feat: label policy (#1708)

* feat: label policy proto extension * feat: label policy and activate event * feat: label policy asset events * feat: label policy asset commands * feat: add storage key * feat: storage key validation * feat: label policy asset tests * feat: label policy query side * feat: avatar * feat: avatar event * feat: human avatar * feat: avatar read side * feat: font on iam label policy * feat: label policy font * feat: possiblity to create bucket on put file * uplaoder * login policy logo * set bucket prefix * feat: avatar upload * feat: avatar upload * feat: use assets on command side * feat: fix human avatar removed event * feat: remove human avatar * feat: mock asset storage * feat: remove human avatar * fix(operator): add configuration of asset storage to zitadel operator * feat(console): private labeling policy (#1697) * private labeling component, routing, preview * font, colors, upload, i18n * show logo * fix: uniqueness (#1710) * fix: uniqueconstraint to lower * feat: change org * feat: org change test * feat: change org * fix: tests * fix: handle domain claims correctly * feat: update org Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: handle domain claimed event correctly for service users (#1711) * fix: handle domain claimed event correctly on user view * fix: ignore domain claimed events for email notifications * fix: change org * handle org changed in read models correctly * fix: change org in user grant handler Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: correct value (#1695) * docs(api): correct link (#1712) * upload service Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * feat: fix tests, * feat: remove assets from label policy * fix npm, set environment * lint ts * remove stylelinting * fix(operator): add mapping for console with changed unit tests * fix(operator): add secrets as env variables to pod * feat: remove human avatar * fix(operator): add secrets as env variables to pod * feat: map label policy * feat: labelpolicy, admin, mgmt, adv settings (#1715) * fetch label policy, mgmt, admin service * feat: advanced beh, links, add, update * lint ts * feat: watermark * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: custom css * css * css * css * css * css * getobject * feat: dynamic handler * feat: varibale css * content info * css overwrite * feat: variablen css * feat: generate css file * feat: dark mode * feat: dark mode * fix logo css * feat: upload logos * dark mode with cookie * feat: handle images in login * avatar css and begin font * feat: avatar * feat: user avatar * caching of static assets in login * add avatar.js to main.html * feat: header dont show logo if no url * feat: label policy colors * feat: mock asset storage * feat: mock asset storage * feat: fix tests * feat: user avatar * feat: header logo * avatar * avatar * make it compatible with go 1.15 * feat: remove unused logos * fix handler * fix: styling error handling * fonts * fix: download func * switch to mux * fix: change upload api to assets * fix build * fix: download avatar * fix: download logos * fix: my avatar * font * fix: remove error msg popup possibility * fix: docs * fix: svalidate colors * rem msg popup from frontend * fix: email with private labeling * fix: tests * fix: email templates * fix: change migration version * fix: fix duplicate imports * fix(console): assets, service url, upload, policy current and preview (#1781) * upload endpoint, layout * fetch current, preview, fix upload * cleanup private labeling * fix linting * begin generated asset handler * generate asset api in dockerfile * features for label policy * features for label policy * features * flag for asset generator * change asset generator flag * fix label policy view in grpc * fix: layout, activate policy (#1786) * theme switcher up on top * change layout * activate policy * feat(console): label policy back color, layout (#1788) * theme switcher up on top * change layout * activate policy * fix overwrite value fc * reset policy, reset service * autosave policy, preview desc, layout impv * layout, i18n * background colors, inject material styles * load images * clean, lint * fix layout * set custom hex * fix content size conversion * remove font format in generated css * fix features for assets * fix(console): label policy colors, image downloads, preview (#1804) * load images * colors, images binding * lint * refresh emitter * lint * propagate font colors * upload error handling * label policy feature check * add blob in csp for console * log * fix: feature edits for label policy, refresh state on upload (#1807) * show error on load image, stop spinner * fix merge * fix migration versions * fix assets * fix csp * fix background color * scss * fix build * lint scss * fix statik for console * fix features check for label policy * cleanup * lint * public links * fix notifications * public links * feat: merge main * feat: fix translation files * fix migration * set api domain * fix logo in email * font face in email * font face in email * validate assets on upload * cleanup * add missing translations * add missing translations Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch>
2025-08-11 21:27:42 +00:00 · 2021-06-04 14:53:51 +02:00
parent c0d9d86b09
commit 73d37459bb
257 changed files with 18248 additions and 7178 deletions
--- a/cmd/zitadel/main.go
+++ b/cmd/zitadel/main.go
@@ -5,8 +5,10 @@ import (
 	"flag"

 	"github.com/caos/logging"
+
 	admin_es "github.com/caos/zitadel/internal/admin/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/api"
+	"github.com/caos/zitadel/internal/api/assets"
 	internal_authz "github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/admin"
 	"github.com/caos/zitadel/internal/api/grpc/auth"
@@ -20,11 +22,13 @@ import (
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
 	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/id"
 	mgmt_es "github.com/caos/zitadel/internal/management/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/notification"
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/setup"
-	"github.com/caos/zitadel/internal/static/s3"
+	"github.com/caos/zitadel/internal/static"
+	static_config "github.com/caos/zitadel/internal/static/config"
 	metrics "github.com/caos/zitadel/internal/telemetry/metrics/config"
 	tracing "github.com/caos/zitadel/internal/telemetry/tracing/config"
 	"github.com/caos/zitadel/internal/ui"
@@ -37,7 +41,7 @@ type Config struct {
 	Log            logging.Config
 	Tracing        tracing.TracingConfig
 	Metrics        metrics.MetricsConfig
-	AssetStorage   s3.AssetStorage
+	AssetStorage   static_config.AssetStorageConfig
 	InternalAuthZ  internal_authz.Config
 	SystemDefaults sd.SystemDefaults

@@ -72,6 +76,7 @@ var (
 	managementEnabled   = flag.Bool("management", true, "enable management api")
 	authEnabled         = flag.Bool("auth", true, "enable auth api")
 	oidcEnabled         = flag.Bool("oidc", true, "enable oidc api")
+	assetsEnabled       = flag.Bool("assets", true, "enable assets api")
 	loginEnabled        = flag.Bool("login", true, "enable login ui")
 	consoleEnabled      = flag.Bool("console", true, "enable console ui")
 	notificationEnabled = flag.Bool("notification", true, "enable notification handler")
@@ -114,11 +119,15 @@ func startZitadel(configPaths []string) {
 	}
 	authZRepo, err := authz.Start(ctx, conf.AuthZ, conf.InternalAuthZ, conf.SystemDefaults, queries)
 	logging.Log("MAIN-s9KOw").OnError(err).Fatal("error starting authz repo")
+	verifier := internal_authz.Start(authZRepo)
 	esCommands, err := eventstore.StartWithUser(conf.EventstoreBase, conf.Commands.Eventstore)
 	if err != nil {
 		logging.Log("ZITAD-iRCMm").OnError(err).Fatal("cannot start eventstore for commands")
 	}
-	commands, err := command.StartCommands(esCommands, conf.SystemDefaults, conf.InternalAuthZ, authZRepo)
+	store, err := conf.AssetStorage.Config.NewStorage()
+	logging.Log("ZITAD-Bfhe2").OnError(err).Fatal("Unable to start asset storage")
+
+	commands, err := command.StartCommands(esCommands, conf.SystemDefaults, conf.InternalAuthZ, store, authZRepo)
 	if err != nil {
 		logging.Log("ZITAD-bmNiJ").OnError(err).Fatal("cannot start commands")
 	}
@@ -128,21 +137,21 @@ func startZitadel(configPaths []string) {
 		logging.Log("MAIN-9oRw6").OnError(err).Fatal("error starting auth repo")
 	}

-	startAPI(ctx, conf, authZRepo, authRepo, commands, queries)
-	startUI(ctx, conf, authRepo, commands, queries)
+	startAPI(ctx, conf, verifier, authZRepo, authRepo, commands, queries, store)
+	startUI(ctx, conf, authRepo, commands, queries, store)

 	if *notificationEnabled {
-		notification.Start(ctx, conf.Notification, conf.SystemDefaults, commands)
+		notification.Start(ctx, conf.Notification, conf.SystemDefaults, commands, store != nil)
 	}

 	<-ctx.Done()
 	logging.Log("MAIN-s8d2h").Info("stopping zitadel")
 }

-func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries) {
+func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries, staticStorage static.Storage) {
 	uis := ui.Create(conf.UI)
 	if *loginEnabled {
-		login, prefix := login.Start(conf.UI.Login, command, query, authRepo, conf.SystemDefaults, *localDevMode)
+		login, prefix := login.Start(conf.UI.Login, command, query, authRepo, staticStorage, conf.SystemDefaults, *localDevMode)
 		uis.RegisterHandler(prefix, login.Handler())
 	}
 	if *consoleEnabled {
@@ -153,12 +162,12 @@ func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository,
 	uis.Start(ctx)
 }

-func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries) {
+func startAPI(ctx context.Context, conf *Config, verifier *internal_authz.TokenVerifier, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries, static static.Storage) {
 	roles := make([]string, len(conf.InternalAuthZ.RolePermissionMappings))
 	for i, role := range conf.InternalAuthZ.RolePermissionMappings {
 		roles[i] = role.Role
 	}
-	repo, err := admin_es.Start(ctx, conf.Admin, conf.SystemDefaults, roles)
+	repo, err := admin_es.Start(ctx, conf.Admin, conf.SystemDefaults, static, roles, *localDevMode)
 	logging.Log("API-D42tq").OnError(err).Fatal("error starting auth repo")

 	apis := api.Create(conf.API, conf.InternalAuthZ, authZRepo, authRepo, repo, conf.SystemDefaults)
@@ -166,9 +175,9 @@ func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsReposit
 	if *adminEnabled {
 		apis.RegisterServer(ctx, admin.CreateServer(command, query, repo, conf.SystemDefaults.Domain))
 	}
+	managementRepo, err := mgmt_es.Start(conf.Mgmt, conf.SystemDefaults, roles, query, static)
+	logging.Log("API-Gd2qq").OnError(err).Fatal("error starting management repo")
 	if *managementEnabled {
-		managementRepo, err := mgmt_es.Start(conf.Mgmt, conf.SystemDefaults, roles, query)
-		logging.Log("API-Gd2qq").OnError(err).Fatal("error starting management repo")
 		apis.RegisterServer(ctx, management.CreateServer(command, query, managementRepo, conf.SystemDefaults))
 	}
 	if *authEnabled {
@@ -178,6 +187,10 @@ func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsReposit
 		op := oidc.NewProvider(ctx, conf.API.OIDC, command, query, authRepo, conf.SystemDefaults.KeyConfig.EncryptionConfig, *localDevMode)
 		apis.RegisterHandler("/oauth/v2", op.HttpHandler())
 	}
+	if *assetsEnabled {
+		assetsHandler := assets.NewHandler(command, verifier, conf.InternalAuthZ, id.SonyFlakeGenerator, static, managementRepo)
+		apis.RegisterHandler("/assets/v1", assetsHandler)
+	}

 	openAPIHandler, err := openapi.Start()
 	logging.Log("ZITAD-8pRk1").OnError(err).Fatal("Unable to start openapi handler")
@@ -196,7 +209,7 @@ func startSetup(configPaths []string) {
 	es, err := eventstore.Start(conf.Eventstore)
 	logging.Log("MAIN-Ddt3").OnError(err).Fatal("cannot start eventstore")

-	commands, err := command.StartCommands(es, conf.SystemDefaults, conf.InternalAuthZ, nil)
+	commands, err := command.StartCommands(es, conf.SystemDefaults, conf.InternalAuthZ, nil, nil)
 	logging.Log("MAIN-dsjrr").OnError(err).Fatal("cannot start command side")

 	err = setup.Execute(ctx, conf.SetUp, conf.SystemDefaults.IamID, commands)
--- a/cmd/zitadel/setup.yaml
+++ b/cmd/zitadel/setup.yaml
--- a/cmd/zitadel/startup.yaml
+++ b/cmd/zitadel/startup.yaml
@@ -19,6 +19,7 @@ AssetStorage:
    SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
    SSL: $ZITADEL_ASSET_STORAGE_SSL
    Location: $ZITADEL_ASSET_STORAGE_LOCATION
+    BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX

 Metrics:
  Type: 'otel'
@@ -279,6 +280,10 @@ UI:
      Cache:
        MaxAge: $ZITADEL_CACHE_MAXAGE
        SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
+      StaticCache:
+        Type: bigcache
+        Config:
+          MaxCacheSizeInByte: 52428800 #50MB
  Console:
    EnvOverwriteDir: $ZITADEL_CONSOLE_ENV_DIR
    ShortCache:
@@ -290,6 +295,7 @@ UI:
    CSPDomain: $ZITADEL_DEFAULT_DOMAIN

 Notification:
+  APIDomain: $ZITADEL_API_DOMAIN
  Repository:
    DefaultLanguage: 'de'
    Domain: $ZITADEL_DEFAULT_DOMAIN