propro-utils 1.6.9 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server/middleware/cookieUtils.js +82 -40
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "propro-utils",
3
- "version": "1.6.9",
3
+ "version": "1.7.0",
4
4
  "description": "Auth middleware for propro-auth",
5
5
  "main": "src/index.js",
6
6
  "scripts": {
package/src/server/middleware/cookieUtils.js CHANGED
@@ -124,7 +124,7 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
124
124
  isSecureConnection = false;
125
125
  }
126
126
  if (domain?.includes("propro.so")) {
127
- // Always set cookies on the root domain for all propro.so subdomains
127
+ // Set root domain for all propro.so subdomains
128
128
  domain = ".propro.so";
129
129
  }
130
130
 
@@ -146,29 +146,32 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
146
146
  const isLocalhost =
147
147
  !domain || domain === "localhost" || domain.includes("localhost");
148
148
 
149
+ // Base attributes that work across domains
149
150
  const commonAttributes = {
150
- secure: isSecureConnection,
151
- sameSite: isSecureConnection ? "None" : "Lax",
152
- domain,
151
+ secure: true, // Always use secure in production
152
+ sameSite: "None", // Required for cross-domain
153
+ domain: domain,
153
154
  path: "/",
154
155
  httpOnly: false,
155
- expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year expiry as fallback
156
+ expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
156
157
  };
157
158
 
158
- console.log("Cookie attributes:", commonAttributes);
159
-
160
159
  const httpOnlyCookies = {
161
160
  "x-refresh-token": {
162
161
  value: tokens.refresh.token,
163
162
  maxAge: refreshMaxAge,
164
163
  httpOnly: true,
165
- secure: isSecureConnection,
164
+ secure: true,
165
+ sameSite: "None",
166
+ domain: domain,
166
167
  },
167
168
  "x-access-token": {
168
169
  value: tokens.access.token,
169
170
  maxAge: accessMaxAge,
170
171
  httpOnly: true,
171
- secure: isSecureConnection,
172
+ secure: true,
173
+ sameSite: "None",
174
+ domain: domain,
172
175
  },
173
176
  };
174
177
 
@@ -181,50 +184,77 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
181
184
  value: safeStringify(sanitizedUser),
182
185
  maxAge: refreshMaxAge,
183
186
  httpOnly: false,
184
- secure: isSecureConnection,
187
+ secure: true,
188
+ sameSite: "None",
189
+ domain: domain,
185
190
  },
186
191
  account: {
187
192
  value: safeStringify(sanitizedAccount),
188
193
  maxAge: refreshMaxAge,
189
194
  httpOnly: false,
190
- secure: isSecureConnection,
195
+ secure: true,
196
+ sameSite: "None",
197
+ domain: domain,
191
198
  },
192
199
  has_account_token: {
193
200
  value: JSON.stringify({ value: "true", expires: accessMaxAge }),
194
201
  maxAge: accessMaxAge,
195
202
  httpOnly: false,
196
- secure: isSecureConnection,
203
+ secure: true,
204
+ sameSite: "None",
205
+ domain: domain,
197
206
  },
198
207
  };
199
208
 
200
209
  try {
210
+ // Set each cookie individually with full attributes
201
211
  Object.entries({ ...httpOnlyCookies, ...regularCookies }).forEach(
202
212
  ([name, config]) => {
203
- res.cookie(name, config.value, {
213
+ // Ensure all required attributes are explicitly set
214
+ const cookieConfig = {
204
215
  ...commonAttributes,
205
216
  ...config,
206
- });
217
+ domain: domain, // Explicitly set domain for each cookie
218
+ };
219
+
220
+ res.cookie(name, config.value, cookieConfig);
221
+
222
+ // Also try setting without domain for root domain
223
+ if (domain === ".propro.so") {
224
+ const rootConfig = { ...cookieConfig };
225
+ delete rootConfig.domain;
226
+ res.cookie(name, config.value, rootConfig);
227
+ }
207
228
  }
208
229
  );
209
230
 
210
- const extensionCookiePromises = Object.entries({
211
- ...httpOnlyCookies,
212
- ...regularCookies,
213
- }).map(([name, config]) => {
214
- return setChromeExtensionCookie({
215
- url: `https://${domain || "propro.so"}`,
216
- name,
217
- value: config.value,
218
- secure: true,
219
- httpOnly: !!config.httpOnly,
220
- sameSite: "no_restriction",
221
- path: "/",
222
- expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
223
- domain: domain?.startsWith(".") ? domain : `.${domain || "propro.so"}`,
231
+ // Skip extension cookie setting if not in extension context
232
+ try {
233
+ const extensionCookiePromises = Object.entries({
234
+ ...httpOnlyCookies,
235
+ ...regularCookies,
236
+ }).map(([name, config]) => {
237
+ return setChromeExtensionCookie({
238
+ url: `https://${
239
+ domain?.startsWith(".") ? domain.slice(1) : domain || "propro.so"
240
+ }`,
241
+ name,
242
+ value: config.value,
243
+ secure: true,
244
+ httpOnly: !!config.httpOnly,
245
+ sameSite: "no_restriction",
246
+ path: "/",
247
+ expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
248
+ domain: domain,
249
+ });
224
250
  });
225
- });
226
251
 
227
- await Promise.allSettled(extensionCookiePromises);
252
+ Promise.allSettled(extensionCookiePromises).catch(() => {
253
+ // Ignore extension errors
254
+ });
255
+ } catch (error) {
256
+ // Ignore extension errors
257
+ }
228
258
 
229
259
  console.log("Auth cookies set successfully", {
230
260
  domain,
@@ -272,7 +302,6 @@ const clearAuthCookies = async (res, appUrl) => {
272
302
  isSecureConnection = false;
273
303
  }
274
304
  if (domain?.includes("propro.so")) {
275
- // Always set cookies on the root domain for all propro.so subdomains
276
305
  domain = ".propro.so";
277
306
  }
278
307
 
@@ -291,16 +320,14 @@ const clearAuthCookies = async (res, appUrl) => {
291
320
  }
292
321
 
293
322
  const commonAttributes = {
294
- secure: isSecureConnection,
295
- sameSite: isSecureConnection ? "None" : "Lax",
296
- domain,
323
+ secure: true,
324
+ sameSite: "None",
325
+ domain: domain,
297
326
  path: "/",
298
327
  httpOnly: false,
299
- expires: new Date(0), // Set expiry to past date to ensure cookie is removed
328
+ expires: new Date(0),
300
329
  };
301
330
 
302
- console.log("Clear cookie attributes:", commonAttributes);
303
-
304
331
  const cookieNames = [
305
332
  "x-refresh-token",
306
333
  "x-access-token",
@@ -309,26 +336,41 @@ const clearAuthCookies = async (res, appUrl) => {
309
336
  "has_account_token",
310
337
  ];
311
338
 
312
- // Clear web cookies
339
+ // Clear cookies with domain
313
340
  cookieNames.forEach((cookieName) => {
314
341
  res.clearCookie(cookieName, commonAttributes);
342
+
343
+ // Also try clearing without domain for root domain
344
+ if (domain === ".propro.so") {
345
+ const rootAttributes = { ...commonAttributes };
346
+ delete rootAttributes.domain;
347
+ res.clearCookie(cookieName, rootAttributes);
348
+ }
315
349
  });
316
350
 
317
351
  try {
352
+ // Skip extension cookie clearing if not in extension context
318
353
  const extensionClearPromises = cookieNames.map(
319
354
  (name) =>
320
355
  new Promise((resolve) => {
321
356
  chrome.cookies.remove(
322
357
  {
323
- url: `https://${domain || "mapmap.app"}`,
358
+ url: `https://${
359
+ domain?.startsWith(".")
360
+ ? domain.slice(1)
361
+ : domain || "propro.so"
362
+ }`,
324
363
  name,
364
+ domain: domain,
325
365
  },
326
366
  resolve
327
367
  );
328
368
  })
329
369
  );
330
370
 
331
- await Promise.allSettled(extensionClearPromises);
371
+ Promise.allSettled(extensionClearPromises).catch(() => {
372
+ // Ignore extension errors
373
+ });
332
374
  } catch (error) {
333
375
  // Not in extension context, ignore
334
376
  }