client setup

packages/zitadel-core/package.json

@@ -26,5 +26,9 @@
   },
   "publishConfig": {
     "access": "public"
+  },
+  "dependencies": {
+    "nice-grpc": "2.0.1",
+    "jose": "^4.13.1"
   }
 }

packages/zitadel-core/src/admin.ts

@@ -0,0 +1,31 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import {
+  AdminServiceClient,
+  AdminServiceDefinition,
+} from "./proto/server/zitadel/admin";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL);
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getAuth = async () =>
+  createClient<AuthServiceClient>(AuthServiceDefinition, "");
+
+export const getAdmin = () =>
+  createClient<AdminServiceClient>(
+    AdminServiceDefinition,
+    process.env.ZITADEL_ADMIN_TOKEN ?? ""
+  );

packages/zitadel-core/src/auth.ts

@@ -0,0 +1,22 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  AuthServiceClient,
+  AuthServiceDefinition,
+} from "./proto/server/zitadel/auth";
+import { ZitadelApp } from "./core";
+import { authMiddleware } from "./middleware";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_API_URL);
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export async function getAuth(app?: ZitadelApp): Promise<AuthServiceClient> {
+  return createClient<AuthServiceClient>(AuthServiceDefinition, "");
+}

packages/zitadel-core/src/core.ts

@@ -13,7 +13,9 @@ export interface ZitadelApp {
   config: ZitadelCoreProps;
 }
 
-export function initializeApp(config: ZitadelCoreProps): ZitadelApp {
+export async function initializeApp(
+  config: ZitadelCoreProps
+): Promise<ZitadelApp> {
   const app = { config };
   return app;
 }

packages/zitadel-core/src/management.ts

@@ -0,0 +1,32 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  ManagementServiceClient,
+  ManagementServiceDefinition,
+} from "./proto/server/zitadel/management";
+
+import { authMiddleware } from "./middleware";
+import { ZitadelApp } from "./core";
+
+const createClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const apiUrl = process.env.ZITADEL_API_URL;
+
+  if (!apiUrl) {
+    throw Error("ZITADEL_API_URL not set");
+  }
+
+  const channel = createChannel(process.env.ZITADEL_API_URL);
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getManagement = (app?: ZitadelApp) =>
+  createClient<ManagementServiceClient>(
+    ManagementServiceDefinition,
+    process.env.ZITADEL_ADMIN_TOKEN ?? ""
+  );

packages/zitadel-core/src/middleware.ts

@@ -0,0 +1,14 @@
+import { CallOptions, ClientMiddlewareCall, Metadata } from "nice-grpc";
+
+export const authMiddleware = (token: string) =>
+  async function* <Request, Response>(
+    call: ClientMiddlewareCall<Request, Response>,
+    options: CallOptions
+  ) {
+    if (!options.metadata?.has("authorization")) {
+      options.metadata ??= new Metadata();
+      options.metadata?.set("authorization", `Bearer ${token}`);
+    }
+
+    return yield* call.next(call.request, options);
+  };

packages/zitadel-core/src/system.ts

@@ -0,0 +1,35 @@
+import { CompatServiceDefinition } from "nice-grpc/lib/service-definitions";
+import { importPKCS8, SignJWT } from "jose";
+
+import { createChannel, createClientFactory } from "nice-grpc";
+import {
+  SystemServiceClient,
+  SystemServiceDefinition,
+} from "./proto/server/zitadel/system";
+import { authMiddleware } from "./middleware";
+
+const createSystemClient = <Client>(
+  definition: CompatServiceDefinition,
+  accessToken: string
+) => {
+  const channel = createChannel(process.env.ZITADEL_SYSTEM_API_URL);
+  return createClientFactory()
+    .use(authMiddleware(accessToken))
+    .create(definition, channel) as Client;
+};
+
+export const getSystem = async () => {
+  const token = await new SignJWT({})
+    .setProtectedHeader({ alg: "RS256" })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .setIssuer(process.env.ZITADEL_SYSTEM_API_USERID)
+    .setSubject(process.env.ZITADEL_SYSTEM_API_USERID)
+    .setAudience(process.env.ZITADEL_ISSUER)
+    .sign(await importPKCS8(process.env.ZITADEL_SYSTEM_API_KEY, "RS256"));
+
+  return createSystemClient<SystemServiceClient>(
+    SystemServiceDefinition,
+    token
+  );
+};