "authorization"
+	Accept          = "accept"
+	AcceptLanguage  = "accept-language"
+	CacheControl    = "cache-control"
+	ContentType     = "content-type"
+	Expires         = "expires"
+	Location        = "location"
+	Origin          = "origin"
+	Pragma          = "pragma"
+	UserAgentHeader = "user-agent"
+	ForwardedFor    = "x-forwarded-for"
+
+	ContentSecurityPolicy   = "content-security-policy"
+	XXSSProtection          = "x-xss-protection"
+	StrictTransportSecurity = "strict-transport-security"
+	XFrameOptions           = "x-frame-options"
+	XContentTypeOptions     = "x-content-type-options"
+	ReferrerPolicy          = "referrer-policy"
+	FeaturePolicy           = "feature-policy"
+
+	ZitadelOrgID = "x-zitadel-orgid"
 )

 type key int
@@ -35,7 +57,7 @@ func RemoteIPFromCtx(ctx context.Context) string {
 	if !ok {
 		return RemoteAddrFromCtx(ctx)
 	}
-	forwarded, ok := ForwardedFor(ctxHeaders)
+	forwarded, ok := GetForwardedFor(ctxHeaders)
 	if ok {
 		return forwarded
 	}
@@ -47,15 +69,15 @@ func RemoteIPFromRequest(r *http.Request) net.IP {
 }

 func RemoteIPStringFromRequest(r *http.Request) string {
-	ip, ok := ForwardedFor(r.Header)
+	ip, ok := GetForwardedFor(r.Header)
 	if ok {
 		return ip
 	}
 	return r.RemoteAddr
 }

-func ForwardedFor(headers http.Header) (string, bool) {
-	forwarded, ok := headers[api.ForwardedFor]
+func GetForwardedFor(headers http.Header) (string, bool) {
+	forwarded, ok := headers[ForwardedFor]
 	if ok {
 		ip := strings.Split(forwarded[0], ", ")[0]
 		if ip != "" {
--- a/internal/api/http/listener.go
+++ b/internal/api/http/listener.go
@@ -8,12 +8,12 @@ import (
 )

 func CreateListener(endpoint string) net.Listener {
-	l, err := net.Listen("tcp", listenerEndpoint(endpoint))
+	l, err := net.Listen("tcp", Endpoint(endpoint))
 	logging.Log("SERVE-6vasef").OnError(err).Fatal("creating listener failed")
 	return l
 }

-func listenerEndpoint(endpoint string) string {
+func Endpoint(endpoint string) string {
 	if strings.Contains(endpoint, ":") {
 		return endpoint
 	}
--- a/internal/api/http/middleware/cache_interceptor.go
+++ b/internal/api/http/middleware/cache_interceptor.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"

-	"github.com/caos/zitadel/internal/api"
+	http_utils "github.com/caos/zitadel/internal/api/http"
 	"github.com/caos/zitadel/internal/config/types"
 )

@@ -120,9 +120,9 @@ func (c *Cache) serializeHeaders(w http.ResponseWriter) {
 		control = append(control, string(c.Revalidation))
 	}

-	w.Header().Set(api.CacheControl, strings.Join(control, ", "))
-	w.Header().Set(api.Expires, expires)
+	w.Header().Set(http_utils.CacheControl, strings.Join(control, ", "))
+	w.Header().Set(http_utils.Expires, expires)
 	if pragma {
-		w.Header().Set(api.Pragma, "no-cache")
+		w.Header().Set(http_utils.Pragma, "no-cache")
 	}
 }
--- a/internal/api/http/middleware/cors_interceptor.go
+++ b/internal/api/http/middleware/cors_interceptor.go
@@ -5,19 +5,19 @@ import (

 	"github.com/rs/cors"

-	"github.com/caos/zitadel/internal/api"
+	http_utils "github.com/caos/zitadel/internal/api/http"
 )

 var (
 	DefaultCORSOptions = cors.Options{
 		AllowCredentials: true,
 		AllowedHeaders: []string{
-			api.Origin,
-			api.ContentType,
-			api.Accept,
-			api.AcceptLanguage,
-			api.Authorization,
-			api.ZitadelOrgID,
+			http_utils.Origin,
+			http_utils.ContentType,
+			http_utils.Accept,
+			http_utils.AcceptLanguage,
+			http_utils.Authorization,
+			http_utils.ZitadelOrgID,
 		},
 		AllowedMethods: []string{
 			http.MethodOptions,
@@ -29,7 +29,7 @@ var (
 			http.MethodDelete,
 		},
 		ExposedHeaders: []string{
-			api.Location,
+			http_utils.Location,
 		},
 		AllowedOrigins: []string{
 			"http://localhost:*",
--- a/internal/api/http/middleware/security_headers.go
+++ b/internal/api/http/middleware/security_headers.go
@@ -6,7 +6,7 @@ import (
 	"encoding/base64"
 	"net/http"

-	"github.com/caos/zitadel/internal/api"
+	http_utils "github.com/caos/zitadel/internal/api/http"
 )

 type key int
@@ -63,13 +63,13 @@ func (h *headers) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		r = saveContext(r, nonceKey, nonce)
 	}
 	headers := w.Header()
-	headers.Set(api.ContentSecurityPolicy, h.csp.Value(nonce))
-	headers.Set(api.XXSSProtection, "1; mode=block")
-	headers.Set(api.StrictTransportSecurity, "max-age=31536000; includeSubDomains")
-	headers.Set(api.XFrameOptions, "DENY")
-	headers.Set(api.XContentTypeOptions, "nosniff")
-	headers.Set(api.ReferrerPolicy, "same-origin")
-	headers.Set(api.FeaturePolicy, "payment 'none'")
+	headers.Set(http_utils.ContentSecurityPolicy, h.csp.Value(nonce))
+	headers.Set(http_utils.XXSSProtection, "1; mode=block")
+	headers.Set(http_utils.StrictTransportSecurity, "max-age=31536000; includeSubDomains")
+	headers.Set(http_utils.XFrameOptions, "DENY")
+	headers.Set(http_utils.XContentTypeOptions, "nosniff")
+	headers.Set(http_utils.ReferrerPolicy, "same-origin")
+	headers.Set(http_utils.FeaturePolicy, "payment 'none'")
 	//PLANNED: add expect-ct

 	h.handler.ServeHTTP(w, r)
--- a/internal/api/http/middleware/trace_interceptor.go
+++ b/internal/api/http/middleware/trace_interceptor.go
@@ -3,10 +3,10 @@ package middleware
 import (
 	"net/http"

-	"github.com/caos/zitadel/internal/api"
+	http_utils "github.com/caos/zitadel/internal/api/http"
 	"github.com/caos/zitadel/internal/tracing"
 )

 func DefaultTraceHandler(handler http.Handler) http.Handler {
-	return tracing.TraceHandler(handler, api.Probes...)
+	return tracing.TraceHandler(handler, http_utils.Probes...)
 }
--- a/internal/api/http/probes.go
+++ b/internal/api/http/probes.go
@@ -0,0 +1,11 @@
+package http
+
+const (
+	Healthz    = "/Healthz"
+	Readiness  = "/Ready"
+	Validation = "/Validate"
+)
+
+var (
+	Probes = []string{Healthz, Readiness, Validation}
+)
--- a/internal/api/http/server.go
+++ b/internal/api/http/server.go
@@ -0,0 +1,32 @@
+package http
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/caos/logging"
+)
+
+func Serve(ctx context.Context, handler http.Handler, port, servername string) {
+	server := &http.Server{
+		Handler: handler,
+	}
+
+	listener := CreateListener(port)
+
+	go func() {
+		<-ctx.Done()
+		err := server.Shutdown(ctx)
+		logging.LogWithFields("HTTP-m7kBlq", "name", servername).OnError(err).Warnf("error during graceful shutdown of http server (%s)", servername)
+	}()
+
+	go func() {
+		err := server.Serve(listener)
+		logging.LogWithFields("HTTP-tBHR60", "name", servername).OnError(err).Panicf("http serve (%s) failed", servername)
+	}()
+	logging.LogWithFields("HTTP-KHh0Cb", "name", servername, "port", port).Infof("http server (%s) is listening", servername)
+}
+
+func RegisterHandler(mux *http.ServeMux, prefix string, handler http.Handler) {
+	mux.Handle(prefix+"/", http.StripPrefix(prefix, handler))
+}