mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-17 21:37:35 +00:00
04b4cd80b8
* feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * feat: add global view functions * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: use global sql config * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * fix: changes from mr * fix: add some tests * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix: try tests * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: query tests * fix: use prepare funcs * fix: go mod * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * fix: go tests * feat: add member funcs * feat: add member model * feat: add member events * feat: add member repo model * fix: better error func testing * fix: project member funcs * fix: add tests * fix: add tests * feat: implement member requests * fix: merge master * fix: merge master * fix: read existing in project repo * fix: fix tests * feat: add internal cache * feat: add cache mock * fix: return values of cache mock * feat: add project role * fix: add cache config * fix: add role to eventstore * fix: use eventstore sdk * fix: use eventstore sdk * fix: add project role grpc requests * fix: fix getby id * fix: changes for mr * fix: change value to interface * feat: add app event creations * fix: searchmethods * Update internal/project/model/project_member.go Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: use get project func * fix: append events * fix: check if value is string on equal ignore case * fix: add changes test * fix: add go mod * fix: add some tests * fix: return err not nil * fix: return err not nil * fix: add aggregate funcs and tests * fix: add oidc aggregate funcs and tests * fix: add oidc * fix: add some tests * fix: tests * fix: oidc validation * fix: generate client secret * fix: generate client id * fix: test change app * fix: deactivate/reactivate application * fix: change oidc config * fix: change oidc config secret * fix: implement grpc app funcs * fix: add application requests * fix: converter * fix: converter * fix: converter and generate clientid * fix: tests * fix: some fixes * feat: mr changes * fix: remove state converted * fix: add default oidc config * fix: use crypto pw generator * fix: rename responsetype * create GeneratorConfig and refactor some crypto.Generator code (#70) * Update internal/project/model/project_role.go Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: change objectroot id * fix: caos err id Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com>
180 lines
4.0 KiB
Go
180 lines
4.0 KiB
Go
package crypto
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"time"
|
|
|
|
"github.com/caos/zitadel/internal/config/types"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
)
|
|
|
|
var (
|
|
lowerLetters = []rune("abcdefghijklmnopqrstuvwxyz")
|
|
upperLetters = []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZ")
|
|
digits = []rune("0123456789")
|
|
symbols = []rune("~!@#$^&*()_+`-={}|[]:<>?,./")
|
|
)
|
|
|
|
type GeneratorConfig struct {
|
|
Length uint
|
|
Expiry types.Duration
|
|
IncludeLowerLetters bool
|
|
IncludeUpperLetters bool
|
|
IncludeDigits bool
|
|
IncludeSymbols bool
|
|
}
|
|
|
|
type Generator interface {
|
|
Length() uint
|
|
Expiry() time.Duration
|
|
Alg() Crypto
|
|
Runes() []rune
|
|
}
|
|
|
|
type generator struct {
|
|
length uint
|
|
expiry time.Duration
|
|
runes []rune
|
|
}
|
|
|
|
func (g *generator) Length() uint {
|
|
return g.length
|
|
}
|
|
|
|
func (g *generator) Expiry() time.Duration {
|
|
return g.expiry
|
|
}
|
|
|
|
func (g *generator) Runes() []rune {
|
|
return g.runes
|
|
}
|
|
|
|
type encryptionGenerator struct {
|
|
generator
|
|
alg EncryptionAlgorithm
|
|
}
|
|
|
|
func (g *encryptionGenerator) Alg() Crypto {
|
|
return g.alg
|
|
}
|
|
|
|
func NewEncryptionGenerator(config GeneratorConfig, algorithm EncryptionAlgorithm) Generator {
|
|
return &encryptionGenerator{
|
|
newGenerator(config),
|
|
algorithm,
|
|
}
|
|
}
|
|
|
|
type hashGenerator struct {
|
|
generator
|
|
alg HashAlgorithm
|
|
}
|
|
|
|
func (g *hashGenerator) Alg() Crypto {
|
|
return g.alg
|
|
}
|
|
|
|
func NewHashGenerator(config GeneratorConfig, algorithm HashAlgorithm) Generator {
|
|
return &hashGenerator{
|
|
newGenerator(config),
|
|
algorithm,
|
|
}
|
|
}
|
|
|
|
func newGenerator(config GeneratorConfig) generator {
|
|
var runes []rune
|
|
if config.IncludeLowerLetters {
|
|
runes = append(runes, lowerLetters...)
|
|
}
|
|
if config.IncludeUpperLetters {
|
|
runes = append(runes, upperLetters...)
|
|
}
|
|
if config.IncludeDigits {
|
|
runes = append(runes, digits...)
|
|
}
|
|
if config.IncludeSymbols {
|
|
runes = append(runes, symbols...)
|
|
}
|
|
return generator{
|
|
length: config.Length,
|
|
expiry: config.Expiry.Duration,
|
|
runes: runes,
|
|
}
|
|
}
|
|
|
|
func NewCode(g Generator) (*CryptoValue, string, error) {
|
|
code, err := generateRandomString(g.Length(), g.Runes())
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
crypto, err := Crypt([]byte(code), g.Alg())
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
return crypto, code, nil
|
|
}
|
|
|
|
func IsCodeExpired(creationDate time.Time, expiry time.Duration) bool {
|
|
if expiry == 0 {
|
|
return false
|
|
}
|
|
return creationDate.Add(expiry).Before(time.Now().UTC())
|
|
}
|
|
|
|
func VerifyCode(creationDate time.Time, expiry time.Duration, cryptoCode *CryptoValue, verificationCode string, g Generator) error {
|
|
if IsCodeExpired(creationDate, expiry) {
|
|
return errors.ThrowPreconditionFailed(nil, "CODE-QvUQ4P", "verification code is expired")
|
|
}
|
|
switch alg := g.Alg().(type) {
|
|
case EncryptionAlgorithm:
|
|
return verifyEncryptedCode(cryptoCode, verificationCode, alg)
|
|
case HashAlgorithm:
|
|
return verifyHashedCode(cryptoCode, verificationCode, alg)
|
|
}
|
|
return errors.ThrowInvalidArgument(nil, "CODE-fW2gNa", "generator alg is not supported")
|
|
}
|
|
|
|
func generateRandomString(length uint, chars []rune) (string, error) {
|
|
if length == 0 {
|
|
return "", nil
|
|
}
|
|
|
|
max := len(chars) - 1
|
|
maxStr := int(length - 1)
|
|
|
|
str := make([]rune, length)
|
|
randBytes := make([]byte, length)
|
|
if _, err := rand.Read(randBytes); err != nil {
|
|
return "", err
|
|
}
|
|
for i, rb := range randBytes {
|
|
str[i] = chars[int(rb)%max]
|
|
if i == maxStr {
|
|
return string(str), nil
|
|
}
|
|
}
|
|
return "", nil
|
|
}
|
|
|
|
func verifyEncryptedCode(cryptoCode *CryptoValue, verificationCode string, alg EncryptionAlgorithm) error {
|
|
if cryptoCode == nil {
|
|
return errors.ThrowInvalidArgument(nil, "CRYPT-aqrFV", "cryptoCode must not be nil")
|
|
}
|
|
code, err := DecryptString(cryptoCode, alg)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if code != verificationCode {
|
|
return errors.ThrowInvalidArgument(nil, "CODE-woT0xc", "verification code is invalid")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func verifyHashedCode(cryptoCode *CryptoValue, verificationCode string, alg HashAlgorithm) error {
|
|
if cryptoCode == nil {
|
|
return errors.ThrowInvalidArgument(nil, "CRYPT-2q3r", "cryptoCode must not be nil")
|
|
}
|
|
return CompareHash(cryptoCode, []byte(verificationCode), alg)
|
|
}
|