feat: enable iframe use (#4766)

* feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2025-08-12 01:47:33 +00:00 · 2022-12-14 07:17:36 +01:00
parent 33e973f015
commit 632639ae7f
40 changed files with 1151 additions and 45 deletions
--- a/internal/query/projection/projection.go
+++ b/internal/query/projection/projection.go
@@ -59,6 +59,7 @@ var (
 	OIDCSettingsProjection              *oidcSettingsProjection
 	DebugNotificationProviderProjection *debugNotificationProviderProjection
 	KeyProjection                       *keyProjection
+	SecurityPolicyProjection            *securityPolicyProjection
 	NotificationsProjection             interface{}
 )

@@ -131,6 +132,7 @@ func Create(ctx context.Context, sqlClient *sql.DB, es *eventstore.Eventstore, c
 	OIDCSettingsProjection = newOIDCSettingsProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["oidc_settings"]))
 	DebugNotificationProviderProjection = newDebugNotificationProviderProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["debug_notification_provider"]))
 	KeyProjection = newKeyProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["keys"]), keyEncryptionAlgorithm, certEncryptionAlgorithm)
+	SecurityPolicyProjection = newSecurityPolicyProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["security_policies"]))
 	newProjectionsList()
 	return nil
 }
@@ -221,5 +223,6 @@ func newProjectionsList() {
 		OIDCSettingsProjection,
 		DebugNotificationProviderProjection,
 		KeyProjection,
+		SecurityPolicyProjection,
 	}
 }
--- a/internal/query/projection/security_policy.go
+++ b/internal/query/projection/security_policy.go
@@ -0,0 +1,89 @@
+package projection
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/handler"
+	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+)
+
+const (
+	SecurityPolicyProjectionTable      = "projections.security_policies"
+	SecurityPolicyColumnInstanceID     = "instance_id"
+	SecurityPolicyColumnCreationDate   = "creation_date"
+	SecurityPolicyColumnChangeDate     = "change_date"
+	SecurityPolicyColumnSequence       = "sequence"
+	SecurityPolicyColumnEnabled        = "enabled"
+	SecurityPolicyColumnAllowedOrigins = "origins"
+)
+
+type securityPolicyProjection struct {
+	crdb.StatementHandler
+}
+
+func newSecurityPolicyProjection(ctx context.Context, config crdb.StatementHandlerConfig) *securityPolicyProjection {
+	p := new(securityPolicyProjection)
+	config.ProjectionName = SecurityPolicyProjectionTable
+	config.Reducers = p.reducers()
+	config.InitCheck = crdb.NewTableCheck(
+		crdb.NewTable([]*crdb.Column{
+			crdb.NewColumn(SecurityPolicyColumnCreationDate, crdb.ColumnTypeTimestamp),
+			crdb.NewColumn(SecurityPolicyColumnChangeDate, crdb.ColumnTypeTimestamp),
+			crdb.NewColumn(SecurityPolicyColumnInstanceID, crdb.ColumnTypeText),
+			crdb.NewColumn(SecurityPolicyColumnSequence, crdb.ColumnTypeInt64),
+			crdb.NewColumn(SecurityPolicyColumnEnabled, crdb.ColumnTypeBool, crdb.Default(false)),
+			crdb.NewColumn(SecurityPolicyColumnAllowedOrigins, crdb.ColumnTypeTextArray, crdb.Nullable()),
+		},
+			crdb.NewPrimaryKey(SecurityPolicyColumnInstanceID),
+		),
+	)
+	p.StatementHandler = crdb.NewStatementHandler(ctx, config)
+	return p
+}
+
+func (p *securityPolicyProjection) reducers() []handler.AggregateReducer {
+	return []handler.AggregateReducer{
+		{
+			Aggregate: instance.AggregateType,
+			EventRedusers: []handler.EventReducer{
+				{
+					Event:  instance.SecurityPolicySetEventType,
+					Reduce: p.reduceSecurityPolicySet,
+				},
+				{
+					Event:  instance.InstanceRemovedEventType,
+					Reduce: reduceInstanceRemovedHelper(SecurityPolicyColumnInstanceID),
+				},
+			},
+		},
+	}
+}
+
+func (p *securityPolicyProjection) reduceSecurityPolicySet(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*instance.SecurityPolicySetEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-D3g87", "reduce.wrong.event.type %s", instance.SecurityPolicySetEventType)
+	}
+	changes := []handler.Column{
+		handler.NewCol(SecurityPolicyColumnCreationDate, e.CreationDate()),
+		handler.NewCol(SecurityPolicyColumnChangeDate, e.CreationDate()),
+		handler.NewCol(SecurityPolicyColumnInstanceID, e.Aggregate().InstanceID),
+		handler.NewCol(SecurityPolicyColumnSequence, e.Sequence()),
+	}
+	if e.Enabled != nil {
+		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnabled, *e.Enabled))
+	}
+	if e.AllowedOrigins != nil {
+		changes = append(changes, handler.NewCol(SecurityPolicyColumnAllowedOrigins, e.AllowedOrigins))
+	}
+	return crdb.NewUpsertStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(SecurityPolicyColumnInstanceID, ""),
+		},
+		changes,
+	), nil
+}