client server packages

.gitignore

@@ -11,4 +11,5 @@ dist-ssr
 server/dist
 public/dist
 .turbo
-packages/zitadel-core/src/app/proto
+packages/zitadel-server/src/app/proto
+packages/zitadel-client/src/app/proto

README.md

@@ -9,9 +9,9 @@ This Turborepo includes the following:
 ### Apps and Packages
 
 - `login`: The new login UI powered by Next.js
-- `@zitadel/core`: core components for establishing client connection, grpc stub
+- `@zitadel/server`: core components for establishing node client connection, grpc stub
+- `@zitadel/client`: core components for establishing web client connection, grpc stub
 - `@zitadel/react`: shared React utilities and components
-<!-- - `@zitadel/client`: shared public client utilities -->
 - `@zitadel/next`: shared Next.js utilities
 - `@zitadel/tsconfig`: shared `tsconfig.json`s used throughout the monorepo
 - `eslint-config-zitadel`: ESLint preset

apps/login/lib/zitadel.ts

@@ -12,4 +12,4 @@ if (!getApps().length) {
 }
 
 const app = getApp();
-// const auth = getAuth();
+const auth = getAuth();

apps/login/package.json

@@ -17,7 +17,7 @@
     "*": "prettier --write --ignore-unknown"
   },
   "dependencies": {
-    "@zitadel/core": "workspace:*",
+    "@zitadel/server": "workspace:*",
     "@zitadel/react": "workspace:*",
     "@zitadel/next": "workspace:*",
     "@heroicons/react": "2.0.13",

packages/zitadel-client/buf.gen.yaml

@@ -0,0 +1,14 @@
+# buf.gen.yaml
+version: v1
+managed:
+  enabled: true
+plugins:
+  # - plugin: buf.build/protocolbuffers/js
+  #   out: src/app/proto/generated
+  #   opt: import_style=commonjs,binary
+  - plugin: buf.build/grpc/web
+    out: src/proto/client
+    opt: import_style=typescript,mode=grpcweb
+  # - plugin: buf.build/grpc-ecosystem/openapiv2
+  #   out: src/app/proto/generated
+  #   opt: allow_delete_body

packages/zitadel-client/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@zitadel/core",
+  "name": "@zitadel/client",
   "version": "0.0.0",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

packages/zitadel-server/.eslintrc.js

@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ["zitadel"],
+};

packages/zitadel-server/.gitignore

@@ -0,0 +1 @@
+src/proto

packages/zitadel-server/buf.gen.yaml

@@ -16,9 +16,3 @@ plugins:
   # - plugin: buf.build/protocolbuffers/js
   #   out: src/app/proto/generated
   #   opt: import_style=commonjs,binary
-  - plugin: buf.build/grpc/web
-    out: src/proto/client
-    opt: import_style=typescript,mode=grpcweb
-  # - plugin: buf.build/grpc-ecosystem/openapiv2
-  #   out: src/app/proto/generated
-  #   opt: allow_delete_body

packages/zitadel-server/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@zitadel/server",
+  "version": "0.0.0",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "sideEffects": false,
+  "license": "MIT",
+  "files": [
+    "dist/**"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts",
+    "dev": "tsup src/index.ts --format esm,cjs --watch --dts",
+    "lint": "eslint \"src/**/*.ts*\"",
+    "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist",
+    "generate": "buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel"
+  },
+  "devDependencies": {
+    "@zitadel/tsconfig": "workspace:*",
+    "eslint": "^7.32.0",
+    "eslint-config-zitadel": "workspace:*",
+    "ts-proto": "^1.139.0",
+    "tsup": "^5.10.1",
+    "typescript": "^4.5.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "jose": "^4.13.1",
+    "nice-grpc": "2.0.1",
+    "protobufjs": "^7.2.3"
+  }
+}

packages/zitadel-server/src/admin.ts

@@ -0,0 +1,28 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import {
+  AdminServiceClient,
+  AdminServiceDefinition,
+} from "./proto/server/zitadel/admin";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getAdmin = () =>
+  createClient<AdminServiceClient>(
+    AdminServiceDefinition as CompatServiceDefinition,
+    process.env.ZITADEL_ADMIN_TOKEN ?? ""
+  );

packages/zitadel-server/src/app.ts

@@ -0,0 +1,45 @@
+/**
+ * Return a slugified copy of a string.
+ *
+ * @param {CoreProps} str The ZITADEL client configuration
+ * @return {Core} The client implementation.
+ */
+
+let apps: ZitadelApp[] = [];
+
+export interface ZitadelCoreProps {
+  clientId: string;
+  apiUrl: string; // process.env.ZITADEL_API_URL
+  token: string;
+  adminToken?: string;
+  managementToken?: string;
+}
+
+export interface ZitadelOptions extends ZitadelCoreProps {
+  name?: string;
+}
+
+export interface ZitadelApp {
+  name: string | undefined;
+  config: ZitadelCoreProps;
+}
+
+export async function initializeApp(
+  config: ZitadelCoreProps,
+  name?: string
+): Promise<ZitadelApp> {
+  const app = { config, name };
+  return app;
+}
+
+export function getApps(): ZitadelApp[] {
+  return apps;
+}
+
+export function getApp(name?: string): ZitadelApp | undefined {
+  return name
+    ? apps.find((a) => a.name === name)
+    : apps.length === 1
+    ? apps[0]
+    : undefined;
+}

packages/zitadel-server/src/auth.ts

@@ -0,0 +1,25 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import { ZitadelApp } from "./app";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export async function getAuth(app?: ZitadelApp): Promise<AuthServiceClient> {
+  return createClient<AuthServiceClient>(
+    AuthServiceDefinition as CompatServiceDefinition,
+    ""
+  );
+}

packages/zitadel-server/src/index.ts

@@ -0,0 +1,8 @@
+export { initializeApp, getApps } from "./app";
+
+export { getAuth } from "./auth";
+export { getManagement } from "./management";
+export { getAdmin } from "./admin";
+export { getSystem } from "./system";
+
+export type { ZitadelOptions } from "./app";

packages/zitadel-server/src/management.ts

@@ -0,0 +1,45 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  ManagementServiceClient,
+  ManagementServiceDefinition,
+} from "./proto/server/zitadel/management";
+
+import { authMiddleware } from "./middleware";
+import { ZitadelApp, getApps } from "./app";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  apiUrl: string,
+  token: string
+) => {
+  if (!apiUrl) {
+    throw Error("ZITADEL_API_URL not set");
+  }
+
+  const channel = createChannel(process.env.ZITADEL_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(token))
+    .create(definition, channel) as Client;
+};
+
+export const getManagement = (app?: string | ZitadelApp) => {
+  let config;
+  if (app && typeof app === "string") {
+    const apps = getApps();
+    config = apps.find((a) => a.name === app)?.config;
+  } else if (app && typeof app === "object") {
+    config = app.config;
+  }
+
+  if (!config) {
+    throw Error("No ZITADEL app found");
+  }
+
+  return createClient<ManagementServiceClient>(
+    ManagementServiceDefinition as CompatServiceDefinition,
+    config.apiUrl,
+    config.token
+  );
+};

packages/zitadel-server/src/middleware.ts

@@ -0,0 +1,14 @@
+import { CallOptions, ClientMiddlewareCall, Metadata } from "nice-grpc";
+
+export const authMiddleware = (token: string) =>
+  async function* <Request, Response>(
+    call: ClientMiddlewareCall<Request, Response>,
+    options: CallOptions
+  ) {
+    if (!options.metadata?.has("authorization")) {
+      options.metadata ??= new Metadata();
+      options.metadata?.set("authorization", `Bearer ${token}`);
+    }
+
+    return yield* call.next(call.request, options);
+  };

packages/zitadel-server/src/system.ts

@@ -0,0 +1,35 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { importPKCS8, SignJWT } from "jose";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  SystemServiceClient,
+  SystemServiceDefinition,
+} from "./proto/server/zitadel/system";
+import { authMiddleware } from "./middleware";
+
+const createSystemClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_SYSTEM_API_URL ?? "");
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getSystem = async () => {
+  const token = await new SignJWT({})
+    .setProtectedHeader({ alg: "RS256" })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .setIssuer(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
+    .setSubject(process.env.ZITADEL_SYSTEM_API_USERID ?? "")
+    .setAudience(process.env.ZITADEL_ISSUER ?? "")
+    .sign(await importPKCS8(process.env.ZITADEL_SYSTEM_API_KEY ?? "", "RS256"));
+
+  return createSystemClient<SystemServiceClient>(
+    SystemServiceDefinition as CompatServiceDefinition,
+    token
+  );
+};

packages/zitadel-server/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "@zitadel/tsconfig/node14.json",
+  "include": ["."],
+  "compilerOptions": {
+    "baseUrl": "."
+  },
+  "exclude": ["dist", "build", "node_modules"]
+}