client server packages

packages/zitadel-client/src/admin.ts

@@ -0,0 +1,28 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import {
+  AdminServiceClient,
+  AdminServiceDefinition,
+} from "./proto/server/zitadel/admin";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getAdmin = () =>
+  createClient<AdminServiceClient>(
+    AdminServiceDefinition as CompatServiceDefinition,
+    process.env.ZITADEL_ADMIN_TOKEN ?? ""
+  );

packages/zitadel-client/src/app.ts

@@ -0,0 +1,45 @@
+/**
+ * Return a slugified copy of a string.
+ *
+ * @param {CoreProps} str The ZITADEL client configuration
+ * @return {Core} The client implementation.
+ */
+
+let apps: ZitadelApp[] = [];
+
+export interface ZitadelCoreProps {
+  clientId: string;
+  apiUrl: string; // process.env.ZITADEL_API_URL
+  token: string;
+  adminToken?: string;
+  managementToken?: string;
+}
+
+export interface ZitadelOptions extends ZitadelCoreProps {
+  name?: string;
+}
+
+export interface ZitadelApp {
+  name: string | undefined;
+  config: ZitadelCoreProps;
+}
+
+export async function initializeApp(
+  config: ZitadelCoreProps,
+  name?: string
+): Promise<ZitadelApp> {
+  const app = { config, name };
+  return app;
+}
+
+export function getApps(): ZitadelApp[] {
+  return apps;
+}
+
+export function getApp(name?: string): ZitadelApp | undefined {
+  return name
+    ? apps.find((a) => a.name === name)
+    : apps.length === 1
+    ? apps[0]
+    : undefined;
+}

packages/zitadel-client/src/auth.ts

@@ -0,0 +1,25 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import { ZitadelApp } from "./app";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export async function getAuth(app?: ZitadelApp): Promise<AuthServiceClient> {
+  return createClient<AuthServiceClient>(
+    AuthServiceDefinition as CompatServiceDefinition,
+    ""
+  );
+}

packages/zitadel-client/src/index.ts

@@ -0,0 +1,8 @@
+export { initializeApp, getApps } from "./app";
+
+export { getAuth } from "./auth";
+export { getManagement } from "./management";
+export { getAdmin } from "./admin";
+export { getSystem } from "./system";
+
+export type { ZitadelOptions } from "./app";

packages/zitadel-client/src/management.ts

@@ -0,0 +1,45 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  ManagementServiceClient,
+  ManagementServiceDefinition,
+} from "./proto/server/zitadel/management";
+
+import { authMiddleware } from "./middleware";
+import { ZitadelApp, getApps } from "./app";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  apiUrl: string,
+  token: string
+) => {
+  if (!apiUrl) {
+    throw Error("ZITADEL_API_URL not set");
+  }
+
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(token))
+    .create(definition, channel) as Client;
+};
+
+export const getManagement = (app?: string | ZitadelApp) => {
+  let config;
+  if (app && typeof app === "string") {
+    const apps = getApps();
+    config = apps.find((a) => a.name === app)?.config;
+  } else if (app && typeof app === "object") {
+    config = app.config;
+  }
+
+  if (!config) {
+    throw Error("No ZITADEL app found");
+  }
+
+  return createClient<ManagementServiceClient>(
+    ManagementServiceDefinition as CompatServiceDefinition,
+    config.apiUrl,
+    config.token
+  );
+};

packages/zitadel-client/src/middleware.ts

@@ -0,0 +1,14 @@
+import { CallOptions, ClientMiddlewareCall, Metadata } from "nice-grpc";
+
+export const authMiddleware = (token: string) =>
+  async function* <Request, Response>(
+    call: ClientMiddlewareCall<Request, Response>,
+    options: CallOptions
+  ) {
+    if (!options.metadata?.has("authorization")) {
+      options.metadata ??= new Metadata();
+      options.metadata?.set("authorization", `Bearer ${token}`);
+    }
+
+    return yield* call.next(call.request, options);
+  };

packages/zitadel-client/src/system.ts

@@ -0,0 +1,35 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { importPKCS8, SignJWT } from "jose";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  SystemServiceClient,
+  SystemServiceDefinition,
+} from "./proto/server/zitadel/system";
+import { authMiddleware } from "./middleware";
+
+const createSystemClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_SYSTEM_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getSystem = async () => {
+  const token = await new SignJWT({})
+    .setProtectedHeader({ alg: "RS256" })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .setIssuer(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
+    .setSubject(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
+    .setAudience(process.env.ZITADEL_ISSUER ?? "")
+    .sign(await importPKCS8(process.env.ZITADEL_SYSTEM_API_KEY ?? "", "RS256"));
+
+  return createSystemClient<SystemServiceClient>(
+    SystemServiceDefinition as CompatServiceDefinition,
+    token
+  );
+};