TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-15 01:08:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: mitigate overload risk in processProject on user grant (#2662)

Browse Source
This commit is contained in:
Livio Amstutz 2021-11-12 12:11:37 +01:00 committed by GitHub
parent 7324e776cf
commit 4fc2582b4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
internal/auth/repository/eventsourcing/handler/user_grant.go
View File

@ -177,27 +177,37 @@ func (u *UserGrant) processUser(event *es_models.Event) (err error) {
func (u *UserGrant) processProject(event *es_models.Event) (err error) { func (u *UserGrant) processProject(event *es_models.Event) (err error) {
switch event.Type { switch event.Type {
case proj_es_model.ProjectChanged: case proj_es_model.ProjectChanged:
proj := new(proj_es_model.Project)
err := proj.SetData(event)
if err != nil {
return err
}
if proj.Name == "" {
return u.view.ProcessedUserGrantSequence(event)
}
grants, err := u.view.UserGrantsByProjectID(event.AggregateID) grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
if err != nil { if err != nil {
return err return err
} }
project, err := u.getProjectByID(context.Background(), event.AggregateID)
if err != nil {
return err
}
for _, grant := range grants { for _, grant := range grants {
u.fillProjectData(grant, project) grant.ProjectName = proj.Name
} }
return u.view.PutUserGrants(grants, event) return u.view.PutUserGrants(grants, event)
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged, case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged,
proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved: proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
member := new(proj_es_model.ProjectMember) member := new(proj_es_model.ProjectMember)
member.SetData(event) err := member.SetData(event)
if err != nil {
return err
}
return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles) return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles)
case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged, case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged,
proj_es_model.ProjectGrantMemberRemoved, proj_es_model.ProjectGrantMemberCascadeRemoved: proj_es_model.ProjectGrantMemberRemoved, proj_es_model.ProjectGrantMemberCascadeRemoved:
member := new(proj_es_model.ProjectGrantMember) member := new(proj_es_model.ProjectGrantMember)
member.SetData(event) err := member.SetData(event)
if err != nil {
return err
}
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles) return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
default: default:
return u.view.ProcessedUserGrantSequence(event) return u.view.ProcessedUserGrantSequence(event)

20
internal/authz/repository/eventsourcing/handler/user_grant.go
View File

@ -2,11 +2,12 @@ package handler
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v1" "strings"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk" es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
iam_view "github.com/caos/zitadel/internal/iam/repository/view" iam_view "github.com/caos/zitadel/internal/iam/repository/view"
"strings"
"github.com/caos/logging" "github.com/caos/logging"
@ -109,13 +110,19 @@ func (u *UserGrant) processProject(event *es_models.Event) (err error) {
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged, case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged,
proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved: proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
member := new(proj_es_model.ProjectMember) member := new(proj_es_model.ProjectMember)
member.SetData(event) err := member.SetData(event)
if err != nil {
return err
}
return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles) return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles)
case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged, case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged,
proj_es_model.ProjectGrantMemberRemoved, proj_es_model.ProjectGrantMemberRemoved,
proj_es_model.ProjectGrantMemberCascadeRemoved: proj_es_model.ProjectGrantMemberCascadeRemoved:
member := new(proj_es_model.ProjectGrantMember) member := new(proj_es_model.ProjectGrantMember)
member.SetData(event) err := member.SetData(event)
if err != nil {
return err
}
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles) return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
default: default:
return u.view.ProcessedUserGrantSequence(event) return u.view.ProcessedUserGrantSequence(event)
@ -127,7 +134,10 @@ func (u *UserGrant) processOrg(event *es_models.Event) (err error) {
case org_es_model.OrgMemberAdded, org_es_model.OrgMemberChanged, case org_es_model.OrgMemberAdded, org_es_model.OrgMemberChanged,
org_es_model.OrgMemberRemoved, org_es_model.OrgMemberCascadeRemoved: org_es_model.OrgMemberRemoved, org_es_model.OrgMemberCascadeRemoved:
member := new(org_es_model.OrgMember) member := new(org_es_model.OrgMember)
member.SetData(event) err := member.SetData(event)
if err != nil {
return err
}
return u.processMember(event, "ORG", "", member.UserID, member.Roles) return u.processMember(event, "ORG", "", member.UserID, member.Roles)
default: default:
return u.view.ProcessedUserGrantSequence(event) return u.view.ProcessedUserGrantSequence(event)

18
internal/management/repository/eventsourcing/handler/user_grant.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1" v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
@ -159,19 +160,20 @@ func (u *UserGrant) processUser(event *es_models.Event) (err error) {
func (u *UserGrant) processProject(event *es_models.Event) (err error) { func (u *UserGrant) processProject(event *es_models.Event) (err error) {
switch event.Type { switch event.Type {
case proj_es_model.ProjectChanged: case proj_es_model.ProjectChanged:
proj := new(proj_es_model.Project)
err := proj.SetData(event)
if err != nil {
return err
}
if proj.Name == "" {
return u.view.ProcessedUserGrantSequence(event)
}
grants, err := u.view.UserGrantsByProjectID(event.AggregateID) grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
if err != nil { if err != nil {
return err return err
} }
if len(grants) == 0 {
return u.view.ProcessedUserGrantSequence(event)
}
project, err := u.getProjectByID(context.Background(), event.AggregateID)
if err != nil {
return err
}
for _, grant := range grants { for _, grant := range grants {
u.fillProjectData(grant, project) grant.ProjectName = proj.Name
} }
return u.view.PutUserGrants(grants, event) return u.view.PutUserGrants(grants, event)
default: default: