refactor(server): Add ApiUrl + ServerUrl env + allow usage of https #8579
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replaced individual environment-based server URL retrievals with a centralized ServerUrl utility. This change simplifies URL management and ensures a consistent approach across different services. Added validation for SSL configurations when using HTTPS.
Removed standalone ServerUrl and integrated with combined ServerUrl/ApiUrl module. Refactored codebase to use ApiUrl for public network accessibility and adjusted corresponding imports.
Renamed utils file for better readability and consistency. Updated all references to the new file name and added unit tests for ServerUrl and ApiUrl functionalities.
8 tasks
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR adds HTTPS support and introduces separate URL management for server and API endpoints, with SSL certificate configuration and improved URL handling across the application.
- Added
SSL_KEY_PATHandSSL_CERT_PATHenvironment variables in/packages/twenty-server/.env.examplefor HTTPS support - Introduced
ServerUrlandApiUrlutilities in/packages/twenty-server/src/engine/utils/server-and-api-urls.tsfor centralized URL management - Added validation in
main.tsto ensure SSL certificates exist when using HTTPS protocol - Refactored services to use
ApiUrl.get()instead of direct environment variable access for consistent URL handling - Added IPv6 support and protocol detection in URL handling with proper hostname normalization
9 file(s) reviewed, 15 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Show resolved
Hide resolved
...server/src/engine/core-modules/workspace-invitation/services/workspace-invitation.service.ts
Show resolved
Hide resolved
Move the reset of ServerUrl and ApiUrl to beforeEach in tests to ensure clean state before each test runs. Update example SSL_KEY_PATH and SSL_CERT_PATH to use relative paths for more portability.
Import the ApiUrl module and set the local URL in the setup function. This ensures the tests have the correct API endpoint configured.
Reordered import statements in `workspace-invitation.service.spec.ts` for improved code organization. This change ensures that dependencies are imported in a more logical sequence.
Included API_URL in self-hosting documentation for public endpoint configuration. This helps developers set up the correct URLs for API interactions in their self-hosted environments.
Weiko
reviewed
Nov 20, 2024
packages/twenty-server/.env.example
Outdated
| @@ -75,3 +75,7 @@ ACCESS_TOKEN_SECRET=replace_me_with_a_random_string_access | |||
| # PG_SSL_ALLOW_SELF_SIGNED=true | |||
| # SESSION_STORE_SECRET=replace_me_with_a_random_string_session | |||
| # ENTERPRISE_KEY=replace_me_with_a_valid_enterprise_key | |||
| ###### --------------> !!! FOR CHARLES AND FELIX !!! we can create a gist in twenty if you want <--------------------------- | |||
There was a problem hiding this comment.
I think we can store this script in the repo (twenty-server/scripts), you can move instructions there as well (or the dev documentation but I think having a readme in a dedicated scripts/ssl-generation/ folder is fine too 🤔
There was a problem hiding this comment.
@AMoreaux let's remove this comment before merging 🙂
Removed protocol check logic from main.ts and enforced URL validation to require protocol directly in environment variables definition. This ensures consistent and secure URL formats throughout the application.
Add a new Bash script for generating self-signed SSL certificates, including a README with instructions. Supports customizable domain, root certificate name, and validity period, and integrates root certificate into macOS keychain.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SERVER_URLto define the NestJS instance URLAPI_URLto set the public URL. Loadbalancer in production. In non-secure environments, it will be the same as theSERVER_URLSSLcertificate and using https.