propro-utils 1.6.8 → 1.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.6.8",
+  "version": "1.7.0",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/server/middleware/cookieUtils.js

@@ -124,12 +124,8 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       isSecureConnection = false;
     }
     if (domain?.includes("propro.so")) {
-      // Handle both main domain and subdomains of propro.so
-      if (domain.startsWith("short.")) {
-        domain = ".short.propro.so";
-      } else {
-        domain = ".propro.so";
-      }
+      // Set root domain for all propro.so subdomains
+      domain = ".propro.so";
     }
 
     console.log("Cookie configuration:", {
@@ -138,6 +134,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       protocol: urlObj.protocol,
       originalUrl: appUrl,
       processedUrl: processedAppUrl,
+      hostname: urlObj.hostname,
     });
   } catch (error) {
     console.error("Invalid appUrl:", { error, appUrl });
@@ -149,29 +146,32 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
   const isLocalhost =
     !domain || domain === "localhost" || domain.includes("localhost");
 
+  // Base attributes that work across domains
   const commonAttributes = {
-    secure: isSecureConnection,
-    sameSite: isSecureConnection ? "None" : "Lax",
-    domain,
+    secure: true, // Always use secure in production
+    sameSite: "None", // Required for cross-domain
+    domain: domain,
     path: "/",
     httpOnly: false,
     expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
   };
 
-  console.log("Cookie attributes:", commonAttributes);
-
   const httpOnlyCookies = {
     "x-refresh-token": {
       value: tokens.refresh.token,
       maxAge: refreshMaxAge,
       httpOnly: true,
-      secure: isSecureConnection,
+      secure: true,
+      sameSite: "None",
+      domain: domain,
     },
     "x-access-token": {
       value: tokens.access.token,
       maxAge: accessMaxAge,
       httpOnly: true,
-      secure: isSecureConnection,
+      secure: true,
+      sameSite: "None",
+      domain: domain,
     },
   };
 
@@ -184,50 +184,77 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       value: safeStringify(sanitizedUser),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
+      secure: true,
+      sameSite: "None",
+      domain: domain,
     },
     account: {
       value: safeStringify(sanitizedAccount),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
+      secure: true,
+      sameSite: "None",
+      domain: domain,
     },
     has_account_token: {
       value: JSON.stringify({ value: "true", expires: accessMaxAge }),
       maxAge: accessMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
+      secure: true,
+      sameSite: "None",
+      domain: domain,
     },
   };
 
   try {
+    // Set each cookie individually with full attributes
     Object.entries({ ...httpOnlyCookies, ...regularCookies }).forEach(
       ([name, config]) => {
-        res.cookie(name, config.value, {
+        // Ensure all required attributes are explicitly set
+        const cookieConfig = {
           ...commonAttributes,
           ...config,
-        });
+          domain: domain, // Explicitly set domain for each cookie
+        };
+
+        res.cookie(name, config.value, cookieConfig);
+
+        // Also try setting without domain for root domain
+        if (domain === ".propro.so") {
+          const rootConfig = { ...cookieConfig };
+          delete rootConfig.domain;
+          res.cookie(name, config.value, rootConfig);
+        }
       }
     );
 
-    const extensionCookiePromises = Object.entries({
-      ...httpOnlyCookies,
-      ...regularCookies,
-    }).map(([name, config]) => {
-      return setChromeExtensionCookie({
-        url: `https://${domain || "propro.so"}`,
-        name,
-        value: config.value,
-        secure: true,
-        httpOnly: !!config.httpOnly,
-        sameSite: "no_restriction",
-        path: "/",
-        expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
-        domain: domain?.startsWith(".") ? domain : `.${domain || "propro.so"}`,
+    // Skip extension cookie setting if not in extension context
+    try {
+      const extensionCookiePromises = Object.entries({
+        ...httpOnlyCookies,
+        ...regularCookies,
+      }).map(([name, config]) => {
+        return setChromeExtensionCookie({
+          url: `https://${
+            domain?.startsWith(".") ? domain.slice(1) : domain || "propro.so"
+          }`,
+          name,
+          value: config.value,
+          secure: true,
+          httpOnly: !!config.httpOnly,
+          sameSite: "no_restriction",
+          path: "/",
+          expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
+          domain: domain,
+        });
       });
-    });
 
-    await Promise.allSettled(extensionCookiePromises);
+      Promise.allSettled(extensionCookiePromises).catch(() => {
+        // Ignore extension errors
+      });
+    } catch (error) {
+      // Ignore extension errors
+    }
 
     console.log("Auth cookies set successfully", {
       domain,
@@ -275,12 +302,7 @@ const clearAuthCookies = async (res, appUrl) => {
       isSecureConnection = false;
     }
     if (domain?.includes("propro.so")) {
-      // Handle both main domain and subdomains of propro.so
-      if (domain.startsWith("short.")) {
-        domain = "short.propro.so";
-      } else {
-        domain = "propro.so";
-      }
+      domain = ".propro.so";
     }
 
     console.log("Clear cookies configuration:", {
@@ -289,6 +311,7 @@ const clearAuthCookies = async (res, appUrl) => {
       protocol: urlObj.protocol,
       originalUrl: appUrl,
       processedUrl: processedAppUrl,
+      hostname: urlObj.hostname,
     });
   } catch (error) {
     console.error("Invalid appUrl:", error);
@@ -297,16 +320,14 @@ const clearAuthCookies = async (res, appUrl) => {
   }
 
   const commonAttributes = {
-    secure: isSecureConnection,
-    sameSite: isSecureConnection ? "None" : "Lax",
-    domain,
+    secure: true,
+    sameSite: "None",
+    domain: domain,
     path: "/",
     httpOnly: false,
     expires: new Date(0),
   };
 
-  console.log("Clear cookie attributes:", commonAttributes);
-
   const cookieNames = [
     "x-refresh-token",
     "x-access-token",
@@ -315,26 +336,41 @@ const clearAuthCookies = async (res, appUrl) => {
     "has_account_token",
   ];
 
-  // Clear web cookies
+  // Clear cookies with domain
   cookieNames.forEach((cookieName) => {
     res.clearCookie(cookieName, commonAttributes);
+
+    // Also try clearing without domain for root domain
+    if (domain === ".propro.so") {
+      const rootAttributes = { ...commonAttributes };
+      delete rootAttributes.domain;
+      res.clearCookie(cookieName, rootAttributes);
+    }
   });
 
   try {
+    // Skip extension cookie clearing if not in extension context
     const extensionClearPromises = cookieNames.map(
       (name) =>
         new Promise((resolve) => {
           chrome.cookies.remove(
             {
-              url: `https://${domain || "mapmap.app"}`,
+              url: `https://${
+                domain?.startsWith(".")
+                  ? domain.slice(1)
+                  : domain || "propro.so"
+              }`,
               name,
+              domain: domain,
             },
             resolve
           );
         })
     );
 
-    await Promise.allSettled(extensionClearPromises);
+    Promise.allSettled(extensionClearPromises).catch(() => {
+      // Ignore extension errors
+    });
   } catch (error) {
     // Not in extension context, ignore
   }