mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:47:32 +00:00
fix(queries): authn keys (#2820)
* begin authn keys * single table for state change * add key type * begin authn keys query * query * tests * fix merge * remove wrong migration version * improve filter * Update projection.go * cleanup
This commit is contained in:
Livio Amstutz
@@ -15,8 +15,6 @@ import (
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
key_view_model "github.com/caos/zitadel/internal/key/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
"github.com/caos/zitadel/internal/user/model"
|
||||
usr_view "github.com/caos/zitadel/internal/user/repository/view"
|
||||
@@ -218,14 +216,6 @@ func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, li
|
||||
return changes, nil
|
||||
}
|
||||
|
||||
func (repo *UserRepo) MachineKeyByID(ctx context.Context, keyID string) (*key_model.AuthNKeyView, error) {
|
||||
key, err := repo.View.AuthNKeyByID(keyID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return key_view_model.AuthNKeyToModel(key), nil
|
||||
}
|
||||
|
||||
func (repo *UserRepo) SearchUsers(ctx context.Context, request *model.UserSearchRequest) (*model.UserSearchResponse, error) {
|
||||
sequence, sequenceErr := repo.View.GetLatestUserSequence()
|
||||
logging.Log("EVENT-Gdgsw").OnError(sequenceErr).Warn("could not read latest user sequence")
|
||||
|
||||
@@ -1,124 +0,0 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/eventstore/v1"
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/query"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
|
||||
key_model "github.com/caos/zitadel/internal/key/repository/view/model"
|
||||
proj_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
|
||||
user_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
)
|
||||
|
||||
const (
|
||||
authnKeysTable = "auth.authn_keys"
|
||||
)
|
||||
|
||||
type AuthNKeys struct {
|
||||
handler
|
||||
subscription *v1.Subscription
|
||||
}
|
||||
|
||||
func newAuthNKeys(handler handler) *AuthNKeys {
|
||||
h := &AuthNKeys{
|
||||
handler: handler,
|
||||
}
|
||||
|
||||
h.subscribe()
|
||||
|
||||
return h
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) subscribe() {
|
||||
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
|
||||
go func() {
|
||||
for event := range k.subscription.Events {
|
||||
query.ReduceEvent(k, event)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) ViewModel() string {
|
||||
return authnKeysTable
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) Subscription() *v1.Subscription {
|
||||
return k.subscription
|
||||
}
|
||||
|
||||
func (_ *AuthNKeys) AggregateTypes() []es_models.AggregateType {
|
||||
return []es_models.AggregateType{user_model.UserAggregate, proj_model.ProjectAggregate}
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) CurrentSequence() (uint64, error) {
|
||||
sequence, err := k.view.GetLatestAuthNKeySequence()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return sequence.CurrentSequence, nil
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) EventQuery() (*es_models.SearchQuery, error) {
|
||||
sequence, err := k.view.GetLatestAuthNKeySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(k.AggregateTypes()...).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) Reduce(event *es_models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case user_model.UserAggregate,
|
||||
proj_model.ProjectAggregate:
|
||||
err = k.processAuthNKeys(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) processAuthNKeys(event *es_models.Event) (err error) {
|
||||
key := new(key_model.AuthNKeyView)
|
||||
switch event.Type {
|
||||
case user_model.MachineKeyAdded,
|
||||
proj_model.ClientKeyAdded:
|
||||
err = key.AppendEvent(event)
|
||||
if key.ExpirationDate.Before(time.Now()) {
|
||||
return k.view.ProcessedAuthNKeySequence(event)
|
||||
}
|
||||
case user_model.MachineKeyRemoved:
|
||||
err = key.SetUserData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return k.view.DeleteAuthNKey(key.ID, event)
|
||||
case proj_model.ClientKeyRemoved:
|
||||
err = key.SetClientData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return k.view.DeleteAuthNKey(key.ID, event)
|
||||
case user_model.UserRemoved,
|
||||
proj_model.ApplicationRemoved:
|
||||
return k.view.DeleteAuthNKeysByObjectID(event.AggregateID, event)
|
||||
default:
|
||||
return k.view.ProcessedAuthNKeySequence(event)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return k.view.PutAuthNKey(key, event)
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) OnError(event *es_models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-S9fe", "id", event.AggregateID).WithError(err).Warn("something went wrong in authn key handler")
|
||||
return spooler.HandleError(event, err, k.view.GetLatestAuthNKeyFailedEvent, k.view.ProcessedAuthNKeyFailedEvent, k.view.ProcessedAuthNKeySequence, k.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (k *AuthNKeys) OnSuccess() error {
|
||||
return spooler.HandleSuccess(k.view.UpdateAuthNKeySpoolerRunTimestamp)
|
||||
}
|
||||
@@ -47,8 +47,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
|
||||
newUserGrant(
|
||||
handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount, es},
|
||||
systemDefaults.IamID),
|
||||
newAuthNKeys(
|
||||
handler{view, bulkLimit, configs.cycleDuration("MachineKey"), errorCount, es}),
|
||||
newIDPConfig(
|
||||
handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount, es}),
|
||||
newIDPProvider(
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
"github.com/caos/zitadel/internal/key/repository/view"
|
||||
"github.com/caos/zitadel/internal/key/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
authNKeyTable = "auth.authn_keys"
|
||||
)
|
||||
|
||||
func (v *View) AuthNKeyByIDs(userID, keyID string) (*model.AuthNKeyView, error) {
|
||||
return view.AuthNKeyByIDs(v.Db, authNKeyTable, userID, keyID)
|
||||
}
|
||||
|
||||
func (v *View) AuthNKeysByObjectID(objectID string) ([]*model.AuthNKeyView, error) {
|
||||
return view.AuthNKeysByObjectID(v.Db, authNKeyTable, objectID)
|
||||
}
|
||||
|
||||
func (v *View) AuthNKeyByID(keyID string) (*model.AuthNKeyView, error) {
|
||||
return view.AuthNKeyByID(v.Db, authNKeyTable, keyID)
|
||||
}
|
||||
|
||||
func (v *View) SearchAuthNKeys(request *key_model.AuthNKeySearchRequest) ([]*model.AuthNKeyView, uint64, error) {
|
||||
return view.SearchAuthNKeys(v.Db, authNKeyTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutAuthNKey(key *model.AuthNKeyView, event *models.Event) error {
|
||||
err := view.PutAuthNKey(v.Db, authNKeyTable, key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedAuthNKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteAuthNKey(keyID string, event *models.Event) error {
|
||||
err := view.DeleteAuthNKey(v.Db, authNKeyTable, keyID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedAuthNKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteAuthNKeysByObjectID(objectID string, event *models.Event) error {
|
||||
err := view.DeleteAuthNKey(v.Db, authNKeyTable, objectID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedAuthNKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestAuthNKeySequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(authNKeyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedAuthNKeySequence(event *models.Event) error {
|
||||
return v.saveCurrentSequence(authNKeyTable, event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateAuthNKeySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(authNKeyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestAuthNKeyFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
return v.latestFailedEvent(authNKeyTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedAuthNKeyFailedEvent(failedEvent *repository.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -5,8 +5,6 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/user/model"
|
||||
)
|
||||
|
||||
@@ -18,8 +16,6 @@ type UserRepository interface {
|
||||
UserByID(ctx context.Context, userID string) (*model.UserView, error)
|
||||
UserByLoginName(ctx context.Context, loginName string) (*model.UserView, error)
|
||||
|
||||
MachineKeyByID(ctx context.Context, keyID string) (*key_model.AuthNKeyView, error)
|
||||
|
||||
SearchUsers(ctx context.Context, request *model.UserSearchRequest) (*model.UserSearchResponse, error)
|
||||
|
||||
SearchUserMetadata(ctx context.Context, userID string) (*domain.MetadataSearchResponse, error)
|
||||
|
||||
Reference in New Issue
Block a user