Merge branch 'dev' of github.com:zitadel/typescript into dev

apps/login/src/app/login/route.ts

@@ -201,7 +201,7 @@ async function findValidSession(
 }
 
 function constructUrl(request: NextRequest, path: string) {
-  const forwardedHost = request.headers.get("x-zitadel-forward-host");
+  const forwardedHost = request.headers.get("host");
   const basePath = process.env.NEXT_PUBLIC_BASE_PATH || "";
   return new URL(
     `${basePath}${path}`,

apps/login/src/lib/api.ts

@@ -1,37 +1,14 @@
 import { newSystemToken } from "@zitadel/client/node";
 
-export async function systemAPIToken({
+export async function systemAPIToken() {
-  serviceRegion,
-}: {
-  serviceRegion: string;
-}) {
-  const prefix = serviceRegion.toUpperCase();
   const token = {
-    audience: process.env[prefix + "_AUDIENCE"],
+    audience: process.env.AUDIENCE,
-    userID: process.env[prefix + "_SYSTEM_USER_ID"],
+    userID: process.env.SYSTEM_USER_ID,
-    token: Buffer.from(
+    token: Buffer.from(process.env.SYSTEM_USER_PRIVATE_KEY, "base64").toString(
-      process.env[prefix.toUpperCase() + "_SYSTEM_USER_PRIVATE_KEY"] as string,
+      "utf-8",
-      "base64",
+    ),
-    ).toString("utf-8"),
   };
 
-  if (!token.audience || !token.userID || !token.token) {
-    const fallbackToken = {
-      audience: process.env.AUDIENCE,
-      userID: process.env.SYSTEM_USER_ID,
-      token: Buffer.from(
-        process.env.SYSTEM_USER_PRIVATE_KEY,
-        "base64",
-      ).toString("utf-8"),
-    };
-
-    return newSystemToken({
-      audience: fallbackToken.audience,
-      subject: fallbackToken.userID,
-      key: fallbackToken.token,
-    });
-  }
-
   return newSystemToken({
     audience: token.audience,
     subject: token.userID,

apps/login/src/lib/service.ts

@@ -20,17 +20,17 @@ type ServiceClass =
 export async function createServiceForHost<T extends ServiceClass>(
   service: T,
   serviceUrl: string,
-  serviceRegion: string,
+  serviceRegion?: string,
 ) {
   let token;
 
   // if we are running in a multitenancy context, use the system user token
   if (
-    process.env[serviceRegion + "_AUDIENCE"] &&
+    process.env.AUDIENCE &&
-    process.env[serviceRegion + "_SYSTEM_USER_ID"] &&
+    process.env.SYSTEM_USER_ID &&
-    process.env[serviceRegion + "_SYSTEM_USER_PRIVATE_KEY"]
+    process.env.SYSTEM_USER_PRIVATE_KEY
   ) {
-    token = await systemAPIToken({ serviceRegion });
+    token = await systemAPIToken();
   } else if (process.env.ZITADEL_SERVICE_USER_TOKEN) {
     token = process.env.ZITADEL_SERVICE_USER_TOKEN;
   }
@@ -51,7 +51,7 @@ export async function createServiceForHost<T extends ServiceClass>(
 }
 
 /**
- * Extracts the service url and region from the headers if used in a multitenant context (x-zitadel-forward-host, x-zitade-region header)
+ * Extracts the service url and region from the headers if used in a multitenant context (host, x-zitade-region header)
  * or falls back to the ZITADEL_API_URL for a self hosting deployment
  * or falls back to the host header for a self hosting deployment using custom domains
  * @param headers
@@ -65,7 +65,7 @@ export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
 } {
   let instanceUrl;
 
-  const forwardedHost = headers.get("x-zitadel-forward-host");
+  const forwardedHost = headers.get("host");
   // use the forwarded host if available (multitenant), otherwise fall back to the host of the deployment itself
   if (forwardedHost) {
     instanceUrl = forwardedHost;