mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-05 22:52:46 +00:00
3d071fc505
# Which Problems Are Solved ZITADEL currently selects the instance context based on a HTTP header (see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845 and checks it against the list of instance domains. Let's call it instance or API domain. For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in emails, ...) the requested domain (instance domain) will be used. Let's call it the public domain. In cases of proxied setups, all exposed domains (public domains) require the domain to be managed as instance domain. This can either be done using the "ExternalDomain" in the runtime config or via system API, which requires a validation through CustomerPortal on zitadel.cloud. # How the Problems Are Solved - Two new headers / header list are added: - `InstanceHostHeaders`: an ordered list (first sent wins), which will be used to match the instance. (For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader` and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked afterwards as well) - `PublicHostHeaders`: an ordered list (first sent wins), which will be used as public host / domain. This will be checked against a list of trusted domains on the instance. - The middleware intercepts all requests to the API and passes a `DomainCtx` object with the hosts and protocol into the context (previously only a computed `origin` was passed) - HTTP / GRPC server do not longer try to match the headers to instances themself, but use the passed `http.DomainContext` in their interceptors. - The `RequestedHost` and `RequestedDomain` from authz.Instance are removed in favor of the `http.DomainContext` - When authenticating to or signing out from Console UI, the current `http.DomainContext(ctx).Origin` (already checked by instance interceptor for validity) is used to compute and dynamically add a `redirect_uri` and `post_logout_redirect_uri`. - Gateway passes all configured host headers (previously only did `x-zitadel-*`) - Admin API allows to manage trusted domain # Additional Changes None # Additional Context - part of #8279 - open topics: - "single-instance" mode - Console UI
127 lines
14 KiB
Go
127 lines
14 KiB
Go
package instance
|
|
|
|
import (
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
)
|
|
|
|
func init() {
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DefaultOrgSetEventType, DefaultOrgSetMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, ProjectSetEventType, ProjectSetMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, ConsoleSetEventType, ConsoleSetMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DefaultLanguageSetEventType, DefaultLanguageSetMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SecretGeneratorAddedEventType, SecretGeneratorAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SecretGeneratorChangedEventType, SecretGeneratorChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SecretGeneratorRemovedEventType, SecretGeneratorRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigAddedEventType, SMTPConfigAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigChangedEventType, SMTPConfigChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigActivatedEventType, SMTPConfigActivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigDeactivatedEventType, SMTPConfigDeactivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigPasswordChangedEventType, SMTPConfigPasswordChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigRemovedEventType, SMTPConfigRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigTwilioAddedEventType, SMSConfigTwilioAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigTwilioChangedEventType, SMSConfigTwilioChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigTwilioTokenChangedEventType, SMSConfigTwilioTokenChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigActivatedEventType, SMSConfigActivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigDeactivatedEventType, SMSConfigDeactivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigRemovedEventType, SMSConfigRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderFileAddedEventType, DebugNotificationProviderFileAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderFileChangedEventType, DebugNotificationProviderFileChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderFileRemovedEventType, DebugNotificationProviderFileRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderLogAddedEventType, DebugNotificationProviderLogAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderLogChangedEventType, DebugNotificationProviderLogChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DebugNotificationProviderLogRemovedEventType, DebugNotificationProviderLogRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCSettingsAddedEventType, OIDCSettingsAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCSettingsChangedEventType, OIDCSettingsChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SecurityPolicySetEventType, SecurityPolicySetEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyAddedEventType, LabelPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyChangedEventType, LabelPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyActivatedEventType, LabelPolicyActivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyLogoAddedEventType, LabelPolicyLogoAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyLogoRemovedEventType, LabelPolicyLogoRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyIconAddedEventType, LabelPolicyIconAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyIconRemovedEventType, LabelPolicyIconRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyLogoDarkAddedEventType, LabelPolicyLogoDarkAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyLogoDarkRemovedEventType, LabelPolicyLogoDarkRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyIconDarkAddedEventType, LabelPolicyIconDarkAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyIconDarkRemovedEventType, LabelPolicyIconDarkRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyFontAddedEventType, LabelPolicyFontAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyFontRemovedEventType, LabelPolicyFontRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LabelPolicyAssetsRemovedEventType, LabelPolicyAssetsRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyAddedEventType, LoginPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyChangedEventType, LoginPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DomainPolicyAddedEventType, DomainPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, DomainPolicyChangedEventType, DomainPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PasswordAgePolicyAddedEventType, PasswordAgePolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PasswordAgePolicyChangedEventType, PasswordAgePolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PasswordComplexityPolicyAddedEventType, PasswordComplexityPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LockoutPolicyAddedEventType, LockoutPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LockoutPolicyChangedEventType, LockoutPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PrivacyPolicyAddedEventType, PrivacyPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, PrivacyPolicyChangedEventType, PrivacyPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MemberAddedEventType, MemberAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MemberChangedEventType, MemberChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MemberRemovedEventType, MemberRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MemberCascadeRemovedEventType, MemberCascadeRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPConfigAddedEventType, IDPConfigAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPConfigChangedEventType, IDPConfigChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPConfigRemovedEventType, IDPConfigRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPConfigDeactivatedEventType, IDPConfigDeactivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPConfigReactivatedEventType, IDPConfigReactivatedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPOIDCConfigAddedEventType, IDPOIDCConfigAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPOIDCConfigChangedEventType, IDPOIDCConfigChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPJWTConfigAddedEventType, IDPJWTConfigAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPJWTConfigChangedEventType, IDPJWTConfigChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OAuthIDPAddedEventType, OAuthIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OAuthIDPChangedEventType, OAuthIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCIDPAddedEventType, OIDCIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCIDPChangedEventType, OIDCIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCIDPMigratedAzureADEventType, OIDCIDPMigratedAzureADEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, OIDCIDPMigratedGoogleEventType, OIDCIDPMigratedGoogleEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, JWTIDPAddedEventType, JWTIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, JWTIDPChangedEventType, JWTIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, AzureADIDPAddedEventType, AzureADIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, AzureADIDPChangedEventType, AzureADIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitHubIDPAddedEventType, GitHubIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitHubIDPChangedEventType, GitHubIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitHubEnterpriseIDPAddedEventType, GitHubEnterpriseIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitHubEnterpriseIDPChangedEventType, GitHubEnterpriseIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitLabIDPAddedEventType, GitLabIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitLabIDPChangedEventType, GitLabIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitLabSelfHostedIDPAddedEventType, GitLabSelfHostedIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GitLabSelfHostedIDPChangedEventType, GitLabSelfHostedIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GoogleIDPAddedEventType, GoogleIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, GoogleIDPChangedEventType, GoogleIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LDAPIDPAddedEventType, LDAPIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LDAPIDPChangedEventType, LDAPIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, AppleIDPAddedEventType, AppleIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, AppleIDPChangedEventType, AppleIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SAMLIDPAddedEventType, SAMLIDPAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, SAMLIDPChangedEventType, SAMLIDPChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, IDPRemovedEventType, IDPRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyIDPProviderAddedEventType, IdentityProviderAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyIDPProviderRemovedEventType, IdentityProviderRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyIDPProviderCascadeRemovedEventType, IdentityProviderCascadeRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicySecondFactorAddedEventType, SecondFactorAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicySecondFactorRemovedEventType, SecondFactorRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyMultiFactorAddedEventType, MultiFactorAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, LoginPolicyMultiFactorRemovedEventType, MultiFactorRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MailTemplateAddedEventType, MailTemplateAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MailTemplateChangedEventType, MailTemplateChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MailTextAddedEventType, MailTextAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, MailTextChangedEventType, MailTextChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, CustomTextSetEventType, CustomTextSetEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, CustomTextRemovedEventType, CustomTextRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, CustomTextTemplateRemovedEventType, CustomTextTemplateRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceDomainAddedEventType, DomainAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceDomainPrimarySetEventType, DomainPrimarySetEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceDomainRemovedEventType, DomainRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceAddedEventType, InstanceAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceChangedEventType, InstanceChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, InstanceRemovedEventType, InstanceRemovedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyAddedEventType, NotificationPolicyAddedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper)
|
|
eventstore.RegisterFilterEventMapper(AggregateType, TrustedDomainAddedEventType, eventstore.GenericEventMapper[TrustedDomainAddedEvent])
|
|
eventstore.RegisterFilterEventMapper(AggregateType, TrustedDomainRemovedEventType, eventstore.GenericEventMapper[TrustedDomainRemovedEvent])
|
|
}
|