zitadel/internal/query/projection/security_policy.go

package projection

import (
	"context"

	"github.com/zitadel/zitadel/internal/eventstore"
	old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
	"github.com/zitadel/zitadel/internal/repository/instance"
	"github.com/zitadel/zitadel/internal/zerrors"
)

const (
	SecurityPolicyProjectionTable             = "projections.security_policies2"
	SecurityPolicyColumnInstanceID            = "instance_id"
	SecurityPolicyColumnCreationDate          = "creation_date"
	SecurityPolicyColumnChangeDate            = "change_date"
	SecurityPolicyColumnSequence              = "sequence"
	SecurityPolicyColumnEnableIframeEmbedding = "enable_iframe_embedding"
	SecurityPolicyColumnAllowedOrigins        = "origins"
	SecurityPolicyColumnEnableImpersonation   = "enable_impersonation"
)

type securityPolicyProjection struct{}

func newSecurityPolicyProjection(ctx context.Context, config handler.Config) *handler.Handler {
	return handler.NewHandler(ctx, &config, new(securityPolicyProjection))
}

func (*securityPolicyProjection) Name() string {
	return SecurityPolicyProjectionTable
}

func (*securityPolicyProjection) Init() *old_handler.Check {
	return handler.NewTableCheck(
		handler.NewTable([]*handler.InitColumn{
			handler.NewColumn(SecurityPolicyColumnCreationDate, handler.ColumnTypeTimestamp),
			handler.NewColumn(SecurityPolicyColumnChangeDate, handler.ColumnTypeTimestamp),
			handler.NewColumn(SecurityPolicyColumnInstanceID, handler.ColumnTypeText),
			handler.NewColumn(SecurityPolicyColumnSequence, handler.ColumnTypeInt64),
			handler.NewColumn(SecurityPolicyColumnEnableIframeEmbedding, handler.ColumnTypeBool, handler.Default(false)),
			handler.NewColumn(SecurityPolicyColumnAllowedOrigins, handler.ColumnTypeTextArray, handler.Nullable()),
			handler.NewColumn(SecurityPolicyColumnEnableImpersonation, handler.ColumnTypeBool, handler.Default(false)),
		},
			handler.NewPrimaryKey(SecurityPolicyColumnInstanceID),
		),
	)
}

func (p *securityPolicyProjection) Reducers() []handler.AggregateReducer {
	return []handler.AggregateReducer{
		{
			Aggregate: instance.AggregateType,
			EventReducers: []handler.EventReducer{
				{
					Event:  instance.SecurityPolicySetEventType,
					Reduce: p.reduceSecurityPolicySet,
				},
				{
					Event:  instance.InstanceRemovedEventType,
					Reduce: reduceInstanceRemovedHelper(SecurityPolicyColumnInstanceID),
				},
			},
		},
	}
}

func (p *securityPolicyProjection) reduceSecurityPolicySet(event eventstore.Event) (*handler.Statement, error) {
	e, ok := event.(*instance.SecurityPolicySetEvent)
	if !ok {
		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-D3g87", "reduce.wrong.event.type %s", instance.SecurityPolicySetEventType)
	}
	changes := []handler.Column{
		handler.NewCol(SecurityPolicyColumnCreationDate, handler.OnlySetValueOnInsert(SecurityPolicyProjectionTable, e.CreationDate())),
		handler.NewCol(SecurityPolicyColumnChangeDate, e.CreationDate()),
		handler.NewCol(SecurityPolicyColumnInstanceID, e.Aggregate().InstanceID),
		handler.NewCol(SecurityPolicyColumnSequence, e.Sequence()),
	}
	if e.EnableIframeEmbedding != nil {
		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableIframeEmbedding, *e.EnableIframeEmbedding))
	} else if e.Enabled != nil {
		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableIframeEmbedding, *e.Enabled))
	}
	if e.AllowedOrigins != nil {
		changes = append(changes, handler.NewCol(SecurityPolicyColumnAllowedOrigins, e.AllowedOrigins))
	}
	if e.EnableImpersonation != nil {
		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableImpersonation, e.EnableImpersonation))
	}
	return handler.NewUpsertStatement(
		e,
		[]handler.Column{
			handler.NewCol(SecurityPolicyColumnInstanceID, ""),
		},
		changes,
	), nil
}