TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-26 21:06:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0e17d0005a98ccbf92139961ef702ef03208ffd3
zitadel/internal/api/authz/instance.go
Livio Spring 7520450e11 fix: sanitize host headers before use 
# Which Problems Are Solved

Host headers used to identify the instance and further used in public responses such as OIDC discovery endpoints, email links and more were not correctly handled. While they were matched against existing instances, they were not properly sanitized.

# How the Problems Are Solved

Sanitize host header including port validation (if provided).

# Additional Changes

None

# Additional Context

- requires backports

(cherry picked from commit 72a5c33e6a)
2025-10-29 10:07:05 +01:00

164 lines
3.8 KiB
Go
Raw Blame History

package authz
import (
"context"
"time"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/execution/target"
"github.com/zitadel/zitadel/internal/feature"
)
var emptyInstance = &instance{}
type Instance interface {
InstanceID() string
ProjectID() string
ConsoleClientID() string
ConsoleApplicationID() string
DefaultLanguage() language.Tag
DefaultOrganisationID() string
SecurityPolicyAllowedOrigins() []string
EnableImpersonation() bool
Block() *bool
AuditLogRetention() *time.Duration
Features() feature.Features
ExecutionRouter() target.Router
}
type InstanceVerifier interface {
// InstanceByHost returns the instance for the given instanceDomain or publicDomain.
// Previously it used the host (hostname[:port]) to find the instance, but is now using the domain (hostname) only.
// For preventing issues in backports, the name of the method is not changed.
InstanceByHost(ctx context.Context, instanceDomain, publicDomain string) (Instance, error)
InstanceByID(ctx context.Context, id string) (Instance, error)
}
type instance struct {
id string
projectID string
appID string
clientID string
orgID string
defaultLanguage language.Tag
features feature.Features
executionTargets target.Router
}
func (i *instance) Block() *bool {
return nil
}
func (i *instance) AuditLogRetention() *time.Duration {
return nil
}
func (i *instance) InstanceID() string {
return i.id
}
func (i *instance) ProjectID() string {
return i.projectID
}
func (i *instance) ConsoleClientID() string {
return i.clientID
}
func (i *instance) ConsoleApplicationID() string {
return i.appID
}
func (i *instance) DefaultLanguage() language.Tag {
return i.defaultLanguage
}
func (i *instance) DefaultOrganisationID() string {
return i.orgID
}
func (i *instance) SecurityPolicyAllowedOrigins() []string {
return nil
}
func (i *instance) EnableImpersonation() bool {
return false
}
func (i *instance) Features() feature.Features {
return i.features
}
func (i *instance) ExecutionRouter() target.Router {
return i.executionTargets
}
func GetInstance(ctx context.Context) Instance {
instance, ok := ctx.Value(instanceKey).(Instance)
if !ok {
return emptyInstance
}
return instance
}
func GetFeatures(ctx context.Context) feature.Features {
return GetInstance(ctx).Features()
}
func WithInstance(ctx context.Context, instance Instance) context.Context {
return context.WithValue(ctx, instanceKey, instance)
}
func WithInstanceID(ctx context.Context, id string) context.Context {
return context.WithValue(ctx, instanceKey, &instance{id: id})
}
func WithDefaultLanguage(ctx context.Context, defaultLanguage language.Tag) context.Context {
i, ok := ctx.Value(instanceKey).(*instance)
if !ok {
i = new(instance)
}
i.defaultLanguage = defaultLanguage
return context.WithValue(ctx, instanceKey, i)
}
func WithConsole(ctx context.Context, projectID, appID string) context.Context {
i, ok := ctx.Value(instanceKey).(*instance)
if !ok {
i = new(instance)
}
i.projectID = projectID
i.appID = appID
return context.WithValue(ctx, instanceKey, i)
}
func WithConsoleClientID(ctx context.Context, clientID string) context.Context {
i, ok := ctx.Value(instanceKey).(*instance)
if !ok {
i = new(instance)
}
i.clientID = clientID
return context.WithValue(ctx, instanceKey, i)
}
func WithFeatures(ctx context.Context, f feature.Features) context.Context {
i, ok := ctx.Value(instanceKey).(*instance)
if !ok {
i = new(instance)
}
i.features = f
return context.WithValue(ctx, instanceKey, i)
}
func WithExecutionRouter(ctx context.Context, router target.Router) context.Context {
i, ok := ctx.Value(instanceKey).(*instance)
if !ok {
i = new(instance)
}
i.executionTargets = router
return context.WithValue(ctx, instanceKey, i)
}
Reference in New Issue View Git Blame Copy Permalink