route handler for middleware

2025-08-13 16:07:46 +00:00 · 2025-04-30 13:20:03 +02:00
parent 06e69ace5e
commit 4cca720f05
2 changed files with 39 additions and 2 deletions
--- a/apps/login/src/app/security/route.ts
+++ b/apps/login/src/app/security/route.ts
@@ -0,0 +1,27 @@
 import { createServiceForHost, getServiceUrlFromHeaders } from "@/lib/service";
 import { Client } from "@zitadel/client";
 import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
 import { headers } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 export async function GET(request: NextRequest) {
  const _headers = await headers();
  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
  const settingsService: Client<typeof SettingsService> =
    await createServiceForHost(SettingsService, serviceUrl);
  const settings = settingsService
    .getSecuritySettings({})
    .then((resp) => (resp.settings ? resp.settings : undefined));
  const response = NextResponse.json({ settings }, { status: 200 });
  // Add Cache-Control header to cache the response for up to 1 hour
  response.headers.set(
    "Cache-Control",
    "public, max-age=3600, stale-while-revalidate=86400",
  );
  return response;
 }
--- a/apps/login/src/middleware.ts
+++ b/apps/login/src/middleware.ts
@@ -2,7 +2,6 @@ import { headers } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 import { DEFAULT_CSP } from "../constants/csp";
 import { getServiceUrlFromHeaders } from "./lib/service";
 import { getSecuritySettings } from "./lib/zitadel";
 export const config = {
  matcher: [
@@ -26,8 +25,19 @@ export async function middleware(request: NextRequest) {
  console.log("defaultCSP", DEFAULT_CSP);
-  const securitySettings = await getSecuritySettings({ serviceUrl });
+  // Call the /security route handler
  // TODO check this on cloud run deployment
  const securityResponse = await fetch(`${request.nextUrl.origin}/security`);
  if (!securityResponse.ok) {
    console.error(
      "Failed to fetch security settings:",
      securityResponse.statusText,
    );
    return NextResponse.next(); // Fallback if the request fails
  }
  const { settings: securitySettings } = await securityResponse.json();
  console.log("securitySettings", securitySettings);
  const instanceHost = `${serviceUrl}`