TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(oidc): optimize the introspection endpoint (#6909)

Browse Source 
* get key by id and cache them

* userinfo from events for v2 tokens

* improve keyset caching

* concurrent token and client checks

* client and project in single query

* logging and otel

* drop owner_removed column on apps and authN tables

* userinfo and project roles in go routines

* get  oidc user info from projections and add actions

* add avatar URL

* some cleanup

* pull oidc work branch

* remove storage from server

* add config flag for experimental introspection

* legacy introspection flag

* drop owner_removed column on user projections

* drop owner_removed column on useer_metadata

* query userinfo unit test

* query introspection client test

* add user_grants to the userinfo query

* handle PAT scopes

* bring triggers back

* test instance keys query

* add userinfo unit tests

* unit test keys

* go mod tidy

* solve some bugs

* fix missing preferred login name

* do not run triggers in go routines, they seem to deadlock

* initialize the trigger handlers late with a sync.OnceValue

* Revert "do not run triggers in go routines, they seem to deadlock"

This reverts commit 2a03da2127.

* add missing translations

* chore: update go version for linting

* pin oidc version

* parse a global time location for query test

* fix linter complains

* upgrade go lint

* fix more linting issues

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Tim Möhlmann
2023-11-21 14:11:38 +02:00
committed by GitHub
parent ad3563d58b
commit ba9b807854
103 changed files with 3528 additions and 808 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/grpc/admin/export.go
View File

@@ -549,7 +549,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
if err != nil {
return nil, nil, nil, nil, err
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, false)
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}})
if err != nil {
return nil, nil, nil, nil, err
}
@@ -630,7 +630,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
return nil, nil, nil, nil, err
}
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{userIDQuery, orgIDQuery}}, false)
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{userIDQuery, orgIDQuery}})
if err != nil {
return nil, nil, nil, nil, err
}
@@ -836,7 +836,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
if err != nil {
return nil, nil, nil, nil, nil, err
}
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{appIDQuery, projectIDQuery, orgIDQuery}}, false)
keys, err := s.query.SearchAuthNKeysData(ctx, &query.AuthNKeySearchQueries{Queries: []query.SearchQuery{appIDQuery, projectIDQuery, orgIDQuery}})
if err != nil {
return nil, nil, nil, nil, nil, err
}

2
internal/api/grpc/admin/org.go
View File

@@ -105,7 +105,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain str
if err != nil {
return nil, err
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, false)
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}})
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/email.go
View File

@@ -11,7 +11,7 @@ import (
)
func (s *Server) GetMyEmail(ctx context.Context, _ *auth_pb.GetMyEmailRequest) (*auth_pb.GetMyEmailResponse, error) {
email, err := s.query.GetHumanEmail(ctx, authz.GetCtxData(ctx).UserID, false)
email, err := s.query.GetHumanEmail(ctx, authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/phone.go
View File

@@ -11,7 +11,7 @@ import (
)
func (s *Server) GetMyPhone(ctx context.Context, _ *auth_pb.GetMyPhoneRequest) (*auth_pb.GetMyPhoneResponse, error) {
phone, err := s.query.GetHumanPhone(ctx, authz.GetCtxData(ctx).UserID, false)
phone, err := s.query.GetHumanPhone(ctx, authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/profile.go
View File

@@ -10,7 +10,7 @@ import (
)
func (s *Server) GetMyProfile(ctx context.Context, req *auth_pb.GetMyProfileRequest) (*auth_pb.GetMyProfileResponse, error) {
profile, err := s.query.GetHumanProfile(ctx, authz.GetCtxData(ctx).UserID, false)
profile, err := s.query.GetHumanProfile(ctx, authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}

2
internal/api/grpc/auth/user.go
View File

@@ -19,7 +19,7 @@ import (
)
func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*auth_pb.GetMyUserResponse, error) {
user, err := s.query.GetUserByID(ctx, true, authz.GetCtxData(ctx).UserID, false)
user, err := s.query.GetUserByID(ctx, true, authz.GetCtxData(ctx).UserID)
if err != nil {
return nil, err
}

2
internal/api/grpc/management/org.go
View File

@@ -329,7 +329,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, or
}
queries = append(queries, owner)
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, false)
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries})
if err != nil {
return nil, err
}

4
internal/api/grpc/management/project_application.go
View File

@@ -16,7 +16,7 @@ import (
)
func (s *Server) GetAppByID(ctx context.Context, req *mgmt_pb.GetAppByIDRequest) (*mgmt_pb.GetAppByIDResponse, error) {
app, err := s.query.AppByProjectAndAppID(ctx, true, req.ProjectId, req.AppId, false)
app, err := s.query.AppByProjectAndAppID(ctx, true, req.ProjectId, req.AppId)
if err != nil {
return nil, err
}
@@ -259,7 +259,7 @@ func (s *Server) GetAppKey(ctx context.Context, req *mgmt_pb.GetAppKeyRequest) (
if err != nil {
return nil, err
}
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, false, resourceOwner, aggregateID, objectID)
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, resourceOwner, aggregateID, objectID)
if err != nil {
return nil, err
}

16
internal/api/grpc/management/user.go
View File

@@ -31,7 +31,7 @@ func (s *Server) getUserByID(ctx context.Context, id string) (*query.User, error
if err != nil {
return nil, err
}
user, err := s.query.GetUserByID(ctx, true, id, false, owner)
user, err := s.query.GetUserByID(ctx, true, id, owner)
if err != nil {
return nil, err
}
@@ -53,7 +53,7 @@ func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetU
if err != nil {
return nil, err
}
user, err := s.query.GetUser(ctx, true, false, loginName)
user, err := s.query.GetUser(ctx, true, loginName)
if err != nil {
return nil, err
}
@@ -72,7 +72,7 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
if err != nil {
return nil, err
}
res, err := s.query.SearchUsers(ctx, queries, false)
res, err := s.query.SearchUsers(ctx, queries)
if err != nil {
return nil, err
}
@@ -128,7 +128,7 @@ func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequ
if !policy.UserLoginMustBeDomain {
orgID = ""
}
unique, err := s.query.IsUserUnique(ctx, req.UserName, req.Email, orgID, false)
unique, err := s.query.IsUserUnique(ctx, req.UserName, req.Email, orgID)
if err != nil {
return nil, err
}
@@ -406,7 +406,7 @@ func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfi
if err != nil {
return nil, err
}
profile, err := s.query.GetHumanProfile(ctx, req.UserId, false, owner)
profile, err := s.query.GetHumanProfile(ctx, req.UserId, owner)
if err != nil {
return nil, err
}
@@ -440,7 +440,7 @@ func (s *Server) GetHumanEmail(ctx context.Context, req *mgmt_pb.GetHumanEmailRe
if err != nil {
return nil, err
}
email, err := s.query.GetHumanEmail(ctx, req.UserId, false, owner)
email, err := s.query.GetHumanEmail(ctx, req.UserId, owner)
if err != nil {
return nil, err
}
@@ -506,7 +506,7 @@ func (s *Server) GetHumanPhone(ctx context.Context, req *mgmt_pb.GetHumanPhoneRe
if err != nil {
return nil, err
}
phone, err := s.query.GetHumanPhone(ctx, req.UserId, false, owner)
phone, err := s.query.GetHumanPhone(ctx, req.UserId, owner)
if err != nil {
return nil, err
}
@@ -753,7 +753,7 @@ func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachine
if err != nil {
return nil, err
}
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, false, resourceOwner, aggregateID)
key, err := s.query.GetAuthNKeyByID(ctx, true, req.KeyId, resourceOwner, aggregateID)
if err != nil {
return nil, err
}

4
internal/api/grpc/session/v2/session.go
View File

@@ -490,7 +490,7 @@ type userSearchByID struct {
}
func (u userSearchByID) search(ctx context.Context, q *query.Queries) (*query.User, error) {
return q.GetUserByID(ctx, true, u.id, false)
return q.GetUserByID(ctx, true, u.id)
}
type userSearchByLoginName struct {
@@ -498,5 +498,5 @@ type userSearchByLoginName struct {
}
func (u userSearchByLoginName) search(ctx context.Context, q *query.Queries) (*query.User, error) {
return q.GetUser(ctx, true, false, u.loginNameQuery)
return q.GetUser(ctx, true, u.loginNameQuery)
}

2
internal/api/grpc/user/v2/user.go
View File

@@ -360,7 +360,7 @@ func (s *Server) checkIntentToken(token string, intentID string) error {
}
func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *user.ListAuthenticationMethodTypesRequest) (*user.ListAuthenticationMethodTypesResponse, error) {
authMethods, err := s.query.ListActiveUserAuthMethodTypes(ctx, req.GetUserId(), false)
authMethods, err := s.query.ListActiveUserAuthMethodTypes(ctx, req.GetUserId())
if err != nil {
return nil, err
}