TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-04 23:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
zitadel/cmd/setup/config_change.go
Stefan Benz 7caa43ab23
feat: action v2 signing (#8779) 
# Which Problems Are Solved

The action v2 messages were didn't contain anything providing security
for the sent content.

# How the Problems Are Solved

Each Target now has a SigningKey, which can also be newly generated
through the API and returned at creation and through the Get-Endpoints.
There is now a HTTP header "Zitadel-Signature", which is generated with
the SigningKey and Payload, and also contains a timestamp to check with
a tolerance if the message took to long to sent.

# Additional Changes

The functionality to create and check the signature is provided in the
pkg/actions package, and can be reused in the SDK.

# Additional Context

Closes #7924

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-11-28 10:06:52 +00:00

72 lines
1.6 KiB
Go
Raw Permalink Blame History

package setup
import (
"context"
"github.com/zitadel/zitadel/internal/cache/connector"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/config/systemdefaults"
"github.com/zitadel/zitadel/internal/eventstore"
)
type externalConfigChange struct {
es *eventstore.Eventstore
ExternalDomain string `json:"externalDomain"`
ExternalSecure bool `json:"externalSecure"`
ExternalPort uint16 `json:"externalPort"`
currentExternalDomain string
currentExternalSecure bool
currentExternalPort uint16
defaults systemdefaults.SystemDefaults
}
func (mig *externalConfigChange) Check(lastRun map[string]interface{}) bool {
mig.currentExternalDomain, _ = lastRun["externalDomain"].(string)
externalPort, _ := lastRun["externalPort"].(float64)
mig.currentExternalPort = uint16(externalPort)
mig.currentExternalSecure, _ = lastRun["externalSecure"].(bool)
return mig.currentExternalSecure != mig.ExternalSecure ||
mig.currentExternalPort != mig.ExternalPort ||
mig.currentExternalDomain != mig.ExternalDomain
}
func (mig *externalConfigChange) Execute(ctx context.Context, _ eventstore.Event) error {
cmd, err := command.StartCommands(ctx,
mig.es,
connector.Connectors{},
mig.defaults,
nil,
nil,
nil,
mig.ExternalDomain,
mig.ExternalSecure,
mig.ExternalPort,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
0,
0,
0,
nil,
)
if err != nil {
return err
}
return cmd.ChangeSystemConfig(ctx, mig.currentExternalDomain, mig.currentExternalPort, mig.currentExternalSecure)
}
func (mig *externalConfigChange) String() string {
return "config_change"
}
Reference in New Issue View Git Blame Copy Permalink