Project commands (#26)

* feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com>
2025-08-11 20:27:32 +00:00 · 2020-04-07 13:23:04 +02:00
parent 007fc9e9bd
commit c07ed83c41
61 changed files with 5259 additions and 3481 deletions
--- a/internal/api/auth/authorization.go
+++ b/internal/api/auth/authorization.go
@@ -19,11 +19,16 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID s
 		return nil, err
 	}

+	var perms []string
+	//TODO: Remove as soon as authentification is implemented
+	if CheckInternal(ctx) {
+		return ctx, nil
+	}
 	if requiredAuthOption.Permission == authenticated {
 		return ctx, nil
 	}

-	ctx, perms, err := getUserMethodPermissions(ctx, verifier, requiredAuthOption.Permission, authConfig)
+	ctx, perms, err = getUserMethodPermissions(ctx, verifier, requiredAuthOption.Permission, authConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -32,6 +37,7 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID s
 	if err != nil {
 		return nil, err
 	}
+
 	return ctx, nil
 }

--- a/internal/api/auth/context.go
+++ b/internal/api/auth/context.go
@@ -2,8 +2,11 @@ package auth

 import (
 	"context"
-
 	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/api"
+	grpc_util "github.com/caos/zitadel/internal/api/grpc"
+	"google.golang.org/grpc/metadata"
+	"strconv"
 )

 type key int
@@ -38,14 +41,21 @@ type TokenVerifier interface {
 }

 func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {
-	userID, clientID, agentID, err := verifyAccessToken(ctx, token, t)
-	if err != nil {
-		return nil, err
+	var userID, projectID, clientID, agentID string
+	//TODO: Remove as soon an authentification is implemented
+	if CheckInternal(ctx) {
+		userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)
+		projectID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
+		agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)
+	} else {
+		userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)
+		if err != nil {
+			return nil, err
+		}
+
+		projectID, err = t.GetProjectIDByClientID(ctx, clientID)
+		logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
 	}
-
-	projectID, err := t.GetProjectIDByClientID(ctx, clientID)
-	logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
-
 	return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
 }

@@ -58,3 +68,17 @@ func GetPermissionsFromCtx(ctx context.Context) []string {
 	ctxPermission, _ := ctx.Value(permissionsKey).([]string)
 	return ctxPermission
 }
+
+//TODO: Remove as soon an authentification is implemented
+func CheckInternal(ctx context.Context) bool {
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return false
+	}
+	v, ok := md[api.LoginKey]
+	if !ok {
+		return false
+	}
+	ok, _ = strconv.ParseBool(v[0])
+	return ok
+}
--- a/internal/api/auth/context_mock.go
+++ b/internal/api/auth/context_mock.go
@@ -0,0 +1,7 @@
+package auth
+
+import "context"
+
+func NewMockContext(orgID, userID string) context.Context {
+	return context.WithValue(nil, dataKey, CtxData{UserID: userID, OrgID: orgID})
+}
--- a/internal/api/auth/permissions_test.go
+++ b/internal/api/auth/permissions_test.go
@@ -16,7 +16,7 @@ type testVerifier struct {
 }

 func (v *testVerifier) VerifyAccessToken(ctx context.Context, token string) (string, string, string, error) {
-	return "", "", "", nil
+	return "userID", "clientID", "agentID", nil
 }

 func (v *testVerifier) ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error) {
--- a/internal/api/grpc/server/middleware/auth_interceptor.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor.go
@@ -19,11 +19,14 @@ func AuthorizationInterceptor(verifier auth.TokenVerifier, authConfig *auth.Conf
 			return handler(ctx, req)
 		}

-		authToken := grpc_util.GetAuthorizationHeader(ctx)
-		if authToken == "" {
-			return nil, status.Error(codes.Unauthenticated, "auth header missing")
+		authToken := ""
+		//TODO: Remoce check internal as soon as authentification is implemented
+		if !auth.CheckInternal(ctx) {
+			authToken = grpc_util.GetAuthorizationHeader(ctx)
+			if authToken == "" {
+				return nil, status.Error(codes.Unauthenticated, "auth header missing")
+			}
 		}
-
 		orgID := grpc_util.GetHeader(ctx, api.ZitadelOrgID)

 		ctx, err := auth.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt)
--- a/internal/api/header.go
+++ b/internal/api/header.go
@@ -9,4 +9,9 @@ const (
 	Origin         = "origin"

 	ZitadelOrgID = "x-zitadel-orgid"
+	//TODO: Remove as soon an authentification is implemented
+	ZitadelUserID   = "x-zitadel-userid"
+	ZitadelClientID = "x-zitadel-clientid"
+	ZitadelAgentID  = "x-zitadel-agentid"
+	LoginKey        = "x-zitadel-login"
 )