chore: move the go code into a subfolder

2025-08-12 11:37:32 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/repository/instance/policy_security.go
+++ b/apps/api/internal/repository/instance/policy_security.go
@@ -0,0 +1,88 @@
+package instance
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	securityPolicyPrefix       = "policy.security."
+	SecurityPolicySetEventType = instanceEventTypePrefix + securityPolicyPrefix + "set"
+)
+
+type SecurityPolicySetEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	// Enabled is a legacy field which was used before for Iframe Embedding.
+	// It is kept so older events can still be reduced.
+	Enabled               *bool     `json:"enabled,omitempty"`
+	EnableIframeEmbedding *bool     `json:"enable_iframe_embedding,omitempty"`
+	AllowedOrigins        *[]string `json:"allowedOrigins,omitempty"`
+	EnableImpersonation   *bool     `json:"enable_impersonation,omitempty"`
+}
+
+func NewSecurityPolicySetEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []SecurityPolicyChanges,
+) (*SecurityPolicySetEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound")
+	}
+	event := &SecurityPolicySetEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			SecurityPolicySetEventType,
+		),
+	}
+	for _, change := range changes {
+		change(event)
+	}
+	return event, nil
+}
+
+type SecurityPolicyChanges func(event *SecurityPolicySetEvent)
+
+func ChangeSecurityPolicyEnableIframeEmbedding(enabled bool) func(event *SecurityPolicySetEvent) {
+	return func(e *SecurityPolicySetEvent) {
+		e.EnableIframeEmbedding = &enabled
+	}
+}
+
+func ChangeSecurityPolicyAllowedOrigins(allowedOrigins []string) func(event *SecurityPolicySetEvent) {
+	return func(e *SecurityPolicySetEvent) {
+		if len(allowedOrigins) == 0 {
+			allowedOrigins = []string{}
+		}
+		e.AllowedOrigins = &allowedOrigins
+	}
+}
+
+func ChangeSecurityPolicyEnableImpersonation(enabled bool) func(event *SecurityPolicySetEvent) {
+	return func(e *SecurityPolicySetEvent) {
+		e.EnableImpersonation = &enabled
+	}
+}
+
+func (e *SecurityPolicySetEvent) Payload() interface{} {
+	return e
+}
+
+func (e *SecurityPolicySetEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func SecurityPolicySetEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	securityPolicyAdded := &SecurityPolicySetEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(securityPolicyAdded)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added")
+	}
+
+	return securityPolicyAdded, nil
+}