mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
062d153cfe
* partial work done * test IAM membership roles * org membership tests * console :(, translations and docs * fix integration test * fix tests * add EnableImpersonation to security policy API * fix integration test timestamp checking * add security policy tests and fix projections * add impersonation setting in console * add security settings to the settings v2 API * fix typo * move impersonation to instance --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
149 lines
2.9 KiB
Go
149 lines
2.9 KiB
Go
package authz
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/feature"
|
|
)
|
|
|
|
var (
|
|
emptyInstance = &instance{}
|
|
)
|
|
|
|
type Instance interface {
|
|
InstanceID() string
|
|
ProjectID() string
|
|
ConsoleClientID() string
|
|
ConsoleApplicationID() string
|
|
RequestedDomain() string
|
|
RequestedHost() string
|
|
DefaultLanguage() language.Tag
|
|
DefaultOrganisationID() string
|
|
SecurityPolicyAllowedOrigins() []string
|
|
EnableImpersonation() bool
|
|
Block() *bool
|
|
AuditLogRetention() *time.Duration
|
|
Features() feature.Features
|
|
}
|
|
|
|
type InstanceVerifier interface {
|
|
InstanceByHost(ctx context.Context, host string) (Instance, error)
|
|
InstanceByID(ctx context.Context) (Instance, error)
|
|
}
|
|
|
|
type instance struct {
|
|
id string
|
|
domain string
|
|
projectID string
|
|
appID string
|
|
clientID string
|
|
orgID string
|
|
features feature.Features
|
|
}
|
|
|
|
func (i *instance) Block() *bool {
|
|
return nil
|
|
}
|
|
|
|
func (i *instance) AuditLogRetention() *time.Duration {
|
|
return nil
|
|
}
|
|
|
|
func (i *instance) InstanceID() string {
|
|
return i.id
|
|
}
|
|
|
|
func (i *instance) ProjectID() string {
|
|
return i.projectID
|
|
}
|
|
|
|
func (i *instance) ConsoleClientID() string {
|
|
return i.clientID
|
|
}
|
|
|
|
func (i *instance) ConsoleApplicationID() string {
|
|
return i.appID
|
|
}
|
|
|
|
func (i *instance) RequestedDomain() string {
|
|
return i.domain
|
|
}
|
|
|
|
func (i *instance) RequestedHost() string {
|
|
return i.domain
|
|
}
|
|
|
|
func (i *instance) DefaultLanguage() language.Tag {
|
|
return language.Und
|
|
}
|
|
|
|
func (i *instance) DefaultOrganisationID() string {
|
|
return i.orgID
|
|
}
|
|
|
|
func (i *instance) SecurityPolicyAllowedOrigins() []string {
|
|
return nil
|
|
}
|
|
|
|
func (i *instance) EnableImpersonation() bool {
|
|
return false
|
|
}
|
|
|
|
func (i *instance) Features() feature.Features {
|
|
return i.features
|
|
}
|
|
|
|
func GetInstance(ctx context.Context) Instance {
|
|
instance, ok := ctx.Value(instanceKey).(Instance)
|
|
if !ok {
|
|
return emptyInstance
|
|
}
|
|
return instance
|
|
}
|
|
|
|
func GetFeatures(ctx context.Context) feature.Features {
|
|
return GetInstance(ctx).Features()
|
|
}
|
|
|
|
func WithInstance(ctx context.Context, instance Instance) context.Context {
|
|
return context.WithValue(ctx, instanceKey, instance)
|
|
}
|
|
|
|
func WithInstanceID(ctx context.Context, id string) context.Context {
|
|
return context.WithValue(ctx, instanceKey, &instance{id: id})
|
|
}
|
|
|
|
func WithRequestedDomain(ctx context.Context, domain string) context.Context {
|
|
i, ok := ctx.Value(instanceKey).(*instance)
|
|
if !ok {
|
|
i = new(instance)
|
|
}
|
|
|
|
i.domain = domain
|
|
return context.WithValue(ctx, instanceKey, i)
|
|
}
|
|
|
|
func WithConsole(ctx context.Context, projectID, appID string) context.Context {
|
|
i, ok := ctx.Value(instanceKey).(*instance)
|
|
if !ok {
|
|
i = new(instance)
|
|
}
|
|
|
|
i.projectID = projectID
|
|
i.appID = appID
|
|
//i.clientID = clientID
|
|
return context.WithValue(ctx, instanceKey, i)
|
|
}
|
|
|
|
func WithFeatures(ctx context.Context, f feature.Features) context.Context {
|
|
i, ok := ctx.Value(instanceKey).(*instance)
|
|
if !ok {
|
|
i = new(instance)
|
|
}
|
|
i.features = f
|
|
return context.WithValue(ctx, instanceKey, i)
|
|
}
|