propro-utils 1.6.9 → 1.7.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.6.9",
+  "version": "1.7.1",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/server/middleware/cookieUtils.js

@@ -99,7 +99,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     new Date(tokens.access.expires).getTime() - currentDateTime.getTime();
 
   // Domain configuration
-  let domain;
   let isSecureConnection = false;
   try {
     // Handle URLs that don't include the protocol
@@ -113,23 +112,9 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     }
 
     const urlObj = new URL(processedAppUrl);
-    domain = urlObj.hostname;
     isSecureConnection = urlObj.protocol === "https:";
 
-    if (domain?.includes("mapmap.app")) {
-      domain = ".mapmap.app";
-    }
-    if (domain?.includes("localhost")) {
-      domain = undefined;
-      isSecureConnection = false;
-    }
-    if (domain?.includes("propro.so")) {
-      // Always set cookies on the root domain for all propro.so subdomains
-      domain = ".propro.so";
-    }
-
     console.log("Cookie configuration:", {
-      domain,
       isSecure: isSecureConnection,
       protocol: urlObj.protocol,
       originalUrl: appUrl,
@@ -138,37 +123,26 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     });
   } catch (error) {
     console.error("Invalid appUrl:", { error, appUrl });
-    domain = undefined;
     isSecureConnection = false;
   }
 
-  // Determine if we're in a local development environment
-  const isLocalhost =
-    !domain || domain === "localhost" || domain.includes("localhost");
-
+  // Base cookie attributes without domain specification
   const commonAttributes = {
-    secure: isSecureConnection,
-    sameSite: isSecureConnection ? "None" : "Lax",
-    domain,
+    secure: true,
+    sameSite: "None",
     path: "/",
-    httpOnly: false,
-    expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year expiry as fallback
   };
 
-  console.log("Cookie attributes:", commonAttributes);
-
   const httpOnlyCookies = {
     "x-refresh-token": {
       value: tokens.refresh.token,
       maxAge: refreshMaxAge,
       httpOnly: true,
-      secure: isSecureConnection,
     },
     "x-access-token": {
       value: tokens.access.token,
       maxAge: accessMaxAge,
       httpOnly: true,
-      secure: isSecureConnection,
     },
   };
 
@@ -181,53 +155,58 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       value: safeStringify(sanitizedUser),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
     },
     account: {
       value: safeStringify(sanitizedAccount),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
     },
     has_account_token: {
       value: JSON.stringify({ value: "true", expires: accessMaxAge }),
       maxAge: accessMaxAge,
       httpOnly: false,
-      secure: isSecureConnection,
     },
   };
 
   try {
+    // Set each cookie individually
     Object.entries({ ...httpOnlyCookies, ...regularCookies }).forEach(
       ([name, config]) => {
-        res.cookie(name, config.value, {
+        const cookieConfig = {
           ...commonAttributes,
           ...config,
-        });
+        };
+
+        res.cookie(name, config.value, cookieConfig);
       }
     );
 
-    const extensionCookiePromises = Object.entries({
-      ...httpOnlyCookies,
-      ...regularCookies,
-    }).map(([name, config]) => {
-      return setChromeExtensionCookie({
-        url: `https://${domain || "propro.so"}`,
-        name,
-        value: config.value,
-        secure: true,
-        httpOnly: !!config.httpOnly,
-        sameSite: "no_restriction",
-        path: "/",
-        expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
-        domain: domain?.startsWith(".") ? domain : `.${domain || "propro.so"}`,
+    // Handle extension cookies if in extension context
+    try {
+      const extensionCookiePromises = Object.entries({
+        ...httpOnlyCookies,
+        ...regularCookies,
+      }).map(([name, config]) => {
+        return setChromeExtensionCookie({
+          url: processedAppUrl,
+          name,
+          value: config.value,
+          secure: true,
+          httpOnly: !!config.httpOnly,
+          sameSite: "no_restriction",
+          path: "/",
+          expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
+        });
       });
-    });
 
-    await Promise.allSettled(extensionCookiePromises);
+      Promise.allSettled(extensionCookiePromises).catch(() => {
+        // Ignore extension errors
+      });
+    } catch (error) {
+      // Ignore extension errors
+    }
 
     console.log("Auth cookies set successfully", {
-      domain,
       sameSite: commonAttributes.sameSite,
       cookieNames: [
         ...Object.keys(httpOnlyCookies),
@@ -247,7 +226,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
  * Clears cookies from both web and extension contexts
  */
 const clearAuthCookies = async (res, appUrl) => {
-  let domain;
   let isSecureConnection = false;
   try {
     // Handle URLs that don't include the protocol
@@ -261,23 +239,9 @@ const clearAuthCookies = async (res, appUrl) => {
     }
 
     const urlObj = new URL(processedAppUrl);
-    domain = urlObj.hostname;
     isSecureConnection = urlObj.protocol === "https:";
 
-    if (domain?.includes("mapmap.app")) {
-      domain = ".mapmap.app";
-    }
-    if (domain?.includes("localhost")) {
-      domain = undefined;
-      isSecureConnection = false;
-    }
-    if (domain?.includes("propro.so")) {
-      // Always set cookies on the root domain for all propro.so subdomains
-      domain = ".propro.so";
-    }
-
     console.log("Clear cookies configuration:", {
-      domain,
       isSecure: isSecureConnection,
       protocol: urlObj.protocol,
       originalUrl: appUrl,
@@ -286,21 +250,16 @@ const clearAuthCookies = async (res, appUrl) => {
     });
   } catch (error) {
     console.error("Invalid appUrl:", error);
-    domain = undefined;
     isSecureConnection = false;
   }
 
   const commonAttributes = {
-    secure: isSecureConnection,
-    sameSite: isSecureConnection ? "None" : "Lax",
-    domain,
+    secure: true,
+    sameSite: "None",
     path: "/",
-    httpOnly: false,
-    expires: new Date(0), // Set expiry to past date to ensure cookie is removed
+    expires: new Date(0),
   };
 
-  console.log("Clear cookie attributes:", commonAttributes);
-
   const cookieNames = [
     "x-refresh-token",
     "x-access-token",
@@ -309,32 +268,35 @@ const clearAuthCookies = async (res, appUrl) => {
     "has_account_token",
   ];
 
-  // Clear web cookies
+  // Clear cookies with domain
   cookieNames.forEach((cookieName) => {
     res.clearCookie(cookieName, commonAttributes);
   });
 
   try {
+    // Handle extension cookies if in extension context
     const extensionClearPromises = cookieNames.map(
       (name) =>
         new Promise((resolve) => {
           chrome.cookies.remove(
             {
-              url: `https://${domain || "mapmap.app"}`,
+              url: processedAppUrl,
               name,
+              secure: true,
             },
             resolve
           );
         })
     );
 
-    await Promise.allSettled(extensionClearPromises);
+    Promise.allSettled(extensionClearPromises).catch(() => {
+      // Ignore extension errors
+    });
   } catch (error) {
     // Not in extension context, ignore
   }
 
   console.log("Auth cookies cleared successfully", {
-    domain,
     cookieNames,
     sameSite: commonAttributes.sameSite,
   });