TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 20:08:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
efcb41398d
zitadel/internal/user/repository/view/model/refresh_token.go
Livio Spring fb162a7d75
fix(login): improve auth handlers (#7969) 
# Which Problems Are Solved

During the implementation of #7486 it was noticed, that projections in
the `auth` database schema could be blocked.
Investigations suggested, that this is due to the use of
[GORM](https://gorm.io/index.html) and it's inability to use an existing
(sql) transaction.
With the improved / simplified handling (see below) there should also be
a minimal improvement in performance, resp. reduced database update
statements.

# How the Problems Are Solved

The handlers in `auth` are exchanged to proper (sql) statements and gorm
usage is removed for any writing part.
To further improve / simplify the handling of the users, a new
`auth.users3` table is created, where only attributes are handled, which
are not yet available from the `projections.users`,
`projections.login_name` and `projections.user_auth_methods` do not
provide. This reduces the events handled in that specific handler by a
lot.

# Additional Changes

None

# Additional Context

relates to #7486
2024-05-22 15:26:02 +00:00

183 lines
6.7 KiB
Go
Raw Blame History

package model
import (
"time"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/eventstore"
user_repo "github.com/zitadel/zitadel/internal/repository/user"
usr_model "github.com/zitadel/zitadel/internal/user/model"
"github.com/zitadel/zitadel/internal/zerrors"
)
const (
RefreshTokenKeyTokenID = "id"
RefreshTokenKeyUserID = "user_id"
RefreshTokenKeyApplicationID = "application_id"
RefreshTokenKeyUserAgentID = "user_agent_id"
RefreshTokenKeyExpiration = "expiration"
RefreshTokenKeyResourceOwner = "resource_owner"
RefreshTokenKeyInstanceID = "instance_id"
RefreshTokenKeyCreationDate = "creation_date"
RefreshTokenKeyChangeDate = "change_date"
RefreshTokenKeySequence = "sequence"
RefreshTokenKeyActor = "actor"
RefreshTokenKeyAMR = "amr"
RefreshTokenKeyAuthTime = "auth_time"
RefreshTokenKeyAudience = "audience"
RefreshTokenKeyClientID = "client_id"
RefreshTokenKeyIdleExpiration = "idle_expiration"
RefreshTokenKeyScopes = "scopes"
RefreshTokenKeyToken = "token"
)
type RefreshTokenView struct {
ID string `json:"tokenId" gorm:"column:id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
ResourceOwner string `json:"-" gorm:"column:resource_owner"`
Token string `json:"-" gorm:"column:token"`
UserID string `json:"-" gorm:"column:user_id"`
ClientID string `json:"clientID" gorm:"column:client_id"`
UserAgentID string `json:"userAgentId" gorm:"column:user_agent_id"`
Audience database.TextArray[string] `json:"audience" gorm:"column:audience"`
Scopes database.TextArray[string] `json:"scopes" gorm:"column:scopes"`
AuthMethodsReferences database.TextArray[string] `json:"authMethodsReference" gorm:"column:amr"`
AuthTime time.Time `json:"authTime" gorm:"column:auth_time"`
IdleExpiration time.Time `json:"-" gorm:"column:idle_expiration"`
Expiration time.Time `json:"-" gorm:"column:expiration"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
InstanceID string `json:"instanceID" gorm:"column:instance_id;primary_key"`
Actor TokenActor `json:"actor" gorm:"column:actor"`
}
func RefreshTokenViewsToModel(tokens []*RefreshTokenView) []*usr_model.RefreshTokenView {
result := make([]*usr_model.RefreshTokenView, len(tokens))
for i, g := range tokens {
result[i] = RefreshTokenViewToModel(g)
}
return result
}
func RefreshTokenViewToModel(token *RefreshTokenView) *usr_model.RefreshTokenView {
return &usr_model.RefreshTokenView{
ID: token.ID,
CreationDate: token.CreationDate,
ChangeDate: token.ChangeDate,
ResourceOwner: token.ResourceOwner,
Token: token.Token,
UserID: token.UserID,
ClientID: token.ClientID,
UserAgentID: token.UserAgentID,
Audience: token.Audience,
Scopes: token.Scopes,
AuthMethodsReferences: token.AuthMethodsReferences,
AuthTime: token.AuthTime,
IdleExpiration: token.IdleExpiration,
Expiration: token.Expiration,
Sequence: token.Sequence,
Actor: token.Actor.TokenActor,
}
}
func (t *RefreshTokenView) AppendEventIfMyRefreshToken(event eventstore.Event) (err error) {
// in case anything needs to be change here check if the Reduce function needs the change as well
view := new(RefreshTokenView)
switch event.Type() {
case user_repo.HumanRefreshTokenAddedType:
view.setRootData(event)
err = view.appendAddedEvent(event)
if err != nil {
return err
}
case user_repo.HumanRefreshTokenRenewedType:
view.setRootData(event)
err = view.appendRenewedEvent(event)
if err != nil {
return err
}
case user_repo.HumanRefreshTokenRemovedType,
user_repo.UserRemovedType,
user_repo.UserDeactivatedType,
user_repo.UserLockedType:
view.appendRemovedEvent(event)
default:
return nil
}
if view.ID == t.ID {
return t.AppendEvent(event)
}
return nil
}
func (t *RefreshTokenView) AppendEvent(event eventstore.Event) error {
// in case anything needs to be change here check if the Reduce function needs the change as well
t.ChangeDate = event.CreatedAt()
t.Sequence = event.Sequence()
switch event.Type() {
case user_repo.HumanRefreshTokenAddedType:
t.setRootData(event)
return t.appendAddedEvent(event)
case user_repo.HumanRefreshTokenRenewedType:
t.setRootData(event)
return t.appendRenewedEvent(event)
}
return nil
}
func (t *RefreshTokenView) setRootData(event eventstore.Event) {
t.UserID = event.Aggregate().ID
t.ResourceOwner = event.Aggregate().ResourceOwner
t.InstanceID = event.Aggregate().InstanceID
}
func (t *RefreshTokenView) appendAddedEvent(event eventstore.Event) error {
e := new(user_repo.HumanRefreshTokenAddedEvent)
if err := event.Unmarshal(e); err != nil {
logging.WithError(err).Error("could not unmarshal event data")
return zerrors.ThrowInternal(err, "MODEL-Bbr42", "could not unmarshal event")
}
t.ID = e.TokenID
t.CreationDate = event.CreatedAt()
t.AuthMethodsReferences = e.AuthMethodsReferences
t.AuthTime = e.AuthTime
t.Audience = e.Audience
t.ClientID = e.ClientID
t.Expiration = event.CreatedAt().Add(e.Expiration)
t.IdleExpiration = event.CreatedAt().Add(e.IdleExpiration)
t.Scopes = e.Scopes
t.Token = e.TokenID
t.UserAgentID = e.UserAgentID
t.Actor = TokenActor{e.Actor}
return nil
}
func (t *RefreshTokenView) appendRenewedEvent(event eventstore.Event) error {
e := new(user_repo.HumanRefreshTokenRenewedEvent)
if err := event.Unmarshal(e); err != nil {
logging.WithError(err).Error("could not unmarshal event data")
return zerrors.ThrowInternal(err, "MODEL-Bbrn4", "could not unmarshal event")
}
t.ID = e.TokenID
t.IdleExpiration = event.CreatedAt().Add(e.IdleExpiration)
t.Token = e.RefreshToken
return nil
}
func (t *RefreshTokenView) appendRemovedEvent(event eventstore.Event) {
t.Expiration = event.CreatedAt()
}
func (t *RefreshTokenView) GetRelevantEventTypes() []eventstore.EventType {
return []eventstore.EventType{
user_repo.HumanRefreshTokenAddedType,
user_repo.HumanRefreshTokenRenewedType,
user_repo.HumanRefreshTokenRemovedType,
user_repo.UserRemovedType,
user_repo.UserDeactivatedType,
user_repo.UserLockedType,
}
}
Reference in New Issue View Git Blame Copy Permalink