Merge pull request #502 from zitadel/fix-custom-request-headers-in-login

fix: use custom req headers in all server requests

apps/login/next-env-vars.d.ts

@@ -28,6 +28,6 @@ declare namespace NodeJS {
      * Optional: custom request headers to be added to every request
      * Split by comma, key value pairs separated by colon
      */
-    CUSTOM_REQUEST_HEADERS: string;
+    CUSTOM_REQUEST_HEADERS?: string;
   }
 }

apps/login/src/lib/self.ts

@@ -1,20 +1,16 @@
 "use server";
 
-import { createServerTransport } from "@zitadel/client/node";
 import { createUserServiceClient } from "@zitadel/client/v2";
 import { headers } from "next/headers";
 import { getSessionCookieById } from "./cookies";
 import { getServiceUrlFromHeaders } from "./service-url";
-import { getSession } from "./zitadel";
+import { createServerTransport, getSession } from "./zitadel";
-
-const transport = async (serviceUrl: string, token: string) => {
-  return createServerTransport(token, {
-    baseUrl: serviceUrl,
-  });
-};
 
 const myUserService = async (serviceUrl: string, sessionToken: string) => {
-  const transportPromise = await transport(serviceUrl, sessionToken);
+  const transportPromise = await createServerTransport(
+    sessionToken,
+    serviceUrl,
+  );
   return createUserServiceClient(transportPromise);
 };
 

apps/login/src/lib/server/password.ts

@@ -17,7 +17,6 @@ import {
   setUserPassword,
 } from "@/lib/zitadel";
 import { ConnectError, create } from "@zitadel/client";
-import { createServerTransport } from "@zitadel/client/node";
 import { createUserServiceClient } from "@zitadel/client/v2";
 import {
   Checks,
@@ -39,6 +38,7 @@ import {
   checkPasswordChangeRequired,
   checkUserVerification,
 } from "../verify-helper";
+import { createServerTransport } from "../zitadel";
 
 type ResetPasswordCommand = {
   loginName: string;
@@ -428,9 +428,7 @@ export async function checkSessionAndSetPassword({
     });
   } else {
     const transport = async (serviceUrl: string, token: string) => {
-      return createServerTransport(token, {
+      return createServerTransport(token, serviceUrl);
-        baseUrl: serviceUrl,
-      });
     };
 
     const myUserService = async (serviceUrl: string, sessionToken: string) => {

apps/login/src/lib/service.ts

@@ -1,5 +1,4 @@
 import { createClientFor } from "@zitadel/client";
-import { createServerTransport } from "@zitadel/client/node";
 import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
 import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
 import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_pb";
@@ -8,6 +7,7 @@ import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_servic
 import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
 import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { systemAPIToken } from "./api";
+import { createServerTransport } from "./zitadel";
 
 type ServiceClass =
   | typeof IdentityProviderService
@@ -43,24 +43,7 @@ export async function createServiceForHost<T extends ServiceClass>(
     throw new Error("No token found");
   }
 
-  const transport = createServerTransport(token, {
+  const transport = createServerTransport(token, serviceUrl);
-    baseUrl: serviceUrl,
-    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
-      ? undefined
-      : [
-          (next) => {
-            return (req) => {
-              process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach(
-                (header) => {
-                  const kv = header.split(":");
-                  req.header.set(kv[0], kv[1]);
-                },
-              );
-              return next(req);
-            };
-          },
-        ],
-  });
 
   return createClientFor<T>(service)(transport);
 }

apps/login/src/lib/zitadel.ts

@@ -1,4 +1,5 @@
 import { Client, create, Duration } from "@zitadel/client";
+import { createServerTransport as libCreateServerTransport } from "@zitadel/client/node";
 import { makeReqCtx } from "@zitadel/client/v2";
 import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
 import {
@@ -1497,3 +1498,28 @@ export async function listAuthenticationMethodTypes({
     userId,
   });
 }
+
+export function createServerTransport(token: string, baseUrl: string) {
+  return libCreateServerTransport(token, {
+    baseUrl,
+    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
+      ? undefined
+      : [
+          (next) => {
+            return (req) => {
+              process.env
+                .CUSTOM_REQUEST_HEADERS!.split(",")
+                .forEach((header) => {
+                  const kv = header.split(":");
+                  if (kv.length === 2) {
+                    req.header.set(kv[0].trim(), kv[1].trim());
+                  } else {
+                    console.warn(`Skipping malformed header: ${header}`);
+                  }
+                });
+              return next(req);
+            };
+          },
+        ],
+  });
+}