mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 11:27:33 +00:00
chore: move the go code into a subfolder
This commit is contained in:
Florian Forster
219
apps/api/internal/query/projection/key.go
Normal file
219
apps/api/internal/query/projection/key.go
Normal file
@@ -0,0 +1,219 @@
|
||||
package projection
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
||||
"github.com/zitadel/zitadel/internal/repository/instance"
|
||||
"github.com/zitadel/zitadel/internal/repository/keypair"
|
||||
"github.com/zitadel/zitadel/internal/zerrors"
|
||||
)
|
||||
|
||||
const (
|
||||
KeyProjectionTable = "projections.keys4"
|
||||
KeyPrivateTable = KeyProjectionTable + "_" + privateKeyTableSuffix
|
||||
KeyPublicTable = KeyProjectionTable + "_" + publicKeyTableSuffix
|
||||
CertificateTable = KeyProjectionTable + "_" + certificateTableSuffix
|
||||
|
||||
KeyColumnID = "id"
|
||||
KeyColumnCreationDate = "creation_date"
|
||||
KeyColumnChangeDate = "change_date"
|
||||
KeyColumnResourceOwner = "resource_owner"
|
||||
KeyColumnInstanceID = "instance_id"
|
||||
KeyColumnSequence = "sequence"
|
||||
KeyColumnAlgorithm = "algorithm"
|
||||
KeyColumnUse = "use"
|
||||
|
||||
privateKeyTableSuffix = "private"
|
||||
KeyPrivateColumnID = "id"
|
||||
KeyPrivateColumnInstanceID = "instance_id"
|
||||
KeyPrivateColumnExpiry = "expiry"
|
||||
KeyPrivateColumnKey = "key"
|
||||
|
||||
publicKeyTableSuffix = "public"
|
||||
KeyPublicColumnID = "id"
|
||||
KeyPublicColumnInstanceID = "instance_id"
|
||||
KeyPublicColumnExpiry = "expiry"
|
||||
KeyPublicColumnKey = "key"
|
||||
|
||||
certificateTableSuffix = "certificate"
|
||||
CertificateColumnID = "id"
|
||||
CertificateColumnInstanceID = "instance_id"
|
||||
CertificateColumnExpiry = "expiry"
|
||||
CertificateColumnCertificate = "certificate"
|
||||
)
|
||||
|
||||
type keyProjection struct {
|
||||
encryptionAlgorithm crypto.EncryptionAlgorithm
|
||||
certEncryptionAlgorithm crypto.EncryptionAlgorithm
|
||||
}
|
||||
|
||||
func newKeyProjection(ctx context.Context, config handler.Config, keyEncryptionAlgorithm, certEncryptionAlgorithm crypto.EncryptionAlgorithm) *handler.Handler {
|
||||
p := &keyProjection{
|
||||
encryptionAlgorithm: keyEncryptionAlgorithm,
|
||||
certEncryptionAlgorithm: certEncryptionAlgorithm,
|
||||
}
|
||||
return handler.NewHandler(ctx, &config, p)
|
||||
}
|
||||
|
||||
func (*keyProjection) Name() string {
|
||||
return KeyProjectionTable
|
||||
}
|
||||
|
||||
func (*keyProjection) Init() *old_handler.Check {
|
||||
return handler.NewMultiTableCheck(
|
||||
handler.NewTable([]*handler.InitColumn{
|
||||
handler.NewColumn(KeyColumnID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyColumnCreationDate, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(KeyColumnChangeDate, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(KeyColumnResourceOwner, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyColumnSequence, handler.ColumnTypeInt64),
|
||||
handler.NewColumn(KeyColumnAlgorithm, handler.ColumnTypeText, handler.Default("")),
|
||||
handler.NewColumn(KeyColumnUse, handler.ColumnTypeEnum, handler.Default(0)),
|
||||
},
|
||||
handler.NewPrimaryKey(KeyColumnInstanceID, KeyColumnID),
|
||||
),
|
||||
handler.NewSuffixedTable([]*handler.InitColumn{
|
||||
handler.NewColumn(KeyPrivateColumnID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyPrivateColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyPrivateColumnExpiry, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(KeyPrivateColumnKey, handler.ColumnTypeJSONB),
|
||||
},
|
||||
handler.NewPrimaryKey(KeyPrivateColumnInstanceID, KeyPrivateColumnID),
|
||||
privateKeyTableSuffix,
|
||||
handler.WithForeignKey(handler.NewForeignKeyOfPublicKeys()),
|
||||
),
|
||||
handler.NewSuffixedTable([]*handler.InitColumn{
|
||||
handler.NewColumn(KeyPublicColumnID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyPublicColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(KeyPublicColumnExpiry, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(KeyPublicColumnKey, handler.ColumnTypeBytes),
|
||||
},
|
||||
handler.NewPrimaryKey(KeyPublicColumnInstanceID, KeyPublicColumnID),
|
||||
publicKeyTableSuffix,
|
||||
handler.WithForeignKey(handler.NewForeignKeyOfPublicKeys()),
|
||||
),
|
||||
handler.NewSuffixedTable([]*handler.InitColumn{
|
||||
handler.NewColumn(CertificateColumnID, handler.ColumnTypeText),
|
||||
handler.NewColumn(CertificateColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(CertificateColumnExpiry, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(CertificateColumnCertificate, handler.ColumnTypeBytes),
|
||||
},
|
||||
handler.NewPrimaryKey(CertificateColumnInstanceID, CertificateColumnID),
|
||||
certificateTableSuffix,
|
||||
handler.WithForeignKey(handler.NewForeignKeyOfPublicKeys()),
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
func (p *keyProjection) Reducers() []handler.AggregateReducer {
|
||||
return []handler.AggregateReducer{
|
||||
{
|
||||
Aggregate: keypair.AggregateType,
|
||||
EventReducers: []handler.EventReducer{
|
||||
{
|
||||
Event: keypair.AddedEventType,
|
||||
Reduce: p.reduceKeyPairAdded,
|
||||
},
|
||||
{
|
||||
Event: keypair.AddedCertificateEventType,
|
||||
Reduce: p.reduceCertificateAdded,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Aggregate: instance.AggregateType,
|
||||
EventReducers: []handler.EventReducer{
|
||||
{
|
||||
Event: instance.InstanceRemovedEventType,
|
||||
Reduce: reduceInstanceRemovedHelper(KeyColumnInstanceID),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (p *keyProjection) reduceKeyPairAdded(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, ok := event.(*keypair.AddedEvent)
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAbr2", "reduce.wrong.event.type %s", keypair.AddedEventType)
|
||||
}
|
||||
if e.PrivateKey.Expiry.Before(time.Now()) && e.PublicKey.Expiry.Before(time.Now()) {
|
||||
return handler.NewNoOpStatement(e), nil
|
||||
}
|
||||
creates := []func(eventstore.Event) handler.Exec{
|
||||
handler.AddCreateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(KeyColumnID, e.Aggregate().ID),
|
||||
handler.NewCol(KeyColumnCreationDate, e.CreationDate()),
|
||||
handler.NewCol(KeyColumnChangeDate, e.CreationDate()),
|
||||
handler.NewCol(KeyColumnResourceOwner, e.Aggregate().ResourceOwner),
|
||||
handler.NewCol(KeyColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(KeyColumnSequence, e.Sequence()),
|
||||
handler.NewCol(KeyColumnAlgorithm, e.Algorithm),
|
||||
handler.NewCol(KeyColumnUse, e.Usage),
|
||||
},
|
||||
),
|
||||
}
|
||||
if e.PrivateKey.Expiry.After(time.Now()) {
|
||||
creates = append(creates, handler.AddCreateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(KeyPrivateColumnID, e.Aggregate().ID),
|
||||
handler.NewCol(KeyPrivateColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(KeyPrivateColumnExpiry, e.PrivateKey.Expiry),
|
||||
handler.NewCol(KeyPrivateColumnKey, e.PrivateKey.Key),
|
||||
},
|
||||
handler.WithTableSuffix(privateKeyTableSuffix),
|
||||
))
|
||||
}
|
||||
if e.PublicKey.Expiry.After(time.Now()) {
|
||||
publicKey, err := crypto.Decrypt(e.PublicKey.Key, p.encryptionAlgorithm)
|
||||
if err != nil {
|
||||
return nil, zerrors.ThrowInternal(err, "HANDL-DAg2f", "cannot decrypt public key")
|
||||
}
|
||||
creates = append(creates, handler.AddCreateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(KeyPublicColumnID, e.Aggregate().ID),
|
||||
handler.NewCol(KeyPublicColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(KeyPublicColumnExpiry, e.PublicKey.Expiry),
|
||||
handler.NewCol(KeyPublicColumnKey, publicKey),
|
||||
},
|
||||
handler.WithTableSuffix(publicKeyTableSuffix),
|
||||
))
|
||||
}
|
||||
|
||||
return handler.NewMultiStatement(e, creates...), nil
|
||||
}
|
||||
|
||||
func (p *keyProjection) reduceCertificateAdded(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, ok := event.(*keypair.AddedCertificateEvent)
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAbr09", "reduce.wrong.event.type %s", keypair.AddedCertificateEventType)
|
||||
}
|
||||
|
||||
if e.Certificate.Expiry.Before(time.Now()) {
|
||||
return handler.NewNoOpStatement(e), nil
|
||||
}
|
||||
|
||||
certificate, err := crypto.Decrypt(e.Certificate.Key, p.certEncryptionAlgorithm)
|
||||
if err != nil {
|
||||
return nil, zerrors.ThrowInternal(err, "HANDL-Dajwig2f", "cannot decrypt certificate")
|
||||
}
|
||||
|
||||
creates := []func(eventstore.Event) handler.Exec{handler.AddCreateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(CertificateColumnID, e.Aggregate().ID),
|
||||
handler.NewCol(CertificateColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(CertificateColumnExpiry, e.Certificate.Expiry),
|
||||
handler.NewCol(CertificateColumnCertificate, certificate),
|
||||
},
|
||||
handler.WithTableSuffix(certificateTableSuffix),
|
||||
)}
|
||||
|
||||
return handler.NewMultiStatement(e, creates...), nil
|
||||
}
|
||||
Reference in New Issue
Block a user