mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-18 13:57:32 +00:00
c07ed83c41
* feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com>
85 lines
2.1 KiB
Go
85 lines
2.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"github.com/caos/logging"
|
|
"github.com/caos/zitadel/internal/api"
|
|
grpc_util "github.com/caos/zitadel/internal/api/grpc"
|
|
"google.golang.org/grpc/metadata"
|
|
"strconv"
|
|
)
|
|
|
|
type key int
|
|
|
|
var (
|
|
permissionsKey key
|
|
dataKey key
|
|
)
|
|
|
|
type CtxData struct {
|
|
UserID string
|
|
OrgID string
|
|
ProjectID string
|
|
AgentID string
|
|
}
|
|
|
|
func (ctxData CtxData) IsZero() bool {
|
|
return ctxData.UserID == "" || ctxData.OrgID == ""
|
|
}
|
|
|
|
type Grants []*Grant
|
|
|
|
type Grant struct {
|
|
OrgID string
|
|
Roles []string
|
|
}
|
|
|
|
type TokenVerifier interface {
|
|
VerifyAccessToken(ctx context.Context, token string) (string, string, string, error)
|
|
ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error)
|
|
GetProjectIDByClientID(ctx context.Context, clientID string) (string, error)
|
|
}
|
|
|
|
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {
|
|
var userID, projectID, clientID, agentID string
|
|
//TODO: Remove as soon an authentification is implemented
|
|
if CheckInternal(ctx) {
|
|
userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)
|
|
projectID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
|
|
agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)
|
|
} else {
|
|
userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
projectID, err = t.GetProjectIDByClientID(ctx, clientID)
|
|
logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
|
|
}
|
|
return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
|
|
}
|
|
|
|
func GetCtxData(ctx context.Context) CtxData {
|
|
ctxData, _ := ctx.Value(dataKey).(CtxData)
|
|
return ctxData
|
|
}
|
|
|
|
func GetPermissionsFromCtx(ctx context.Context) []string {
|
|
ctxPermission, _ := ctx.Value(permissionsKey).([]string)
|
|
return ctxPermission
|
|
}
|
|
|
|
//TODO: Remove as soon an authentification is implemented
|
|
func CheckInternal(ctx context.Context) bool {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return false
|
|
}
|
|
v, ok := md[api.LoginKey]
|
|
if !ok {
|
|
return false
|
|
}
|
|
ok, _ = strconv.ParseBool(v[0])
|
|
return ok
|
|
}
|