fix: web middleware fetch TLS issues (#588)

Author: BlankParticle

apps/web/package.json

@@ -6,7 +6,7 @@
   "scripts": {
     "dev": "PORT=3000 next dev --turbo",
     "build": "next build && cp -r .next/static .next/standalone/apps/web/.next",
-    "start": "node .next/standalone/apps/web/server.js",
+    "start": "HOSTNAME=0.0.0.0 node .next/standalone/apps/web/server.js",
     "check": "tsc --noEmit && next lint"
   },
   "dependencies": {

apps/web/src/lib/middleware-utils.ts

@@ -1,16 +1,27 @@
 import 'server-only';
 import { cookies, headers as nextHeaders } from 'next/headers';
 
-function getBaseUrl() {
+function getPlatformUrl() {
   if (process.env.NEXT_PUBLIC_PLATFORM_URL)
     return process.env.NEXT_PUBLIC_PLATFORM_URL;
   throw new Error('NEXT_PUBLIC_PLATFORM_URL is not set');
 }
 
+function clientHeaders() {
+  const allHeaders = nextHeaders();
+  const clientHeaders = new Headers();
+  const notAllowedHeaders = ['host', 'origin', 'referer'];
+  allHeaders.forEach((value, key) => {
+    if (notAllowedHeaders.includes(key)) return;
+    clientHeaders.append(key, value);
+  });
+  return clientHeaders;
+}
+
 export async function getAuthRedirection() {
   if (!cookies().has('unsession')) return { defaultOrgShortcode: null };
-  return fetch(`${getBaseUrl()}/auth/redirection`, {
-    headers: nextHeaders()
+  return fetch(`${getPlatformUrl()}/auth/redirection`, {
+    headers: clientHeaders()
   }).then((r) => (r.ok ? r.json() : { defaultOrgShortcode: null })) as Promise<{
     defaultOrgShortcode: string | null;
   }>;
@@ -22,8 +33,8 @@ export async function isAuthenticated(shallow = false) {
   if (!cookies().has('unsession')) return false;
   if (shallow) return true;
   try {
-    const data = (await fetch(`${getBaseUrl()}/auth/status`, {
-      headers: nextHeaders()
+    const data = (await fetch(`${getPlatformUrl()}/auth/status`, {
+      headers: clientHeaders()
     }).then((r) => r.json())) as {
       authStatus: 'authenticated' | 'unauthenticated';
     };