From b90dc5ac9c018e3ddee71762cd7653ab87a72603 Mon Sep 17 00:00:00 2001 From: aXenDeveloper Date: Wed, 21 Aug 2024 20:17:40 +0200 Subject: [PATCH] feat(backend): Add support for http protocol --- packages/backend/src/app.module.ts | 8 ++------ .../core/admin/sessions/sign_out/sign_out.service.ts | 6 ++++-- .../internal/internal_authorization.service.ts | 6 ++++-- .../src/core/sessions/sign_in/device.service.ts | 6 ++++-- .../src/core/sessions/sign_in/sign_in.service.ts | 12 ++++++++---- .../src/core/sessions/sign_out/sign_out.service.ts | 6 ++++-- 6 files changed, 26 insertions(+), 18 deletions(-) diff --git a/packages/backend/src/app.module.ts b/packages/backend/src/app.module.ts index bdc00d73f..064fd80d7 100644 --- a/packages/backend/src/app.module.ts +++ b/packages/backend/src/app.module.ts @@ -132,12 +132,7 @@ const replaceUrlToDomain = (url: string) => { hostname = hostname.split('.').slice(1).join('.'); } - const domainParts = hostname.split('.'); - if (domainParts.length > 1) { - domainParts.pop(); - } - - return domainParts.join('.'); + return hostname; }; const config = () => { @@ -151,6 +146,7 @@ const config = () => { port: process.env.PORT ? parseInt(process.env.PORT, 10) : 8080, cookies: { domain: replaceUrlToDomain(frontend_url.url), + secure: frontend_url.protocol === 'https:', login_token: { expiresIn: 3, // 3 days expiresInRemember: 90, // 90 days diff --git a/packages/backend/src/core/admin/sessions/sign_out/sign_out.service.ts b/packages/backend/src/core/admin/sessions/sign_out/sign_out.service.ts index 40876ca03..effb9f027 100644 --- a/packages/backend/src/core/admin/sessions/sign_out/sign_out.service.ts +++ b/packages/backend/src/core/admin/sessions/sign_out/sign_out.service.ts @@ -34,10 +34,12 @@ export class SignOutAdminSessionsService { this.configService.getOrThrow('cookies.login_token.admin.name'), { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }, ); diff --git a/packages/backend/src/core/sessions/authorization/internal/internal_authorization.service.ts b/packages/backend/src/core/sessions/authorization/internal/internal_authorization.service.ts index 195aaf996..7a51a01cb 100644 --- a/packages/backend/src/core/sessions/authorization/internal/internal_authorization.service.ts +++ b/packages/backend/src/core/sessions/authorization/internal/internal_authorization.service.ts @@ -119,11 +119,13 @@ export class InternalAuthorizationCoreSessionsService { know_device_id, { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', expires, - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }, ); diff --git a/packages/backend/src/core/sessions/sign_in/device.service.ts b/packages/backend/src/core/sessions/sign_in/device.service.ts index ceb3025c4..9dc1641b3 100644 --- a/packages/backend/src/core/sessions/sign_in/device.service.ts +++ b/packages/backend/src/core/sessions/sign_in/device.service.ts @@ -50,11 +50,13 @@ export class DeviceSignInCoreSessionsService { device.id, { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', expires, - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }, ); diff --git a/packages/backend/src/core/sessions/sign_in/sign_in.service.ts b/packages/backend/src/core/sessions/sign_in/sign_in.service.ts index fac298a75..4f85e329a 100644 --- a/packages/backend/src/core/sessions/sign_in/sign_in.service.ts +++ b/packages/backend/src/core/sessions/sign_in/sign_in.service.ts @@ -112,11 +112,13 @@ export class SignInCoreSessionsService { login_token, { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', expires, - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }, ); @@ -161,11 +163,13 @@ export class SignInCoreSessionsService { login_token, { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', expires: remember ? expires : undefined, - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }, ); diff --git a/packages/backend/src/core/sessions/sign_out/sign_out.service.ts b/packages/backend/src/core/sessions/sign_out/sign_out.service.ts index feab902bf..2891272fd 100644 --- a/packages/backend/src/core/sessions/sign_out/sign_out.service.ts +++ b/packages/backend/src/core/sessions/sign_out/sign_out.service.ts @@ -30,10 +30,12 @@ export class SignOutCoreSessionsService { res.clearCookie(this.configService.getOrThrow('cookies.login_token.name'), { httpOnly: true, - secure: true, + secure: !!this.configService.getOrThrow('cookies.secure'), domain: this.configService.getOrThrow('cookies.domain'), path: '/', - sameSite: 'none', + sameSite: this.configService.getOrThrow('cookies.secure') + ? 'none' + : 'lax', }); return 'You are logged out';