fix(auth): change cookies logic

anteqkois · May 26, 2024 · e635fff · e635fff
1 parent 07f0c1a
commit e635fff
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/apps/web/middleware.ts b/apps/web/middleware.ts
@@ -5,8 +5,10 @@ import { NextRequest, NextResponse } from 'next/server'
 export function middleware(req: NextRequest) {
   const authStatus = req.cookies.get(Cookies.AUTH_STATUS)
   const accessToken = req.cookies.get(Cookies.ACCESS_TOKEN)
-  if (!authStatus || !accessToken || authStatus.value !== AuthStatus.AUTHENTICATED)
+  if (!authStatus || !accessToken || authStatus.value !== AuthStatus.AUTHENTICATED) {
+    console.log('Unauthorized request', req.nextUrl.pathname, req.url)
     return NextResponse.redirect(new URL(`/login?from=${req.nextUrl.pathname}`, req.url))
+  }
   return NextResponse.next()
 }
 

diff --git a/libs/nest-core/src/modules/users/auth/auth.controller.ts b/libs/nest-core/src/modules/users/auth/auth.controller.ts
@@ -29,15 +29,19 @@ export class AuthController {
   async signup(@BodySchema(signUpInputSchema) body: SignUpInput, @Response({ passthrough: true }) res: FastifyReply): Promise<SignUpResponse> {
     const { access_token, user: userRes } = await this.authService.signUp(body)
     const expireDateUnix = +this.configService.get<number>('JWT_ACCES_TOKEN_EXPIRE_SSECONDS', 3600)
+    const domain = this.configService.getOrThrow('DOMAIN')
 
     res.setCookie(Cookies.ACCESS_TOKEN, access_token, {
       path: '/',
+      domain,
       httpOnly: true,
       secure: false,
-      sameSite: 'lax',
+      // sameSite: 'lax',
+      sameSite: 'none',
       expires: new Date(Date.now() + 1000 * expireDateUnix),
     })
     res.setCookie(Cookies.AUTH_STATUS, AuthStatus.AUTHENTICATED, {
+      domain,
       path: '/',
     })
 
@@ -55,15 +59,19 @@ export class AuthController {
 
     const { access_token, user: userRes } = await this.authService.login(user)
     const expireDateUnix = +this.configService.get('JWT_ACCES_TOKEN_EXPIRE_SSECONDS', 3600)
+    const domain = this.configService.getOrThrow('DOMAIN')
 
     res.setCookie(Cookies.ACCESS_TOKEN, access_token, {
       path: '/',
+      domain,
       httpOnly: true,
       secure: false,
-      sameSite: 'lax',
+      // sameSite: 'lax',
+      sameSite: 'none',
       expires: new Date(Date.now() + 1000 * expireDateUnix),
     })
     res.setCookie(Cookies.AUTH_STATUS, AuthStatus.AUTHENTICATED, {
+      domain,
       path: '/',
     })
 
@@ -107,7 +115,8 @@ export class AuthController {
   //   res.setCookie('access_token', access_token, {
   //     httpOnly: true,
   //     secure: false,
-  //     sameSite: 'lax',
+      // sameSite: 'lax',
+  //     none: 'lax',
   //     expires: new Date(Date.now() + expireDateUnix),
   //   })
   //   return res.send({ user: userRes, status: 'ok' })