mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-24 00:28:18 +00:00
43fb3fd1a6
* fix: potential memory leak * feat(actions): possibility to parse json feat(actions): possibility to perform http calls * add query call * feat(api): list flow and trigger types fix(api): switch flow and trigger types to dynamic objects * fix(translations): add action translations * use `domain.FlowType` * localizers * localization * trigger types * options on `query.Action` * add functions for actions * feat: management api: add list flow and trigger (#4352) * console changes * cleanup * fix: wrong localization Co-authored-by: Max Peintner <max@caos.ch> * id token works * check if claims not nil * feat(actions): metadata api * refactor(actions): modules * fix: allow prerelease * fix: test * feat(actions): deny list for http hosts * feat(actions): deny list for http hosts * refactor: actions * fix: different error ids * fix: rename statusCode to status * Actions objects as options (#4418) * fix: rename statusCode to status * fix(actions): objects as options * fix(actions): objects as options * fix(actions): set fields * add http client to old actions * fix(actions): add log module * fix(actions): add user to context where possible * fix(actions): add user to ctx in external authorization/pre creation * fix(actions): query correct flow in claims * test: actions * fix(id-generator): panic if no machine id * tests * maybe this? * fix linting * refactor: improve code * fix: metadata and usergrant usage in actions * fix: appendUserGrant * fix: allowedToFail and timeout in action execution * fix: allowed to fail in token complement flow * docs: add action log claim * Update defaults.yaml * fix log claim * remove prerelease build Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com>
197 lines
4.5 KiB
Go
197 lines
4.5 KiB
Go
package actions
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/dop251/goja"
|
|
"github.com/zitadel/logging"
|
|
|
|
z_errs "github.com/zitadel/zitadel/internal/errors"
|
|
)
|
|
|
|
func WithHTTP(ctx context.Context) Option {
|
|
return func(c *runConfig) {
|
|
c.modules["zitadel/http"] = func(runtime *goja.Runtime, module *goja.Object) {
|
|
requireHTTP(ctx, &http.Client{Transport: new(transport)}, runtime, module)
|
|
}
|
|
}
|
|
}
|
|
|
|
type HTTP struct {
|
|
runtime *goja.Runtime
|
|
client *http.Client
|
|
}
|
|
|
|
func requireHTTP(ctx context.Context, client *http.Client, runtime *goja.Runtime, module *goja.Object) {
|
|
c := &HTTP{
|
|
client: client,
|
|
runtime: runtime,
|
|
}
|
|
o := module.Get("exports").(*goja.Object)
|
|
logging.OnError(o.Set("fetch", c.fetch(ctx))).Warn("unable to set module")
|
|
}
|
|
|
|
type fetchConfig struct {
|
|
Method string
|
|
Headers http.Header
|
|
Body io.Reader
|
|
}
|
|
|
|
var defaultFetchConfig = fetchConfig{
|
|
Method: http.MethodGet,
|
|
Headers: http.Header{
|
|
"Content-Type": []string{"application/json"},
|
|
"Accept": []string{"application/json"},
|
|
},
|
|
}
|
|
|
|
func (c *HTTP) fetchConfigFromArg(arg *goja.Object, config *fetchConfig) (err error) {
|
|
for _, key := range arg.Keys() {
|
|
switch key {
|
|
case "headers":
|
|
config.Headers = parseHeaders(arg.Get(key).ToObject(c.runtime))
|
|
case "method":
|
|
config.Method = arg.Get(key).String()
|
|
case "body":
|
|
body, err := arg.Get(key).ToObject(c.runtime).MarshalJSON()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
config.Body = bytes.NewReader(body)
|
|
default:
|
|
return z_errs.ThrowInvalidArgument(nil, "ACTIO-OfUeA", "key is invalid")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type response struct {
|
|
Body string
|
|
Status int
|
|
Headers map[string][]string
|
|
runtime *goja.Runtime
|
|
}
|
|
|
|
func (r *response) Json() goja.Value {
|
|
var val interface{}
|
|
|
|
if err := json.Unmarshal([]byte(r.Body), &val); err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return r.runtime.ToValue(val)
|
|
}
|
|
|
|
func (r *response) Text() goja.Value {
|
|
return r.runtime.ToValue(r.Body)
|
|
}
|
|
|
|
func (c *HTTP) fetch(ctx context.Context) func(call goja.FunctionCall) goja.Value {
|
|
return func(call goja.FunctionCall) goja.Value {
|
|
req := c.buildHTTPRequest(ctx, call.Arguments)
|
|
if deadline, ok := ctx.Deadline(); ok {
|
|
c.client.Timeout = time.Until(deadline)
|
|
}
|
|
|
|
res, err := c.client.Do(req)
|
|
if err != nil {
|
|
logging.WithError(err).Debug("call failed")
|
|
panic(err)
|
|
}
|
|
defer res.Body.Close()
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
if err != nil {
|
|
logging.WithError(err).Warn("unable to parse body")
|
|
panic("unable to read response body")
|
|
}
|
|
return c.runtime.ToValue(&response{Status: res.StatusCode, Body: string(body), runtime: c.runtime})
|
|
}
|
|
}
|
|
|
|
// the first argument has to be a string and is required
|
|
// the second agrument is optional and an object with the following fields possible:
|
|
// - `Headers`: map with string key and value of type string or string array
|
|
// - `Body`: json body of the request
|
|
// - `Method`: http method type
|
|
func (c *HTTP) buildHTTPRequest(ctx context.Context, args []goja.Value) (req *http.Request) {
|
|
if len(args) > 2 {
|
|
logging.WithFields("count", len(args)).Debug("more than 2 args provided")
|
|
panic("too many args")
|
|
}
|
|
|
|
if len(args) == 0 {
|
|
panic("no url provided")
|
|
}
|
|
|
|
config := defaultFetchConfig
|
|
var err error
|
|
if len(args) == 2 {
|
|
if err = c.fetchConfigFromArg(args[1].ToObject(c.runtime), &config); err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
req, err = http.NewRequestWithContext(ctx, config.Method, args[0].Export().(string), config.Body)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
req.Header = config.Headers
|
|
|
|
return req
|
|
}
|
|
|
|
func parseHeaders(headers *goja.Object) http.Header {
|
|
h := make(http.Header, len(headers.Keys()))
|
|
for _, k := range headers.Keys() {
|
|
header := headers.Get(k).Export()
|
|
var values []string
|
|
|
|
switch headerValue := header.(type) {
|
|
case string:
|
|
values = strings.Split(headerValue, ",")
|
|
case []any:
|
|
for _, v := range headerValue {
|
|
values = append(values, v.(string))
|
|
}
|
|
}
|
|
|
|
for _, v := range values {
|
|
h.Add(k, strings.TrimSpace(v))
|
|
}
|
|
}
|
|
return h
|
|
}
|
|
|
|
type transport struct{}
|
|
|
|
func (*transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
|
if httpConfig == nil {
|
|
return http.DefaultTransport.RoundTrip(req)
|
|
}
|
|
if isHostBlocked(httpConfig.DenyList, req.URL) {
|
|
return nil, z_errs.ThrowInvalidArgument(nil, "ACTIO-N72d0", "host is denied")
|
|
}
|
|
return http.DefaultTransport.RoundTrip(req)
|
|
}
|
|
|
|
func isHostBlocked(denyList []AddressChecker, address *url.URL) bool {
|
|
for _, blocked := range denyList {
|
|
if blocked.Matches(address.Hostname()) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
type AddressChecker interface {
|
|
Matches(string) bool
|
|
}
|