mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-01 12:08:35 +00:00
07ce3b6905
This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com>
73 lines
2.5 KiB
Go
73 lines
2.5 KiB
Go
package server
|
|
|
|
import (
|
|
"crypto/tls"
|
|
|
|
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials"
|
|
healthpb "google.golang.org/grpc/health/grpc_health_v1"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
grpc_api "github.com/zitadel/zitadel/internal/api/grpc"
|
|
"github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
|
|
"github.com/zitadel/zitadel/internal/logstore"
|
|
"github.com/zitadel/zitadel/internal/logstore/record"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
"github.com/zitadel/zitadel/internal/telemetry/metrics"
|
|
system_pb "github.com/zitadel/zitadel/pkg/grpc/system"
|
|
)
|
|
|
|
type Server interface {
|
|
RegisterServer(*grpc.Server)
|
|
RegisterGateway() RegisterGatewayFunc
|
|
AppName() string
|
|
MethodPrefix() string
|
|
AuthMethods() authz.MethodMapping
|
|
}
|
|
|
|
// WithGatewayPrefix extends the server interface with a prefix for the grpc gateway
|
|
//
|
|
// it's used for the System, Admin, Mgmt and Auth API
|
|
type WithGatewayPrefix interface {
|
|
Server
|
|
GatewayPathPrefix() string
|
|
}
|
|
|
|
func CreateServer(
|
|
verifier authz.APITokenVerifier,
|
|
systemAuthz authz.Config,
|
|
authConfig authz.Config,
|
|
queries *query.Queries,
|
|
externalDomain string,
|
|
tlsConfig *tls.Config,
|
|
accessSvc *logstore.Service[*record.AccessLog],
|
|
) *grpc.Server {
|
|
metricTypes := []metrics.MetricType{metrics.MetricTypeTotalCount, metrics.MetricTypeRequestCount, metrics.MetricTypeStatusCode}
|
|
serverOptions := []grpc.ServerOption{
|
|
grpc.UnaryInterceptor(
|
|
grpc_middleware.ChainUnaryServer(
|
|
middleware.CallDurationHandler(),
|
|
middleware.MetricsHandler(metricTypes, grpc_api.Probes...),
|
|
middleware.NoCacheInterceptor(),
|
|
middleware.InstanceInterceptor(queries, externalDomain, system_pb.SystemService_ServiceDesc.ServiceName, healthpb.Health_ServiceDesc.ServiceName),
|
|
middleware.AccessStorageInterceptor(accessSvc),
|
|
middleware.ErrorHandler(),
|
|
middleware.LimitsInterceptor(system_pb.SystemService_ServiceDesc.ServiceName),
|
|
middleware.AuthorizationInterceptor(verifier, systemAuthz, authConfig),
|
|
middleware.TranslationHandler(),
|
|
middleware.QuotaExhaustedInterceptor(accessSvc, system_pb.SystemService_ServiceDesc.ServiceName),
|
|
middleware.ExecutionHandler(queries),
|
|
middleware.ValidationHandler(),
|
|
middleware.ServiceHandler(),
|
|
middleware.ActivityInterceptor(),
|
|
),
|
|
),
|
|
grpc.StatsHandler(middleware.DefaultTracingServer()),
|
|
}
|
|
if tlsConfig != nil {
|
|
serverOptions = append(serverOptions, grpc.Creds(credentials.NewTLS(tlsConfig)))
|
|
}
|
|
return grpc.NewServer(serverOptions...)
|
|
}
|