TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 11:34:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
72bc3ffe14
zitadel/internal/query/event.go
Tim Möhlmann ba9b807854
perf(oidc): optimize the introspection endpoint (#6909) 
* get key by id and cache them

* userinfo from events for v2 tokens

* improve keyset caching

* concurrent token and client checks

* client and project in single query

* logging and otel

* drop owner_removed column on apps and authN tables

* userinfo and project roles in go routines

* get  oidc user info from projections and add actions

* add avatar URL

* some cleanup

* pull oidc work branch

* remove storage from server

* add config flag for experimental introspection

* legacy introspection flag

* drop owner_removed column on user projections

* drop owner_removed column on useer_metadata

* query userinfo unit test

* query introspection client test

* add user_grants to the userinfo query

* handle PAT scopes

* bring triggers back

* test instance keys query

* add userinfo unit tests

* unit test keys

* go mod tidy

* solve some bugs

* fix missing preferred login name

* do not run triggers in go routines, they seem to deadlock

* initialize the trigger handlers late with a sync.OnceValue

* Revert "do not run triggers in go routines, they seem to deadlock"

This reverts commit 2a03da2127.

* add missing translations

* chore: update go version for linting

* pin oidc version

* parse a global time location for query test

* fix linter complains

* upgrade go lint

* fix more linting issues

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2023-11-21 13:11:38 +01:00

144 lines
4.1 KiB
Go
Raw Blame History

package query
import (
"context"
"time"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/call"
"github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
)
type Event struct {
Editor *EventEditor
Aggregate *eventstore.Aggregate
Sequence uint64
CreationDate time.Time
Type string
Payload []byte
}
type EventEditor struct {
ID string
DisplayName string
Service string
PreferedLoginName string
AvatarKey string
}
type eventsReducer struct {
ctx context.Context
q *Queries
events []*Event
}
func (r *eventsReducer) AppendEvents(events ...eventstore.Event) {
r.events = append(r.events, r.q.convertEvents(r.ctx, events)...)
}
func (r *eventsReducer) Reduce() error { return nil }
func (q *Queries) SearchEvents(ctx context.Context, query *eventstore.SearchQueryBuilder) (_ []*Event, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
auditLogRetention := q.defaultAuditLogRetention
instanceLimits, err := q.Limits(ctx, authz.GetInstance(ctx).InstanceID())
if err != nil && !errors.IsNotFound(err) {
return nil, err
}
if instanceLimits != nil && instanceLimits.AuditLogRetention != nil {
auditLogRetention = *instanceLimits.AuditLogRetention
}
if auditLogRetention != 0 {
query = filterAuditLogRetention(ctx, auditLogRetention, query)
}
reducer := &eventsReducer{ctx: ctx, q: q}
if err = q.eventstore.FilterToReducer(ctx, query, reducer); err != nil {
return nil, err
}
return reducer.events, nil
}
func filterAuditLogRetention(ctx context.Context, auditLogRetention time.Duration, builder *eventstore.SearchQueryBuilder) *eventstore.SearchQueryBuilder {
callTime := call.FromContext(ctx)
if callTime.IsZero() {
callTime = time.Now()
}
oldestAllowed := callTime.Add(-auditLogRetention)
// The audit log retention time should overwrite the creation date after query only if it is older
// For example API calls should still be able to restrict the creation date after to a more recent date
if builder.GetCreationDateAfter().Before(oldestAllowed) {
return builder.CreationDateAfter(oldestAllowed)
}
return builder
}
func (q *Queries) SearchEventTypes(ctx context.Context) []string {
return q.eventstore.EventTypes()
}
func (q *Queries) SearchAggregateTypes(ctx context.Context) []string {
return q.eventstore.AggregateTypes()
}
func (q *Queries) convertEvents(ctx context.Context, events []eventstore.Event) []*Event {
result := make([]*Event, len(events))
users := make(map[string]*EventEditor)
for i, event := range events {
result[i] = q.convertEvent(ctx, event, users)
}
return result
}
func (q *Queries) convertEvent(ctx context.Context, event eventstore.Event, users map[string]*EventEditor) *Event {
ctx, span := tracing.NewSpan(ctx)
var err error
defer func() { span.EndWithError(err) }()
editor, ok := users[event.Creator()]
if !ok {
editor = q.editorUserByID(ctx, event.Creator())
users[event.Creator()] = editor
}
return &Event{
Editor: &EventEditor{
ID: event.Creator(),
Service: "zitadel",
DisplayName: editor.DisplayName,
PreferedLoginName: editor.PreferedLoginName,
AvatarKey: editor.AvatarKey,
},
Aggregate: event.Aggregate(),
Sequence: event.Sequence(),
CreationDate: event.CreatedAt(),
Type: string(event.Type()),
Payload: event.DataAsBytes(),
}
}
func (q *Queries) editorUserByID(ctx context.Context, userID string) *EventEditor {
user, err := q.GetUserByID(ctx, false, userID)
if err != nil {
return &EventEditor{ID: userID}
}
if user.Human != nil {
return &EventEditor{
ID: user.ID,
DisplayName: user.Human.DisplayName,
PreferedLoginName: user.PreferredLoginName,
AvatarKey: user.Human.AvatarKey,
}
} else if user.Machine != nil {
return &EventEditor{
ID: user.ID,
DisplayName: user.Machine.Name,
PreferedLoginName: user.PreferredLoginName,
}
}
return &EventEditor{ID: userID}
}
Reference in New Issue View Git Blame Copy Permalink