feat: return instance domains on list instances, fix: login policy and avatar url in oidc responses (#3785)

* feat: return instance domains on list instances * fix: filter login policy idps correctly * remove debug * fix: absolute avatar url in oidc responses
2025-08-12 07:47:32 +00:00 · 2022-06-08 13:46:24 +02:00
parent 0053cb2311
commit a377f2816c
11 changed files with 432 additions and 30 deletions
--- a/internal/api/grpc/instance/converter.go
+++ b/internal/api/grpc/instance/converter.go
@@ -23,8 +23,9 @@ func InstanceToPb(instance *query.Instance) *instance_pb.Instance {
 			instance.ChangeDate,
 			instance.InstanceID(),
 		),
-		Id:   instance.InstanceID(),
-		Name: instance.Name,
+		Id:      instance.InstanceID(),
+		Name:    instance.Name,
+		Domains: DomainsToPb(instance.Domains),
 	}
 }

--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -209,7 +209,7 @@ func (o *OPStorage) setUserinfo(ctx context.Context, userInfo oidc.UserInfoSette
 				userInfo.SetNickname(user.Human.NickName)
 				userInfo.SetGender(getGender(user.Human.Gender))
 				userInfo.SetLocale(user.Human.PreferredLanguage)
-				userInfo.SetPicture(domain.AvatarURL(o.assetAPIPrefix, user.ResourceOwner, user.Human.AvatarKey))
+				userInfo.SetPicture(domain.AvatarURL(o.assetAPIPrefix(ctx), user.ResourceOwner, user.Human.AvatarKey))
 			} else {
 				userInfo.SetName(user.Machine.Name)
 			}
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -70,7 +70,7 @@ type OPStorage struct {
 	defaultRefreshTokenExpiration     time.Duration
 	encAlg                            crypto.EncryptionAlgorithm
 	locker                            crdb.Locker
-	assetAPIPrefix                    string
+	assetAPIPrefix                    func(ctx context.Context) string
 }

 func NewProvider(ctx context.Context, config Config, defaultLogoutRedirectURI string, externalSecure bool, command *command.Commands, query *query.Queries, repo repository.Repository, encryptionAlg crypto.EncryptionAlgorithm, cryptoKey []byte, es *eventstore.Eventstore, projections *sql.DB, userAgentCookie, instanceHandler func(http.Handler) http.Handler) (op.OpenIDProvider, error) {
@@ -78,7 +78,7 @@ func NewProvider(ctx context.Context, config Config, defaultLogoutRedirectURI st
 	if err != nil {
 		return nil, caos_errs.ThrowInternal(err, "OIDC-EGrqd", "cannot create op config: %w")
 	}
-	storage := newStorage(config, command, query, repo, encryptionAlg, es, projections)
+	storage := newStorage(config, command, query, repo, encryptionAlg, es, projections, externalSecure)
 	options, err := createOptions(config, externalSecure, userAgentCookie, instanceHandler)
 	if err != nil {
 		return nil, caos_errs.ThrowInternal(err, "OIDC-D3gq1", "cannot create options: %w")
@@ -168,7 +168,7 @@ func customEndpoints(endpointConfig *EndpointConfig) []op.Option {
 	return options
 }

-func newStorage(config Config, command *command.Commands, query *query.Queries, repo repository.Repository, encAlg crypto.EncryptionAlgorithm, es *eventstore.Eventstore, projections *sql.DB) *OPStorage {
+func newStorage(config Config, command *command.Commands, query *query.Queries, repo repository.Repository, encAlg crypto.EncryptionAlgorithm, es *eventstore.Eventstore, projections *sql.DB, externalSecure bool) *OPStorage {
 	return &OPStorage{
 		repo:                              repo,
 		command:                           command,
@@ -182,7 +182,7 @@ func newStorage(config Config, command *command.Commands, query *query.Queries,
 		defaultRefreshTokenExpiration:     config.DefaultRefreshTokenExpiration,
 		encAlg:                            encAlg,
 		locker:                            crdb.NewLocker(projections, locksTable, signingKey),
-		assetAPIPrefix:                    assets.HandlerPrefix,
+		assetAPIPrefix:                    assets.AssetAPI(externalSecure),
 	}
 }