mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
ba9b807854
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
160 lines
4.3 KiB
Go
160 lines
4.3 KiB
Go
package object
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/dop251/goja"
|
|
|
|
"github.com/zitadel/zitadel/internal/actions"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
)
|
|
|
|
type UserGrants struct {
|
|
UserGrants []UserGrant
|
|
}
|
|
|
|
type UserGrant struct {
|
|
ProjectID string
|
|
ProjectGrantID string
|
|
Roles []string
|
|
}
|
|
|
|
type userGrantList struct {
|
|
Count uint64
|
|
Sequence uint64
|
|
Timestamp time.Time
|
|
Grants []*userGrant
|
|
}
|
|
|
|
type userGrant struct {
|
|
Id string
|
|
ProjectGrantId string
|
|
State domain.UserGrantState
|
|
UserGrantResourceOwner string
|
|
UserGrantResourceOwnerName string
|
|
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
Sequence uint64
|
|
|
|
UserId string
|
|
UserResourceOwner string
|
|
Roles []string
|
|
|
|
ProjectId string
|
|
ProjectName string
|
|
}
|
|
|
|
func AppendGrantFunc(userGrants *UserGrants) func(c *actions.FieldConfig) func(call goja.FunctionCall) goja.Value {
|
|
return func(c *actions.FieldConfig) func(call goja.FunctionCall) goja.Value {
|
|
return func(call goja.FunctionCall) goja.Value {
|
|
firstArg := objectFromFirstArgument(call, c.Runtime)
|
|
grant := UserGrant{}
|
|
mapObjectToGrant(firstArg, &grant)
|
|
userGrants.UserGrants = append(userGrants.UserGrants, grant)
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
|
|
func UserGrantsFromQuery(c *actions.FieldConfig, userGrants *query.UserGrants) goja.Value {
|
|
if userGrants == nil {
|
|
return c.Runtime.ToValue(nil)
|
|
}
|
|
grantList := &userGrantList{
|
|
Count: userGrants.Count,
|
|
Sequence: userGrants.Sequence,
|
|
Timestamp: userGrants.LastRun,
|
|
Grants: make([]*userGrant, len(userGrants.UserGrants)),
|
|
}
|
|
|
|
for i, grant := range userGrants.UserGrants {
|
|
grantList.Grants[i] = &userGrant{
|
|
Id: grant.ID,
|
|
ProjectGrantId: grant.GrantID,
|
|
State: grant.State,
|
|
CreationDate: grant.CreationDate,
|
|
ChangeDate: grant.ChangeDate,
|
|
Sequence: grant.Sequence,
|
|
UserId: grant.UserID,
|
|
Roles: grant.Roles,
|
|
UserResourceOwner: grant.UserResourceOwner,
|
|
UserGrantResourceOwner: grant.ResourceOwner,
|
|
UserGrantResourceOwnerName: grant.OrgName,
|
|
ProjectId: grant.ProjectID,
|
|
ProjectName: grant.ProjectName,
|
|
}
|
|
}
|
|
|
|
return c.Runtime.ToValue(grantList)
|
|
}
|
|
|
|
func UserGrantsFromSlice(c *actions.FieldConfig, userGrants []query.UserGrant) goja.Value {
|
|
if userGrants == nil {
|
|
return c.Runtime.ToValue(nil)
|
|
}
|
|
grantList := &userGrantList{
|
|
Count: uint64(len(userGrants)),
|
|
Grants: make([]*userGrant, len(userGrants)),
|
|
}
|
|
|
|
for i, grant := range userGrants {
|
|
grantList.Grants[i] = &userGrant{
|
|
Id: grant.ID,
|
|
ProjectGrantId: grant.GrantID,
|
|
State: grant.State,
|
|
CreationDate: grant.CreationDate,
|
|
ChangeDate: grant.ChangeDate,
|
|
Sequence: grant.Sequence,
|
|
UserId: grant.UserID,
|
|
Roles: grant.Roles,
|
|
UserResourceOwner: grant.UserResourceOwner,
|
|
UserGrantResourceOwner: grant.ResourceOwner,
|
|
UserGrantResourceOwnerName: grant.OrgName,
|
|
ProjectId: grant.ProjectID,
|
|
ProjectName: grant.ProjectName,
|
|
}
|
|
}
|
|
|
|
return c.Runtime.ToValue(grantList)
|
|
}
|
|
|
|
func UserGrantsToDomain(userID string, actionUserGrants []UserGrant) []*domain.UserGrant {
|
|
if actionUserGrants == nil {
|
|
return nil
|
|
}
|
|
userGrants := make([]*domain.UserGrant, len(actionUserGrants))
|
|
for i, grant := range actionUserGrants {
|
|
userGrants[i] = &domain.UserGrant{
|
|
UserID: userID,
|
|
ProjectID: grant.ProjectID,
|
|
ProjectGrantID: grant.ProjectGrantID,
|
|
RoleKeys: grant.Roles,
|
|
}
|
|
}
|
|
return userGrants
|
|
}
|
|
|
|
func mapObjectToGrant(object *goja.Object, grant *UserGrant) {
|
|
for _, key := range object.Keys() {
|
|
switch key {
|
|
case "projectId":
|
|
grant.ProjectID = object.Get(key).String()
|
|
case "projectGrantId":
|
|
grant.ProjectGrantID = object.Get(key).String()
|
|
case "roles":
|
|
if roles, ok := object.Get(key).Export().([]interface{}); ok {
|
|
for _, role := range roles {
|
|
if r, ok := role.(string); ok {
|
|
grant.Roles = append(grant.Roles, r)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if grant.ProjectID == "" {
|
|
panic("projectId not set")
|
|
}
|
|
}
|