feat: label policy (#1708)

* feat: label policy proto extension * feat: label policy and activate event * feat: label policy asset events * feat: label policy asset commands * feat: add storage key * feat: storage key validation * feat: label policy asset tests * feat: label policy query side * feat: avatar * feat: avatar event * feat: human avatar * feat: avatar read side * feat: font on iam label policy * feat: label policy font * feat: possiblity to create bucket on put file * uplaoder * login policy logo * set bucket prefix * feat: avatar upload * feat: avatar upload * feat: use assets on command side * feat: fix human avatar removed event * feat: remove human avatar * feat: mock asset storage * feat: remove human avatar * fix(operator): add configuration of asset storage to zitadel operator * feat(console): private labeling policy (#1697) * private labeling component, routing, preview * font, colors, upload, i18n * show logo * fix: uniqueness (#1710) * fix: uniqueconstraint to lower * feat: change org * feat: org change test * feat: change org * fix: tests * fix: handle domain claims correctly * feat: update org Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: handle domain claimed event correctly for service users (#1711) * fix: handle domain claimed event correctly on user view * fix: ignore domain claimed events for email notifications * fix: change org * handle org changed in read models correctly * fix: change org in user grant handler Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: correct value (#1695) * docs(api): correct link (#1712) * upload service Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * feat: fix tests, * feat: remove assets from label policy * fix npm, set environment * lint ts * remove stylelinting * fix(operator): add mapping for console with changed unit tests * fix(operator): add secrets as env variables to pod * feat: remove human avatar * fix(operator): add secrets as env variables to pod * feat: map label policy * feat: labelpolicy, admin, mgmt, adv settings (#1715) * fetch label policy, mgmt, admin service * feat: advanced beh, links, add, update * lint ts * feat: watermark * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: remove human avatar * feat: custom css * css * css * css * css * css * getobject * feat: dynamic handler * feat: varibale css * content info * css overwrite * feat: variablen css * feat: generate css file * feat: dark mode * feat: dark mode * fix logo css * feat: upload logos * dark mode with cookie * feat: handle images in login * avatar css and begin font * feat: avatar * feat: user avatar * caching of static assets in login * add avatar.js to main.html * feat: header dont show logo if no url * feat: label policy colors * feat: mock asset storage * feat: mock asset storage * feat: fix tests * feat: user avatar * feat: header logo * avatar * avatar * make it compatible with go 1.15 * feat: remove unused logos * fix handler * fix: styling error handling * fonts * fix: download func * switch to mux * fix: change upload api to assets * fix build * fix: download avatar * fix: download logos * fix: my avatar * font * fix: remove error msg popup possibility * fix: docs * fix: svalidate colors * rem msg popup from frontend * fix: email with private labeling * fix: tests * fix: email templates * fix: change migration version * fix: fix duplicate imports * fix(console): assets, service url, upload, policy current and preview (#1781) * upload endpoint, layout * fetch current, preview, fix upload * cleanup private labeling * fix linting * begin generated asset handler * generate asset api in dockerfile * features for label policy * features for label policy * features * flag for asset generator * change asset generator flag * fix label policy view in grpc * fix: layout, activate policy (#1786) * theme switcher up on top * change layout * activate policy * feat(console): label policy back color, layout (#1788) * theme switcher up on top * change layout * activate policy * fix overwrite value fc * reset policy, reset service * autosave policy, preview desc, layout impv * layout, i18n * background colors, inject material styles * load images * clean, lint * fix layout * set custom hex * fix content size conversion * remove font format in generated css * fix features for assets * fix(console): label policy colors, image downloads, preview (#1804) * load images * colors, images binding * lint * refresh emitter * lint * propagate font colors * upload error handling * label policy feature check * add blob in csp for console * log * fix: feature edits for label policy, refresh state on upload (#1807) * show error on load image, stop spinner * fix merge * fix migration versions * fix assets * fix csp * fix background color * scss * fix build * lint scss * fix statik for console * fix features check for label policy * cleanup * lint * public links * fix notifications * public links * feat: merge main * feat: fix translation files * fix migration * set api domain * fix logo in email * font face in email * font face in email * validate assets on upload * cleanup * add missing translations * add missing translations Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch>
2025-12-03 05:42:22 +00:00 · 2021-06-04 14:53:51 +02:00
parent c0d9d86b09
commit 73d37459bb
257 changed files with 18248 additions and 7178 deletions
--- a/internal/management/repository/eventsourcing/eventstore/org.go
+++ b/internal/management/repository/eventsourcing/eventstore/org.go
@@ -195,9 +195,24 @@ func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_mo
 }

 func (repo *OrgRepository) GetLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) {
-	policy, err := repo.View.LabelPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
+	policy, err := repo.View.LabelPolicyByAggregateIDAndState(authz.GetCtxData(ctx).OrgID, int32(domain.LabelPolicyStateActive))
 	if errors.IsNotFound(err) {
-		policy, err = repo.View.LabelPolicyByAggregateID(repo.SystemDefaults.IamID)
+		policy, err = repo.View.LabelPolicyByAggregateIDAndState(repo.SystemDefaults.IamID, int32(domain.LabelPolicyStateActive))
+		if err != nil {
+			return nil, err
+		}
+		policy.Default = true
+	}
+	if err != nil {
+		return nil, err
+	}
+	return iam_es_model.LabelPolicyViewToModel(policy), err
+}
+
+func (repo *OrgRepository) GetPreviewLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) {
+	policy, err := repo.View.LabelPolicyByAggregateIDAndState(authz.GetCtxData(ctx).OrgID, int32(domain.LabelPolicyStatePreview))
+	if errors.IsNotFound(err) {
+		policy, err = repo.View.LabelPolicyByAggregateIDAndState(repo.SystemDefaults.IamID, int32(domain.LabelPolicyStatePreview))
 		if err != nil {
 			return nil, err
 		}
@@ -210,7 +225,15 @@ func (repo *OrgRepository) GetLabelPolicy(ctx context.Context) (*iam_model.Label
 }

 func (repo *OrgRepository) GetDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) {
-	policy, viewErr := repo.View.LabelPolicyByAggregateID(repo.SystemDefaults.IamID)
+	return repo.getDefaultLabelPolicy(ctx, domain.LabelPolicyStateActive)
+}
+
+func (repo *OrgRepository) GetPreviewDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) {
+	return repo.getDefaultLabelPolicy(ctx, domain.LabelPolicyStatePreview)
+}
+
+func (repo *OrgRepository) getDefaultLabelPolicy(ctx context.Context, state domain.LabelPolicyState) (*iam_model.LabelPolicyView, error) {
+	policy, viewErr := repo.View.LabelPolicyByAggregateIDAndState(repo.SystemDefaults.IamID, int32(state))
 	if viewErr != nil && !errors.IsNotFound(viewErr) {
 		return nil, viewErr
 	}
--- a/internal/management/repository/eventsourcing/handler/handler.go
+++ b/internal/management/repository/eventsourcing/handler/handler.go
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/caos/zitadel/internal/eventstore/v1"
+	"github.com/caos/zitadel/internal/static"

 	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
@@ -30,7 +31,7 @@ func (h *handler) Eventstore() v1.Eventstore {
 	return h.es
 }

-func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, defaults systemdefaults.SystemDefaults) []query.Handler {
+func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, defaults systemdefaults.SystemDefaults, staticStorage static.Storage) []query.Handler {
 	return []query.Handler{
 		newProject(
 			handler{view, bulkLimit, configs.cycleDuration("Project"), errorCount, es}),
@@ -58,7 +59,8 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
 		newLoginPolicy(
 			handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount, es}),
 		newLabelPolicy(
-			handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount, es}),
+			handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount, es},
+			staticStorage),
 		newIDPProvider(
 			handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount, es},
 			defaults),
--- a/internal/management/repository/eventsourcing/handler/label_policy.go
+++ b/internal/management/repository/eventsourcing/handler/label_policy.go
@@ -1,7 +1,10 @@
 package handler

 import (
+	"context"
+
 	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1"
 	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/eventstore/v1/query"
@@ -9,6 +12,7 @@ import (
 	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
 	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/static"
 )

 const (
@@ -18,11 +22,13 @@ const (
 type LabelPolicy struct {
 	handler
 	subscription *v1.Subscription
+	static       static.Storage
 }

-func newLabelPolicy(handler handler) *LabelPolicy {
+func newLabelPolicy(handler handler, static static.Storage) *LabelPolicy {
 	h := &LabelPolicy{
 		handler: handler,
+		static:  static,
 	}

 	h.subscribe()
@@ -78,12 +84,29 @@ func (m *LabelPolicy) processLabelPolicy(event *es_models.Event) (err error) {
 	switch event.Type {
 	case iam_es_model.LabelPolicyAdded, model.LabelPolicyAdded:
 		err = policy.AppendEvent(event)
-	case iam_es_model.LabelPolicyChanged, model.LabelPolicyChanged:
-		policy, err = m.view.LabelPolicyByAggregateID(event.AggregateID)
+	case iam_es_model.LabelPolicyChanged, model.LabelPolicyChanged,
+		iam_es_model.LabelPolicyLogoAdded, model.LabelPolicyLogoAdded,
+		iam_es_model.LabelPolicyLogoRemoved, model.LabelPolicyLogoRemoved,
+		iam_es_model.LabelPolicyIconAdded, model.LabelPolicyIconAdded,
+		iam_es_model.LabelPolicyIconRemoved, model.LabelPolicyIconRemoved,
+		iam_es_model.LabelPolicyLogoDarkAdded, model.LabelPolicyLogoDarkAdded,
+		iam_es_model.LabelPolicyLogoDarkRemoved, model.LabelPolicyLogoDarkRemoved,
+		iam_es_model.LabelPolicyIconDarkAdded, model.LabelPolicyIconDarkAdded,
+		iam_es_model.LabelPolicyIconDarkRemoved, model.LabelPolicyIconDarkRemoved,
+		iam_es_model.LabelPolicyFontAdded, model.LabelPolicyFontAdded,
+		iam_es_model.LabelPolicyFontRemoved, model.LabelPolicyFontRemoved:
+		policy, err = m.view.LabelPolicyByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
 		if err != nil {
 			return err
 		}
 		err = policy.AppendEvent(event)
+	case iam_es_model.LabelPolicyActivated, model.LabelPolicyActivated:
+		policy, err = m.view.LabelPolicyByAggregateIDAndState(event.AggregateID, int32(domain.LabelPolicyStatePreview))
+		if err != nil {
+			return err
+		}
+		go m.CleanUpBucket(policy)
+		err = policy.AppendEvent(event)
 	default:
 		return m.view.ProcessedLabelPolicySequence(event)
 	}
@@ -101,3 +124,27 @@ func (m *LabelPolicy) OnError(event *es_models.Event, err error) error {
 func (m *LabelPolicy) OnSuccess() error {
 	return spooler.HandleSuccess(m.view.UpdateLabelPolicySpoolerRunTimestamp)
 }
+
+func (p *LabelPolicy) CleanUpBucket(policy *iam_model.LabelPolicyView) {
+	if p.static == nil {
+		return
+	}
+	ctx := context.Background()
+	objects, err := p.static.ListObjectInfos(ctx, policy.AggregateID, domain.LabelPolicyPrefix+"/", false)
+	if err != nil {
+		return
+	}
+	for _, object := range objects {
+		if !deleteableObject(object, policy) {
+			continue
+		}
+		p.static.RemoveObject(ctx, policy.AggregateID, object.Key)
+	}
+}
+
+func deleteableObject(object *domain.AssetInfo, policy *iam_model.LabelPolicyView) bool {
+	if object.Key == policy.LogoURL || object.Key == policy.LogoDarkURL || object.Key == policy.IconURL || object.Key == policy.IconDarkURL || object.Key == policy.FontURL {
+		return false
+	}
+	return true
+}
--- a/internal/management/repository/eventsourcing/handler/user.go
+++ b/internal/management/repository/eventsourcing/handler/user.go
@@ -120,6 +120,8 @@ func (u *User) ProcessUser(event *es_models.Event) (err error) {
 		es_model.HumanProfileChanged,
 		es_model.HumanEmailChanged,
 		es_model.HumanEmailVerified,
+		es_model.HumanAvatarAdded,
+		es_model.HumanAvatarRemoved,
 		es_model.HumanPhoneChanged,
 		es_model.HumanPhoneVerified,
 		es_model.HumanPhoneRemoved,
--- a/internal/management/repository/eventsourcing/repository.go
+++ b/internal/management/repository/eventsourcing/repository.go
@@ -3,6 +3,7 @@ package eventsourcing
 import (
 	"github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/query"
+	"github.com/caos/zitadel/internal/static"

 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
@@ -31,7 +32,7 @@ type EsRepository struct {
 	view *mgmt_view.View
 }

-func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string, queries *query.Queries) (*EsRepository, error) {
+func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string, queries *query.Queries, staticStorage static.Storage) (*EsRepository, error) {

 	es, err := v1.Start(conf.Eventstore)
 	if err != nil {
@@ -47,7 +48,7 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string, querie
 		return nil, err
 	}

-	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults)
+	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults, staticStorage)

 	return &EsRepository{
 		spooler:       spool,
--- a/internal/management/repository/eventsourcing/spooler/spooler.go
+++ b/internal/management/repository/eventsourcing/spooler/spooler.go
@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/eventstore/v1"
+	"github.com/caos/zitadel/internal/static"

 	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	"github.com/caos/zitadel/internal/management/repository/eventsourcing/handler"
@@ -17,12 +18,12 @@ type SpoolerConfig struct {
 	Handlers              handler.Configs
 }

-func StartSpooler(c SpoolerConfig, es v1.Eventstore, view *view.View, sql *sql.DB, defaults systemdefaults.SystemDefaults) *spooler.Spooler {
+func StartSpooler(c SpoolerConfig, es v1.Eventstore, view *view.View, sql *sql.DB, defaults systemdefaults.SystemDefaults, staticStorage static.Storage) *spooler.Spooler {
 	spoolerConfig := spooler.Config{
 		Eventstore:        es,
 		Locker:            &locker{dbClient: sql},
 		ConcurrentWorkers: c.ConcurrentWorkers,
-		ViewHandlers:      handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, defaults),
+		ViewHandlers:      handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, defaults, staticStorage),
 	}
 	spool := spoolerConfig.New()
 	spool.Start()
--- a/internal/management/repository/eventsourcing/view/label_policies.go
+++ b/internal/management/repository/eventsourcing/view/label_policies.go
@@ -12,8 +12,8 @@ const (
 	labelPolicyTable = "management.label_policies"
 )

-func (v *View) LabelPolicyByAggregateID(aggregateID string) (*model.LabelPolicyView, error) {
-	return view.GetLabelPolicyByAggregateID(v.Db, labelPolicyTable, aggregateID)
+func (v *View) LabelPolicyByAggregateIDAndState(aggregateID string, state int32) (*model.LabelPolicyView, error) {
+	return view.GetLabelPolicyByAggregateIDAndState(v.Db, labelPolicyTable, aggregateID, state)
 }

 func (v *View) PutLabelPolicy(policy *model.LabelPolicyView, event *models.Event) error {
--- a/internal/management/repository/org.go
+++ b/internal/management/repository/org.go
@@ -48,5 +48,7 @@ type OrgRepository interface {
 	GetMailTexts(ctx context.Context) (*iam_model.MailTextsView, error)

 	GetLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error)
+	GetPreviewLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error)
 	GetDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error)
+	GetPreviewDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error)
 }