propro-utils 1.6.6 → 1.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server/middleware/cookieUtils.js +38 -10
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "propro-utils",
3
- "version": "1.6.6",
3
+ "version": "1.6.7",
4
4
  "description": "Auth middleware for propro-auth",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/server/middleware/cookieUtils.js CHANGED
@@ -100,6 +100,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
100
100
 
101
101
  // Domain configuration
102
102
  let domain;
103
+ let isSecureConnection = false;
103
104
  try {
104
105
  // Handle URLs that don't include the protocol
105
106
  let processedAppUrl = appUrl;
@@ -111,12 +112,16 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
111
112
  processedAppUrl = `https://${appUrl}`;
112
113
  }
113
114
 
114
- domain = processedAppUrl ? new URL(processedAppUrl).hostname : undefined;
115
+ const urlObj = new URL(processedAppUrl);
116
+ domain = urlObj.hostname;
117
+ isSecureConnection = urlObj.protocol === "https:";
118
+
115
119
  if (domain?.includes("mapmap.app")) {
116
120
  domain = ".mapmap.app";
117
121
  }
118
122
  if (domain?.includes("localhost")) {
119
123
  domain = undefined;
124
+ isSecureConnection = false;
120
125
  }
121
126
  if (domain?.includes("propro.so")) {
122
127
  // Handle both main domain and subdomains of propro.so
@@ -126,9 +131,18 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
126
131
  domain = "propro.so";
127
132
  }
128
133
  }
134
+
135
+ console.log("Cookie configuration:", {
136
+ domain,
137
+ isSecure: isSecureConnection,
138
+ protocol: urlObj.protocol,
139
+ originalUrl: appUrl,
140
+ processedUrl: processedAppUrl,
141
+ });
129
142
  } catch (error) {
130
143
  console.error("Invalid appUrl:", { error, appUrl });
131
144
  domain = undefined;
145
+ isSecureConnection = false;
132
146
  }
133
147
 
134
148
  // Determine if we're in a local development environment
@@ -136,12 +150,14 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
136
150
  !domain || domain === "localhost" || domain.includes("localhost");
137
151
 
138
152
  const commonAttributes = {
139
- secure: !isLocalhost, // Only require secure for non-localhost environments
140
- sameSite: isLocalhost ? "Lax" : "None", // Use Lax for localhost, None for production
153
+ secure: isSecureConnection,
154
+ sameSite: isSecureConnection ? "None" : "Lax",
141
155
  domain,
142
156
  path: "/",
143
157
  };
144
158
 
159
+ console.log("Cookie attributes:", commonAttributes);
160
+
145
161
  const httpOnlyCookies = {
146
162
  "x-refresh-token": {
147
163
  value: tokens.refresh.token,
@@ -225,6 +241,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
225
241
  */
226
242
  const clearAuthCookies = async (res, appUrl) => {
227
243
  let domain;
244
+ let isSecureConnection = false;
228
245
  try {
229
246
  // Handle URLs that don't include the protocol
230
247
  let processedAppUrl = appUrl;
@@ -236,12 +253,16 @@ const clearAuthCookies = async (res, appUrl) => {
236
253
  processedAppUrl = `https://${appUrl}`;
237
254
  }
238
255
 
239
- domain = processedAppUrl ? new URL(processedAppUrl).hostname : undefined;
256
+ const urlObj = new URL(processedAppUrl);
257
+ domain = urlObj.hostname;
258
+ isSecureConnection = urlObj.protocol === "https:";
259
+
240
260
  if (domain?.includes("mapmap.app")) {
241
261
  domain = ".mapmap.app";
242
262
  }
243
263
  if (domain?.includes("localhost")) {
244
264
  domain = undefined;
265
+ isSecureConnection = false;
245
266
  }
246
267
  if (domain?.includes("propro.so")) {
247
268
  // Handle both main domain and subdomains of propro.so
@@ -251,22 +272,29 @@ const clearAuthCookies = async (res, appUrl) => {
251
272
  domain = "propro.so";
252
273
  }
253
274
  }
275
+
276
+ console.log("Clear cookies configuration:", {
277
+ domain,
278
+ isSecure: isSecureConnection,
279
+ protocol: urlObj.protocol,
280
+ originalUrl: appUrl,
281
+ processedUrl: processedAppUrl,
282
+ });
254
283
  } catch (error) {
255
284
  console.error("Invalid appUrl:", error);
256
285
  domain = undefined;
286
+ isSecureConnection = false;
257
287
  }
258
288
 
259
- // Determine if we're in a local development environment
260
- const isLocalhost =
261
- !domain || domain === "localhost" || domain.includes("localhost");
262
-
263
289
  const commonAttributes = {
264
- secure: !isLocalhost, // Only require secure for non-localhost environments
265
- sameSite: isLocalhost ? "Lax" : "None", // Use Lax for localhost, None for production
290
+ secure: isSecureConnection,
291
+ sameSite: isSecureConnection ? "None" : "Lax",
266
292
  domain,
267
293
  path: "/",
268
294
  };
269
295
 
296
+ console.log("Clear cookie attributes:", commonAttributes);
297
+
270
298
  const cookieNames = [
271
299
  "x-refresh-token",
272
300
  "x-access-token",