diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index dce7ea90651..773986a7c95 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -1,33 +1,37 @@ declare namespace NodeJS { interface ProcessEnv { /** - * The system api url + * Multitenancy: The system api url */ AUDIENCE: string; /** - * The system api service user ID + * Multitenancy: The service user id */ SYSTEM_USER_ID: string; /** - * The service user key + * Multitenancy: The service user private key */ SYSTEM_USER_PRIVATE_KEY: string; /** - * The instance url + * Self hosting: The instance url */ ZITADEL_API_URL: string; /** - * The service user id for the instance + * Self hosting: The service user id */ ZITADEL_USER_ID: string; - /** - * The service user token for the instance + * Self hosting: The service user token */ ZITADEL_USER_TOKEN: string; + + /** + * Optional: wheter a user must have verified email + */ + EMAIL_VERIFICATION: string; } } diff --git a/apps/login/src/lib/zitadel.ts b/apps/login/src/lib/zitadel.ts index 7ba45aca04f..2aa4e9b7322 100644 --- a/apps/login/src/lib/zitadel.ts +++ b/apps/login/src/lib/zitadel.ts @@ -45,7 +45,8 @@ import { VerifyU2FRegistrationRequest, } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; import { unstable_cacheLife as cacheLife } from "next/cache"; -import { systemAPIToken } from "./api"; +import { headers } from "next/headers"; +import { getInstanceUrl, systemAPIToken } from "./api"; const useCache = process.env.DEBUG !== "true"; @@ -65,24 +66,22 @@ type ServiceClass = | typeof SettingsService; async function createServiceForHost(service: T) { - // const host = headers().get("X-Forwarded-Host"); - // if (!host) { - // throw new Error("No host header found!"); - // } + const _headers = await headers(); + const host = _headers.get("X-Forwarded-Host"); + if (!host) { + throw new Error("No host header found!"); + } - // let instanceUrl; - // try { - // instanceUrl = await getInstanceUrl(host); - // } catch (error) { - // console.error( - // "Could not get instance url, fallback to ZITADEL_API_URL", - // error, - // ); - // instanceUrl = process.env.ZITADEL_API_URL; - // } - - // remove in favor of the above - const instanceUrl = process.env.ZITADEL_API_URL; + let instanceUrl; + try { + instanceUrl = await getInstanceUrl(host); + } catch (error) { + console.error( + "Could not get instance url, fallback to ZITADEL_API_URL", + error, + ); + instanceUrl = process.env.ZITADEL_API_URL; + } const systemToken = await systemAPIToken(); diff --git a/apps/login/src/middleware.ts b/apps/login/src/middleware.ts index 93cb65581ca..f8f9199740c 100644 --- a/apps/login/src/middleware.ts +++ b/apps/login/src/middleware.ts @@ -9,28 +9,34 @@ export const config = { ], }; -const INSTANCE = process.env.ZITADEL_API_URL; -const SERVICE_USER_ID = process.env.ZITADEL_SERVICE_USER_ID as string; +export async function middleware(request: NextRequest) { + // escape proxy if the environment is + if ( + !process.env.ZITADEL_API_URL || + !process.env.ZITADEL_USER_ID || + !process.env.ZITADEL_USER_TOKEN + ) { + return NextResponse.next(); + } + + const INSTANCE_URL = process.env.ZITADEL_API_URL; + const instanceHost = `${INSTANCE_URL}`.replace("https://", ""); -export function middleware(request: NextRequest) { const requestHeaders = new Headers(request.headers); - requestHeaders.set("x-zitadel-login-client", SERVICE_USER_ID); + requestHeaders.set("x-zitadel-login-client", process.env.ZITADEL_USER_ID); // this is a workaround for the next.js server not forwarding the host header // requestHeaders.set("x-zitadel-forwarded", `host="${request.nextUrl.host}"`); requestHeaders.set("x-zitadel-public-host", `${request.nextUrl.host}`); // this is a workaround for the next.js server not forwarding the host header - requestHeaders.set( - "x-zitadel-instance-host", - `${INSTANCE}`.replace(/^https?:\/\//, ""), - ); + requestHeaders.set("x-zitadel-instance-host", instanceHost); const responseHeaders = new Headers(); responseHeaders.set("Access-Control-Allow-Origin", "*"); responseHeaders.set("Access-Control-Allow-Headers", "*"); - request.nextUrl.href = `${INSTANCE}${request.nextUrl.pathname}${request.nextUrl.search}`; + request.nextUrl.href = `${INSTANCE_URL}${request.nextUrl.pathname}${request.nextUrl.search}`; return NextResponse.rewrite(request.nextUrl, { request: { headers: requestHeaders, diff --git a/turbo.json b/turbo.json index 2817c8c157a..ca14a230357 100644 --- a/turbo.json +++ b/turbo.json @@ -4,16 +4,14 @@ "globalDependencies": ["**/.env.*local"], "globalEnv": [ "DEBUG", - "ZITADEL_API_URL", - "ZITADEL_SERVICE_USER_ID", - "ZITADEL_SERVICE_USER_TOKEN", - "ZITADEL_SYSTEM_API_URL", - "ZITADEL_SYSTEM_API_USERID", - "ZITADEL_SYSTEM_API_KEY", - "ZITADEL_ISSUER", - "ZITADEL_ADMIN_TOKEN", + "VERCEL_URL", "EMAIL_VERIFICATION", - "VERCEL_URL" + "AUDIENCE", + "SYSTEM_USER_ID", + "SYSTEM_USER_PRIVATE_KEY", + "ZITADEL_API_URL", + "ZITADEL_USER_ID", + "ZITADEL_USER_TOKEN" ], "tasks": { "generate": {