TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-04 16:50:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: mitigate overload risk in processProject on user memberships (#2665)

Browse Source
This commit is contained in:
Livio Amstutz 2021-11-12 15:06:26 +01:00 committed by GitHub
parent 4fc2582b4c
commit cfdb8c3301
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/auth/repository/eventsourcing/handler/user_membership.go
View File

@ -2,11 +2,11 @@ package handler
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query" "github.com/caos/zitadel/internal/eventstore/v1/query"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk" es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
@ -245,17 +245,21 @@ func (m *UserMembership) fillProjectDisplayName(member *usr_es_model.UserMembers
} }
func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error { func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error {
project, err := m.getProjectByID(context.Background(), event.AggregateID) proj := new(proj_es_model.Project)
err := proj.SetData(event)
if err != nil { if err != nil {
return err return err
} }
if proj.Name == "" {
return m.view.ProcessedUserMembershipSequence(event)
}
memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID) memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID)
if err != nil { if err != nil {
return err return err
} }
for _, membership := range memberships { for _, membership := range memberships {
membership.DisplayName = project.Name membership.DisplayName = proj.Name
} }
return m.view.BulkPutUserMemberships(memberships, event) return m.view.BulkPutUserMemberships(memberships, event)
} }

10
internal/authz/repository/eventsourcing/handler/user_membership.go
View File

@ -2,11 +2,11 @@ package handler
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query" "github.com/caos/zitadel/internal/eventstore/v1/query"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk" es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
@ -244,17 +244,21 @@ func (m *UserMembership) fillProjectDisplayName(member *usr_es_model.UserMembers
} }
func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error { func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error {
project, err := m.getProjectByID(context.Background(), event.AggregateID) proj := new(proj_es_model.Project)
err := proj.SetData(event)
if err != nil { if err != nil {
return err return err
} }
if proj.Name == "" {
return m.view.ProcessedUserMembershipSequence(event)
}
memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID) memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID)
if err != nil { if err != nil {
return err return err
} }
for _, membership := range memberships { for _, membership := range memberships {
membership.DisplayName = project.Name membership.DisplayName = proj.Name
} }
return m.view.BulkPutUserMemberships(memberships, event) return m.view.BulkPutUserMemberships(memberships, event)
} }

15
internal/management/repository/eventsourcing/handler/user_membership.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
v1 "github.com/caos/zitadel/internal/eventstore/v1" v1 "github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
@ -165,10 +166,14 @@ func (m *UserMembership) fillOrgDisplayName(member *usr_es_model.UserMembershipV
} }
func (m *UserMembership) updateOrgDisplayName(event *es_models.Event) error { func (m *UserMembership) updateOrgDisplayName(event *es_models.Event) error {
org, err := m.getOrgByID(context.Background(), event.AggregateID) org := new(org_es_model.Org)
err := org.SetData(event)
if err != nil { if err != nil {
return err return err
} }
if org.Name == "" {
return m.view.ProcessedUserMembershipSequence(event)
}
memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID) memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID)
if err != nil { if err != nil {
@ -231,17 +236,21 @@ func (m *UserMembership) fillProjectDisplayName(member *usr_es_model.UserMembers
} }
func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error { func (m *UserMembership) updateProjectDisplayName(event *es_models.Event) error {
project, err := m.getProjectByID(context.Background(), event.AggregateID) proj := new(proj_es_model.Project)
err := proj.SetData(event)
if err != nil { if err != nil {
return err return err
} }
if proj.Name == "" {
return m.view.ProcessedUserMembershipSequence(event)
}
memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID) memberships, err := m.view.UserMembershipsByAggregateID(event.AggregateID)
if err != nil { if err != nil {
return err return err
} }
for _, membership := range memberships { for _, membership := range memberships {
membership.DisplayName = project.Name membership.DisplayName = proj.Name
} }
return m.view.BulkPutUserMemberships(memberships, event) return m.view.BulkPutUserMemberships(memberships, event)
} }

6
internal/org/repository/eventsourcing/model/org.go
View File

@ -87,12 +87,12 @@ func (o *Org) AppendEvents(events ...*es_models.Event) error {
func (o *Org) AppendEvent(event *es_models.Event) (err error) { func (o *Org) AppendEvent(event *es_models.Event) (err error) {
switch event.Type { switch event.Type {
case OrgAdded: case OrgAdded:
err = o.setData(event) err = o.SetData(event)
if err != nil { if err != nil {
return err return err
} }
case OrgChanged: case OrgChanged:
err = o.setData(event) err = o.SetData(event)
if err != nil { if err != nil {
return err return err
} }
@ -210,7 +210,7 @@ func (o *Org) AppendEvent(event *es_models.Event) (err error) {
return nil return nil
} }
func (o *Org) setData(event *es_models.Event) error { func (o *Org) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, o) err := json.Unmarshal(event.Data, o)
if err != nil { if err != nil {
return errors.ThrowInternal(err, "EVENT-BpbQZ", "unable to unmarshal event") return errors.ThrowInternal(err, "EVENT-BpbQZ", "unable to unmarshal event")