From 68515bda7e69c29011681bec5dca31ff5929ae44 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Wed, 29 Jan 2025 10:44:26 +0100 Subject: [PATCH] escape proxy for multitenant scenario, rename fcn --- apps/login/src/app/(login)/accounts/page.tsx | 4 ++-- .../app/(login)/authenticator/set/page.tsx | 4 ++-- .../(login)/idp/[provider]/failure/page.tsx | 4 ++-- .../(login)/idp/[provider]/success/page.tsx | 4 ++-- apps/login/src/app/(login)/idp/page.tsx | 4 ++-- apps/login/src/app/(login)/invite/page.tsx | 4 ++-- .../src/app/(login)/invite/success/page.tsx | 4 ++-- apps/login/src/app/(login)/loginname/page.tsx | 4 ++-- apps/login/src/app/(login)/mfa/page.tsx | 4 ++-- apps/login/src/app/(login)/mfa/set/page.tsx | 4 ++-- .../src/app/(login)/otp/[method]/page.tsx | 4 ++-- .../src/app/(login)/otp/[method]/set/page.tsx | 4 ++-- apps/login/src/app/(login)/passkey/page.tsx | 4 ++-- .../src/app/(login)/passkey/set/page.tsx | 4 ++-- .../src/app/(login)/password/change/page.tsx | 4 ++-- apps/login/src/app/(login)/password/page.tsx | 4 ++-- .../src/app/(login)/password/set/page.tsx | 4 ++-- apps/login/src/app/(login)/register/page.tsx | 4 ++-- .../app/(login)/register/password/page.tsx | 4 ++-- apps/login/src/app/(login)/signedin/page.tsx | 4 ++-- apps/login/src/app/(login)/u2f/page.tsx | 4 ++-- apps/login/src/app/(login)/u2f/set/page.tsx | 4 ++-- apps/login/src/app/(login)/verify/page.tsx | 4 ++-- apps/login/src/app/login/route.ts | 4 ++-- apps/login/src/lib/self.ts | 4 ++-- apps/login/src/lib/server/cookie.ts | 8 ++++---- apps/login/src/lib/server/idp.ts | 6 +++--- apps/login/src/lib/server/invite.ts | 4 ++-- apps/login/src/lib/server/loginname.ts | 8 ++++---- apps/login/src/lib/server/otp.ts | 4 ++-- apps/login/src/lib/server/passkeys.ts | 8 ++++---- apps/login/src/lib/server/password.ts | 10 +++++----- apps/login/src/lib/server/register.ts | 4 ++-- apps/login/src/lib/server/session.ts | 10 +++++----- apps/login/src/lib/server/u2f.ts | 6 +++--- apps/login/src/lib/server/verify.ts | 10 +++++----- apps/login/src/lib/service.ts | 3 ++- apps/login/src/middleware.ts | 19 ++++++++++--------- 38 files changed, 101 insertions(+), 99 deletions(-) diff --git a/apps/login/src/app/(login)/accounts/page.tsx b/apps/login/src/app/(login)/accounts/page.tsx index bd0b428aae8..e9518dbfb5b 100644 --- a/apps/login/src/app/(login)/accounts/page.tsx +++ b/apps/login/src/app/(login)/accounts/page.tsx @@ -1,7 +1,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SessionsList } from "@/components/sessions-list"; import { getAllSessionCookieIds } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings, getDefaultOrg, @@ -39,7 +39,7 @@ export default async function Page(props: { const organization = searchParams?.organization; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); let defaultOrganization; if (!organization) { diff --git a/apps/login/src/app/(login)/authenticator/set/page.tsx b/apps/login/src/app/(login)/authenticator/set/page.tsx index dd99ad043f2..28bc0b70774 100644 --- a/apps/login/src/app/(login)/authenticator/set/page.tsx +++ b/apps/login/src/app/(login)/authenticator/set/page.tsx @@ -5,7 +5,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SignInWithIdp } from "@/components/sign-in-with-idp"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getActiveIdentityProviders, @@ -30,7 +30,7 @@ export default async function Page(props: { const { loginName, authRequestId, organization, sessionId } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionWithData = sessionId ? await loadSessionById(serviceUrl, sessionId, organization) diff --git a/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx b/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx index ed7b63092bd..bb1272f332b 100644 --- a/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx +++ b/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx @@ -1,5 +1,5 @@ import { DynamicTheme } from "@/components/dynamic-theme"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings } from "@/lib/zitadel"; import { IdentityProviderType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb"; import { getLocale, getTranslations } from "next-intl/server"; @@ -25,7 +25,7 @@ export default async function Page(props: { const { organization } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const branding = await getBrandingSettings({ serviceUrl, organization }); diff --git a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx index c39f2515ab7..0d26606a3e0 100644 --- a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx +++ b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx @@ -5,7 +5,7 @@ import { linkingSuccess } from "@/components/idps/pages/linking-success"; import { loginFailed } from "@/components/idps/pages/login-failed"; import { loginSuccess } from "@/components/idps/pages/login-success"; import { idpTypeToIdentityProviderType, PROVIDER_MAPPING } from "@/lib/idp"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { addHuman, addIDPLink, @@ -40,7 +40,7 @@ export default async function Page(props: { const { provider } = params; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const branding = await getBrandingSettings({ serviceUrl, organization }); diff --git a/apps/login/src/app/(login)/idp/page.tsx b/apps/login/src/app/(login)/idp/page.tsx index da545f7a6e0..bda16051af9 100644 --- a/apps/login/src/app/(login)/idp/page.tsx +++ b/apps/login/src/app/(login)/idp/page.tsx @@ -1,6 +1,6 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SignInWithIdp } from "@/components/sign-in-with-idp"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getActiveIdentityProviders, getBrandingSettings } from "@/lib/zitadel"; import { getLocale, getTranslations } from "next-intl/server"; import { headers } from "next/headers"; @@ -16,7 +16,7 @@ export default async function Page(props: { const organization = searchParams?.organization; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const identityProviders = await getActiveIdentityProviders({ serviceUrl, diff --git a/apps/login/src/app/(login)/invite/page.tsx b/apps/login/src/app/(login)/invite/page.tsx index 4378a3e2d68..cc06281eecb 100644 --- a/apps/login/src/app/(login)/invite/page.tsx +++ b/apps/login/src/app/(login)/invite/page.tsx @@ -1,7 +1,7 @@ import { Alert, AlertType } from "@/components/alert"; import { DynamicTheme } from "@/components/dynamic-theme"; import { InviteForm } from "@/components/invite-form"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings, getDefaultOrg, @@ -21,7 +21,7 @@ export default async function Page(props: { let { firstname, lastname, email, organization } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); if (!organization) { const org = await getDefaultOrg({ serviceUrl }); diff --git a/apps/login/src/app/(login)/invite/success/page.tsx b/apps/login/src/app/(login)/invite/success/page.tsx index 5ef81fc3cb8..b8692d5c5b3 100644 --- a/apps/login/src/app/(login)/invite/success/page.tsx +++ b/apps/login/src/app/(login)/invite/success/page.tsx @@ -2,7 +2,7 @@ import { Alert, AlertType } from "@/components/alert"; import { Button, ButtonVariants } from "@/components/button"; import { DynamicTheme } from "@/components/dynamic-theme"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings, getDefaultOrg, getUserByID } from "@/lib/zitadel"; import { HumanUser, User } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { getLocale, getTranslations } from "next-intl/server"; @@ -19,7 +19,7 @@ export default async function Page(props: { let { userId, organization } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); if (!organization) { const org = await getDefaultOrg({ serviceUrl }); diff --git a/apps/login/src/app/(login)/loginname/page.tsx b/apps/login/src/app/(login)/loginname/page.tsx index b1c2d89570b..6e1a97b2b6f 100644 --- a/apps/login/src/app/(login)/loginname/page.tsx +++ b/apps/login/src/app/(login)/loginname/page.tsx @@ -1,7 +1,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SignInWithIdp } from "@/components/sign-in-with-idp"; import { UsernameForm } from "@/components/username-form"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getActiveIdentityProviders, getBrandingSettings, @@ -26,7 +26,7 @@ export default async function Page(props: { const submit: boolean = searchParams?.submit === "true"; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); let defaultOrganization; if (!organization) { diff --git a/apps/login/src/app/(login)/mfa/page.tsx b/apps/login/src/app/(login)/mfa/page.tsx index 53a5324682c..ce658129c33 100644 --- a/apps/login/src/app/(login)/mfa/page.tsx +++ b/apps/login/src/app/(login)/mfa/page.tsx @@ -4,7 +4,7 @@ import { ChooseSecondFactor } from "@/components/choose-second-factor"; import { DynamicTheme } from "@/components/dynamic-theme"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -25,7 +25,7 @@ export default async function Page(props: { const { loginName, authRequestId, organization, sessionId } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionFactors = sessionId ? await loadSessionById(serviceUrl, sessionId, organization) diff --git a/apps/login/src/app/(login)/mfa/set/page.tsx b/apps/login/src/app/(login)/mfa/set/page.tsx index e757f4139d1..a2a3c5d933f 100644 --- a/apps/login/src/app/(login)/mfa/set/page.tsx +++ b/apps/login/src/app/(login)/mfa/set/page.tsx @@ -4,7 +4,7 @@ import { ChooseSecondFactorToSetup } from "@/components/choose-second-factor-to- import { DynamicTheme } from "@/components/dynamic-theme"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -52,7 +52,7 @@ export default async function Page(props: { } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionWithData = sessionId ? await loadSessionById(serviceUrl, sessionId, organization) diff --git a/apps/login/src/app/(login)/otp/[method]/page.tsx b/apps/login/src/app/(login)/otp/[method]/page.tsx index f66d0ed8b01..4d29777f6be 100644 --- a/apps/login/src/app/(login)/otp/[method]/page.tsx +++ b/apps/login/src/app/(login)/otp/[method]/page.tsx @@ -3,7 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { LoginOTP } from "@/components/login-otp"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -24,7 +24,7 @@ export default async function Page(props: { const tError = await getTranslations({ locale, namespace: "error" }); const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { diff --git a/apps/login/src/app/(login)/otp/[method]/set/page.tsx b/apps/login/src/app/(login)/otp/[method]/set/page.tsx index dc10eee4367..1e80d847a26 100644 --- a/apps/login/src/app/(login)/otp/[method]/set/page.tsx +++ b/apps/login/src/app/(login)/otp/[method]/set/page.tsx @@ -4,7 +4,7 @@ import { Button, ButtonVariants } from "@/components/button"; import { DynamicTheme } from "@/components/dynamic-theme"; import { TotpRegister } from "@/components/totp-register"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { addOTPEmail, @@ -34,7 +34,7 @@ export default async function Page(props: { const { method } = params; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const branding = await getBrandingSettings({ serviceUrl, organization }); const loginSettings = await getLoginSettings({ serviceUrl, organization }); diff --git a/apps/login/src/app/(login)/passkey/page.tsx b/apps/login/src/app/(login)/passkey/page.tsx index e28426e0a97..7dbede8871f 100644 --- a/apps/login/src/app/(login)/passkey/page.tsx +++ b/apps/login/src/app/(login)/passkey/page.tsx @@ -3,7 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { LoginPasskey } from "@/components/login-passkey"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -25,7 +25,7 @@ export default async function Page(props: { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionFactors = sessionId ? await loadSessionById(serviceUrl, sessionId, organization) diff --git a/apps/login/src/app/(login)/passkey/set/page.tsx b/apps/login/src/app/(login)/passkey/set/page.tsx index 20b2038ced5..1035f4b55eb 100644 --- a/apps/login/src/app/(login)/passkey/set/page.tsx +++ b/apps/login/src/app/(login)/passkey/set/page.tsx @@ -2,7 +2,7 @@ import { Alert, AlertType } from "@/components/alert"; import { DynamicTheme } from "@/components/dynamic-theme"; import { RegisterPasskey } from "@/components/register-passkey"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings } from "@/lib/zitadel"; import { getLocale, getTranslations } from "next-intl/server"; @@ -20,7 +20,7 @@ export default async function Page(props: { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const session = await loadMostRecentSession({ serviceUrl, diff --git a/apps/login/src/app/(login)/password/change/page.tsx b/apps/login/src/app/(login)/password/change/page.tsx index 1da5945f676..4ea08083951 100644 --- a/apps/login/src/app/(login)/password/change/page.tsx +++ b/apps/login/src/app/(login)/password/change/page.tsx @@ -2,7 +2,7 @@ import { Alert } from "@/components/alert"; import { ChangePasswordForm } from "@/components/change-password-form"; import { DynamicTheme } from "@/components/dynamic-theme"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -16,7 +16,7 @@ export default async function Page(props: { searchParams: Promise>; }) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const searchParams = await props.searchParams; const locale = getLocale(); diff --git a/apps/login/src/app/(login)/password/page.tsx b/apps/login/src/app/(login)/password/page.tsx index b2075ba4631..e794f7bbbcc 100644 --- a/apps/login/src/app/(login)/password/page.tsx +++ b/apps/login/src/app/(login)/password/page.tsx @@ -2,7 +2,7 @@ import { Alert } from "@/components/alert"; import { DynamicTheme } from "@/components/dynamic-theme"; import { PasswordForm } from "@/components/password-form"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -25,7 +25,7 @@ export default async function Page(props: { let { loginName, organization, authRequestId, alt } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); let defaultOrganization; if (!organization) { diff --git a/apps/login/src/app/(login)/password/set/page.tsx b/apps/login/src/app/(login)/password/set/page.tsx index a289798c5da..2f29a66630a 100644 --- a/apps/login/src/app/(login)/password/set/page.tsx +++ b/apps/login/src/app/(login)/password/set/page.tsx @@ -2,7 +2,7 @@ import { Alert, AlertType } from "@/components/alert"; import { DynamicTheme } from "@/components/dynamic-theme"; import { SetPasswordForm } from "@/components/set-password-form"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -27,7 +27,7 @@ export default async function Page(props: { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); // also allow no session to be found (ignoreUnkownUsername) let session: Session | undefined; diff --git a/apps/login/src/app/(login)/register/page.tsx b/apps/login/src/app/(login)/register/page.tsx index e1bf29bff47..adb1f28310e 100644 --- a/apps/login/src/app/(login)/register/page.tsx +++ b/apps/login/src/app/(login)/register/page.tsx @@ -1,6 +1,6 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { RegisterForm } from "@/components/register-form"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings, getDefaultOrg, @@ -23,7 +23,7 @@ export default async function Page(props: { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); if (!organization) { const org: Organization | null = await getDefaultOrg({ serviceUrl }); diff --git a/apps/login/src/app/(login)/register/password/page.tsx b/apps/login/src/app/(login)/register/password/page.tsx index b5d6fd36fc5..2eac65536db 100644 --- a/apps/login/src/app/(login)/register/password/page.tsx +++ b/apps/login/src/app/(login)/register/password/page.tsx @@ -1,6 +1,6 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SetRegisterPasswordForm } from "@/components/set-register-password-form"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { getBrandingSettings, getDefaultOrg, @@ -23,7 +23,7 @@ export default async function Page(props: { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); if (!organization) { const org: Organization | null = await getDefaultOrg({ serviceUrl }); diff --git a/apps/login/src/app/(login)/signedin/page.tsx b/apps/login/src/app/(login)/signedin/page.tsx index a7e8da1254b..f387925500a 100644 --- a/apps/login/src/app/(login)/signedin/page.tsx +++ b/apps/login/src/app/(login)/signedin/page.tsx @@ -3,7 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { SelfServiceMenu } from "@/components/self-service-menu"; import { UserAvatar } from "@/components/user-avatar"; import { getMostRecentCookieWithLoginname } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { createCallback, getBrandingSettings, @@ -61,7 +61,7 @@ export default async function Page(props: { searchParams: Promise }) { const t = await getTranslations({ locale, namespace: "signedin" }); const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const { loginName, authRequestId, organization } = searchParams; const sessionFactors = await loadSession( diff --git a/apps/login/src/app/(login)/u2f/page.tsx b/apps/login/src/app/(login)/u2f/page.tsx index 4961773ab97..c5db30a21c5 100644 --- a/apps/login/src/app/(login)/u2f/page.tsx +++ b/apps/login/src/app/(login)/u2f/page.tsx @@ -3,7 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme"; import { LoginPasskey } from "@/components/login-passkey"; import { UserAvatar } from "@/components/user-avatar"; import { getSessionCookieById } from "@/lib/cookies"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, getSession } from "@/lib/zitadel"; import { getLocale, getTranslations } from "next-intl/server"; @@ -20,7 +20,7 @@ export default async function Page(props: { const { loginName, authRequestId, sessionId, organization } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { diff --git a/apps/login/src/app/(login)/u2f/set/page.tsx b/apps/login/src/app/(login)/u2f/set/page.tsx index de4a0ff6d4a..79f5d3ab504 100644 --- a/apps/login/src/app/(login)/u2f/set/page.tsx +++ b/apps/login/src/app/(login)/u2f/set/page.tsx @@ -2,7 +2,7 @@ import { Alert } from "@/components/alert"; import { DynamicTheme } from "@/components/dynamic-theme"; import { RegisterU2f } from "@/components/register-u2f"; import { UserAvatar } from "@/components/user-avatar"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings } from "@/lib/zitadel"; import { getLocale, getTranslations } from "next-intl/server"; @@ -19,7 +19,7 @@ export default async function Page(props: { const { loginName, organization, authRequestId, checkAfter } = searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionFactors = await loadMostRecentSession({ serviceUrl, diff --git a/apps/login/src/app/(login)/verify/page.tsx b/apps/login/src/app/(login)/verify/page.tsx index 21354cfe4f4..09e4eaba190 100644 --- a/apps/login/src/app/(login)/verify/page.tsx +++ b/apps/login/src/app/(login)/verify/page.tsx @@ -4,7 +4,7 @@ import { UserAvatar } from "@/components/user-avatar"; import { VerifyForm } from "@/components/verify-form"; import { VerifyRedirectButton } from "@/components/verify-redirect-button"; import { sendEmailCode } from "@/lib/server/verify"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { loadMostRecentSession } from "@/lib/session"; import { getBrandingSettings, @@ -26,7 +26,7 @@ export default async function Page(props: { searchParams: Promise }) { searchParams; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts index 7c4d0bbd25d..f3663425701 100644 --- a/apps/login/src/app/login/route.ts +++ b/apps/login/src/app/login/route.ts @@ -1,7 +1,7 @@ import { getAllSessions } from "@/lib/cookies"; import { idpTypeToSlug } from "@/lib/idp"; import { sendLoginname, SendLoginnameCommand } from "@/lib/server/loginname"; -import { getApiUrlOfHeaders } from "@/lib/service"; +import { getServiceUrlFromHeaders } from "@/lib/service"; import { createCallback, getActiveIdentityProviders, @@ -199,7 +199,7 @@ export async function GET(request: NextRequest) { const sessionId = searchParams.get("sessionId"); const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); // TODO: find a better way to handle _rsc (react server components) requests and block them to avoid conflicts when creating oidc callback const _rsc = searchParams.get("_rsc"); diff --git a/apps/login/src/lib/self.ts b/apps/login/src/lib/self.ts index e04caa6e38d..0553aef21bf 100644 --- a/apps/login/src/lib/self.ts +++ b/apps/login/src/lib/self.ts @@ -4,7 +4,7 @@ import { createServerTransport } from "@zitadel/client/node"; import { createUserServiceClient } from "@zitadel/client/v2"; import { headers } from "next/headers"; import { getSessionCookieById } from "./cookies"; -import { getApiUrlOfHeaders } from "./service"; +import { getServiceUrlFromHeaders } from "./service"; import { getSession } from "./zitadel"; const transport = async (serviceUrl: string, token: string) => { @@ -26,7 +26,7 @@ export async function setMyPassword({ password: string; }) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionCookie = await getSessionCookieById({ sessionId }); diff --git a/apps/login/src/lib/server/cookie.ts b/apps/login/src/lib/server/cookie.ts index 8e9f83e7c0e..9f20c1a00db 100644 --- a/apps/login/src/lib/server/cookie.ts +++ b/apps/login/src/lib/server/cookie.ts @@ -15,7 +15,7 @@ import { import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb"; import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb"; import { headers } from "next/headers"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; type CustomCookieData = { id: string; @@ -35,7 +35,7 @@ export async function createSessionAndUpdateCookie( lifetime?: Duration, ): Promise { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const createdSession = await createSessionFromChecks({ serviceUrl, @@ -97,7 +97,7 @@ export async function createSessionForIdpAndUpdateCookie( lifetime?: Duration, ): Promise { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const createdSession = await createSessionForUserIdAndIdpIntent({ serviceUrl, @@ -159,7 +159,7 @@ export async function setSessionAndUpdateCookie( lifetime?: Duration, ) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); return setSession({ serviceUrl, diff --git a/apps/login/src/lib/server/idp.ts b/apps/login/src/lib/server/idp.ts index 396bebd6b27..3e597c50415 100644 --- a/apps/login/src/lib/server/idp.ts +++ b/apps/login/src/lib/server/idp.ts @@ -7,7 +7,7 @@ import { } from "@/lib/zitadel"; import { headers } from "next/headers"; import { getNextUrl } from "../client"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { checkEmailVerification } from "../verify-helper"; import { createSessionForIdpAndUpdateCookie } from "./cookie"; @@ -19,7 +19,7 @@ export type StartIDPFlowCommand = { export async function startIDPFlow(command: StartIDPFlowCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -60,7 +60,7 @@ export async function createNewSessionFromIdpIntent( command: CreateNewSessionCommand, ) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { diff --git a/apps/login/src/lib/server/invite.ts b/apps/login/src/lib/server/invite.ts index 4249cd8d778..56986930f93 100644 --- a/apps/login/src/lib/server/invite.ts +++ b/apps/login/src/lib/server/invite.ts @@ -3,7 +3,7 @@ import { addHumanUser, createInviteCode } from "@/lib/zitadel"; import { Factors } from "@zitadel/proto/zitadel/session/v2/session_pb"; import { headers } from "next/headers"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; type InviteUserCommand = { email: string; @@ -22,7 +22,7 @@ export type RegisterUserResponse = { export async function inviteUser(command: InviteUserCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { diff --git a/apps/login/src/lib/server/loginname.ts b/apps/login/src/lib/server/loginname.ts index 1177d683e38..13bf7f0ed06 100644 --- a/apps/login/src/lib/server/loginname.ts +++ b/apps/login/src/lib/server/loginname.ts @@ -8,7 +8,7 @@ import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp"; import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb"; import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { checkInvite } from "../verify-helper"; import { getActiveIdentityProviders, @@ -34,7 +34,7 @@ const ORG_SUFFIX_REGEX = /(?<=@)(.+)/; export async function sendLoginname(command: SendLoginnameCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -80,7 +80,7 @@ export async function sendLoginname(command: SendLoginnameCommand) { if (identityProviders.length === 1) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -129,7 +129,7 @@ export async function sendLoginname(command: SendLoginnameCommand) { if (identityProviders.length === 1) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { diff --git a/apps/login/src/lib/server/otp.ts b/apps/login/src/lib/server/otp.ts index 3618b6e8c0d..72c663e9fe2 100644 --- a/apps/login/src/lib/server/otp.ts +++ b/apps/login/src/lib/server/otp.ts @@ -13,7 +13,7 @@ import { getSessionCookieById, getSessionCookieByLoginName, } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { getLoginSettings } from "../zitadel"; export type SetOTPCommand = { @@ -27,7 +27,7 @@ export type SetOTPCommand = { export async function setOTP(command: SetOTPCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const recentSession = command.sessionId ? await getSessionCookieById({ sessionId: command.sessionId }).catch( diff --git a/apps/login/src/lib/server/passkeys.ts b/apps/login/src/lib/server/passkeys.ts index 98d89ab01e7..97255ead863 100644 --- a/apps/login/src/lib/server/passkeys.ts +++ b/apps/login/src/lib/server/passkeys.ts @@ -22,7 +22,7 @@ import { getSessionCookieById, getSessionCookieByLoginName, } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { checkEmailVerification } from "../verify-helper"; import { setSessionAndUpdateCookie } from "./cookie"; @@ -43,7 +43,7 @@ export async function registerPasskeyLink( const { sessionId } = command; const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -90,7 +90,7 @@ export async function registerPasskeyLink( export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); // if no name is provided, try to generate one from the user agent let passkeyName = command.passkeyName; @@ -153,7 +153,7 @@ export async function sendPasskey(command: SendPasskeyCommand) { } const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const loginSettings = await getLoginSettings({ serviceUrl, organization }); diff --git a/apps/login/src/lib/server/password.ts b/apps/login/src/lib/server/password.ts index 91af9e1cb43..74518efabee 100644 --- a/apps/login/src/lib/server/password.ts +++ b/apps/login/src/lib/server/password.ts @@ -30,7 +30,7 @@ import { import { headers } from "next/headers"; import { getNextUrl } from "../client"; import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { checkEmailVerification, checkMFAFactors, @@ -45,7 +45,7 @@ type ResetPasswordCommand = { export async function resetPassword(command: ResetPasswordCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { @@ -85,7 +85,7 @@ export type UpdateSessionCommand = { export async function sendPassword(command: UpdateSessionCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); let sessionCookie = await getSessionCookieByLoginName({ loginName: command.loginName, @@ -255,7 +255,7 @@ export async function changePassword(command: { password: string; }) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); // check for init state const { user } = await getUserByID({ serviceUrl, userId: command.userId }); @@ -284,7 +284,7 @@ export async function checkSessionAndSetPassword({ password, }: CheckSessionAndSetPasswordCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionCookie = await getSessionCookieById({ sessionId }); diff --git a/apps/login/src/lib/server/register.ts b/apps/login/src/lib/server/register.ts index 071b008a875..67021f21f65 100644 --- a/apps/login/src/lib/server/register.ts +++ b/apps/login/src/lib/server/register.ts @@ -10,7 +10,7 @@ import { } from "@zitadel/proto/zitadel/session/v2/session_service_pb"; import { headers } from "next/headers"; import { getNextUrl } from "../client"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { checkEmailVerification } from "../verify-helper"; type RegisterUserCommand = { @@ -29,7 +29,7 @@ export type RegisterUserResponse = { }; export async function registerUser(command: RegisterUserCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { diff --git a/apps/login/src/lib/server/session.ts b/apps/login/src/lib/server/session.ts index 9387dfea707..db165dfabd1 100644 --- a/apps/login/src/lib/server/session.ts +++ b/apps/login/src/lib/server/session.ts @@ -18,14 +18,14 @@ import { getSessionCookieByLoginName, removeSessionFromCookie, } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; export async function continueWithSession({ authRequestId, ...session }: Session & { authRequestId?: string }) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const loginSettings = await getLoginSettings({ serviceUrl, @@ -88,7 +88,7 @@ export async function updateSession(options: UpdateSessionCommand) { } const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -152,7 +152,7 @@ type ClearSessionOptions = { export async function clearSession(options: ClearSessionOptions) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const { sessionId } = options; @@ -175,7 +175,7 @@ type CleanupSessionCommand = { export async function cleanupSession({ sessionId }: CleanupSessionCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const sessionCookie = await getSessionCookieById({ sessionId }); diff --git a/apps/login/src/lib/server/u2f.ts b/apps/login/src/lib/server/u2f.ts index c621eaab0d4..5eaabce5326 100644 --- a/apps/login/src/lib/server/u2f.ts +++ b/apps/login/src/lib/server/u2f.ts @@ -6,7 +6,7 @@ import { VerifyU2FRegistrationRequestSchema } from "@zitadel/proto/zitadel/user/ import { headers } from "next/headers"; import { userAgent } from "next/server"; import { getSessionCookieById } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; type RegisterU2FCommand = { sessionId: string; @@ -21,7 +21,7 @@ type VerifyU2FCommand = { export async function addU2F(command: RegisterU2FCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { @@ -59,7 +59,7 @@ export async function addU2F(command: RegisterU2FCommand) { export async function verifyU2F(command: VerifyU2FCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host || typeof host !== "string") { diff --git a/apps/login/src/lib/server/verify.ts b/apps/login/src/lib/server/verify.ts index 4ce3031eeee..6c07197b875 100644 --- a/apps/login/src/lib/server/verify.ts +++ b/apps/login/src/lib/server/verify.ts @@ -19,7 +19,7 @@ import { User } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { headers } from "next/headers"; import { getNextUrl } from "../client"; import { getSessionCookieByLoginName } from "../cookies"; -import { getApiUrlOfHeaders } from "../service"; +import { getServiceUrlFromHeaders } from "../service"; import { loadMostRecentSession } from "../session"; import { checkMFAFactors } from "../verify-helper"; import { createSessionAndUpdateCookie } from "./cookie"; @@ -30,7 +30,7 @@ export async function verifyTOTP( organization?: string, ) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); return loadMostRecentSession({ serviceUrl, @@ -62,7 +62,7 @@ type VerifyUserByEmailCommand = { export async function sendVerification(command: VerifyUserByEmailCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const verifyResponse = command.isInvite ? await verifyInviteCode({ @@ -244,7 +244,7 @@ type resendVerifyEmailCommand = { export async function resendVerification(command: resendVerifyEmailCommand) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const host = _headers.get("host"); if (!host) { @@ -290,7 +290,7 @@ export async function sendVerificationRedirectWithoutCheck( command: SendVerificationRedirectWithoutCheckCommand, ) { const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); if (!("loginName" in command || "userId" in command)) { return { error: "No userId, nor loginname provided" }; diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index e3e6ca1b0ce..3665e6f1858 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -34,9 +34,10 @@ export async function createServiceForHost( return createClientFor(service)(transport); } -export function getApiUrlOfHeaders(headers: ReadonlyHeaders): string { +export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): string { let instanceUrl: string = process.env.ZITADEL_API_URL; + // use the forwarded host if available (multitenant), otherwise fall back to the host of the deployment itself if (headers.get("x-zitadel-forward-host")) { instanceUrl = headers.get("x-zitadel-forward-host") as string; instanceUrl = instanceUrl.startsWith("https://") diff --git a/apps/login/src/middleware.ts b/apps/login/src/middleware.ts index 816ea0f066d..cbf7c12542b 100644 --- a/apps/login/src/middleware.ts +++ b/apps/login/src/middleware.ts @@ -1,6 +1,6 @@ import { headers } from "next/headers"; import { NextRequest, NextResponse } from "next/server"; -import { getApiUrlOfHeaders } from "./lib/service"; +import { getServiceUrlFromHeaders } from "./lib/service"; export const config = { matcher: [ @@ -13,16 +13,17 @@ export const config = { export async function middleware(request: NextRequest) { // escape proxy if the environment is setup for multitenancy - // if ( - // !process.env.ZITADEL_API_URL || - // !process.env.ZITADEL_USER_ID || - // !process.env.ZITADEL_USER_TOKEN - // ) { - // return NextResponse.next(); - // } + if ( + !process.env.ZITADEL_API_URL || + !process.env.ZITADEL_USER_ID || + !process.env.ZITADEL_USER_TOKEN + ) { + return NextResponse.next(); + } + const _headers = await headers(); - const serviceUrl = getApiUrlOfHeaders(_headers); + const serviceUrl = getServiceUrlFromHeaders(_headers); const instanceHost = `${serviceUrl}`.replace("https://", "");