feat: exchange gRPC server implementation to connectRPC (#10145)

# Which Problems Are Solved The current maintained gRPC server in combination with a REST (grpc) gateway is getting harder and harder to maintain. Additionally, there have been and still are issues with supporting / displaying `oneOf`s correctly. We therefore decided to exchange the server implementation to connectRPC, which apart from supporting connect as protocol, also also "standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g. curl directly call the server without any additional gateway. # How the Problems Are Solved - All v2 services are moved to connectRPC implementation. (v1 services are still served as pure grpc servers) - All gRPC server interceptors were migrated / copied to a corresponding connectRPC interceptor. - API.ListGrpcServices and API. ListGrpcMethods were changed to include the connect services and endpoints. - gRPC server reflection was changed to a `StaticReflector` using the `ListGrpcServices` list. - The `grpc.Server` interfaces was split into different combinations to be able to handle the different cases (grpc server and prefixed gateway, connect server with grpc gateway, connect server only, ...) - Docs of services serving connectRPC only with no additional gateway (instance, webkey, project, app, org v2 beta) are changed to expose that - since the plugin is not yet available on buf, we download it using `postinstall` hook of the docs # Additional Changes - WebKey service is added as v2 service (in addition to the current v2beta) # Additional Context closes #9483 --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
2025-08-12 04:37:31 +00:00 · 2025-07-04 10:06:20 -04:00
parent 82cd1cee08
commit 9ebf2316c6
133 changed files with 5191 additions and 1187 deletions
--- a/internal/api/grpc/server/connect_middleware/access_interceptor.go
+++ b/internal/api/grpc/server/connect_middleware/access_interceptor.go
@@ -0,0 +1,57 @@
+package connect_middleware
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	http_util "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/logstore"
+	"github.com/zitadel/zitadel/internal/logstore/record"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func AccessStorageInterceptor(svc *logstore.Service[*record.AccessLog]) connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (_ connect.AnyResponse, err error) {
+			if !svc.Enabled() {
+				return handler(ctx, req)
+			}
+			resp, handlerErr := handler(ctx, req)
+
+			interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
+			defer func() { span.EndWithError(err) }()
+
+			var respStatus uint32
+			if code := connect.CodeOf(handlerErr); code != connect.CodeUnknown {
+				respStatus = uint32(code)
+			}
+
+			respHeader := http.Header{}
+			if resp != nil {
+				respHeader = resp.Header()
+			}
+			instance := authz.GetInstance(ctx)
+			domainCtx := http_util.DomainContext(ctx)
+
+			r := &record.AccessLog{
+				LogDate:         time.Now(),
+				Protocol:        record.GRPC,
+				RequestURL:      req.Spec().Procedure,
+				ResponseStatus:  respStatus,
+				RequestHeaders:  req.Header(),
+				ResponseHeaders: respHeader,
+				InstanceID:      instance.InstanceID(),
+				ProjectID:       instance.ProjectID(),
+				RequestedDomain: domainCtx.RequestedDomain(),
+				RequestedHost:   domainCtx.RequestedHost(),
+			}
+
+			svc.Handle(interceptorCtx, r)
+			return resp, handlerErr
+		}
+	}
+}