dynamic env for region

apps/login/next-env-vars.d.ts

@@ -1,34 +1,9 @@
 declare namespace NodeJS {
   interface ProcessEnv {
-    /**
-     * Multitenancy: The system api url
-     */
-    QA_AUDIENCE: string;
-
-    /**
-     * Multitenancy: The service user id
-     */
-    QA_SYSTEM_USER_ID: string;
-
-    /**
-     * Multitenancy: The service user private key
-     */
-    QA_SYSTEM_USER_PRIVATE_KEY: string;
-
-    /**
-     * Multitenancy: The system api url for prod environment
-     */
-    PROD_AUDIENCE: string;
-
-    /**
-     * Multitenancy: The service user id for prod environment
-     */
-    PROD_SYSTEM_USER_ID: string;
-
-    /**
-     * Multitenancy: The service user private key for prod environment
-     */
-    PROD_SYSTEM_USER_PRIVATE_KEY: string;
+    // Allow any environment variable that matches the pattern
+    [key: `${string}_AUDIENCE`]: string; // The system api url
+    [key: `${string}_AUDIENCE`]: string; // The service user id
+    [key: `${string}_AUDIENCE`]: string; // The service user private key
 
     /**
      * Self hosting: The instance url

apps/login/src/lib/api.ts

@@ -5,48 +5,31 @@ export async function systemAPIToken({
 }: {
   serviceRegion: string;
 }) {
-  const QA = {
-    audience: process.env.QA_AUDIENCE,
-    userID: process.env.QA_SYSTEM_USER_ID,
-    token: Buffer.from(
-      process.env.QA_SYSTEM_USER_PRIVATE_KEY,
-      "base64",
-    ).toString("utf-8"),
-  };
+  const REGIONS = ["eu1", "us1"].map((region) => {
+    return {
+      id: region,
+      audience: process.env[region + "_AUDIENCE"],
+      userID: process.env[region + "_SYSTEM_USER_ID"],
+      token: Buffer.from(
+        process.env[
+          region.toUpperCase() + "_SYSTEM_USER_PRIVATE_KEY"
+        ] as string,
+        "base64",
+      ).toString("utf-8"),
+    };
+  });
 
-  const PROD = {
-    audience: process.env.QA_AUDIENCE,
-    userID: process.env.QA_SYSTEM_USER_ID,
-    token: Buffer.from(
-      process.env.PROD_SYSTEM_USER_PRIVATE_KEY,
-      "base64",
-    ).toString("utf-8"),
-  };
+  const region = REGIONS.find((region) => region.id === serviceRegion);
 
-  let token;
-
-  switch (serviceRegion) {
-    case "eu1":
-      token = newSystemToken({
-        audience: QA.audience,
-        subject: QA.userID,
-        key: QA.token,
-      });
-      break;
-    case "us1":
-      token = newSystemToken({
-        audience: PROD.audience,
-        subject: PROD.userID,
-        key: PROD.token,
-      });
-      break;
-    default:
-      token = newSystemToken({
-        audience: QA.audience,
-        subject: QA.userID,
-        key: QA.token,
-      });
+  if (!region || !region.audience || !region.userID || !region.token) {
+    throw new Error("Invalid region");
   }
 
+  const token = newSystemToken({
+    audience: region.audience,
+    subject: region.userID,
+    key: region.token,
+  });
+
   return token;
 }

apps/login/src/lib/service.ts

@@ -26,9 +26,9 @@ export async function createServiceForHost<T extends ServiceClass>(
 
   // if we are running in a multitenancy context, use the system user token
   if (
-    process.env.QA_AUDIENCE &&
-    process.env.QA_SYSTEM_USER_ID &&
-    process.env.QA_SYSTEM_USER_PRIVATE_KEY
+    process.env[serviceRegion + "_AUDIENCE"] &&
+    process.env[serviceRegion + "_SYSTEM_USER_ID"] &&
+    process.env[serviceRegion + "_SYSTEM_USER_PRIVATE_KEY"]
   ) {
     token = await systemAPIToken({ serviceRegion });
   } else if (process.env.ZITADEL_SERVICE_USER_TOKEN) {

turbo.json

@@ -6,12 +6,12 @@
     "DEBUG",
     "VERCEL_URL",
     "EMAIL_VERIFICATION",
-    "QA_AUDIENCE",
-    "QA_SYSTEM_USER_ID",
-    "QA_SYSTEM_USER_PRIVATE_KEY",
-    "PROD_AUDIENCE",
-    "PROD_SYSTEM_USER_ID",
-    "PROD_SYSTEM_USER_PRIVATE_KEY",
+    "EU1_AUDIENCE",
+    "EU1_SYSTEM_USER_ID",
+    "EU1_SYSTEM_USER_PRIVATE_KEY",
+    "US1_AUDIENCE",
+    "US1_SYSTEM_USER_ID",
+    "US1_SYSTEM_USER_PRIVATE_KEY",
     "ZITADEL_API_URL",
     "ZITADEL_SERVICE_USER_ID",
     "ZITADEL_SERVICE_USER_TOKEN",