Merge branch 'main' into eventstore-created-at

zitadel · May 16, 2023 · 2962870 · 2962870
2 parents 4d7a733 + d78b273
commit 2962870
Show file tree

Hide file tree

Showing 17 changed files with 178 additions and 209 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -7,6 +7,7 @@
 /k8s/
 /node_modules/
 /console/src/app/proto/generated/
+/console/.angular
 /console/tmp/
 .releaserc.js
 changelog.config.js
@@ -18,3 +19,4 @@ pkg/grpc/*/*.pb.*
 pkg/grpc/*/*.swagger.json
 .goreleaser.yaml
 .artifacts/
+.vscode
diff --git a/.github/workflows/zitadel.yml b/.github/workflows/zitadel.yml
@@ -80,7 +80,7 @@ jobs:
           name: go-codecov
       - name: Bump Chart Version
         uses: peter-evans/repository-dispatch@v2
-        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main'
+        if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/next'
         with:
           token: ${{ steps.generate-token.outputs.token }}
           repository: zitadel/zitadel-charts

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -338,6 +338,7 @@ Please refer to the [README](./docs/README.md) for more information and local te
 
 - **Code with variables**: Make sure that code snippets can be used by setting environment variables, instead of manually replacing a placeholder.
 - **Embedded files**: When embedding mdx files, make sure the template ist prefixed by "_" (lowdash). The content will be rendered inside the parent page, but is not accessible individually (eg, by search).
+- **Don't repeat yourself**: When using the same content in multiple places, save and manage the content as separate file and make use of embedded files to import it into other docs pages.
 - **Embedded code**: You can embed code snippets from a repository. See the [plugin](https://github.com/saucelabs/docusaurus-theme-github-codeblock#usage) for usage.
 
 ### Docs Pull Request

diff --git a/cmd/start/start.go b/cmd/start/start.go
@@ -306,9 +306,8 @@ func startAPIs(
 		http_util.WithNonHttpOnly(),
 		http_util.WithMaxAge(int(math.Floor(config.Quotas.Access.ExhaustedCookieMaxAge.Seconds()))),
 	)
-	limitingAccessInterceptor := middleware.NewAccessInterceptor(accessSvc, exhaustedCookieHandler, config.Quotas.Access, false)
-	nonLimitingAccessInterceptor := middleware.NewAccessInterceptor(accessSvc, nil, config.Quotas.Access, true)
-	apis, err := api.New(ctx, config.Port, router, queries, verifier, config.InternalAuthZ, tlsConfig, config.HTTP2HostHeader, config.HTTP1HostHeader, accessSvc, exhaustedCookieHandler, config.Quotas.Access)
+	limitingAccessInterceptor := middleware.NewAccessInterceptor(accessSvc, exhaustedCookieHandler, config.Quotas.Access)
+	apis, err := api.New(ctx, config.Port, router, queries, verifier, config.InternalAuthZ, tlsConfig, config.HTTP2HostHeader, config.HTTP1HostHeader, limitingAccessInterceptor)
 	if err != nil {
 		return fmt.Errorf("error creating api %w", err)
 	}
@@ -376,7 +375,7 @@ func startAPIs(
 	}
 	apis.RegisterHandlerOnPrefix(saml.HandlerPrefix, samlProvider.HttpHandler())
 
-	c, err := console.Start(config.Console, config.ExternalSecure, oidcProvider.IssuerFromRequest, middleware.CallDurationHandler, instanceInterceptor.Handler, nonLimitingAccessInterceptor.Handle, config.CustomerPortal)
+	c, err := console.Start(config.Console, config.ExternalSecure, oidcProvider.IssuerFromRequest, middleware.CallDurationHandler, instanceInterceptor.Handler, limitingAccessInterceptor, config.CustomerPortal)
 	if err != nil {
 		return fmt.Errorf("unable to start console: %w", err)
 	}

diff --git a/docs/.gitignore b/docs/.gitignore
@@ -9,6 +9,18 @@
 .cache-loader
 .artifacts
 
+# Generated by docusaurus-plugin-openapi-docs
+docs/apis/auth
+docs/apis/mgmt
+docs/apis/admin
+docs/apis/system
+docs/apis/user_service
+docs/apis/session_service
+docs/apis/system
+docs/apis/user_service
+docs/apis/session_service
+docs/apis/settings_service
+
 # Misc
 .DS_Store
 .env.local

diff --git a/docs/docs/legal/introduction.mdx b/docs/docs/legal/introduction.mdx
diff --git a/docs/docs/legal/terms-of-service-dedicated.md b/docs/docs/legal/terms-of-service-dedicated.md
diff --git a/docs/docs/legal/terms-of-service.md b/docs/docs/legal/terms-of-service.md
@@ -25,10 +25,6 @@ The following policies complement the TOS. When accepting the TOS, you accept th
 * [**Acceptable Use Policy**](acceptable-use-policy) - What we understand as acceptable and fair use of our Services
 * [**Rate Limit Policy**](rate-limit-policy) - How we avoid overloads of our services
 
-This Agreement is extended with additional terms, in case your Subscription requires a Dedicated Instance. When you enter the Agreement with us, you accept these additional agreements.
-
-* [**Dedicated Instance Terms**](terms-of-service-dedicated) - How we provide our services for a dedicated instance
-
 ### Alterations
 
 Any provisions which deviate from these TOS must be agreed in writing between the Customer and us. Such agreements shall take precedence over the TOS outlined in this document.
@@ -195,7 +191,7 @@ Should any provision of these TOS be or become invalid, this shall not affect th
 
 These TOS shall enter into force as of 15.07.2022.
 
-Last revised: June 14, 2022
+Last revised: May 12, 2023
 
 ### Amendments
 

diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
@@ -83,7 +83,7 @@ module.exports = {
         },
         {
           type: "doc",
-          docId: "legal/introduction",
+          docId: "legal",
           label: "Legal",
           position: "right",
         },

diff --git a/docs/nginx.conf b/docs/nginx.conf
@@ -15,15 +15,15 @@ http {
         } 
 
         location /docs { 
-            root /usr/share/nginx/html;
+            alias /usr/share/nginx/html;
             index /docs/index.html;
             try_files $uri $uri/ /docs/index.html?q=$query_string; 
         } 
 
         location = /docs/proxy/js/script.js {
             proxy_pass https://plausible.io/js/script.js;
             proxy_set_header Host plausible.io;
-            }
+        }
 
         location = /docs/proxy/api/event {
             proxy_pass https://plausible.io/api/event;
@@ -53,4 +53,4 @@ http {
       application/xml 
       application/json 
       application/ld+json; 
-}
+}
diff --git a/docs/sidebars.js b/docs/sidebars.js
@@ -540,38 +540,50 @@ module.exports = {
   support: [
   ],
   legal: [
-    "legal/introduction",
-    "legal/terms-of-service",
-    "legal/data-processing-agreement",
     {
       type: "category",
-      label: "Service Description",
-      collapsed: false,
-      items: [
-        "legal/cloud-service-description",
-        "legal/service-level-description",
-        "legal/support-services",
-      ],
-    },
-    {
-      type: "category",
-      label: "Additional terms",
-      collapsed: true,
-      items: [
-        "legal/terms-support-service",
-        "legal/terms-of-service-dedicated",
-      ],
-    },
-    {
-      type: "category",
-      label: "Policies",
+      label: "Legal Agreements",
       collapsed: false,
+      link: {
+        type: "generated-index",
+        title: "Legal Agreements",
+        slug: "legal",
+        description:
+          "This section contains important agreements, policies and appendices relevant for users of our websites and services. All documents will be provided in English language.",
+      },
       items: [
-        "legal/privacy-policy",
-        "legal/acceptable-use-policy",
-        "legal/rate-limit-policy",
-        "legal/vulnerability-disclosure-policy",
-      ],
+        "legal/terms-of-service",
+        "legal/data-processing-agreement",
+        {
+          type: "category",
+          label: "Service Description",
+          collapsed: false,
+          items: [
+            "legal/cloud-service-description",
+            "legal/service-level-description",
+            "legal/support-services",
+          ],
+        },
+        {
+          type: "category",
+          label: "Support Program",
+          collapsed: true,
+          items: [
+            "legal/terms-support-service",
+          ],
+        },
+        {
+          type: "category",
+          label: "Policies",
+          collapsed: false,
+          items: [
+            "legal/privacy-policy",
+            "legal/acceptable-use-policy",
+            "legal/rate-limit-policy",
+            "legal/vulnerability-disclosure-policy",
+          ],
+        },
+      ]
     },
   ],
 };
diff --git a/internal/api/api.go b/internal/api/api.go
@@ -19,24 +19,22 @@ import (
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
 	"github.com/zitadel/zitadel/internal/errors"
-	"github.com/zitadel/zitadel/internal/logstore"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 )
 
 type API struct {
-	port          uint16
-	grpcServer    *grpc.Server
-	verifier      *internal_authz.TokenVerifier
-	health        healthCheck
-	router        *mux.Router
-	http1HostName string
-	grpcGateway   *server.Gateway
-	healthServer  *health.Server
-	cookieHandler *http_util.CookieHandler
-	cookieConfig  *http_mw.AccessConfig
-	queries       *query.Queries
+	port              uint16
+	grpcServer        *grpc.Server
+	verifier          *internal_authz.TokenVerifier
+	health            healthCheck
+	router            *mux.Router
+	http1HostName     string
+	grpcGateway       *server.Gateway
+	healthServer      *health.Server
+	accessInterceptor *http_mw.AccessInterceptor
+	queries           *query.Queries
 }
 
 type healthCheck interface {
@@ -51,23 +49,20 @@ func New(
 	verifier *internal_authz.TokenVerifier,
 	authZ internal_authz.Config,
 	tlsConfig *tls.Config, http2HostName, http1HostName string,
-	accessSvc *logstore.Service,
-	cookieHandler *http_util.CookieHandler,
-	cookieConfig *http_mw.AccessConfig,
+	accessInterceptor *http_mw.AccessInterceptor,
 ) (_ *API, err error) {
 	api := &API{
-		port:          port,
-		verifier:      verifier,
-		health:        queries,
-		router:        router,
-		http1HostName: http1HostName,
-		cookieConfig:  cookieConfig,
-		cookieHandler: cookieHandler,
-		queries:       queries,
+		port:              port,
+		verifier:          verifier,
+		health:            queries,
+		router:            router,
+		http1HostName:     http1HostName,
+		queries:           queries,
+		accessInterceptor: accessInterceptor,
 	}
 
-	api.grpcServer = server.CreateServer(api.verifier, authZ, queries, http2HostName, tlsConfig, accessSvc)
-	api.grpcGateway, err = server.CreateGateway(ctx, port, http1HostName, cookieHandler, cookieConfig)
+	api.grpcServer = server.CreateServer(api.verifier, authZ, queries, http2HostName, tlsConfig, accessInterceptor.AccessService())
+	api.grpcGateway, err = server.CreateGateway(ctx, port, http1HostName, accessInterceptor)
 	if err != nil {
 		return nil, err
 	}
@@ -90,8 +85,7 @@ func (a *API) RegisterServer(ctx context.Context, grpcServer server.WithGatewayP
 		grpcServer,
 		a.port,
 		a.http1HostName,
-		a.cookieHandler,
-		a.cookieConfig,
+		a.accessInterceptor,
 		a.queries,
 	)
 	if err != nil {