mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-23 16:27:35 +00:00
4980cd6a0c
* define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch>
92 lines
1.9 KiB
Go
92 lines
1.9 KiB
Go
package activity
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
http_utils "github.com/zitadel/zitadel/internal/api/http"
|
|
"github.com/zitadel/zitadel/internal/api/info"
|
|
)
|
|
|
|
const (
|
|
Activity = "activity"
|
|
)
|
|
|
|
type TriggerMethod int
|
|
|
|
const (
|
|
Unspecified TriggerMethod = iota
|
|
ResourceAPI
|
|
OIDCAccessToken
|
|
OIDCRefreshToken
|
|
SessionAPI
|
|
SAMLResponse
|
|
)
|
|
|
|
func (t TriggerMethod) String() string {
|
|
switch t {
|
|
case Unspecified:
|
|
return "unspecified"
|
|
case ResourceAPI:
|
|
return "resourceAPI"
|
|
case OIDCRefreshToken:
|
|
return "refreshToken"
|
|
case OIDCAccessToken:
|
|
return "accessToken"
|
|
case SessionAPI:
|
|
return "sessionAPI"
|
|
case SAMLResponse:
|
|
return "samlResponse"
|
|
default:
|
|
return "unknown"
|
|
}
|
|
}
|
|
|
|
func Trigger(ctx context.Context, orgID, userID string, trigger TriggerMethod) {
|
|
ai := info.ActivityInfoFromContext(ctx)
|
|
triggerLog(
|
|
authz.GetInstance(ctx).InstanceID(),
|
|
orgID,
|
|
userID,
|
|
http_utils.ComposedOrigin(ctx),
|
|
trigger,
|
|
ai.Method,
|
|
ai.Path,
|
|
ai.RequestMethod,
|
|
authz.GetCtxData(ctx).SystemMemberships != nil,
|
|
)
|
|
}
|
|
|
|
func TriggerWithContext(ctx context.Context, trigger TriggerMethod) {
|
|
ai := info.ActivityInfoFromContext(ctx)
|
|
// GRPC call the method is contained in the HTTP request path
|
|
method := ai.Path
|
|
triggerLog(
|
|
authz.GetInstance(ctx).InstanceID(),
|
|
authz.GetCtxData(ctx).OrgID,
|
|
authz.GetCtxData(ctx).UserID,
|
|
http_utils.ComposedOrigin(ctx),
|
|
trigger,
|
|
method,
|
|
"",
|
|
ai.RequestMethod,
|
|
authz.GetCtxData(ctx).SystemMemberships != nil,
|
|
)
|
|
}
|
|
|
|
func triggerLog(instanceID, orgID, userID, domain string, trigger TriggerMethod, method, path, requestMethod string, isSystemUser bool) {
|
|
logging.WithFields(
|
|
"instance", instanceID,
|
|
"org", orgID,
|
|
"user", userID,
|
|
"domain", domain,
|
|
"trigger", trigger.String(),
|
|
"method", method,
|
|
"path", path,
|
|
"requestMethod", requestMethod,
|
|
"isSystemUser", isSystemUser,
|
|
).Info(Activity)
|
|
}
|