get instance by host

2025-12-11 20:12:18 +00:00 · 2025-01-14 13:40:36 +01:00
parent 1736a2b3a0
commit 098fb7c4e3
4 changed files with 50 additions and 43 deletions
--- a/apps/login/next-env-vars.d.ts
+++ b/apps/login/next-env-vars.d.ts
@@ -1,33 +1,37 @@
 declare namespace NodeJS {
  interface ProcessEnv {
    /**
-     * The system api url
+     * Multitenancy: The system api url
     */
    AUDIENCE: string;

    /**
-     * The system api service user ID
+     * Multitenancy: The service user id
     */
    SYSTEM_USER_ID: string;

    /**
-     * The service user key
+     * Multitenancy: The service user private key
     */
    SYSTEM_USER_PRIVATE_KEY: string;

    /**
-     * The instance url
+     * Self hosting: The instance url
     */
    ZITADEL_API_URL: string;

    /**
-     * The service user id for the instance
+     * Self hosting: The service user id
     */
    ZITADEL_USER_ID: string;
-
    /**
-     * The service user token for the instance
+     * Self hosting: The service user token
     */
    ZITADEL_USER_TOKEN: string;
+
+    /**
+     * Optional: wheter a user must have verified email
+     */
+    EMAIL_VERIFICATION: string;
  }
 }
--- a/apps/login/src/lib/zitadel.ts
+++ b/apps/login/src/lib/zitadel.ts
@@ -45,7 +45,8 @@ import {
  VerifyU2FRegistrationRequest,
 } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { unstable_cacheLife as cacheLife } from "next/cache";
-import { systemAPIToken } from "./api";
+import { headers } from "next/headers";
+import { getInstanceUrl, systemAPIToken } from "./api";

 const useCache = process.env.DEBUG !== "true";

@@ -65,24 +66,22 @@ type ServiceClass =
  | typeof SettingsService;

 async function createServiceForHost<T extends ServiceClass>(service: T) {
-  // const host = headers().get("X-Forwarded-Host");
-  // if (!host) {
-  //   throw new Error("No host header found!");
-  // }
+  const _headers = await headers();
+  const host = _headers.get("X-Forwarded-Host");
+  if (!host) {
+    throw new Error("No host header found!");
+  }

-  // let instanceUrl;
-  // try {
-  //   instanceUrl = await getInstanceUrl(host);
-  // } catch (error) {
-  //   console.error(
-  //     "Could not get instance url, fallback to ZITADEL_API_URL",
-  //     error,
-  //   );
-  //   instanceUrl = process.env.ZITADEL_API_URL;
-  // }
-
-  // remove in favor of the above
-  const instanceUrl = process.env.ZITADEL_API_URL;
+  let instanceUrl;
+  try {
+    instanceUrl = await getInstanceUrl(host);
+  } catch (error) {
+    console.error(
+      "Could not get instance url, fallback to ZITADEL_API_URL",
+      error,
+    );
+    instanceUrl = process.env.ZITADEL_API_URL;
+  }

  const systemToken = await systemAPIToken();

--- a/apps/login/src/middleware.ts
+++ b/apps/login/src/middleware.ts
@@ -9,28 +9,34 @@ export const config = {
  ],
 };

-const INSTANCE = process.env.ZITADEL_API_URL;
-const SERVICE_USER_ID = process.env.ZITADEL_SERVICE_USER_ID as string;
+export async function middleware(request: NextRequest) {
+  // escape proxy if the environment is
+  if (
+    !process.env.ZITADEL_API_URL ||
+    !process.env.ZITADEL_USER_ID ||
+    !process.env.ZITADEL_USER_TOKEN
+  ) {
+    return NextResponse.next();
+  }
+
+  const INSTANCE_URL = process.env.ZITADEL_API_URL;
+  const instanceHost = `${INSTANCE_URL}`.replace("https://", "");

-export function middleware(request: NextRequest) {
  const requestHeaders = new Headers(request.headers);
-  requestHeaders.set("x-zitadel-login-client", SERVICE_USER_ID);
+  requestHeaders.set("x-zitadel-login-client", process.env.ZITADEL_USER_ID);

  // this is a workaround for the next.js server not forwarding the host header
  // requestHeaders.set("x-zitadel-forwarded", `host="${request.nextUrl.host}"`);
  requestHeaders.set("x-zitadel-public-host", `${request.nextUrl.host}`);

  // this is a workaround for the next.js server not forwarding the host header
-  requestHeaders.set(
-    "x-zitadel-instance-host",
-    `${INSTANCE}`.replace(/^https?:\/\//, ""),
-  );
+  requestHeaders.set("x-zitadel-instance-host", instanceHost);

  const responseHeaders = new Headers();
  responseHeaders.set("Access-Control-Allow-Origin", "*");
  responseHeaders.set("Access-Control-Allow-Headers", "*");

-  request.nextUrl.href = `${INSTANCE}${request.nextUrl.pathname}${request.nextUrl.search}`;
+  request.nextUrl.href = `${INSTANCE_URL}${request.nextUrl.pathname}${request.nextUrl.search}`;
  return NextResponse.rewrite(request.nextUrl, {
    request: {
      headers: requestHeaders,
--- a/turbo.json
+++ b/turbo.json
@@ -4,16 +4,14 @@
  "globalDependencies": ["**/.env.*local"],
  "globalEnv": [
    "DEBUG",
-    "ZITADEL_API_URL",
-    "ZITADEL_SERVICE_USER_ID",
-    "ZITADEL_SERVICE_USER_TOKEN",
-    "ZITADEL_SYSTEM_API_URL",
-    "ZITADEL_SYSTEM_API_USERID",
-    "ZITADEL_SYSTEM_API_KEY",
-    "ZITADEL_ISSUER",
-    "ZITADEL_ADMIN_TOKEN",
+    "VERCEL_URL",
    "EMAIL_VERIFICATION",
-    "VERCEL_URL"
+    "AUDIENCE",
+    "SYSTEM_USER_ID",
+    "SYSTEM_USER_PRIVATE_KEY",
+    "ZITADEL_API_URL",
+    "ZITADEL_USER_ID",
+    "ZITADEL_USER_TOKEN"
  ],
  "tasks": {
    "generate": {