mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:47:33 +00:00
fix: move activity log to queries and remove old code (#3096)
* move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse
This commit is contained in:
Livio Amstutz
@@ -1,9 +1,7 @@
|
||||
package authz
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/authz/repository"
|
||||
"github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
sd "github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
@@ -13,6 +11,6 @@ type Config struct {
|
||||
Repository eventsourcing.Config
|
||||
}
|
||||
|
||||
func Start(ctx context.Context, config Config, authZ authz.Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (*eventsourcing.EsRepository, error) {
|
||||
return eventsourcing.Start(config.Repository, authZ, systemDefaults, queries)
|
||||
func Start(config Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (repository.Repository, error) {
|
||||
return eventsourcing.Start(config.Repository, systemDefaults, queries)
|
||||
}
|
||||
|
||||
@@ -14,9 +14,6 @@ import (
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view "github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
@@ -33,7 +30,7 @@ type TokenVerifierRepo struct {
|
||||
Query *query.Queries
|
||||
}
|
||||
|
||||
func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) {
|
||||
func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) {
|
||||
token, viewErr := repo.View.TokenByID(tokenID)
|
||||
if viewErr != nil && !caos_errs.IsNotFound(viewErr) {
|
||||
return nil, viewErr
|
||||
@@ -82,7 +79,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
|
||||
if len(splittedToken) != 2 {
|
||||
return "", "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-GDg3a", "invalid token")
|
||||
}
|
||||
token, err := repo.TokenByID(ctx, splittedToken[0], splittedToken[1])
|
||||
token, err := repo.tokenByID(ctx, splittedToken[0], splittedToken[1])
|
||||
if err != nil {
|
||||
return "", "", "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token")
|
||||
}
|
||||
@@ -237,7 +234,7 @@ func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName str
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
|
||||
iam, err := repo.getIAMByID(ctx)
|
||||
iam, err := repo.Query.IAMByID(ctx, domain.IAMID)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
@@ -261,23 +258,6 @@ func (r *TokenVerifierRepo) getUserEvents(ctx context.Context, userID string, se
|
||||
return r.Eventstore.FilterEvents(ctx, query)
|
||||
}
|
||||
|
||||
func (u *TokenVerifierRepo) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
|
||||
query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iam := &iam_es_model.IAM{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: domain.IAMID,
|
||||
},
|
||||
}
|
||||
err = es_sdk.Filter(ctx, u.Eventstore.FilterEvents, iam.AppendEvents, query)
|
||||
if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IAMToModel(iam), nil
|
||||
}
|
||||
|
||||
func (repo *TokenVerifierRepo) checkDefaultFeatures(ctx context.Context, requiredFeatures ...string) error {
|
||||
features, err := repo.Query.DefaultFeatures(ctx)
|
||||
if err != nil {
|
||||
|
||||
@@ -1,158 +0,0 @@
|
||||
package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view "github.com/caos/zitadel/internal/iam/repository/view"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
)
|
||||
|
||||
type UserGrantRepo struct {
|
||||
View *view.View
|
||||
IamID string
|
||||
IamProjectID string
|
||||
Auth authz.Config
|
||||
Eventstore v1.Eventstore
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) Health() error {
|
||||
return repo.View.Health()
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
|
||||
memberships, err := repo.searchUserMemberships(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userMembershipsToMemberships(memberships), nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) {
|
||||
memberships, err := repo.searchUserMemberships(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
permissions := &grant_model.Permissions{Permissions: []string{}}
|
||||
for _, membership := range memberships {
|
||||
for _, role := range membership.Roles {
|
||||
permissions = repo.mapRoleToPermission(permissions, membership, role)
|
||||
}
|
||||
}
|
||||
return permissions.Permissions, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) searchUserMemberships(ctx context.Context) ([]*user_view_model.UserMembershipView, error) {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
|
||||
Queries: []*user_model.UserMembershipSearchQuery{
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyUserID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.UserID,
|
||||
},
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyResourceOwner,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.OrgID,
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iamMemberships, iamCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
|
||||
Queries: []*user_model.UserMembershipSearchQuery{
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyUserID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.UserID,
|
||||
},
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyAggregateID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: repo.IamID,
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if orgCount == 0 && iamCount == 0 {
|
||||
return []*user_view_model.UserMembershipView{}, nil
|
||||
}
|
||||
return append(orgMemberships, iamMemberships...), nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
|
||||
if repo.IamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := repo.getIAMByID(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if iam.SetUpDone < domain.StepCount-1 {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-skiwS", "Setup not done")
|
||||
}
|
||||
repo.IamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) mapRoleToPermission(permissions *grant_model.Permissions, membership *user_view_model.UserMembershipView, role string) *grant_model.Permissions {
|
||||
for _, mapping := range repo.Auth.RolePermissionMappings {
|
||||
if mapping.Role == role {
|
||||
ctxID := ""
|
||||
if membership.MemberType == int32(user_model.MemberTypeProject) || membership.MemberType == int32(user_model.MemberTypeProjectGrant) {
|
||||
ctxID = membership.ObjectID
|
||||
}
|
||||
permissions.AppendPermissions(ctxID, mapping.Permissions...)
|
||||
}
|
||||
}
|
||||
return permissions
|
||||
}
|
||||
|
||||
func (u *UserGrantRepo) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
|
||||
query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iam := &iam_es_model.IAM{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: domain.IAMID,
|
||||
},
|
||||
}
|
||||
err = es_sdk.Filter(ctx, u.Eventstore.FilterEvents, iam.AppendEvents, query)
|
||||
if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IAMToModel(iam), nil
|
||||
}
|
||||
|
||||
func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
|
||||
return &authz.Membership{
|
||||
MemberType: authz.MemberType(membership.MemberType),
|
||||
AggregateID: membership.AggregateID,
|
||||
ObjectID: membership.ObjectID,
|
||||
Roles: membership.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
|
||||
result := make([]*authz.Membership, len(memberships))
|
||||
for i, m := range memberships {
|
||||
result[i] = userMembershipToMembership(m)
|
||||
}
|
||||
return result
|
||||
}
|
||||
@@ -0,0 +1,86 @@
|
||||
package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
)
|
||||
|
||||
type UserMembershipRepo struct {
|
||||
View *view.View
|
||||
}
|
||||
|
||||
func (repo *UserMembershipRepo) Health() error {
|
||||
return repo.View.Health()
|
||||
}
|
||||
|
||||
func (repo *UserMembershipRepo) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
|
||||
memberships, err := repo.searchUserMemberships(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userMembershipsToMemberships(memberships), nil
|
||||
}
|
||||
|
||||
func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context) ([]*user_view_model.UserMembershipView, error) {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
|
||||
Queries: []*user_model.UserMembershipSearchQuery{
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyUserID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.UserID,
|
||||
},
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyResourceOwner,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.OrgID,
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iamMemberships, iamCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
|
||||
Queries: []*user_model.UserMembershipSearchQuery{
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyUserID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: ctxData.UserID,
|
||||
},
|
||||
{
|
||||
Key: user_model.UserMembershipSearchKeyAggregateID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: domain.IAMID,
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if orgCount == 0 && iamCount == 0 {
|
||||
return []*user_view_model.UserMembershipView{}, nil
|
||||
}
|
||||
return append(orgMemberships, iamMemberships...), nil
|
||||
}
|
||||
|
||||
func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
|
||||
return &authz.Membership{
|
||||
MemberType: authz.MemberType(membership.MemberType),
|
||||
AggregateID: membership.AggregateID,
|
||||
ObjectID: membership.ObjectID,
|
||||
Roles: membership.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
|
||||
result := make([]*authz.Membership, len(memberships))
|
||||
for i, m := range memberships {
|
||||
result[i] = userMembershipToMembership(m)
|
||||
}
|
||||
return result
|
||||
}
|
||||
@@ -3,19 +3,17 @@ package eventsourcing
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/authz/repository"
|
||||
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/eventstore"
|
||||
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/spooler"
|
||||
authz_view "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
|
||||
sd "github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/config/types"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
es_spol "github.com/caos/zitadel/internal/eventstore/v1/spooler"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
@@ -26,11 +24,11 @@ type Config struct {
|
||||
|
||||
type EsRepository struct {
|
||||
spooler *es_spol.Spooler
|
||||
eventstore.UserGrantRepo
|
||||
eventstore.UserMembershipRepo
|
||||
eventstore.TokenVerifierRepo
|
||||
}
|
||||
|
||||
func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (*EsRepository, error) {
|
||||
func Start(conf Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (repository.Repository, error) {
|
||||
es, err := v1.Start(conf.Eventstore)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -56,16 +54,12 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, qu
|
||||
|
||||
return &EsRepository{
|
||||
spool,
|
||||
eventstore.UserGrantRepo{
|
||||
View: view,
|
||||
IamID: systemDefaults.IamID,
|
||||
Auth: authZ,
|
||||
Eventstore: es,
|
||||
eventstore.UserMembershipRepo{
|
||||
View: view,
|
||||
},
|
||||
eventstore.TokenVerifierRepo{
|
||||
TokenVerificationKey: keyAlgorithm,
|
||||
Eventstore: es,
|
||||
IAMID: systemDefaults.IamID,
|
||||
View: view,
|
||||
Query: queries,
|
||||
},
|
||||
@@ -73,7 +67,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, qu
|
||||
}
|
||||
|
||||
func (repo *EsRepository) Health(ctx context.Context) error {
|
||||
if err := repo.UserGrantRepo.Health(); err != nil {
|
||||
if err := repo.UserMembershipRepo.Health(); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
)
|
||||
import "context"
|
||||
|
||||
type Repository interface {
|
||||
Health(context.Context) error
|
||||
UserGrantRepository
|
||||
UserMembershipRepository
|
||||
TokenVerifierRepository
|
||||
}
|
||||
|
||||
@@ -5,7 +5,8 @@ import (
|
||||
)
|
||||
|
||||
type TokenVerifierRepository interface {
|
||||
VerifyAccessToken(ctx context.Context, appName string) (string, string, string, error)
|
||||
ProjectIDByClientID(ctx context.Context, clientID string) (string, error)
|
||||
ExistsOrg(ctx context.Context, orgID string) error
|
||||
VerifyAccessToken(ctx context.Context, tokenString, verifierClientID, projectID string) (userID string, agentID string, clientID, prefLang, resourceOwner string, err error)
|
||||
ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (projectID string, origins []string, err error)
|
||||
CheckOrgFeatures(ctx context.Context, orgID string, requiredFeatures ...string) error
|
||||
VerifierClientID(ctx context.Context, appName string) (clientID, projectID string, err error)
|
||||
}
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
)
|
||||
|
||||
type UserGrantRepository interface {
|
||||
ResolveGrants(ctx context.Context) (*authz.Grant, error)
|
||||
SearchMyZitadelPermissions(ctx context.Context) ([]string, error)
|
||||
}
|
||||
11
internal/authz/repository/user_membership.go
Normal file
11
internal/authz/repository/user_membership.go
Normal file
@@ -0,0 +1,11 @@
|
||||
package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
)
|
||||
|
||||
type UserMembershipRepository interface {
|
||||
SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error)
|
||||
}
|
||||
Reference in New Issue
Block a user