chore: more config options for domain cookie

gettakaro · Jun 21, 2024 · 1f7e2a0 · 1f7e2a0
1 parent d4332ba
commit 1f7e2a0
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/packages/app-api/src/config.ts b/packages/app-api/src/config.ts
@@ -16,6 +16,11 @@ interface IHttpConfig extends IBaseConfig {
     allowedOrigins: string[];
     baseUrl: string;
     frontendHost: string;
+    domainCookie: {
+      secure: boolean;
+      sameSite: string;
+      domain: string;
+    };
   };
   auth: {
     jwtSecret: string;
@@ -95,6 +100,26 @@ const configSchema = {
       default: 'http://127.0.0.1:13001',
       env: 'TAKARO_FRONTEND_HOST',
     },
+    domainCookie: {
+      secure: {
+        doc: 'Whether the domain cookie is secure',
+        format: Boolean,
+        default: false,
+        env: 'DOMAIN_COOKIE_SECURE',
+      },
+      sameSite: {
+        doc: 'The SameSite attribute of the domain cookie',
+        format: String,
+        default: 'strict',
+        env: 'DOMAIN_COOKIE_SAME_SITE',
+      },
+      domain: {
+        doc: 'The domain of the domain cookie',
+        format: String,
+        default: '127.0.0.1',
+        env: 'DOMAIN_COOKIE_DOMAIN',
+      },
+    },
   },
   auth: {
     jwtSecret: {

diff --git a/packages/app-api/src/service/AuthService.ts b/packages/app-api/src/service/AuthService.ts
@@ -184,7 +184,12 @@ export class AuthService extends DomainScoped {
           domainId = domains[0].id;
 
           // Set the domain cookie
-          if (req.res?.cookie) req.res?.cookie('takaro-domain', domainId, {});
+          if (req.res?.cookie)
+            req.res?.cookie('takaro-domain', domainId, {
+              sameSite: config.get('http.domainCookie.sameSite') as boolean | 'strict' | 'lax' | 'none' | undefined,
+              secure: config.get('http.domainCookie.secure'),
+              domain: config.get('http.domainCookie.domain'),
+            });
         }
 
         if (identity) {