Merge branch 'main' into qa

2025-12-13 21:40:45 +00:00 · 2025-02-26 08:43:24 +01:00
parent 52a99d3840 1553b76d74
commit 5a22cff831
11 changed files with 32 additions and 75 deletions
--- a/apps/login/.env.integration
+++ b/apps/login/.env.integration
@@ -1,5 +1,4 @@
 ZITADEL_API_URL=http://localhost:22222
-ZITADEL_SERVICE_USER_ID="yolo"
 ZITADEL_SERVICE_USER_TOKEN="yolo"
 EMAIL_VERIFICATION=true
 DEBUG=true
--- a/apps/login/next-env-vars.d.ts
+++ b/apps/login/next-env-vars.d.ts
@@ -10,24 +10,12 @@ declare namespace NodeJS {
    SYSTEM_USER_PRIVATE_KEY: string; // The fallback service user private key

    /**
-     * Self hosting: The Zitadel API url
+     * The Zitadel API url
     */
    ZITADEL_API_URL: string;

    /**
-     * Takes effect only if ZITADEL_API_URL is not empty.
-     * This is only relevant if Zitadels runtime has the ZITADEL_INSTANCEHOSTHEADERS config changed.
-     * The default is x-zitadel-instance-host.
-     * Most users don't need to set this variable.
-     */
-    ZITADEL_INSTANCE_HOST_HEADER: string;
-
-    /**
-     * Self hosting: The service user id
-     */
-    ZITADEL_SERVICE_USER_ID: string;
-    /**
-     * Self hosting: The service user token
+     * The service user token
     */
    ZITADEL_SERVICE_USER_TOKEN: string;

@@ -35,5 +23,11 @@ declare namespace NodeJS {
     * Optional: wheter a user must have verified email
     */
    EMAIL_VERIFICATION: string;
+
+    /**
+     * Optional: custom request headers to be added to every request
+     * Split by comma, key value pairs separated by colon
+     */
+    CUSTOM_REQUEST_HEADERS: string;
  }
 }
--- a/apps/login/src/lib/service.ts
+++ b/apps/login/src/lib/service.ts
@@ -44,26 +44,23 @@ export async function createServiceForHost<T extends ServiceClass>(
    throw new Error("No token found");
  }

-  const instanceHost = new URL(serviceUrl).host;
  const transport = createServerTransport(token, {
-    baseUrl: process.env.ZITADEL_API_URL ?? serviceUrl,
-    interceptors:
-      (process.env.ZITADEL_API_URL &&
-        process.env.ZITADEL_API_URL != serviceUrl) ||
-      process.env.ZITADEL_INSTANCE_HOST_HEADER
-        ? [
-            (next) => {
-              return (req) => {
-                req.header.set(
-                  process.env.ZITADEL_INSTANCE_HOST_HEADER ??
-                    "x-zitadel-instance-host",
-                  instanceHost,
-                );
-                return next(req);
-              };
-            },
-          ]
-        : undefined,
+    baseUrl: serviceUrl,
+    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
+      ? undefined
+      : [
+          (next) => {
+            return (req) => {
+              process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach(
+                (header) => {
+                  const kv = header.split(":");
+                  req.header.set(kv[0], kv[1]);
+                },
+              );
+              return next(req);
+            };
+          },
+        ],
  });

  return createClientFor<T>(service)(transport);
--- a/apps/login/src/middleware.ts
+++ b/apps/login/src/middleware.ts
@@ -13,11 +13,7 @@ export const config = {

 export async function middleware(request: NextRequest) {
  // escape proxy if the environment is setup for multitenancy
-  if (
-    !process.env.ZITADEL_API_URL ||
-    !process.env.ZITADEL_SERVICE_USER_ID ||
-    !process.env.ZITADEL_SERVICE_USER_TOKEN
-  ) {
+  if (!process.env.ZITADEL_API_URL || !process.env.ZITADEL_SERVICE_USER_TOKEN) {
    return NextResponse.next();
  }

@@ -28,10 +24,6 @@ export async function middleware(request: NextRequest) {
  const instanceHost = `${serviceUrl}`.replace("https://", "");

  const requestHeaders = new Headers(request.headers);
-  requestHeaders.set(
-    "x-zitadel-login-client",
-    process.env.ZITADEL_SERVICE_USER_ID,
-  );

  // this is a workaround for the next.js server not forwarding the host header
  // requestHeaders.set("x-zitadel-forwarded", `host="${request.nextUrl.host}"`);