mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-21 23:37:31 +00:00
43fb3fd1a6
* fix: potential memory leak * feat(actions): possibility to parse json feat(actions): possibility to perform http calls * add query call * feat(api): list flow and trigger types fix(api): switch flow and trigger types to dynamic objects * fix(translations): add action translations * use `domain.FlowType` * localizers * localization * trigger types * options on `query.Action` * add functions for actions * feat: management api: add list flow and trigger (#4352) * console changes * cleanup * fix: wrong localization Co-authored-by: Max Peintner <max@caos.ch> * id token works * check if claims not nil * feat(actions): metadata api * refactor(actions): modules * fix: allow prerelease * fix: test * feat(actions): deny list for http hosts * feat(actions): deny list for http hosts * refactor: actions * fix: different error ids * fix: rename statusCode to status * Actions objects as options (#4418) * fix: rename statusCode to status * fix(actions): objects as options * fix(actions): objects as options * fix(actions): set fields * add http client to old actions * fix(actions): add log module * fix(actions): add user to context where possible * fix(actions): add user to ctx in external authorization/pre creation * fix(actions): query correct flow in claims * test: actions * fix(id-generator): panic if no machine id * tests * maybe this? * fix linting * refactor: improve code * fix: metadata and usergrant usage in actions * fix: appendUserGrant * fix: allowedToFail and timeout in action execution * fix: allowed to fail in token complement flow * docs: add action log claim * Update defaults.yaml * fix log claim * remove prerelease build Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com>
99 lines
1.9 KiB
Go
99 lines
1.9 KiB
Go
package actions
|
|
|
|
import (
|
|
"net"
|
|
"reflect"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
z_errs "github.com/zitadel/zitadel/internal/errors"
|
|
)
|
|
|
|
func SetHTTPConfig(config *HTTPConfig) {
|
|
httpConfig = config
|
|
}
|
|
|
|
var httpConfig *HTTPConfig
|
|
|
|
type HTTPConfig struct {
|
|
DenyList []AddressChecker
|
|
}
|
|
|
|
func HTTPConfigDecodeHook(from, to reflect.Value) (interface{}, error) {
|
|
if to.Type() != reflect.TypeOf(HTTPConfig{}) {
|
|
return from.Interface(), nil
|
|
}
|
|
|
|
config := struct {
|
|
DenyList []string
|
|
}{}
|
|
|
|
decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
WeaklyTypedInput: true,
|
|
Result: &config,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err = decoder.Decode(from.Interface()); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
c := HTTPConfig{
|
|
DenyList: make([]AddressChecker, len(config.DenyList)),
|
|
}
|
|
|
|
for i, entry := range config.DenyList {
|
|
if c.DenyList[i], err = parseDenyListEntry(entry); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
func parseDenyListEntry(entry string) (AddressChecker, error) {
|
|
if checker, err := NewIPChecker(entry); err == nil {
|
|
return checker, nil
|
|
}
|
|
return &DomainChecker{Domain: entry}, nil
|
|
}
|
|
|
|
func NewIPChecker(i string) (AddressChecker, error) {
|
|
_, network, err := net.ParseCIDR(i)
|
|
if err == nil {
|
|
return &IPChecker{Net: network}, nil
|
|
}
|
|
if ip := net.ParseIP(i); ip != nil {
|
|
return &IPChecker{IP: ip}, nil
|
|
}
|
|
return nil, z_errs.ThrowInvalidArgument(nil, "ACTIO-ddJ7h", "invalid ip")
|
|
}
|
|
|
|
type IPChecker struct {
|
|
Net *net.IPNet
|
|
IP net.IP
|
|
}
|
|
|
|
func (c *IPChecker) Matches(address string) bool {
|
|
ip := net.ParseIP(address)
|
|
if ip == nil {
|
|
return false
|
|
}
|
|
|
|
if c.IP != nil {
|
|
return c.IP.Equal(ip)
|
|
}
|
|
return c.Net.Contains(ip)
|
|
}
|
|
|
|
type DomainChecker struct {
|
|
Domain string
|
|
}
|
|
|
|
func (c *DomainChecker) Matches(domain string) bool {
|
|
//TODO: allow wild cards
|
|
return c.Domain == domain
|
|
}
|