From 62c4a4d08d69cc77a0fa07169a7641a168a8b681 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Fri, 20 May 2022 10:30:12 +0200 Subject: [PATCH] fix: return absolute asset urls (#3676) --- cmd/admin/start/start.go | 6 +++--- internal/api/assets/asset.go | 6 ++++++ internal/api/grpc/admin/label_policy.go | 4 ++-- internal/api/grpc/admin/server.go | 9 ++++++--- internal/api/grpc/auth/profile.go | 2 +- internal/api/grpc/auth/server.go | 7 ++++--- internal/api/grpc/auth/user.go | 4 ++-- internal/api/grpc/management/org.go | 4 ++-- internal/api/grpc/management/policy_label.go | 6 +++--- internal/api/grpc/management/project.go | 4 ++-- internal/api/grpc/management/project_application.go | 2 +- internal/api/grpc/management/project_grant.go | 2 +- internal/api/grpc/management/server.go | 7 ++++--- internal/api/grpc/management/user.go | 10 +++++----- internal/api/grpc/management/user_grant.go | 4 ++-- internal/domain/asset.go | 2 +- 16 files changed, 45 insertions(+), 34 deletions(-) diff --git a/cmd/admin/start/start.go b/cmd/admin/start/start.go index 2b40dc7e01..3943389995 100644 --- a/cmd/admin/start/start.go +++ b/cmd/admin/start/start.go @@ -164,13 +164,13 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman if err := authenticatedAPIs.RegisterServer(ctx, system.CreateServer(commands, queries, adminRepo, config.DefaultInstance)); err != nil { return err } - if err := authenticatedAPIs.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, assets.HandlerPrefix, keys.User)); err != nil { + if err := authenticatedAPIs.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, config.ExternalSecure, keys.User)); err != nil { return err } - if err := authenticatedAPIs.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure, oidc.HandlerPrefix, config.AuditLogRetention)); err != nil { + if err := authenticatedAPIs.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, keys.User, config.ExternalSecure, oidc.HandlerPrefix, config.AuditLogRetention)); err != nil { return err } - if err := authenticatedAPIs.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil { + if err := authenticatedAPIs.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil { return err } diff --git a/internal/api/assets/asset.go b/internal/api/assets/asset.go index 90c478e8c8..1f2fba98e5 100644 --- a/internal/api/assets/asset.go +++ b/internal/api/assets/asset.go @@ -50,6 +50,12 @@ func (h *Handler) Storage() static.Storage { return h.storage } +func AssetAPI(externalSecure bool) func(context.Context) string { + return func(ctx context.Context) string { + return http_util.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), externalSecure) + HandlerPrefix + } +} + type Uploader interface { UploadAsset(ctx context.Context, info string, asset *command.AssetUpload, commands *command.Commands) error ObjectName(data authz.CtxData) (string, error) diff --git a/internal/api/grpc/admin/label_policy.go b/internal/api/grpc/admin/label_policy.go index b5bf7d4072..fc7110f7ff 100644 --- a/internal/api/grpc/admin/label_policy.go +++ b/internal/api/grpc/admin/label_policy.go @@ -13,7 +13,7 @@ func (s *Server) GetLabelPolicy(ctx context.Context, req *admin_pb.GetLabelPolic if err != nil { return nil, err } - return &admin_pb.GetLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetsAPIDomain)}, nil + return &admin_pb.GetLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetsAPIDomain(ctx))}, nil } func (s *Server) GetPreviewLabelPolicy(ctx context.Context, req *admin_pb.GetPreviewLabelPolicyRequest) (*admin_pb.GetPreviewLabelPolicyResponse, error) { @@ -21,7 +21,7 @@ func (s *Server) GetPreviewLabelPolicy(ctx context.Context, req *admin_pb.GetPre if err != nil { return nil, err } - return &admin_pb.GetPreviewLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetsAPIDomain)}, nil + return &admin_pb.GetPreviewLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetsAPIDomain(ctx))}, nil } func (s *Server) UpdateLabelPolicy(ctx context.Context, req *admin_pb.UpdateLabelPolicyRequest) (*admin_pb.UpdateLabelPolicyResponse, error) { diff --git a/internal/api/grpc/admin/server.go b/internal/api/grpc/admin/server.go index 25a4e0911e..438384e6c9 100644 --- a/internal/api/grpc/admin/server.go +++ b/internal/api/grpc/admin/server.go @@ -1,10 +1,13 @@ package admin import ( + "context" + "google.golang.org/grpc" "github.com/zitadel/zitadel/internal/admin/repository" "github.com/zitadel/zitadel/internal/admin/repository/eventsourcing" + "github.com/zitadel/zitadel/internal/api/assets" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/server" "github.com/zitadel/zitadel/internal/command" @@ -24,7 +27,7 @@ type Server struct { command *command.Commands query *query.Queries administrator repository.AdministratorRepository - assetsAPIDomain string + assetsAPIDomain func(context.Context) string userCodeAlg crypto.EncryptionAlgorithm } @@ -35,14 +38,14 @@ type Config struct { func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository, - assetsAPIDomain string, + externalSecure bool, userCodeAlg crypto.EncryptionAlgorithm, ) *Server { return &Server{ command: command, query: query, administrator: repo, - assetsAPIDomain: assetsAPIDomain, + assetsAPIDomain: assets.AssetAPI(externalSecure), userCodeAlg: userCodeAlg, } } diff --git a/internal/api/grpc/auth/profile.go b/internal/api/grpc/auth/profile.go index b17a0fd132..50f973c616 100644 --- a/internal/api/grpc/auth/profile.go +++ b/internal/api/grpc/auth/profile.go @@ -15,7 +15,7 @@ func (s *Server) GetMyProfile(ctx context.Context, req *auth_pb.GetMyProfileRequ return nil, err } return &auth_pb.GetMyProfileResponse{ - Profile: user_grpc.ProfileToPb(profile, s.assetsAPIDomain), + Profile: user_grpc.ProfileToPb(profile, s.assetsAPIDomain(ctx)), Details: object_grpc.ToViewDetailsPb( profile.Sequence, profile.CreationDate, diff --git a/internal/api/grpc/auth/server.go b/internal/api/grpc/auth/server.go index 40697a8258..e30ab12892 100644 --- a/internal/api/grpc/auth/server.go +++ b/internal/api/grpc/auth/server.go @@ -1,10 +1,12 @@ package auth import ( + "context" "time" "google.golang.org/grpc" + "github.com/zitadel/zitadel/internal/api/assets" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/server" "github.com/zitadel/zitadel/internal/auth/repository" @@ -28,7 +30,7 @@ type Server struct { query *query.Queries repo repository.Repository defaults systemdefaults.SystemDefaults - assetsAPIDomain string + assetsAPIDomain func(context.Context) string userCodeAlg crypto.EncryptionAlgorithm externalSecure bool auditLogRetention time.Duration @@ -42,7 +44,6 @@ func CreateServer(command *command.Commands, query *query.Queries, authRepo repository.Repository, defaults systemdefaults.SystemDefaults, - assetsAPIDomain string, userCodeAlg crypto.EncryptionAlgorithm, externalSecure bool, auditLogRetention time.Duration, @@ -52,7 +53,7 @@ func CreateServer(command *command.Commands, query: query, repo: authRepo, defaults: defaults, - assetsAPIDomain: assetsAPIDomain, + assetsAPIDomain: assets.AssetAPI(externalSecure), userCodeAlg: userCodeAlg, externalSecure: externalSecure, auditLogRetention: auditLogRetention, diff --git a/internal/api/grpc/auth/user.go b/internal/api/grpc/auth/user.go index 849dd5bd0d..17d510be90 100644 --- a/internal/api/grpc/auth/user.go +++ b/internal/api/grpc/auth/user.go @@ -20,7 +20,7 @@ func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*a if err != nil { return nil, err } - return &auth_pb.GetMyUserResponse{User: user_grpc.UserToPb(user, s.assetsAPIDomain)}, nil + return &auth_pb.GetMyUserResponse{User: user_grpc.UserToPb(user, s.assetsAPIDomain(ctx))}, nil } func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserRequest) (*auth_pb.RemoveMyUserResponse, error) { @@ -61,7 +61,7 @@ func (s *Server) ListMyUserChanges(ctx context.Context, req *auth_pb.ListMyUserC return nil, err } return &auth_pb.ListMyUserChangesResponse{ - Result: change.ChangesToPb(changes.Changes, s.assetsAPIDomain), + Result: change.ChangesToPb(changes.Changes, s.assetsAPIDomain(ctx)), }, nil } diff --git a/internal/api/grpc/management/org.go b/internal/api/grpc/management/org.go index 6637e98358..d475c38f05 100644 --- a/internal/api/grpc/management/org.go +++ b/internal/api/grpc/management/org.go @@ -39,7 +39,7 @@ func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChanges return nil, err } return &mgmt_pb.ListOrgChangesResponse{ - Result: change_grpc.ChangesToPb(response.Changes, s.assetAPIPrefix), + Result: change_grpc.ChangesToPb(response.Changes, s.assetAPIPrefix(ctx)), }, nil } @@ -233,7 +233,7 @@ func (s *Server) ListOrgMembers(ctx context.Context, req *mgmt_pb.ListOrgMembers return nil, err } return &mgmt_pb.ListOrgMembersResponse{ - Result: member_grpc.MembersToPb(s.assetAPIPrefix, members.Members), + Result: member_grpc.MembersToPb(s.assetAPIPrefix(ctx), members.Members), Details: object.ToListDetails( members.Count, members.Sequence, diff --git a/internal/api/grpc/management/policy_label.go b/internal/api/grpc/management/policy_label.go index c5d9333a44..3eaec40ebd 100644 --- a/internal/api/grpc/management/policy_label.go +++ b/internal/api/grpc/management/policy_label.go @@ -14,7 +14,7 @@ func (s *Server) GetLabelPolicy(ctx context.Context, req *mgmt_pb.GetLabelPolicy if err != nil { return nil, err } - return &mgmt_pb.GetLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix), IsDefault: policy.IsDefault}, nil + return &mgmt_pb.GetLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix(ctx)), IsDefault: policy.IsDefault}, nil } func (s *Server) GetPreviewLabelPolicy(ctx context.Context, req *mgmt_pb.GetPreviewLabelPolicyRequest) (*mgmt_pb.GetPreviewLabelPolicyResponse, error) { @@ -22,7 +22,7 @@ func (s *Server) GetPreviewLabelPolicy(ctx context.Context, req *mgmt_pb.GetPrev if err != nil { return nil, err } - return &mgmt_pb.GetPreviewLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix), IsDefault: policy.IsDefault}, nil + return &mgmt_pb.GetPreviewLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix(ctx)), IsDefault: policy.IsDefault}, nil } func (s *Server) GetDefaultLabelPolicy(ctx context.Context, req *mgmt_pb.GetDefaultLabelPolicyRequest) (*mgmt_pb.GetDefaultLabelPolicyResponse, error) { @@ -30,7 +30,7 @@ func (s *Server) GetDefaultLabelPolicy(ctx context.Context, req *mgmt_pb.GetDefa if err != nil { return nil, err } - return &mgmt_pb.GetDefaultLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix)}, nil + return &mgmt_pb.GetDefaultLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetAPIPrefix(ctx))}, nil } func (s *Server) AddCustomLabelPolicy(ctx context.Context, req *mgmt_pb.AddCustomLabelPolicyRequest) (*mgmt_pb.AddCustomLabelPolicyResponse, error) { diff --git a/internal/api/grpc/management/project.go b/internal/api/grpc/management/project.go index a17be02ef9..cefcb68f50 100644 --- a/internal/api/grpc/management/project.go +++ b/internal/api/grpc/management/project.go @@ -116,7 +116,7 @@ func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjec return nil, err } return &mgmt_pb.ListProjectChangesResponse{ - Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix), + Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix(ctx)), }, nil } @@ -302,7 +302,7 @@ func (s *Server) ListProjectMembers(ctx context.Context, req *mgmt_pb.ListProjec return nil, err } return &mgmt_pb.ListProjectMembersResponse{ - Result: member_grpc.MembersToPb(s.assetAPIPrefix, members.Members), + Result: member_grpc.MembersToPb(s.assetAPIPrefix(ctx), members.Members), Details: object_grpc.ToListDetails( members.Count, members.Sequence, diff --git a/internal/api/grpc/management/project_application.go b/internal/api/grpc/management/project_application.go index 4e2d269909..1a21e47d64 100644 --- a/internal/api/grpc/management/project_application.go +++ b/internal/api/grpc/management/project_application.go @@ -49,7 +49,7 @@ func (s *Server) ListAppChanges(ctx context.Context, req *mgmt_pb.ListAppChanges return nil, err } return &mgmt_pb.ListAppChangesResponse{ - Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix), + Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix(ctx)), }, nil } diff --git a/internal/api/grpc/management/project_grant.go b/internal/api/grpc/management/project_grant.go index 48e989faba..6ca939039d 100644 --- a/internal/api/grpc/management/project_grant.go +++ b/internal/api/grpc/management/project_grant.go @@ -177,7 +177,7 @@ func (s *Server) ListProjectGrantMembers(ctx context.Context, req *mgmt_pb.ListP return nil, err } return &mgmt_pb.ListProjectGrantMembersResponse{ - Result: member_grpc.MembersToPb(s.assetAPIPrefix, response.Members), + Result: member_grpc.MembersToPb(s.assetAPIPrefix(ctx), response.Members), Details: object_grpc.ToListDetails( response.Count, response.Sequence, diff --git a/internal/api/grpc/management/server.go b/internal/api/grpc/management/server.go index d3593b3d23..aac4a80e4b 100644 --- a/internal/api/grpc/management/server.go +++ b/internal/api/grpc/management/server.go @@ -1,10 +1,12 @@ package management import ( + "context" "time" "google.golang.org/grpc" + "github.com/zitadel/zitadel/internal/api/assets" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/grpc/server" "github.com/zitadel/zitadel/internal/command" @@ -25,7 +27,7 @@ type Server struct { command *command.Commands query *query.Queries systemDefaults systemdefaults.SystemDefaults - assetAPIPrefix string + assetAPIPrefix func(context.Context) string passwordHashAlg crypto.HashAlgorithm userCodeAlg crypto.EncryptionAlgorithm externalSecure bool @@ -37,7 +39,6 @@ func CreateServer( command *command.Commands, query *query.Queries, sd systemdefaults.SystemDefaults, - assetAPIPrefix string, userCodeAlg crypto.EncryptionAlgorithm, externalSecure bool, issuerPath string, @@ -47,7 +48,7 @@ func CreateServer( command: command, query: query, systemDefaults: sd, - assetAPIPrefix: assetAPIPrefix, + assetAPIPrefix: assets.AssetAPI(externalSecure), passwordHashAlg: crypto.NewBCrypt(sd.SecretGenerators.PasswordSaltCost), userCodeAlg: userCodeAlg, externalSecure: externalSecure, diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go index b9fceb9547..74cfcb5303 100644 --- a/internal/api/grpc/management/user.go +++ b/internal/api/grpc/management/user.go @@ -35,7 +35,7 @@ func (s *Server) GetUserByID(ctx context.Context, req *mgmt_pb.GetUserByIDReques return nil, err } return &mgmt_pb.GetUserByIDResponse{ - User: user_grpc.UserToPb(user, s.assetAPIPrefix), + User: user_grpc.UserToPb(user, s.assetAPIPrefix(ctx)), }, nil } @@ -49,7 +49,7 @@ func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetU return nil, err } return &mgmt_pb.GetUserByLoginNameGlobalResponse{ - User: user_grpc.UserToPb(user, s.assetAPIPrefix), + User: user_grpc.UserToPb(user, s.assetAPIPrefix(ctx)), }, nil } @@ -68,7 +68,7 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) ( return nil, err } return &mgmt_pb.ListUsersResponse{ - Result: user_grpc.UsersToPb(res.Users, s.assetAPIPrefix), + Result: user_grpc.UsersToPb(res.Users, s.assetAPIPrefix(ctx)), Details: obj_grpc.ToListDetails( res.Count, res.Sequence, @@ -84,7 +84,7 @@ func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChang return nil, err } return &mgmt_pb.ListUserChangesResponse{ - Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix), + Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix(ctx)), }, nil } @@ -383,7 +383,7 @@ func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfi return nil, err } return &mgmt_pb.GetHumanProfileResponse{ - Profile: user_grpc.ProfileToPb(profile, s.assetAPIPrefix), + Profile: user_grpc.ProfileToPb(profile, s.assetAPIPrefix(ctx)), Details: obj_grpc.ToViewDetailsPb( profile.Sequence, profile.CreationDate, diff --git a/internal/api/grpc/management/user_grant.go b/internal/api/grpc/management/user_grant.go index 6d93f84371..68ab81da84 100644 --- a/internal/api/grpc/management/user_grant.go +++ b/internal/api/grpc/management/user_grant.go @@ -24,7 +24,7 @@ func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrant return nil, err } return &mgmt_pb.GetUserGrantByIDResponse{ - UserGrant: user.UserGrantToPb(s.assetAPIPrefix, grant), + UserGrant: user.UserGrantToPb(s.assetAPIPrefix(ctx), grant), }, nil } @@ -38,7 +38,7 @@ func (s *Server) ListUserGrants(ctx context.Context, req *mgmt_pb.ListUserGrantR return nil, err } return &mgmt_pb.ListUserGrantResponse{ - Result: user.UserGrantsToPb(s.assetAPIPrefix, res.UserGrants), + Result: user.UserGrantsToPb(s.assetAPIPrefix(ctx), res.UserGrants), Details: obj_grpc.ToListDetails( res.Count, res.Sequence, diff --git a/internal/domain/asset.go b/internal/domain/asset.go index f0ae642ed2..05422b1131 100644 --- a/internal/domain/asset.go +++ b/internal/domain/asset.go @@ -42,5 +42,5 @@ func AssetURL(prefix, resourceOwner, key string) string { if prefix == "" || resourceOwner == "" || key == "" { return "" } - return prefix + resourceOwner + "/" + key + return prefix + "/" + resourceOwner + "/" + key }