Merge pull request #502 from zitadel/fix-custom-request-headers-in-login

fix: use custom req headers in all server requests
2025-08-11 15:27:33 +00:00 · 2025-07-01 17:13:08 +02:00
parent 2efd70717f a634c60232
commit 9a26f49a0c
5 changed files with 36 additions and 33 deletions
--- a/apps/login/next-env-vars.d.ts
+++ b/apps/login/next-env-vars.d.ts
@@ -28,6 +28,6 @@ declare namespace NodeJS {
     * Optional: custom request headers to be added to every request
     * Split by comma, key value pairs separated by colon
     */
-    CUSTOM_REQUEST_HEADERS: string;
+    CUSTOM_REQUEST_HEADERS?: string;
  }
 }
--- a/apps/login/src/lib/self.ts
+++ b/apps/login/src/lib/self.ts
@@ -1,20 +1,16 @@
 "use server";

-import { createServerTransport } from "@zitadel/client/node";
 import { createUserServiceClient } from "@zitadel/client/v2";
 import { headers } from "next/headers";
 import { getSessionCookieById } from "./cookies";
 import { getServiceUrlFromHeaders } from "./service-url";
-import { getSession } from "./zitadel";
-
-const transport = async (serviceUrl: string, token: string) => {
-  return createServerTransport(token, {
-    baseUrl: serviceUrl,
-  });
-};
+import { createServerTransport, getSession } from "./zitadel";

 const myUserService = async (serviceUrl: string, sessionToken: string) => {
-  const transportPromise = await transport(serviceUrl, sessionToken);
+  const transportPromise = await createServerTransport(
+    sessionToken,
+    serviceUrl,
+  );
  return createUserServiceClient(transportPromise);
 };

--- a/apps/login/src/lib/server/password.ts
+++ b/apps/login/src/lib/server/password.ts
@@ -17,7 +17,6 @@ import {
  setUserPassword,
 } from "@/lib/zitadel";
 import { ConnectError, create } from "@zitadel/client";
-import { createServerTransport } from "@zitadel/client/node";
 import { createUserServiceClient } from "@zitadel/client/v2";
 import {
  Checks,
@@ -39,6 +38,7 @@ import {
  checkPasswordChangeRequired,
  checkUserVerification,
 } from "../verify-helper";
+import { createServerTransport } from "../zitadel";

 type ResetPasswordCommand = {
  loginName: string;
@@ -428,9 +428,7 @@ export async function checkSessionAndSetPassword({
    });
  } else {
    const transport = async (serviceUrl: string, token: string) => {
-      return createServerTransport(token, {
-        baseUrl: serviceUrl,
-      });
+      return createServerTransport(token, serviceUrl);
    };

    const myUserService = async (serviceUrl: string, sessionToken: string) => {
--- a/apps/login/src/lib/service.ts
+++ b/apps/login/src/lib/service.ts
@@ -1,5 +1,4 @@
 import { createClientFor } from "@zitadel/client";
-import { createServerTransport } from "@zitadel/client/node";
 import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
 import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
 import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_pb";
@@ -8,6 +7,7 @@ import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_servic
 import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
 import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { systemAPIToken } from "./api";
+import { createServerTransport } from "./zitadel";

 type ServiceClass =
  | typeof IdentityProviderService
@@ -43,24 +43,7 @@ export async function createServiceForHost<T extends ServiceClass>(
    throw new Error("No token found");
  }

-  const transport = createServerTransport(token, {
-    baseUrl: serviceUrl,
-    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
-      ? undefined
-      : [
-          (next) => {
-            return (req) => {
-              process.env.CUSTOM_REQUEST_HEADERS.split(",").forEach(
-                (header) => {
-                  const kv = header.split(":");
-                  req.header.set(kv[0], kv[1]);
-                },
-              );
-              return next(req);
-            };
-          },
-        ],
-  });
+  const transport = createServerTransport(token, serviceUrl);

  return createClientFor<T>(service)(transport);
 }
--- a/apps/login/src/lib/zitadel.ts
+++ b/apps/login/src/lib/zitadel.ts
@@ -1,4 +1,5 @@
 import { Client, create, Duration } from "@zitadel/client";
+import { createServerTransport as libCreateServerTransport } from "@zitadel/client/node";
 import { makeReqCtx } from "@zitadel/client/v2";
 import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
 import {
@@ -1497,3 +1498,28 @@ export async function listAuthenticationMethodTypes({
    userId,
  });
 }
+
+export function createServerTransport(token: string, baseUrl: string) {
+  return libCreateServerTransport(token, {
+    baseUrl,
+    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
+      ? undefined
+      : [
+          (next) => {
+            return (req) => {
+              process.env
+                .CUSTOM_REQUEST_HEADERS!.split(",")
+                .forEach((header) => {
+                  const kv = header.split(":");
+                  if (kv.length === 2) {
+                    req.header.set(kv[0].trim(), kv[1].trim());
+                  } else {
+                    console.warn(`Skipping malformed header: ${header}`);
+                  }
+                });
+              return next(req);
+            };
+          },
+        ],
+  });
+}