mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 07:07:32 +00:00
feat: Config to eventstore (#3158)
* feat: add default language to eventstore * feat: add secret generator configs events * feat: tests * feat: secret generators in eventstore * feat: secret generators in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * feat: smtp config in eventstore * fix: migrations * fix migration version * fix test * feat: change secret generator type to enum * feat: change smtp attribute names * feat: change smtp attribute names * feat: remove engryption algorithms from command side * feat: remove engryption algorithms from command side * feat: smtp config * feat: smtp config * format smtp from header Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -142,6 +142,9 @@ func startZitadel(config *startConfig) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot start eventstore for queries: %w", err)
|
||||
}
|
||||
smtpPasswordCrypto, err := crypto.NewAESCrypto(config.SystemDefaults.SMTPPasswordVerificationKey)
|
||||
logging.Log("MAIN-en9ew").OnError(err).Fatal("cannot create smtp crypto")
|
||||
|
||||
queries, err := query.StartQueries(ctx, eventstoreClient, dbClient, config.Projections.Config, config.SystemDefaults, config.Projections.KeyConfig, keyChan, config.InternalAuthZ.RolePermissionMappings)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot start queries: %w", err)
|
||||
@@ -156,12 +159,12 @@ func startZitadel(config *startConfig) error {
|
||||
Origin: http_util.BuildHTTP(config.ExternalDomain, config.ExternalPort, config.ExternalSecure),
|
||||
DisplayName: "ZITADEL",
|
||||
}
|
||||
commands, err := command.StartCommands(eventstoreClient, config.SystemDefaults, config.InternalAuthZ, storage, authZRepo, config.OIDC.KeyConfig, webAuthNConfig)
|
||||
commands, err := command.StartCommands(eventstoreClient, config.SystemDefaults, config.InternalAuthZ, storage, authZRepo, config.OIDC.KeyConfig, smtpPasswordCrypto, webAuthNConfig)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot start commands: %w", err)
|
||||
}
|
||||
|
||||
notification.Start(config.Notification, config.SystemDefaults, commands, queries, dbClient, assets.HandlerPrefix)
|
||||
notification.Start(config.Notification, config.SystemDefaults, commands, queries, dbClient, assets.HandlerPrefix, smtpPasswordCrypto)
|
||||
|
||||
router := mux.NewRouter()
|
||||
err = startAPIs(ctx, router, commands, queries, eventstoreClient, dbClient, keyChan, config, storage, authZRepo)
|
||||
@@ -181,9 +184,12 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
|
||||
}
|
||||
verifier := internal_authz.Start(repo)
|
||||
|
||||
apis := api.New(config.Port, router, &repo, config.InternalAuthZ, config.SystemDefaults, config.ExternalSecure)
|
||||
|
||||
authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, config.OIDC.KeyConfig, assets.HandlerPrefix)
|
||||
apis := api.New(config.Port, router, &repo, config.InternalAuthZ, config.ExternalSecure)
|
||||
userEncryptionAlgorithm, err := crypto.NewAESCrypto(config.SystemDefaults.UserVerificationKey)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
authRepo, err := auth_es.Start(config.Auth, config.SystemDefaults, commands, queries, dbClient, config.OIDC.KeyConfig, assets.HandlerPrefix, userEncryptionAlgorithm)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error starting auth repo: %w", err)
|
||||
}
|
||||
@@ -191,13 +197,13 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
|
||||
if err != nil {
|
||||
return fmt.Errorf("error starting admin repo: %w", err)
|
||||
}
|
||||
if err := apis.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, config.SystemDefaults.Domain, assets.HandlerPrefix)); err != nil {
|
||||
if err := apis.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, config.SystemDefaults.Domain, assets.HandlerPrefix, userEncryptionAlgorithm)); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := apis.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, assets.HandlerPrefix)); err != nil {
|
||||
if err := apis.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, assets.HandlerPrefix, userEncryptionAlgorithm)); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := apis.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, assets.HandlerPrefix)); err != nil {
|
||||
if err := apis.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, assets.HandlerPrefix, userEncryptionAlgorithm)); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -231,7 +237,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
|
||||
}
|
||||
apis.RegisterHandler(console.HandlerPrefix, c)
|
||||
|
||||
l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix, config.ExternalDomain, oidc.AuthCallback, config.ExternalSecure, userAgentInterceptor)
|
||||
l, err := login.CreateLogin(config.Login, commands, queries, authRepo, store, config.SystemDefaults, console.HandlerPrefix, config.ExternalDomain, oidc.AuthCallback, config.ExternalSecure, userAgentInterceptor, userEncryptionAlgorithm)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to start login: %w", err)
|
||||
}
|
||||
|
||||
@@ -141,6 +141,8 @@ SystemDefaults:
|
||||
EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
|
||||
IDPConfigVerificationKey:
|
||||
EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
|
||||
SMTPPasswordVerificationKey:
|
||||
EncryptionKeyID: $ZITADEL_SMTP_PASSWORD_VERIFICATION_KEY
|
||||
SecretGenerators:
|
||||
PasswordSaltCost: 14
|
||||
ClientSecretGenerator:
|
||||
@@ -197,7 +199,6 @@ SystemDefaults:
|
||||
MFAInitSkip: 720h #30d
|
||||
SecondFactorCheck: 18h
|
||||
MultiFactorCheck: 12h
|
||||
IamID: 'IAM'
|
||||
DomainVerification:
|
||||
VerificationKey:
|
||||
EncryptionKeyID: $ZITADEL_DOMAIN_VERIFICATION_KEY
|
||||
@@ -240,42 +241,6 @@ SystemDefaults:
|
||||
Url: $CHAT_URL
|
||||
# Compact: $CHAT_COMPACT
|
||||
SplitCount: 4000
|
||||
TemplateData:
|
||||
InitCode:
|
||||
Title: 'InitCode.Title'
|
||||
PreHeader: 'InitCode.PreHeader'
|
||||
Subject: 'InitCode.Subject'
|
||||
Greeting: 'InitCode.Greeting'
|
||||
Text: 'InitCode.Text'
|
||||
ButtonText: 'InitCode.ButtonText'
|
||||
PasswordReset:
|
||||
Title: 'PasswordReset.Title'
|
||||
PreHeader: 'PasswordReset.PreHeader'
|
||||
Subject: 'PasswordReset.Subject'
|
||||
Greeting: 'PasswordReset.Greeting'
|
||||
Text: 'PasswordReset.Text'
|
||||
ButtonText: 'PasswordReset.ButtonText'
|
||||
VerifyEmail:
|
||||
Title: 'VerifyEmail.Title'
|
||||
PreHeader: 'VerifyEmail.PreHeader'
|
||||
Subject: 'VerifyEmail.Subject'
|
||||
Greeting: 'VerifyEmail.Greeting'
|
||||
Text: 'VerifyEmail.Text'
|
||||
ButtonText: 'VerifyEmail.ButtonText'
|
||||
VerifyPhone:
|
||||
Title: 'VerifyPhone.Title'
|
||||
PreHeader: 'VerifyPhone.PreHeader'
|
||||
Subject: 'VerifyPhone.Subject'
|
||||
Greeting: 'VerifyPhone.Greeting'
|
||||
Text: 'VerifyPhone.Text'
|
||||
ButtonText: 'VerifyPhone.ButtonText'
|
||||
DomainClaimed:
|
||||
Title: 'DomainClaimed.Title'
|
||||
PreHeader: 'DomainClaimed.PreHeader'
|
||||
Subject: 'DomainClaimed.Subject'
|
||||
Greeting: 'DomainClaimed.Greeting'
|
||||
Text: 'DomainClaimed.Text'
|
||||
ButtonText: 'DomainClaimed.ButtonText'
|
||||
KeyConfig:
|
||||
Size: 2048
|
||||
PrivateKeyLifetime: 6h
|
||||
|
||||
Reference in New Issue
Block a user