chore: move the go code into a subfolder

2025-08-12 00:47:33 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/command/user_machine_key.go
+++ b/apps/api/internal/command/user_machine_key.go
@@ -0,0 +1,223 @@
+package command
+
+import (
+	"context"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/command/preparation"
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/repository/user"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type AddMachineKey struct {
+	Type            domain.AuthNKeyType
+	ExpirationDate  time.Time
+	PermissionCheck PermissionCheck
+}
+
+type MachineKey struct {
+	models.ObjectRoot
+	PermissionCheck PermissionCheck
+
+	KeyID          string
+	Type           domain.AuthNKeyType
+	ExpirationDate time.Time
+	PrivateKey     []byte
+	PublicKey      []byte
+}
+
+func NewMachineKey(resourceOwner string, userID string, expirationDate time.Time, keyType domain.AuthNKeyType) *MachineKey {
+	return &MachineKey{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID:   userID,
+			ResourceOwner: resourceOwner,
+		},
+		ExpirationDate: expirationDate,
+		Type:           keyType,
+	}
+}
+
+func (key *MachineKey) SetPublicKey(publicKey []byte) {
+	key.PublicKey = publicKey
+}
+func (key *MachineKey) SetPrivateKey(privateKey []byte) {
+	key.PrivateKey = privateKey
+}
+func (key *MachineKey) GetExpirationDate() time.Time {
+	return key.ExpirationDate
+}
+func (key *MachineKey) SetExpirationDate(t time.Time) {
+	key.ExpirationDate = t
+}
+
+func (key *MachineKey) Detail() ([]byte, error) {
+	if len(key.PrivateKey) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-sp2l2m", "Errors.Internal")
+	}
+	if key.Type == domain.AuthNKeyTypeJSON {
+		return domain.MachineKeyMarshalJSON(key.KeyID, key.PrivateKey, key.ExpirationDate, key.AggregateID)
+	}
+	return nil, zerrors.ThrowPreconditionFailed(nil, "KEY-dsg52", "Errors.Internal")
+}
+
+func (key *MachineKey) content() error {
+	if key.PermissionCheck == nil && key.ResourceOwner == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-kqpoix", "Errors.ResourceOwnerMissing")
+	}
+	if key.AggregateID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-xuiwk2", "Errors.User.UserIDMissing")
+	}
+	if key.KeyID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-0p2m1h", "Errors.IDMissing")
+	}
+	return nil
+}
+
+func (key *MachineKey) valid() (err error) {
+	if err := key.content(); err != nil {
+		return err
+	}
+	// If a key is supplied, it should be a valid public key
+	if len(key.PublicKey) > 0 {
+		if _, err := crypto.BytesToPublicKey(key.PublicKey); err != nil {
+			return zerrors.ThrowInvalidArgument(nil, "COMMAND-5F3h1", "Errors.User.Machine.Key.Invalid")
+		}
+	}
+	key.ExpirationDate, err = domain.ValidateExpirationDate(key.ExpirationDate)
+	return err
+}
+
+func (key *MachineKey) checkAggregate(ctx context.Context, filter preparation.FilterToQueryReducer) error {
+	if exists, err := ExistsUser(ctx, filter, key.AggregateID, key.ResourceOwner, true); err != nil || !exists {
+		return zerrors.ThrowPreconditionFailed(err, "COMMAND-bnipwm1", "Errors.User.NotFound")
+	}
+	return nil
+}
+
+func (c *Commands) AddUserMachineKey(ctx context.Context, machineKey *MachineKey) (_ *domain.ObjectDetails, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	if machineKey.KeyID == "" {
+		keyID, err := c.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+		machineKey.KeyID = keyID
+	}
+
+	validation := prepareAddUserMachineKey(machineKey, c.machineKeySize)
+	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
+	if err != nil {
+		return nil, err
+	}
+	events, err := c.eventstore.Push(ctx, cmds...)
+	if err != nil {
+		return nil, err
+	}
+	return &domain.ObjectDetails{
+		Sequence:      events[len(events)-1].Sequence(),
+		EventDate:     events[len(events)-1].CreatedAt(),
+		ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
+	}, nil
+}
+
+func prepareAddUserMachineKey(machineKey *MachineKey, keySize int) preparation.Validation {
+	return func() (_ preparation.CreateCommands, err error) {
+		if err := machineKey.valid(); err != nil {
+			return nil, err
+		}
+		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
+			ctx, span := tracing.NewSpan(ctx)
+			defer func() { span.EndWithError(err) }()
+
+			if err := machineKey.checkAggregate(ctx, filter); err != nil {
+				return nil, err
+			}
+			if len(machineKey.PublicKey) == 0 {
+				if err = domain.SetNewAuthNKeyPair(machineKey, keySize); err != nil {
+					return nil, err
+				}
+			}
+			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner, machineKey.PermissionCheck)
+			if err != nil {
+				return nil, err
+			}
+			if writeModel.Exists() {
+				return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-091mops", "Errors.User.Machine.Key.AlreadyExists")
+			}
+			return []eventstore.Command{
+				user.NewMachineKeyAddedEvent(
+					ctx,
+					UserAggregateFromWriteModel(&writeModel.WriteModel),
+					machineKey.KeyID,
+					machineKey.Type,
+					machineKey.ExpirationDate,
+					machineKey.PublicKey,
+				),
+			}, nil
+		}, nil
+	}
+}
+
+func (c *Commands) RemoveUserMachineKey(ctx context.Context, machineKey *MachineKey) (*domain.ObjectDetails, error) {
+	validation := prepareRemoveUserMachineKey(machineKey)
+	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
+	if err != nil {
+		return nil, err
+	}
+	events, err := c.eventstore.Push(ctx, cmds...)
+	if err != nil {
+		return nil, err
+	}
+	return &domain.ObjectDetails{
+		Sequence:      events[len(events)-1].Sequence(),
+		EventDate:     events[len(events)-1].CreatedAt(),
+		ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
+	}, nil
+}
+
+func prepareRemoveUserMachineKey(machineKey *MachineKey) preparation.Validation {
+	return func() (_ preparation.CreateCommands, err error) {
+		if err := machineKey.content(); err != nil {
+			return nil, err
+		}
+		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
+			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner, machineKey.PermissionCheck)
+			if err != nil {
+				return nil, err
+			}
+			if !writeModel.Exists() {
+				return nil, zerrors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.Machine.Key.NotFound")
+			}
+			return []eventstore.Command{
+				user.NewMachineKeyRemovedEvent(
+					ctx,
+					UserAggregateFromWriteModel(&writeModel.WriteModel),
+					machineKey.KeyID,
+				),
+			}, nil
+		}, nil
+	}
+}
+
+func getMachineKeyWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, keyID, resourceOwner string, permissionCheck PermissionCheck) (_ *MachineKeyWriteModel, err error) {
+	writeModel := NewMachineKeyWriteModel(userID, keyID, resourceOwner)
+	events, err := filter(ctx, writeModel.Query())
+	if err != nil {
+		return nil, err
+	}
+	writeModel.AppendEvents(events...)
+	err = writeModel.Reduce()
+	if permissionCheck != nil {
+		if err := permissionCheck(writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
+			return nil, err
+		}
+	}
+	return writeModel, err
+}