diff --git a/apps/login/next-env-vars.d.ts b/apps/login/next-env-vars.d.ts index 61bf0c5b063..e3ce2b4d710 100644 --- a/apps/login/next-env-vars.d.ts +++ b/apps/login/next-env-vars.d.ts @@ -1,34 +1,9 @@ declare namespace NodeJS { interface ProcessEnv { - /** - * Multitenancy: The system api url - */ - QA_AUDIENCE: string; - - /** - * Multitenancy: The service user id - */ - QA_SYSTEM_USER_ID: string; - - /** - * Multitenancy: The service user private key - */ - QA_SYSTEM_USER_PRIVATE_KEY: string; - - /** - * Multitenancy: The system api url for prod environment - */ - PROD_AUDIENCE: string; - - /** - * Multitenancy: The service user id for prod environment - */ - PROD_SYSTEM_USER_ID: string; - - /** - * Multitenancy: The service user private key for prod environment - */ - PROD_SYSTEM_USER_PRIVATE_KEY: string; + // Allow any environment variable that matches the pattern + [key: `${string}_AUDIENCE`]: string; // The system api url + [key: `${string}_AUDIENCE`]: string; // The service user id + [key: `${string}_AUDIENCE`]: string; // The service user private key /** * Self hosting: The instance url diff --git a/apps/login/src/lib/api.ts b/apps/login/src/lib/api.ts index 11acd701e05..d865cf19bc0 100644 --- a/apps/login/src/lib/api.ts +++ b/apps/login/src/lib/api.ts @@ -5,48 +5,31 @@ export async function systemAPIToken({ }: { serviceRegion: string; }) { - const QA = { - audience: process.env.QA_AUDIENCE, - userID: process.env.QA_SYSTEM_USER_ID, - token: Buffer.from( - process.env.QA_SYSTEM_USER_PRIVATE_KEY, - "base64", - ).toString("utf-8"), - }; + const REGIONS = ["eu1", "us1"].map((region) => { + return { + id: region, + audience: process.env[region + "_AUDIENCE"], + userID: process.env[region + "_SYSTEM_USER_ID"], + token: Buffer.from( + process.env[ + region.toUpperCase() + "_SYSTEM_USER_PRIVATE_KEY" + ] as string, + "base64", + ).toString("utf-8"), + }; + }); - const PROD = { - audience: process.env.QA_AUDIENCE, - userID: process.env.QA_SYSTEM_USER_ID, - token: Buffer.from( - process.env.PROD_SYSTEM_USER_PRIVATE_KEY, - "base64", - ).toString("utf-8"), - }; + const region = REGIONS.find((region) => region.id === serviceRegion); - let token; - - switch (serviceRegion) { - case "eu1": - token = newSystemToken({ - audience: QA.audience, - subject: QA.userID, - key: QA.token, - }); - break; - case "us1": - token = newSystemToken({ - audience: PROD.audience, - subject: PROD.userID, - key: PROD.token, - }); - break; - default: - token = newSystemToken({ - audience: QA.audience, - subject: QA.userID, - key: QA.token, - }); + if (!region || !region.audience || !region.userID || !region.token) { + throw new Error("Invalid region"); } + const token = newSystemToken({ + audience: region.audience, + subject: region.userID, + key: region.token, + }); + return token; } diff --git a/apps/login/src/lib/service.ts b/apps/login/src/lib/service.ts index 0f1dd0256ee..e543f35467f 100644 --- a/apps/login/src/lib/service.ts +++ b/apps/login/src/lib/service.ts @@ -26,9 +26,9 @@ export async function createServiceForHost( // if we are running in a multitenancy context, use the system user token if ( - process.env.QA_AUDIENCE && - process.env.QA_SYSTEM_USER_ID && - process.env.QA_SYSTEM_USER_PRIVATE_KEY + process.env[serviceRegion + "_AUDIENCE"] && + process.env[serviceRegion + "_SYSTEM_USER_ID"] && + process.env[serviceRegion + "_SYSTEM_USER_PRIVATE_KEY"] ) { token = await systemAPIToken({ serviceRegion }); } else if (process.env.ZITADEL_SERVICE_USER_TOKEN) { diff --git a/turbo.json b/turbo.json index b342c3f52ae..ff78533f40b 100644 --- a/turbo.json +++ b/turbo.json @@ -6,12 +6,12 @@ "DEBUG", "VERCEL_URL", "EMAIL_VERIFICATION", - "QA_AUDIENCE", - "QA_SYSTEM_USER_ID", - "QA_SYSTEM_USER_PRIVATE_KEY", - "PROD_AUDIENCE", - "PROD_SYSTEM_USER_ID", - "PROD_SYSTEM_USER_PRIVATE_KEY", + "EU1_AUDIENCE", + "EU1_SYSTEM_USER_ID", + "EU1_SYSTEM_USER_PRIVATE_KEY", + "US1_AUDIENCE", + "US1_SYSTEM_USER_ID", + "US1_SYSTEM_USER_PRIVATE_KEY", "ZITADEL_API_URL", "ZITADEL_SERVICE_USER_ID", "ZITADEL_SERVICE_USER_TOKEN",