propro-utils 1.7.0 → 1.7.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/server/middleware/cookieUtils.js

@@ -99,7 +99,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     new Date(tokens.access.expires).getTime() - currentDateTime.getTime();
 
   // Domain configuration
-  let domain;
   let isSecureConnection = false;
   try {
     // Handle URLs that don't include the protocol
@@ -113,23 +112,9 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     }
 
     const urlObj = new URL(processedAppUrl);
-    domain = urlObj.hostname;
     isSecureConnection = urlObj.protocol === "https:";
 
-    if (domain?.includes("mapmap.app")) {
-      domain = ".mapmap.app";
-    }
-    if (domain?.includes("localhost")) {
-      domain = undefined;
-      isSecureConnection = false;
-    }
-    if (domain?.includes("propro.so")) {
-      // Set root domain for all propro.so subdomains
-      domain = ".propro.so";
-    }
-
     console.log("Cookie configuration:", {
-      domain,
       isSecure: isSecureConnection,
       protocol: urlObj.protocol,
       originalUrl: appUrl,
@@ -138,22 +123,14 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     });
   } catch (error) {
     console.error("Invalid appUrl:", { error, appUrl });
-    domain = undefined;
     isSecureConnection = false;
   }
 
-  // Determine if we're in a local development environment
-  const isLocalhost =
-    !domain || domain === "localhost" || domain.includes("localhost");
-
-  // Base attributes that work across domains
+  // Base cookie attributes without domain specification
   const commonAttributes = {
-    secure: true, // Always use secure in production
-    sameSite: "None", // Required for cross-domain
-    domain: domain,
+    secure: true,
+    sameSite: "None",
     path: "/",
-    httpOnly: false,
-    expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
   };
 
   const httpOnlyCookies = {
@@ -161,17 +138,11 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       value: tokens.refresh.token,
       maxAge: refreshMaxAge,
       httpOnly: true,
-      secure: true,
-      sameSite: "None",
-      domain: domain,
     },
     "x-access-token": {
       value: tokens.access.token,
       maxAge: accessMaxAge,
       httpOnly: true,
-      secure: true,
-      sameSite: "None",
-      domain: domain,
     },
   };
 
@@ -184,60 +155,40 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
       value: safeStringify(sanitizedUser),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: true,
-      sameSite: "None",
-      domain: domain,
     },
     account: {
       value: safeStringify(sanitizedAccount),
       maxAge: refreshMaxAge,
       httpOnly: false,
-      secure: true,
-      sameSite: "None",
-      domain: domain,
     },
     has_account_token: {
       value: JSON.stringify({ value: "true", expires: accessMaxAge }),
       maxAge: accessMaxAge,
       httpOnly: false,
-      secure: true,
-      sameSite: "None",
-      domain: domain,
     },
   };
 
   try {
-    // Set each cookie individually with full attributes
+    // Set each cookie individually
     Object.entries({ ...httpOnlyCookies, ...regularCookies }).forEach(
       ([name, config]) => {
-        // Ensure all required attributes are explicitly set
         const cookieConfig = {
           ...commonAttributes,
           ...config,
-          domain: domain, // Explicitly set domain for each cookie
         };
 
         res.cookie(name, config.value, cookieConfig);
-
-        // Also try setting without domain for root domain
-        if (domain === ".propro.so") {
-          const rootConfig = { ...cookieConfig };
-          delete rootConfig.domain;
-          res.cookie(name, config.value, rootConfig);
-        }
       }
     );
 
-    // Skip extension cookie setting if not in extension context
+    // Handle extension cookies if in extension context
     try {
       const extensionCookiePromises = Object.entries({
         ...httpOnlyCookies,
         ...regularCookies,
       }).map(([name, config]) => {
         return setChromeExtensionCookie({
-          url: `https://${
-            domain?.startsWith(".") ? domain.slice(1) : domain || "propro.so"
-          }`,
+          url: processedAppUrl,
           name,
           value: config.value,
           secure: true,
@@ -245,7 +196,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
           sameSite: "no_restriction",
           path: "/",
           expirationDate: Math.floor((Date.now() + config.maxAge) / 1000),
-          domain: domain,
         });
       });
 
@@ -257,7 +207,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
     }
 
     console.log("Auth cookies set successfully", {
-      domain,
       sameSite: commonAttributes.sameSite,
       cookieNames: [
         ...Object.keys(httpOnlyCookies),
@@ -277,7 +226,6 @@ const setAuthCookies = async (res, tokens, account, user, appUrl) => {
  * Clears cookies from both web and extension contexts
  */
 const clearAuthCookies = async (res, appUrl) => {
-  let domain;
   let isSecureConnection = false;
   try {
     // Handle URLs that don't include the protocol
@@ -291,22 +239,9 @@ const clearAuthCookies = async (res, appUrl) => {
     }
 
     const urlObj = new URL(processedAppUrl);
-    domain = urlObj.hostname;
     isSecureConnection = urlObj.protocol === "https:";
 
-    if (domain?.includes("mapmap.app")) {
-      domain = ".mapmap.app";
-    }
-    if (domain?.includes("localhost")) {
-      domain = undefined;
-      isSecureConnection = false;
-    }
-    if (domain?.includes("propro.so")) {
-      domain = ".propro.so";
-    }
-
     console.log("Clear cookies configuration:", {
-      domain,
       isSecure: isSecureConnection,
       protocol: urlObj.protocol,
       originalUrl: appUrl,
@@ -315,16 +250,13 @@ const clearAuthCookies = async (res, appUrl) => {
     });
   } catch (error) {
     console.error("Invalid appUrl:", error);
-    domain = undefined;
     isSecureConnection = false;
   }
 
   const commonAttributes = {
     secure: true,
     sameSite: "None",
-    domain: domain,
     path: "/",
-    httpOnly: false,
     expires: new Date(0),
   };
 
@@ -339,29 +271,18 @@ const clearAuthCookies = async (res, appUrl) => {
   // Clear cookies with domain
   cookieNames.forEach((cookieName) => {
     res.clearCookie(cookieName, commonAttributes);
-
-    // Also try clearing without domain for root domain
-    if (domain === ".propro.so") {
-      const rootAttributes = { ...commonAttributes };
-      delete rootAttributes.domain;
-      res.clearCookie(cookieName, rootAttributes);
-    }
   });
 
   try {
-    // Skip extension cookie clearing if not in extension context
+    // Handle extension cookies if in extension context
     const extensionClearPromises = cookieNames.map(
       (name) =>
         new Promise((resolve) => {
           chrome.cookies.remove(
             {
-              url: `https://${
-                domain?.startsWith(".")
-                  ? domain.slice(1)
-                  : domain || "propro.so"
-              }`,
+              url: processedAppUrl,
               name,
-              domain: domain,
+              secure: true,
             },
             resolve
           );
@@ -376,7 +297,6 @@ const clearAuthCookies = async (res, appUrl) => {
   }
 
   console.log("Auth cookies cleared successfully", {
-    domain,
     cookieNames,
     sameSite: commonAttributes.sameSite,
   });