fix(setup): decode complex config strings (#7854)

* fix(setup): decode complex config strings * decode complex types before string lists * lint * fix hasher env docs * hasher defaults * cleanup * cleanup --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2024-05-01 12:17:27 +02:00
parent 9950cafafc
commit 6c0e7c402d
3 changed files with 261 additions and 13 deletions
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -12,13 +12,14 @@ import (
 	"github.com/zitadel/zitadel/cmd/encryption"
 	"github.com/zitadel/zitadel/cmd/hooks"
 	"github.com/zitadel/zitadel/internal/actions"
-	"github.com/zitadel/zitadel/internal/api/authz"
+	internal_authz "github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/config/hook"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/id"
 	"github.com/zitadel/zitadel/internal/notification/handlers"
@@ -29,7 +30,7 @@ import (
 type Config struct {
 	Database        database.Config
 	SystemDefaults  systemdefaults.SystemDefaults
-	InternalAuthZ   authz.Config
+	InternalAuthZ   internal_authz.Config
 	ExternalDomain  string
 	ExternalPort    uint16
 	ExternalSecure  bool
@@ -46,7 +47,7 @@ type Config struct {
 	Login           login.Config
 	WebAuthNName    string
 	Telemetry       *handlers.TelemetryPusherConfig
-	SystemAPIUsers  map[string]*authz.SystemAPIUser
+	SystemAPIUsers  map[string]*internal_authz.SystemAPIUser
 }

 type InitProjections struct {
@@ -60,16 +61,18 @@ func MustNewConfig(v *viper.Viper) *Config {
 	config := new(Config)
 	err := v.Unmarshal(config,
 		viper.DecodeHook(mapstructure.ComposeDecodeHookFunc(
+			hooks.SliceTypeStringDecode[*domain.CustomMessageText],
+			hooks.SliceTypeStringDecode[internal_authz.RoleMapping],
+			hooks.MapTypeStringDecode[string, *internal_authz.SystemAPIUser],
+			hooks.MapHTTPHeaderStringDecode,
+			database.DecodeHook,
+			actions.HTTPConfigDecodeHook,
+			hook.EnumHookFunc(internal_authz.MemberTypeString),
 			hook.Base64ToBytesHookFunc(),
 			hook.TagToLanguageHookFunc(),
 			mapstructure.StringToTimeDurationHookFunc(),
 			mapstructure.StringToTimeHookFunc(time.RFC3339),
 			mapstructure.StringToSliceHookFunc(","),
-			database.DecodeHook,
-			hook.EnumHookFunc(authz.MemberTypeString),
-			actions.HTTPConfigDecodeHook,
-			hooks.MapTypeStringDecode[string, *authz.SystemAPIUser],
-			hooks.SliceTypeStringDecode[authz.RoleMapping],
 		)),
 	)
 	logging.OnError(err).Fatal("unable to read default config")