mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 19:14:23 +00:00
4980cd6a0c
* define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch>
86 lines
2.1 KiB
Go
86 lines
2.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/assets"
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/api/grpc/server"
|
|
"github.com/zitadel/zitadel/internal/auth/repository"
|
|
"github.com/zitadel/zitadel/internal/auth/repository/eventsourcing"
|
|
"github.com/zitadel/zitadel/internal/command"
|
|
"github.com/zitadel/zitadel/internal/config/systemdefaults"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
"github.com/zitadel/zitadel/pkg/grpc/auth"
|
|
)
|
|
|
|
var _ auth.AuthServiceServer = (*Server)(nil)
|
|
|
|
const (
|
|
authName = "Auth-API"
|
|
)
|
|
|
|
type Server struct {
|
|
auth.UnimplementedAuthServiceServer
|
|
command *command.Commands
|
|
query *query.Queries
|
|
repo repository.Repository
|
|
defaults systemdefaults.SystemDefaults
|
|
assetsAPIDomain func(context.Context) string
|
|
userCodeAlg crypto.EncryptionAlgorithm
|
|
externalSecure bool
|
|
}
|
|
|
|
type Config struct {
|
|
Repository eventsourcing.Config
|
|
}
|
|
|
|
func CreateServer(command *command.Commands,
|
|
query *query.Queries,
|
|
authRepo repository.Repository,
|
|
defaults systemdefaults.SystemDefaults,
|
|
userCodeAlg crypto.EncryptionAlgorithm,
|
|
externalSecure bool,
|
|
) *Server {
|
|
return &Server{
|
|
command: command,
|
|
query: query,
|
|
repo: authRepo,
|
|
defaults: defaults,
|
|
assetsAPIDomain: assets.AssetAPI(externalSecure),
|
|
userCodeAlg: userCodeAlg,
|
|
externalSecure: externalSecure,
|
|
}
|
|
}
|
|
|
|
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
|
|
auth.RegisterAuthServiceServer(grpcServer, s)
|
|
}
|
|
|
|
func (s *Server) AppName() string {
|
|
return authName
|
|
}
|
|
|
|
func (s *Server) MethodPrefix() string {
|
|
return auth.AuthService_ServiceDesc.ServiceName
|
|
}
|
|
|
|
func (s *Server) AuthMethods() authz.MethodMapping {
|
|
return auth.AuthService_AuthMethods
|
|
}
|
|
|
|
func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
|
|
return auth.RegisterAuthServiceHandler
|
|
}
|
|
|
|
func (s *Server) GatewayPathPrefix() string {
|
|
return GatewayPathPrefix()
|
|
}
|
|
|
|
func GatewayPathPrefix() string {
|
|
return "/auth/v1"
|
|
}
|