aaspai-authx 0.0.7 → 0.0.9

package/dist/nest/index.cjs

@@ -40,6 +40,24 @@ var import_crypto = require("crypto");
 var import_express = __toESM(require("express"), 1);
 var import_jsonwebtoken4 = __toESM(require("jsonwebtoken"), 1);
 
+// src/core/utils.ts
+function baseProjectCookieOptionsFrom(cookie) {
+  const base = {
+    secure: cookie.secure ?? false,
+    sameSite: cookie.sameSite ?? "lax",
+    path: cookie.path ?? "/",
+    maxAge: cookie.maxAgeMs
+  };
+  if (cookie.domain) base.domain = cookie.domain;
+  return base;
+}
+function hasAnyRole(session, roles) {
+  if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
+    return false;
+  }
+  return roles.some((role) => session.roles.includes(role));
+}
+
 // src/config/loadConfig.ts
 function loadConfig() {
   return {
@@ -617,6 +635,16 @@ function createAuthRouter(options = {}) {
   const r = (0, import_express.Router)();
   const email = new EmailService();
   const authAdmin = new AuthAdminService();
+  const isProdEnv = process.env.NODE_ENV === "production";
+  const cookieConfig = {
+    sameSite: options.cookie?.sameSite ?? (isProdEnv ? "none" : "lax"),
+    // default if not provided
+    secure: options.cookie?.secure ?? isProdEnv,
+    // default: secure in prod
+    domain: options.cookie?.domain ?? void 0,
+    path: options.cookie?.path ?? "/",
+    maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
+  };
   r.use(import_express.default.json());
   r.use(import_express.default.urlencoded({ extended: true }));
   r.get(
@@ -647,10 +675,10 @@ function createAuthRouter(options = {}) {
         });
       }
       const tokens = generateTokens(user);
-      setAuthCookies(res, tokens);
+      setAuthCookies(res, tokens, cookieConfig);
       if (user.projectId) {
         res.cookie(options.projectCookieName || "projectId", user.projectId, {
-          ...cookieOpts(false),
+          ...baseProjectCookieOptionsFrom(cookieConfig),
           httpOnly: true
         });
       }
@@ -982,26 +1010,22 @@ function createAuthRouter(options = {}) {
   });
   return r;
 }
-function setAuthCookies(res, tokens) {
+function setAuthCookies(res, tokens, cookie) {
+  const base = {
+    httpOnly: true,
+    secure: cookie.secure ?? false,
+    sameSite: cookie.sameSite ?? "lax",
+    path: cookie.path ?? "/",
+    maxAge: cookie.maxAgeMs
+  };
+  if (cookie.domain) {
+    base.domain = cookie.domain;
+  }
   if (tokens?.access_token) {
-    res.cookie("access_token", tokens.access_token, {
-      httpOnly: true,
-      secure: false,
-      sameSite: "lax",
-      maxAge: 24 * 60 * 60 * 1e3,
-      // 24 hours
-      path: "/"
-    });
+    res.cookie("access_token", tokens.access_token, base);
   }
   if (tokens?.refresh_token) {
-    res.cookie("refresh_token", tokens.refresh_token, {
-      httpOnly: true,
-      secure: false,
-      sameSite: "lax",
-      maxAge: 24 * 60 * 60 * 1e3,
-      // 24 hours
-      path: "/"
-    });
+    res.cookie("refresh_token", tokens.refresh_token, base);
   }
 }
 function toUserResponse(user) {
@@ -1210,14 +1234,6 @@ var import_bcryptjs2 = __toESM(require("bcryptjs"), 1);
 var import_crypto3 = require("crypto");
 var import_express5 = __toESM(require("express"), 1);
 
-// src/core/utils.ts
-function hasAnyRole(session, roles) {
-  if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
-    return false;
-  }
-  return roles.some((role) => session.roles.includes(role));
-}
-
 // src/middlewares/requireRole.ts
 function requireRole(...roles) {
   return (req, res, next) => {