From b4efbc0dd9083af8f0d14d84ce27140734e09fa2 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 10:57:48 +0100 Subject: [PATCH 01/22] order --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d6790adb60..a824e47571 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "scripts": { "generate": "turbo run generate", "build": "turbo run build", - "build:docker": "rm -rf ./out ./docker && mkdir -p ./docker && turbo run build --filter=./packages/zitadel-client && turbo prune @zitadel/login --docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && turbo run build:standalone && cd ..", + "build:docker": "rm -rf ./out ./docker && turbo run build --filter=./packages/zitadel-client && turbo prune @zitadel/login --docker && mkdir -p ./docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && turbo run build:standalone && cd ..", "build:packages": "turbo run build --filter=./packages/*", "build:apps": "turbo run build --filter=./apps/*", "test": "turbo run test", From fa7f98d1c9978015df67c8b8055ded1cbadc0cc7 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 11:10:35 +0100 Subject: [PATCH 02/22] chore: fix docker build --- .dockerignore | 2 +- turbo.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.dockerignore b/.dockerignore index f9db036d2b..1f61abb41a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,2 @@ * -!docker \ No newline at end of file +!/docker diff --git a/turbo.json b/turbo.json index 61316b800e..279e45867b 100644 --- a/turbo.json +++ b/turbo.json @@ -12,8 +12,7 @@ "ZITADEL_API_URL", "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN", - "NEXT_PUBLIC_BASE_PATH", - "ZITADEL_INSTANCE_HOST_HEADER" + "NEXT_PUBLIC_BASE_PATH" ], "tasks": { "generate": { From 1b1ecca6b2f81fe057d81b0d775c4ff28f1e7265 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 11:11:48 +0100 Subject: [PATCH 03/22] turbo --- turbo.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/turbo.json b/turbo.json index 279e45867b..61316b800e 100644 --- a/turbo.json +++ b/turbo.json @@ -12,7 +12,8 @@ "ZITADEL_API_URL", "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN", - "NEXT_PUBLIC_BASE_PATH" + "NEXT_PUBLIC_BASE_PATH", + "ZITADEL_INSTANCE_HOST_HEADER" ], "tasks": { "generate": { From 31d15abe299bc6318bb7d51998740031da56edd2 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 11:14:01 +0100 Subject: [PATCH 04/22] slash --- .dockerignore | 2 +- apps/login/next-env-vars.d.ts | 8 -------- apps/login/src/lib/service.ts | 20 +------------------- 3 files changed, 2 insertions(+), 28 deletions(-) diff --git a/.dockerignore b/.dockerignore index 1f61abb41a..b328b97284 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,2 @@ -* +/* !/docker diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index 112eea393f..b575dc91f4 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -14,14 +14,6 @@ declare namespace NodeJS { */ ZITADEL_API_URL: string; - /** - * Takes effect only if ZITADEL_API_URL is not empty. - * This is only relevant if Zitadels runtime has the ZITADEL_INSTANCEHOSTHEADERS config changed. - * The default is x-zitadel-instance-host. - * Most users don't need to set this variable. - */ - ZITADEL_INSTANCE_HOST_HEADER: string; - /** * Self hosting: The service user id */ diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 48a31c1ac6..5ea9eec882 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -42,26 +42,8 @@ export async function createServiceForHost( throw new Error("No token found"); } - const instanceHost = new URL(serviceUrl).host; const transport = createServerTransport(token, { - baseUrl: process.env.ZITADEL_API_URL ?? serviceUrl, - interceptors: - (process.env.ZITADEL_API_URL && - process.env.ZITADEL_API_URL != serviceUrl) || - process.env.ZITADEL_INSTANCE_HOST_HEADER - ? [ - (next) => { - return (req) => { - req.header.set( - process.env.ZITADEL_INSTANCE_HOST_HEADER ?? - "x-zitadel-instance-host", - instanceHost, - ); - return next(req); - }; - }, - ] - : undefined, + baseUrl: serviceUrl, }); return createClientFor(service)(transport); From 9ddd7f1dc3914ad1f5ec073a7ccd0d38aa95c356 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 11:16:07 +0100 Subject: [PATCH 05/22] fix: remove interceptor --- apps/login/next-env-vars.d.ts | 8 -------- apps/login/src/lib/service.ts | 20 +------------------- turbo.json | 3 +-- 3 files changed, 2 insertions(+), 29 deletions(-) diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index 112eea393f..b575dc91f4 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -14,14 +14,6 @@ declare namespace NodeJS { */ ZITADEL_API_URL: string; - /** - * Takes effect only if ZITADEL_API_URL is not empty. - * This is only relevant if Zitadels runtime has the ZITADEL_INSTANCEHOSTHEADERS config changed. - * The default is x-zitadel-instance-host. - * Most users don't need to set this variable. - */ - ZITADEL_INSTANCE_HOST_HEADER: string; - /** * Self hosting: The service user id */ diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 48a31c1ac6..5ea9eec882 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -42,26 +42,8 @@ export async function createServiceForHost( throw new Error("No token found"); } - const instanceHost = new URL(serviceUrl).host; const transport = createServerTransport(token, { - baseUrl: process.env.ZITADEL_API_URL ?? serviceUrl, - interceptors: - (process.env.ZITADEL_API_URL && - process.env.ZITADEL_API_URL != serviceUrl) || - process.env.ZITADEL_INSTANCE_HOST_HEADER - ? [ - (next) => { - return (req) => { - req.header.set( - process.env.ZITADEL_INSTANCE_HOST_HEADER ?? - "x-zitadel-instance-host", - instanceHost, - ); - return next(req); - }; - }, - ] - : undefined, + baseUrl: serviceUrl, }); return createClientFor(service)(transport); diff --git a/turbo.json b/turbo.json index 61316b800e..279e45867b 100644 --- a/turbo.json +++ b/turbo.json @@ -12,8 +12,7 @@ "ZITADEL_API_URL", "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN", - "NEXT_PUBLIC_BASE_PATH", - "ZITADEL_INSTANCE_HOST_HEADER" + "NEXT_PUBLIC_BASE_PATH" ], "tasks": { "generate": { From c613f18741ee06edccdbabdc5ae61d104360f64d Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 11:16:53 +0100 Subject: [PATCH 06/22] move changes to other pr --- apps/login/next-env-vars.d.ts | 8 ++++++++ apps/login/src/lib/service.ts | 20 +++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index b575dc91f4..112eea393f 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -14,6 +14,14 @@ declare namespace NodeJS { */ ZITADEL_API_URL: string; + /** + * Takes effect only if ZITADEL_API_URL is not empty. + * This is only relevant if Zitadels runtime has the ZITADEL_INSTANCEHOSTHEADERS config changed. + * The default is x-zitadel-instance-host. + * Most users don't need to set this variable. + */ + ZITADEL_INSTANCE_HOST_HEADER: string; + /** * Self hosting: The service user id */ diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 5ea9eec882..48a31c1ac6 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -42,8 +42,26 @@ export async function createServiceForHost( throw new Error("No token found"); } + const instanceHost = new URL(serviceUrl).host; const transport = createServerTransport(token, { - baseUrl: serviceUrl, + baseUrl: process.env.ZITADEL_API_URL ?? serviceUrl, + interceptors: + (process.env.ZITADEL_API_URL && + process.env.ZITADEL_API_URL != serviceUrl) || + process.env.ZITADEL_INSTANCE_HOST_HEADER + ? [ + (next) => { + return (req) => { + req.header.set( + process.env.ZITADEL_INSTANCE_HOST_HEADER ?? + "x-zitadel-instance-host", + instanceHost, + ); + return next(req); + }; + }, + ] + : undefined, }); return createClientFor(service)(transport); From e0a08ad1a2230bfe0de20ba56e1c0eca0cccfb77 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 12:10:20 +0100 Subject: [PATCH 07/22] feat: allow configuring custom request headers --- apps/login/next-env-vars.d.ts | 6 ++++++ apps/login/src/lib/service.ts | 12 ++++++++++++ turbo.json | 3 ++- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index b575dc91f4..80c7c3a960 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -27,5 +27,11 @@ declare namespace NodeJS { * Optional: wheter a user must have verified email */ EMAIL_VERIFICATION: string; + + /** + * Optional: custom request headers to be added to every request + * Split by comma, key value pairs separated by colon + */ + CUSTOM_REQUEST_HEADERS: string; } } diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 5ea9eec882..7f06284a66 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -44,6 +44,18 @@ export async function createServiceForHost( const transport = createServerTransport(token, { baseUrl: serviceUrl, + interceptors: !process.env.CUSTOM_REQUEST_HEADERS ? undefined :[ + (next) => { + return (req) => { + process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach((header) => { + const kv = header.split(":") + req.header.set(kv[0], kv[1]); + }) + return next(req); + }; + }, + ] + , }); return createClientFor(service)(transport); diff --git a/turbo.json b/turbo.json index 279e45867b..06155fda5d 100644 --- a/turbo.json +++ b/turbo.json @@ -12,7 +12,8 @@ "ZITADEL_API_URL", "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN", - "NEXT_PUBLIC_BASE_PATH" + "NEXT_PUBLIC_BASE_PATH", + "CUSTOM_REQUEST_HEADERS" ], "tasks": { "generate": { From 9e9ab955a92513ae8ca98742f2c4b4c310e348b6 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 12:36:28 +0100 Subject: [PATCH 08/22] lint --- apps/login/src/lib/service.ts | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 7f06284a66..4f5f5a0cec 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -44,18 +44,21 @@ export async function createServiceForHost( const transport = createServerTransport(token, { baseUrl: serviceUrl, - interceptors: !process.env.CUSTOM_REQUEST_HEADERS ? undefined :[ - (next) => { - return (req) => { - process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach((header) => { - const kv = header.split(":") - req.header.set(kv[0], kv[1]); - }) - return next(req); - }; - }, - ] - , + interceptors: !process.env.CUSTOM_REQUEST_HEADERS + ? undefined + : [ + (next) => { + return (req) => { + process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach( + (header) => { + const kv = header.split(":"); + req.header.set(kv[0], kv[1]); + }, + ); + return next(req); + }; + }, + ], }); return createClientFor(service)(transport); From 3e97cf85a303979d1c90fd110416b69a41d9d0bb Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 13:42:32 +0100 Subject: [PATCH 09/22] debug docker build --- .github/workflows/docker.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bad19343d3..ae72dc29c2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - fix-docker-build jobs: build: @@ -60,6 +61,18 @@ jobs: - name: Build for Docker run: NEXT_PUBLIC_BASE_PATH=/new-login pnpm build:docker + - name: Debug + run: ls -la . + + - name: Debug + run: ls -la ./docker + + - name: Debug + run: ls -la ./docker/apps + + - name: Debug + run: ls -la ./docker/apps/login + - name: Build and Push Image id: build uses: docker/build-push-action@v5 From 6d2dcb6cd233c16a2f0721cd53ae4cafaa2ee352 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 13:51:13 +0100 Subject: [PATCH 10/22] no dockerignore --- .dockerignore | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index b328b97284..0000000000 --- a/.dockerignore +++ /dev/null @@ -1,2 +0,0 @@ -/* -!/docker From e7c1ba798457ea586d58d5957c643dfaaf517661 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 13:56:08 +0100 Subject: [PATCH 11/22] don't checkout again --- .dockerignore | 2 ++ .github/workflows/docker.yml | 13 +------------ 2 files changed, 3 insertions(+), 12 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..b328b97284 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +/* +!/docker diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ae72dc29c2..2845b152c3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -61,23 +61,12 @@ jobs: - name: Build for Docker run: NEXT_PUBLIC_BASE_PATH=/new-login pnpm build:docker - - name: Debug - run: ls -la . - - - name: Debug - run: ls -la ./docker - - - name: Debug - run: ls -la ./docker/apps - - - name: Debug - run: ls -la ./docker/apps/login - - name: Build and Push Image id: build uses: docker/build-push-action@v5 timeout-minutes: 10 with: + context: . cache-from: type=gha cache-to: type=gha,mode=max tags: ${{ steps.meta.outputs.tags }} From 27675d1a3f36ee470128f827c86e8a12f7d9aa4f Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 13:59:16 +0100 Subject: [PATCH 12/22] chore(pipeline): fix docker build --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2845b152c3..82ee0a48d1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - fix-docker-build jobs: build: From eea7c3ec9aca9d9381a50dbd1ea1abd9d816c583 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 14:33:08 +0100 Subject: [PATCH 13/22] tmp push on fix-docker-build branch --- .github/workflows/docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 82ee0a48d1..2845b152c3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - fix-docker-build jobs: build: From 0c6a666155b6ca99656cb9c56c1c86c84eb6dea6 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 14:33:27 +0100 Subject: [PATCH 14/22] Revert "tmp push on fix-docker-build branch" This reverts commit eea7c3ec9aca9d9381a50dbd1ea1abd9d816c583. --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2845b152c3..82ee0a48d1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - fix-docker-build jobs: build: From 33f051a07a49c5aa913118c55dea4463e5e6a3c4 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 14:34:46 +0100 Subject: [PATCH 15/22] Reapply "tmp push on fix-docker-build branch" This reverts commit 0c6a666155b6ca99656cb9c56c1c86c84eb6dea6. --- .github/workflows/docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 82ee0a48d1..2845b152c3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - fix-docker-build jobs: build: From 386c5d67822dc0876a3c8b2d49f14971582eab26 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Feb 2025 14:35:10 +0100 Subject: [PATCH 16/22] Revert "Reapply "tmp push on fix-docker-build branch"" This reverts commit 33f051a07a49c5aa913118c55dea4463e5e6a3c4. --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2845b152c3..82ee0a48d1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - fix-docker-build jobs: build: From 3a6ccd5376a69830cdd78dde56af7d9e71c37908 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Mon, 24 Feb 2025 14:46:28 +0100 Subject: [PATCH 17/22] chore(docker): use better base path --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 82ee0a48d1..db4d5aa5c8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -58,7 +58,7 @@ jobs: run: pnpm install - name: Build for Docker - run: NEXT_PUBLIC_BASE_PATH=/new-login pnpm build:docker + run: NEXT_PUBLIC_BASE_PATH=/ui/v2/login pnpm build:docker - name: Build and Push Image id: build From 7c780c5eab193185de83cc552b403f77d529b425 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Mon, 24 Feb 2025 15:05:59 +0100 Subject: [PATCH 18/22] remove cypress binary cache --- .github/workflows/test.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cd411e1592..394c705f1e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -68,16 +68,6 @@ jobs: node-version: 20.x cache: 'pnpm' - - name: Setup Cypress binary cache - uses: actions/cache@v4 - with: - path: ~/.cache/Cypress - key: ${{ runner.os }}-cypress-binary-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-cypress-binary- - # The Cypress binary cache needs to be updated together with the pnpm dependencies cache. - # That's why we don't conditionally cache it using if: ${{ matrix.command == 'test:integration' }} - - name: Install Dependencies run: pnpm install --frozen-lockfile From d43e434169085f97ea2f1d1554b622dd2cf97406 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Mon, 24 Feb 2025 15:08:50 +0100 Subject: [PATCH 19/22] remove pnpm cache --- .github/workflows/test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 394c705f1e..79a455b016 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -66,7 +66,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20.x - cache: 'pnpm' - name: Install Dependencies run: pnpm install --frozen-lockfile From a2edb62005fd26c475cb76efa293beecfcc7597a Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 24 Feb 2025 16:54:09 +0100 Subject: [PATCH 20/22] fix: eliminate ZITADEL_SERVICE_USER_ID --- README.md | 5 +---- acceptance/setup.sh | 19 +++++++++---------- apps/login/.env.integration | 1 - apps/login/next-env-vars.d.ts | 4 ---- apps/login/src/middleware.ts | 10 +--------- turbo.json | 1 - 6 files changed, 11 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 6ccfd678b6..67aef1f959 100644 --- a/README.md +++ b/README.md @@ -203,13 +203,11 @@ Go to your instance and create a service user for the login application. The login application creates users on your primary organization and reads policy data. For the sake of simplicity, just make the service user an instance member with the role `IAM_OWNER`. Create a PAT and copy it to the file `apps/login/.env.local` using the key `ZITADEL_SERVICE_USER_TOKEN`. -Also add the users ID to the file using the key `ZITADEL_SERVICE_USER_ID`. The file should look similar to this: ``` ZITADEL_API_URL=https://zitadel-tlx3du.us1.zitadel.cloud -ZITADEL_SERVICE_USER_ID=289106423158521850 ZITADEL_SERVICE_USER_TOKEN=1S6w48thfWFI2klgfwkCnhXJLf9FQ457E-_3H74ePQxfO3Af0Tm4V5Xi-ji7urIl_xbn-Rk ``` @@ -253,9 +251,8 @@ pnpm test:acceptance ### Deploy to Vercel To deploy your own version on Vercel, navigate to your instance and create a service user. -Copy its id from the overview and set it as ZITADEL_SERVICE_USER_ID. Then create a personal access token (PAT), copy and set it as ZITADEL_SERVICE_USER_TOKEN, then navigate to your instance settings and make sure it gets IAM_OWNER permissions. Finally set your instance url as ZITADEL_API_URL. Make sure to set it without trailing slash. -[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fzitadel%2Ftypescript&env=ZITADEL_API_URL,ZITADEL_SERVICE_USER_ID,ZITADEL_SERVICE_USER_TOKEN&root-directory=apps/login&envDescription=Setup%20a%20service%20account%20with%20IAM_OWNER%20membership%20on%20your%20instance%20and%20provide%20its%20id%20and%20personal%20access%20token.&project-name=zitadel-login&repository-name=zitadel-login) +[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fzitadel%2Ftypescript&env=ZITADEL_API_URL,ZITADEL_SERVICE_USER_TOKEN&root-directory=apps/login&envDescription=Setup%20a%20service%20account%20with%20IAM_LOGIN_CLIENT%20membership%20on%20your%20instance%20and%20provide%20its%20personal%20access%20token.&project-name=zitadel-login&repository-name=zitadel-login) diff --git a/acceptance/setup.sh b/acceptance/setup.sh index 596c985d78..82aa482c78 100755 --- a/acceptance/setup.sh +++ b/acceptance/setup.sh @@ -17,15 +17,15 @@ if [ -z "${PAT}" ]; then PAT=$(cat ${PAT_FILE}) fi -if [ -z "${ZITADEL_SERVICE_USER_ID}" ]; then - echo "Reading ZITADEL_SERVICE_USER_ID from userinfo endpoint" - USERINFO_RESPONSE=$(curl -s --request POST \ - --url "${ZITADEL_API_INTERNAL_URL}/oidc/v1/userinfo" \ - --header "Authorization: Bearer ${PAT}" \ - --header "Host: ${ZITADEL_API_DOMAIN}") - echo "Received userinfo response: ${USERINFO_RESPONSE}" - ZITADEL_SERVICE_USER_ID=$(echo "${USERINFO_RESPONSE}" | jq --raw-output '.sub') -fi +# if [ -z "${ZITADEL_SERVICE_USER_ID}" ]; then +# echo "Reading ZITADEL_SERVICE_USER_ID from userinfo endpoint" +# USERINFO_RESPONSE=$(curl -s --request POST \ +# --url "${ZITADEL_API_INTERNAL_URL}/oidc/v1/userinfo" \ +# --header "Authorization: Bearer ${PAT}" \ +# --header "Host: ${ZITADEL_API_DOMAIN}") +# echo "Received userinfo response: ${USERINFO_RESPONSE}" +# ZITADEL_SERVICE_USER_ID=$(echo "${USERINFO_RESPONSE}" | jq --raw-output '.sub') +# fi ################################################################# # Environment files @@ -37,7 +37,6 @@ WRITE_TEST_ENVIRONMENT_FILE=${WRITE_TEST_ENVIRONMENT_FILE:-$(dirname "$0")/../ac echo "Writing environment file to ${WRITE_TEST_ENVIRONMENT_FILE} when done." echo "ZITADEL_API_URL=${ZITADEL_API_URL} -ZITADEL_SERVICE_USER_ID=${ZITADEL_SERVICE_USER_ID} ZITADEL_SERVICE_USER_TOKEN=${PAT} SINK_NOTIFICATION_URL=${SINK_NOTIFICATION_URL} EMAIL_VERIFICATION=true diff --git a/apps/login/.env.integration b/apps/login/.env.integration index 705d7d0733..a72ccdecd2 100644 --- a/apps/login/.env.integration +++ b/apps/login/.env.integration @@ -1,5 +1,4 @@ ZITADEL_API_URL=http://localhost:22222 -ZITADEL_SERVICE_USER_ID="yolo" ZITADEL_SERVICE_USER_TOKEN="yolo" EMAIL_VERIFICATION=true DEBUG=true diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index 112eea393f..959f233256 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -22,10 +22,6 @@ declare namespace NodeJS { */ ZITADEL_INSTANCE_HOST_HEADER: string; - /** - * Self hosting: The service user id - */ - ZITADEL_SERVICE_USER_ID: string; /** * Self hosting: The service user token */ diff --git a/apps/login/src/middleware.ts b/apps/login/src/middleware.ts index e8dda55a26..fec0433917 100644 --- a/apps/login/src/middleware.ts +++ b/apps/login/src/middleware.ts @@ -13,11 +13,7 @@ export const config = { export async function middleware(request: NextRequest) { // escape proxy if the environment is setup for multitenancy - if ( - !process.env.ZITADEL_API_URL || - !process.env.ZITADEL_SERVICE_USER_ID || - !process.env.ZITADEL_SERVICE_USER_TOKEN - ) { + if (!process.env.ZITADEL_API_URL || !process.env.ZITADEL_SERVICE_USER_TOKEN) { return NextResponse.next(); } @@ -28,10 +24,6 @@ export async function middleware(request: NextRequest) { const instanceHost = `${serviceUrl}`.replace("https://", ""); const requestHeaders = new Headers(request.headers); - requestHeaders.set( - "x-zitadel-login-client", - process.env.ZITADEL_SERVICE_USER_ID, - ); // this is a workaround for the next.js server not forwarding the host header // requestHeaders.set("x-zitadel-forwarded", `host="${request.nextUrl.host}"`); diff --git a/turbo.json b/turbo.json index 61316b800e..58d0d588ed 100644 --- a/turbo.json +++ b/turbo.json @@ -10,7 +10,6 @@ "SYSTEM_USER_ID", "SYSTEM_USER_PRIVATE_KEY", "ZITADEL_API_URL", - "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN", "NEXT_PUBLIC_BASE_PATH", "ZITADEL_INSTANCE_HOST_HEADER" From b8571dc365dec8eec0491439c2a8e7116b5f93c9 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 24 Feb 2025 16:55:56 +0100 Subject: [PATCH 21/22] cleanup --- acceptance/setup.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/acceptance/setup.sh b/acceptance/setup.sh index 82aa482c78..8438685dde 100755 --- a/acceptance/setup.sh +++ b/acceptance/setup.sh @@ -17,16 +17,6 @@ if [ -z "${PAT}" ]; then PAT=$(cat ${PAT_FILE}) fi -# if [ -z "${ZITADEL_SERVICE_USER_ID}" ]; then -# echo "Reading ZITADEL_SERVICE_USER_ID from userinfo endpoint" -# USERINFO_RESPONSE=$(curl -s --request POST \ -# --url "${ZITADEL_API_INTERNAL_URL}/oidc/v1/userinfo" \ -# --header "Authorization: Bearer ${PAT}" \ -# --header "Host: ${ZITADEL_API_DOMAIN}") -# echo "Received userinfo response: ${USERINFO_RESPONSE}" -# ZITADEL_SERVICE_USER_ID=$(echo "${USERINFO_RESPONSE}" | jq --raw-output '.sub') -# fi - ################################################################# # Environment files ################################################################# From 6468c60603de35ae07defe142053f1b117c041b1 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 24 Feb 2025 18:07:09 +0100 Subject: [PATCH 22/22] rm Self hosting prefix --- apps/login/next-env-vars.d.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index 527fdc3505..691bfa6f56 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -10,12 +10,12 @@ declare namespace NodeJS { SYSTEM_USER_PRIVATE_KEY: string; // The fallback service user private key /** - * Self hosting: The Zitadel API url + * The Zitadel API url */ ZITADEL_API_URL: string; /** - * Self hosting: The service user token + * The service user token */ ZITADEL_SERVICE_USER_TOKEN: string;