feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-08-12 08:07:32 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -18,30 +18,26 @@ type TokenVerifierRepo struct {
 	View                 *view.View
 }

-func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, appName, appID string) (userID string, clientID string, agentID string, err error) {
-	clientID, err = repo.verifierClientID(ctx, appName, appID)
-	if err != nil {
-		return "", "", "", caos_errs.ThrowPermissionDenied(nil, "APP-ptTIF2", "invalid token")
-	}
+func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenString, clientID string) (userID string, agentID string, err error) {
 	//TODO: use real key
 	tokenID, err := crypto.DecryptAESString(tokenString, string(repo.TokenVerificationKey[:32]))
 	if err != nil {
-		return "", "", "", caos_errs.ThrowPermissionDenied(nil, "APP-8EF0zZ", "invalid token")
+		return "", "", caos_errs.ThrowPermissionDenied(nil, "APP-8EF0zZ", "invalid token")
 	}
 	token, err := repo.View.TokenByID(tokenID)
 	if err != nil {
-		return "", "", "", caos_errs.ThrowPermissionDenied(err, "APP-BxUSiL", "invalid token")
+		return "", "", caos_errs.ThrowPermissionDenied(err, "APP-BxUSiL", "invalid token")
 	}
 	if !token.Expiration.After(time.Now().UTC()) {
-		return "", "", "", caos_errs.ThrowPermissionDenied(err, "APP-k9KS0", "invalid token")
+		return "", "", caos_errs.ThrowPermissionDenied(err, "APP-k9KS0", "invalid token")
 	}

 	for _, aud := range token.Audience {
 		if clientID == aud {
-			return token.UserID, clientID, token.UserAgentID, nil
+			return token.UserID, token.UserAgentID, nil
 		}
 	}
-	return "", "", "", caos_errs.ThrowPermissionDenied(nil, "APP-Zxfako", "invalid audience")
+	return "", "", caos_errs.ThrowPermissionDenied(nil, "APP-Zxfako", "invalid audience")
 }

 func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error) {
@@ -52,10 +48,7 @@ func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID
 	return app.ProjectID, nil
 }

-func (repo *TokenVerifierRepo) verifierClientID(ctx context.Context, appName, appClientID string) (string, error) {
-	if appClientID != "" {
-		return appClientID, nil
-	}
+func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
 	iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
 	if err != nil {
 		return "", err
--- a/internal/authz/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_grant.go
@@ -2,7 +2,8 @@ package eventstore

 import (
 	"context"
-	"github.com/caos/zitadel/internal/api/auth"
+
+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
@@ -14,7 +15,7 @@ type UserGrantRepo struct {
 	View         *view.View
 	IamID        string
 	IamProjectID string
-	Auth         auth.Config
+	Auth         authz.Config
 	IamEvents    *iam_event.IamEventstore
 }

@@ -22,12 +23,12 @@ func (repo *UserGrantRepo) Health() error {
 	return repo.View.Health()
 }

-func (repo *UserGrantRepo) ResolveGrants(ctx context.Context) (*auth.Grant, error) {
+func (repo *UserGrantRepo) ResolveGrants(ctx context.Context) (*authz.Grant, error) {
 	err := repo.FillIamProjectID(ctx)
 	if err != nil {
 		return nil, err
 	}
-	ctxData := auth.GetCtxData(ctx)
+	ctxData := authz.GetCtxData(ctx)

 	orgGrant, err := repo.View.UserGrantByIDs(ctxData.OrgID, repo.IamProjectID, ctxData.UserID)
 	if err != nil && !caos_errs.IsNotFound(err) {
@@ -52,7 +53,7 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
 	}
 	permissions := &grant_model.Permissions{Permissions: []string{}}
 	for _, role := range grant.Roles {
-		roleName, ctxID := auth.SplitPermission(role)
+		roleName, ctxID := authz.SplitPermission(role)
 		for _, mapping := range repo.Auth.RolePermissionMappings {
 			if mapping.Role == roleName {
 				permissions.AppendPermissions(ctxID, mapping.Permissions...)
@@ -77,15 +78,15 @@ func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
 	return nil
 }

-func mergeOrgAndAdminGrant(ctxData auth.CtxData, orgGrant, iamAdminGrant *model.UserGrantView) (grant *auth.Grant) {
+func mergeOrgAndAdminGrant(ctxData authz.CtxData, orgGrant, iamAdminGrant *model.UserGrantView) (grant *authz.Grant) {
 	if orgGrant != nil {
 		roles := orgGrant.RoleKeys
 		if iamAdminGrant != nil {
 			roles = addIamAdminRoles(roles, iamAdminGrant.RoleKeys)
 		}
-		grant = &auth.Grant{OrgID: orgGrant.ResourceOwner, Roles: roles}
+		grant = &authz.Grant{OrgID: orgGrant.ResourceOwner, Roles: roles}
 	} else if iamAdminGrant != nil {
-		grant = &auth.Grant{
+		grant = &authz.Grant{
 			OrgID: ctxData.OrgID,
 			Roles: iamAdminGrant.RoleKeys,
 		}
@@ -97,7 +98,7 @@ func addIamAdminRoles(orgRoles, iamAdminRoles []string) []string {
 	result := make([]string, 0)
 	result = append(result, iamAdminRoles...)
 	for _, role := range orgRoles {
-		if !auth.ExistsPerm(result, role) {
+		if !authz.ExistsPerm(result, role) {
 			result = append(result, role)
 		}
 	}
--- a/internal/authz/repository/eventsourcing/repository.go
+++ b/internal/authz/repository/eventsourcing/repository.go
@@ -2,21 +2,21 @@ package eventsourcing

 import (
 	"context"
-	"github.com/caos/zitadel/internal/api/auth"
-	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/handler"
-	es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
-	"github.com/caos/zitadel/internal/id"
-	es_proj "github.com/caos/zitadel/internal/project/repository/eventsourcing"

+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth_request/repository/cache"
 	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/eventstore"
+	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/handler"
 	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/spooler"
 	authz_view "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
 	es_int "github.com/caos/zitadel/internal/eventstore"
 	es_spol "github.com/caos/zitadel/internal/eventstore/spooler"
+	es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
+	"github.com/caos/zitadel/internal/id"
 	es_key "github.com/caos/zitadel/internal/key/repository/eventsourcing"
+	es_proj "github.com/caos/zitadel/internal/project/repository/eventsourcing"
 )

 type Config struct {
@@ -34,7 +34,7 @@ type EsRepository struct {
 	eventstore.TokenVerifierRepo
 }

-func Start(conf Config, authZ auth.Config, systemDefaults sd.SystemDefaults) (*EsRepository, error) {
+func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*EsRepository, error) {
 	es, err := es_int.Start(conf.Eventstore)
 	if err != nil {
 		return nil, err