fix(api): route SSR requests to the tenant backend with workspace context

getServerApi only forwarded the auth token, using the default API base URL
and sending no workspace header. In the multi-tenant setup the per-workspace
backend URL (api_base_url) and id (workspace_uuid) live in httpOnly cookies,
and client requests reach the right tenant via the /api/proxy route. SSR
never replicated that, so server components hit the wrong/default backend and
got "not found" for resources that exist — e.g. the vendor detail page.

Read api_base_url and workspace_uuid from cookies and pass baseUrl +
X-Workspace-UUID to createApi, mirroring the proxy. Fixes every server-
rendered detail page, not just vendors.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
ERP-System 2026-06-08 16:37:44 +04:00
parent 75e44f5b26
commit 33da1204dd

View File

@ -6,10 +6,22 @@ import type { AuthUser } from "./infra/token"
export async function getServerApi() { export async function getServerApi() {
const cookieStore = await cookies() const cookieStore = await cookies()
const token = cookieStore.get("auth_token")?.value const token = cookieStore.get("auth_token")?.value
// Multi-tenant: the workspace's backend URL and id live in httpOnly cookies
// set by middleware. Client requests reach the right tenant via the
// /api/proxy route; SSR must replicate that — point at the tenant's
// api_base_url and send X-Workspace-UUID, or the request hits the wrong
// (default) backend and resources come back "not found".
const apiBaseUrl = cookieStore.get("api_base_url")?.value
const workspaceUuid = cookieStore.get("workspace_uuid")?.value
return createApi( const headers: Record<string, string> = {}
token ? { headers: { Authorization: `Bearer ${token}` } } : undefined, if (token) headers.Authorization = `Bearer ${token}`
) if (workspaceUuid) headers["X-Workspace-UUID"] = workspaceUuid
return createApi({
...(apiBaseUrl ? { baseUrl: apiBaseUrl } : {}),
...(Object.keys(headers).length ? { headers } : {}),
})
} }
export async function getServerUser(): Promise<AuthUser | null> { export async function getServerUser(): Promise<AuthUser | null> {