From 33da1204dd9310b35ea717ca1aa84ee4ae24290d Mon Sep 17 00:00:00 2001 From: ERP-System Date: Mon, 8 Jun 2026 16:37:44 +0400 Subject: [PATCH] fix(api): route SSR requests to the tenant backend with workspace context MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit getServerApi only forwarded the auth token, using the default API base URL and sending no workspace header. In the multi-tenant setup the per-workspace backend URL (api_base_url) and id (workspace_uuid) live in httpOnly cookies, and client requests reach the right tenant via the /api/proxy route. SSR never replicated that, so server components hit the wrong/default backend and got "not found" for resources that exist — e.g. the vendor detail page. Read api_base_url and workspace_uuid from cookies and pass baseUrl + X-Workspace-UUID to createApi, mirroring the proxy. Fixes every server- rendered detail page, not just vendors. Co-Authored-By: Claude Opus 4.8 (1M context) --- packages/api/src/server.ts | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index 2796244..1d7f826 100644 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -6,10 +6,22 @@ import type { AuthUser } from "./infra/token" export async function getServerApi() { const cookieStore = await cookies() const token = cookieStore.get("auth_token")?.value + // Multi-tenant: the workspace's backend URL and id live in httpOnly cookies + // set by middleware. Client requests reach the right tenant via the + // /api/proxy route; SSR must replicate that — point at the tenant's + // api_base_url and send X-Workspace-UUID, or the request hits the wrong + // (default) backend and resources come back "not found". + const apiBaseUrl = cookieStore.get("api_base_url")?.value + const workspaceUuid = cookieStore.get("workspace_uuid")?.value - return createApi( - token ? { headers: { Authorization: `Bearer ${token}` } } : undefined, - ) + const headers: Record = {} + if (token) headers.Authorization = `Bearer ${token}` + if (workspaceUuid) headers["X-Workspace-UUID"] = workspaceUuid + + return createApi({ + ...(apiBaseUrl ? { baseUrl: apiBaseUrl } : {}), + ...(Object.keys(headers).length ? { headers } : {}), + }) } export async function getServerUser(): Promise {