mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-21 07:17:39 +00:00
b5564572bc
This implementation increases parallel write capabilities of the eventstore. Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006). The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`. If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
97 lines
2.5 KiB
Go
97 lines
2.5 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
_ "embed"
|
|
errs "errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/api/call"
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
)
|
|
|
|
type AuthRequest struct {
|
|
ID string
|
|
CreationDate time.Time
|
|
LoginClient string
|
|
ClientID string
|
|
Scope []string
|
|
RedirectURI string
|
|
Prompt []domain.Prompt
|
|
UiLocales []string
|
|
LoginHint *string
|
|
MaxAge *time.Duration
|
|
HintUserID *string
|
|
}
|
|
|
|
func (a *AuthRequest) checkLoginClient(ctx context.Context) error {
|
|
if uid := authz.GetCtxData(ctx).UserID; uid != a.LoginClient {
|
|
return errors.ThrowPermissionDenied(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
//go:embed embed/auth_request_by_id.sql
|
|
var authRequestByIDQuery string
|
|
|
|
func (q *Queries) authRequestByIDQuery(ctx context.Context) string {
|
|
return fmt.Sprintf(authRequestByIDQuery, q.client.Timetravel(call.Took(ctx)))
|
|
}
|
|
|
|
func (q *Queries) AuthRequestByID(ctx context.Context, shouldTriggerBulk bool, id string, checkLoginClient bool) (_ *AuthRequest, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
if shouldTriggerBulk {
|
|
ctx, err = projection.AuthRequestProjection.Trigger(ctx, handler.WithAwaitRunning())
|
|
logging.OnError(err).Debug("trigger failed")
|
|
}
|
|
|
|
var (
|
|
scope database.TextArray[string]
|
|
prompt database.Array[domain.Prompt]
|
|
locales database.TextArray[string]
|
|
)
|
|
|
|
dst := new(AuthRequest)
|
|
err = q.client.QueryRowContext(
|
|
ctx,
|
|
func(row *sql.Row) error {
|
|
return row.Scan(
|
|
&dst.ID, &dst.CreationDate, &dst.LoginClient, &dst.ClientID, &scope, &dst.RedirectURI,
|
|
&prompt, &locales, &dst.LoginHint, &dst.MaxAge, &dst.HintUserID,
|
|
)
|
|
},
|
|
q.authRequestByIDQuery(ctx),
|
|
id, authz.GetInstance(ctx).InstanceID(),
|
|
)
|
|
if errs.Is(err, sql.ErrNoRows) {
|
|
return nil, errors.ThrowNotFound(err, "QUERY-Thee9", "Errors.AuthRequest.NotExisting")
|
|
}
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Ou8ue", "Errors.Internal")
|
|
}
|
|
|
|
dst.Scope = scope
|
|
dst.Prompt = prompt
|
|
dst.UiLocales = locales
|
|
|
|
if checkLoginClient {
|
|
if err = dst.checkLoginClient(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return dst, nil
|
|
}
|