mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-13 08:28:31 +00:00
07ce3b6905
This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com>
132 lines
4.2 KiB
Go
132 lines
4.2 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"errors"
|
|
"time"
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
var (
|
|
oidcSettingsTable = table{
|
|
name: projection.OIDCSettingsProjectionTable,
|
|
instanceIDCol: projection.OIDCSettingsColumnInstanceID,
|
|
}
|
|
OIDCSettingsColumnAggregateID = Column{
|
|
name: projection.OIDCSettingsColumnAggregateID,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnCreationDate = Column{
|
|
name: projection.OIDCSettingsColumnCreationDate,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnChangeDate = Column{
|
|
name: projection.OIDCSettingsColumnChangeDate,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnResourceOwner = Column{
|
|
name: projection.OIDCSettingsColumnResourceOwner,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnInstanceID = Column{
|
|
name: projection.OIDCSettingsColumnInstanceID,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnSequence = Column{
|
|
name: projection.OIDCSettingsColumnSequence,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnAccessTokenLifetime = Column{
|
|
name: projection.OIDCSettingsColumnAccessTokenLifetime,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnIdTokenLifetime = Column{
|
|
name: projection.OIDCSettingsColumnIdTokenLifetime,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnRefreshTokenIdleExpiration = Column{
|
|
name: projection.OIDCSettingsColumnRefreshTokenIdleExpiration,
|
|
table: oidcSettingsTable,
|
|
}
|
|
OIDCSettingsColumnRefreshTokenExpiration = Column{
|
|
name: projection.OIDCSettingsColumnRefreshTokenExpiration,
|
|
table: oidcSettingsTable,
|
|
}
|
|
)
|
|
|
|
type OIDCSettings struct {
|
|
AggregateID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
Sequence uint64
|
|
|
|
AccessTokenLifetime time.Duration `json:"access_token_lifetime,omitempty"`
|
|
IdTokenLifetime time.Duration `json:"id_token_lifetime,omitempty"`
|
|
RefreshTokenIdleExpiration time.Duration `json:"refresh_token_idle_expiration,omitempty"`
|
|
RefreshTokenExpiration time.Duration `json:"refresh_token_expiration,omitempty"`
|
|
}
|
|
|
|
func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (settings *OIDCSettings, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
stmt, scan := prepareOIDCSettingsQuery()
|
|
query, args, err := stmt.Where(sq.Eq{
|
|
OIDCSettingsColumnAggregateID.identifier(): aggregateID,
|
|
OIDCSettingsColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
}).ToSql()
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment")
|
|
}
|
|
|
|
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
|
settings, err = scan(row)
|
|
return err
|
|
}, query, args...)
|
|
return settings, err
|
|
}
|
|
|
|
func prepareOIDCSettingsQuery() (sq.SelectBuilder, func(*sql.Row) (*OIDCSettings, error)) {
|
|
return sq.Select(
|
|
OIDCSettingsColumnAggregateID.identifier(),
|
|
OIDCSettingsColumnCreationDate.identifier(),
|
|
OIDCSettingsColumnChangeDate.identifier(),
|
|
OIDCSettingsColumnResourceOwner.identifier(),
|
|
OIDCSettingsColumnSequence.identifier(),
|
|
OIDCSettingsColumnAccessTokenLifetime.identifier(),
|
|
OIDCSettingsColumnIdTokenLifetime.identifier(),
|
|
OIDCSettingsColumnRefreshTokenIdleExpiration.identifier(),
|
|
OIDCSettingsColumnRefreshTokenExpiration.identifier()).
|
|
From(oidcSettingsTable.identifier()).
|
|
PlaceholderFormat(sq.Dollar),
|
|
func(row *sql.Row) (*OIDCSettings, error) {
|
|
oidcSettings := new(OIDCSettings)
|
|
err := row.Scan(
|
|
&oidcSettings.AggregateID,
|
|
&oidcSettings.CreationDate,
|
|
&oidcSettings.ChangeDate,
|
|
&oidcSettings.ResourceOwner,
|
|
&oidcSettings.Sequence,
|
|
&oidcSettings.AccessTokenLifetime,
|
|
&oidcSettings.IdTokenLifetime,
|
|
&oidcSettings.RefreshTokenIdleExpiration,
|
|
&oidcSettings.RefreshTokenExpiration,
|
|
)
|
|
if err != nil {
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
return nil, zerrors.ThrowNotFound(err, "QUERY-s9nlw", "Errors.OIDCSettings.NotFound")
|
|
}
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-9bf8s", "Errors.Internal")
|
|
}
|
|
return oidcSettings, nil
|
|
}
|
|
}
|