propro-utils 1.6.5 → 1.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server/middleware/cookieUtils.js +52 -11
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "propro-utils",
3
- "version": "1.6.5",
3
+ "version": "1.6.7",
4
4
  "description": "Auth middleware for propro-auth",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/server/middleware/cookieUtils.js CHANGED
@@ -100,6 +100,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
100
100
 
101
101
  // Domain configuration
102
102
  let domain;
103
+ let isSecureConnection = false;
103
104
  try {
104
105
  // Handle URLs that don't include the protocol
105
106
  let processedAppUrl = appUrl;
@@ -111,19 +112,37 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
111
112
  processedAppUrl = `https://${appUrl}`;
112
113
  }
113
114
 
114
- domain = processedAppUrl ? new URL(processedAppUrl).hostname : undefined;
115
+ const urlObj = new URL(processedAppUrl);
116
+ domain = urlObj.hostname;
117
+ isSecureConnection = urlObj.protocol === "https:";
118
+
115
119
  if (domain?.includes("mapmap.app")) {
116
120
  domain = ".mapmap.app";
117
121
  }
118
122
  if (domain?.includes("localhost")) {
119
123
  domain = undefined;
124
+ isSecureConnection = false;
120
125
  }
121
126
  if (domain?.includes("propro.so")) {
122
- domain = "propro.so";
127
+ // Handle both main domain and subdomains of propro.so
128
+ if (domain.startsWith("short.")) {
129
+ domain = "short.propro.so";
130
+ } else {
131
+ domain = "propro.so";
132
+ }
123
133
  }
134
+
135
+ console.log("Cookie configuration:", {
136
+ domain,
137
+ isSecure: isSecureConnection,
138
+ protocol: urlObj.protocol,
139
+ originalUrl: appUrl,
140
+ processedUrl: processedAppUrl,
141
+ });
124
142
  } catch (error) {
125
143
  console.error("Invalid appUrl:", { error, appUrl });
126
144
  domain = undefined;
145
+ isSecureConnection = false;
127
146
  }
128
147
 
129
148
  // Determine if we're in a local development environment
@@ -131,12 +150,14 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
131
150
  !domain || domain === "localhost" || domain.includes("localhost");
132
151
 
133
152
  const commonAttributes = {
134
- secure: !isLocalhost, // Only require secure for non-localhost environments
135
- sameSite: isLocalhost ? "Lax" : "None", // Use Lax for localhost, None for production
153
+ secure: isSecureConnection,
154
+ sameSite: isSecureConnection ? "None" : "Lax",
136
155
  domain,
137
156
  path: "/",
138
157
  };
139
158
 
159
+ console.log("Cookie attributes:", commonAttributes);
160
+
140
161
  const httpOnlyCookies = {
141
162
  "x-refresh-token": {
142
163
  value: tokens.refresh.token,
@@ -220,6 +241,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
220
241
  */
221
242
  const clearAuthCookies = async (res, appUrl) => {
222
243
  let domain;
244
+ let isSecureConnection = false;
223
245
  try {
224
246
  // Handle URLs that don't include the protocol
225
247
  let processedAppUrl = appUrl;
@@ -231,29 +253,48 @@ const clearAuthCookies = async (res, appUrl) => {
231
253
  processedAppUrl = `https://${appUrl}`;
232
254
  }
233
255
 
234
- domain = processedAppUrl ? new URL(processedAppUrl).hostname : undefined;
256
+ const urlObj = new URL(processedAppUrl);
257
+ domain = urlObj.hostname;
258
+ isSecureConnection = urlObj.protocol === "https:";
259
+
235
260
  if (domain?.includes("mapmap.app")) {
236
261
  domain = ".mapmap.app";
237
262
  }
238
263
  if (domain?.includes("localhost")) {
239
264
  domain = undefined;
265
+ isSecureConnection = false;
266
+ }
267
+ if (domain?.includes("propro.so")) {
268
+ // Handle both main domain and subdomains of propro.so
269
+ if (domain.startsWith("short.")) {
270
+ domain = "short.propro.so";
271
+ } else {
272
+ domain = "propro.so";
273
+ }
240
274
  }
275
+
276
+ console.log("Clear cookies configuration:", {
277
+ domain,
278
+ isSecure: isSecureConnection,
279
+ protocol: urlObj.protocol,
280
+ originalUrl: appUrl,
281
+ processedUrl: processedAppUrl,
282
+ });
241
283
  } catch (error) {
242
284
  console.error("Invalid appUrl:", error);
243
285
  domain = undefined;
286
+ isSecureConnection = false;
244
287
  }
245
288
 
246
- // Determine if we're in a local development environment
247
- const isLocalhost =
248
- !domain || domain === "localhost" || domain.includes("localhost");
249
-
250
289
  const commonAttributes = {
251
- secure: !isLocalhost, // Only require secure for non-localhost environments
252
- sameSite: isLocalhost ? "Lax" : "None", // Use Lax for localhost, None for production
290
+ secure: isSecureConnection,
291
+ sameSite: isSecureConnection ? "None" : "Lax",
253
292
  domain,
254
293
  path: "/",
255
294
  };
256
295
 
296
+ console.log("Clear cookie attributes:", commonAttributes);
297
+
257
298
  const cookieNames = [
258
299
  "x-refresh-token",
259
300
  "x-access-token",