refactor(server): Add ApiUrl + ServerUrl env + allow usage of https #8579
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replaced individual environment-based server URL retrievals with a centralized ServerUrl utility. This change simplifies URL management and ensures a consistent approach across different services. Added validation for SSL configurations when using HTTPS.
Removed standalone ServerUrl and integrated with combined ServerUrl/ApiUrl module. Refactored codebase to use ApiUrl for public network accessibility and adjusted corresponding imports.
Renamed utils file for better readability and consistency. Updated all references to the new file name and added unit tests for ServerUrl and ApiUrl functionalities.
8 tasks
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR adds HTTPS support and introduces separate URL management for server and API endpoints, with SSL certificate configuration and improved URL handling across the application.
- Added
SSL_KEY_PATHandSSL_CERT_PATHenvironment variables in/packages/twenty-server/.env.examplefor HTTPS support - Introduced
ServerUrlandApiUrlutilities in/packages/twenty-server/src/engine/utils/server-and-api-urls.tsfor centralized URL management - Added validation in
main.tsto ensure SSL certificates exist when using HTTPS protocol - Refactored services to use
ApiUrl.get()instead of direct environment variable access for consistent URL handling - Added IPv6 support and protocol detection in URL handling with proper hostname normalization
9 file(s) reviewed, 15 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Show resolved
Hide resolved
...server/src/engine/core-modules/workspace-invitation/services/workspace-invitation.service.ts
Show resolved
Hide resolved
Move the reset of ServerUrl and ApiUrl to beforeEach in tests to ensure clean state before each test runs. Update example SSL_KEY_PATH and SSL_CERT_PATH to use relative paths for more portability.
Import the ApiUrl module and set the local URL in the setup function. This ensures the tests have the correct API endpoint configured.
Reordered import statements in `workspace-invitation.service.spec.ts` for improved code organization. This change ensures that dependencies are imported in a more logical sequence.
Included API_URL in self-hosting documentation for public endpoint configuration. This helps developers set up the correct URLs for API interactions in their self-hosted environments.
Weiko
reviewed
Nov 20, 2024
Removed protocol check logic from main.ts and enforced URL validation to require protocol directly in environment variables definition. This ensures consistent and secure URL formats throughout the application.
Add a new Bash script for generating self-signed SSL certificates, including a README with instructions. Supports customizable domain, root certificate name, and validity period, and integrates root certificate into macOS keychain.
| @@ -6,8 +6,8 @@ import { AxiosResponse } from 'axios'; | |||
|
|
|||
| import { Query } from 'src/engine/api/rest/core/types/query.type'; | |||
| import { getServerUrl } from 'src/utils/get-server-url'; | |||
There was a problem hiding this comment.
add TODO + Deprecate flag
| // prevent ipv6 issue for redirectUri builder | ||
| url.hostname = url.hostname === '[::1]' ? 'localhost' : url.hostname; | ||
|
|
||
| ServerUrl.set(url.toString()); |
There was a problem hiding this comment.
Make API_URL mandatory (maybe with default in environment.variable or in .env.example)
| @@ -68,7 +86,17 @@ const bootstrap = async () => { | |||
| app.use(session(getSessionStorageOptions(environmentService))); | |||
| } | |||
|
|
|||
| await app.listen(process.env.PORT ?? 3000); | |||
| await app.listen(serverUrl.port, serverUrl.hostname); | |||
There was a problem hiding this comment.
this won't work for self-hosting configuration where both server and front are server by server + this will prevent internal curls
|
|
||
| const bootstrap = async () => { | ||
| const app = await NestFactory.create<NestExpressApplication>(AppModule, { | ||
| cors: true, | ||
| bufferLogs: process.env.LOGGER_IS_BUFFER_ENABLED === 'true', | ||
| rawBody: true, | ||
| snapshot: process.env.DEBUG_MODE === 'true', | ||
| ...(process.env.SERVER_URL && | ||
| process.env.SERVER_URL.startsWith('https') && | ||
| process.env.SSL_KEY_PATH && |
There was a problem hiding this comment.
I would only make the check SSL_KEY_PATH and SSL_CERT_PATH
| ServerUrl.set(url.toString()); | ||
| ApiUrl.set(environmentService.get('API_URL')); | ||
|
|
||
| logger.log(`Application is running on: ${url.toString()}`, 'Server Info'); |
| @@ -37,6 +37,7 @@ yarn command:prod cron:calendar:calendar-event-list-fetch | |||
| ['REDIS_URL', 'redis://localhost:6379', 'Redis connection url'], | |||
| ['FRONT_BASE_URL', 'http://localhost:3001', 'Url to the hosted frontend'], | |||
| ['SERVER_URL', 'http://localhost:3000', 'Url to the hosted server'], | |||
| ['API_URL', 'http://my-load-balancer', 'Url to the public endpoint'], | |||
| @@ -37,6 +37,7 @@ yarn command:prod cron:calendar:calendar-event-list-fetch | |||
| ['REDIS_URL', 'redis://localhost:6379', 'Redis connection url'], | |||
| ['FRONT_BASE_URL', 'http://localhost:3001', 'Url to the hosted frontend'], | |||
There was a problem hiding this comment.
this will be renamed FRONT_DOMAIN + default subDomain + protocol
There was a problem hiding this comment.
redirect (workspace.subDomain . FRONT_DOMAIN)
There was a problem hiding this comment.
Let's keep: FRONT_BASE_URL and extract defaultSubDomain + protocol + domain from there when we need it
There was a problem hiding this comment.
in case we are not in multidomain, we should expect defaultSubDomain to be extratable from FRONT_BASE_URL
| @@ -0,0 +1,37 @@ | |||
| // The url of the Server, should be exposed in a private network | |||
| const ServerUrl = (() => { | |||
| @@ -234,7 +235,7 @@ export class WorkspaceInvitationService { | |||
| link: link.toString(), | |||
| workspace: { name: workspace.displayName, logo: workspace.logo }, | |||
| sender: { email: sender.email, firstName: sender.firstName }, | |||
| serverUrl: this.environmentService.get('SERVER_URL'), | |||
| serverUrl: ApiUrl.get(), | |||
There was a problem hiding this comment.
pass API_URL from environmentService
| @@ -70,6 +71,7 @@ describe('WorkspaceInvitationService', () => { | |||
| environmentService = module.get<EnvironmentService>(EnvironmentService); | |||
| emailService = module.get<EmailService>(EmailService); | |||
| onboardingService = module.get<OnboardingService>(OnboardingService); | |||
| ApiUrl.set('http://localhost:3000'); | |||
| @@ -199,7 +193,11 @@ export class SSOService { | |||
| buildIssuerURL( | |||
| identityProvider: Pick<WorkspaceSSOIdentityProvider, 'id' | 'type'>, | |||
| ) { | |||
| return `${this.environmentService.get('SERVER_URL')}/auth/${identityProvider.type.toLowerCase()}/login/${identityProvider.id}`; | |||
| const authorizationUrl = new URL(ApiUrl.get()); | |||
There was a problem hiding this comment.
pass API_URL from environmentService
| request, | ||
| this.environmentService.get('SERVER_URL'), | ||
| ); | ||
| const baseUrl = getServerUrl(request, ApiUrl.get()); |
There was a problem hiding this comment.
pass API_URL from environmentService
| request, | ||
| this.environmentService.get('SERVER_URL'), | ||
| ); | ||
| const baseUrl = getServerUrl(request, ApiUrl.get()); |
There was a problem hiding this comment.
pass API_URL from environmentService ==> actually use the existing SERVER_URL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SERVER_URLto define the NestJS instance URLAPI_URLto set the public URL. Loadbalancer in production. In non-secure environments, it will be the same as theSERVER_URLSSLcertificate and using https.