ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

fix: set cookie domain to .ciphera.net for cross-subdomain auth

Browse Source
This commit is contained in:
Usman Baig
2026-01-18 21:39:57 +01:00
parent 6c75faae4a
commit edcf8a0c27
2 changed files with 42 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
app/actions/auth.ts
View File

@@ -4,6 +4,16 @@ import { cookies } from 'next/headers'
const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081' const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081'
// * Determine cookie domain dynamically
// * In production (on ciphera.net), we want to share cookies with subdomains (e.g. analytics-api.ciphera.net)
// * In local dev (localhost), we don't set a domain
const getCookieDomain = () => {
if (process.env.NODE_ENV === 'production') {
return '.ciphera.net'
}
return undefined
}
interface AuthResponse { interface AuthResponse {
access_token: string access_token: string
refresh_token: string refresh_token: string
@@ -46,6 +56,7 @@ export async function exchangeAuthCode(code: string, codeVerifier: string, redir
// * Set Cookies // * Set Cookies
const cookieStore = await cookies() const cookieStore = await cookies()
const cookieDomain = getCookieDomain()
// * Access Token // * Access Token
cookieStore.set('access_token', data.access_token, { cookieStore.set('access_token', data.access_token, {
@@ -53,6 +64,7 @@ export async function exchangeAuthCode(code: string, codeVerifier: string, redir
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 15 // 15 minutes (short lived) maxAge: 60 * 15 // 15 minutes (short lived)
}) })
@@ -62,6 +74,7 @@ export async function exchangeAuthCode(code: string, codeVerifier: string, redir
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 60 * 24 * 30 // 30 days maxAge: 60 * 60 * 24 * 30 // 30 days
}) })
@@ -86,12 +99,14 @@ export async function setSessionAction(accessToken: string, refreshToken: string
const payload: UserPayload = JSON.parse(Buffer.from(payloadPart, 'base64').toString()) const payload: UserPayload = JSON.parse(Buffer.from(payloadPart, 'base64').toString())
const cookieStore = await cookies() const cookieStore = await cookies()
const cookieDomain = getCookieDomain()
cookieStore.set('access_token', accessToken, { cookieStore.set('access_token', accessToken, {
httpOnly: true, httpOnly: true,
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 15 maxAge: 60 * 15
}) })
@@ -100,6 +115,7 @@ export async function setSessionAction(accessToken: string, refreshToken: string
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 60 * 24 * 30 maxAge: 60 * 60 * 24 * 30
}) })
@@ -118,8 +134,18 @@ export async function setSessionAction(accessToken: string, refreshToken: string
export async function logoutAction() { export async function logoutAction() {
const cookieStore = await cookies() const cookieStore = await cookies()
cookieStore.delete('access_token') const cookieDomain = getCookieDomain()
cookieStore.delete('refresh_token')
cookieStore.set('access_token', '', {
maxAge: 0,
path: '/',
domain: cookieDomain
})
cookieStore.set('refresh_token', '', {
maxAge: 0,
path: '/',
domain: cookieDomain
})
return { success: true } return { success: true }
} }

16
app/api/auth/refresh/route.ts
View File

@@ -3,6 +3,14 @@ import { NextResponse } from 'next/server'
const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081' const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081'
// * Determine cookie domain dynamically
const getCookieDomain = () => {
if (process.env.NODE_ENV === 'production') {
return '.ciphera.net'
}
return undefined
}
export async function POST() { export async function POST() {
const cookieStore = await cookies() const cookieStore = await cookies()
const refreshToken = cookieStore.get('refresh_token')?.value const refreshToken = cookieStore.get('refresh_token')?.value
@@ -18,10 +26,12 @@ export async function POST() {
body: JSON.stringify({ refresh_token: refreshToken }), body: JSON.stringify({ refresh_token: refreshToken }),
}) })
const cookieDomain = getCookieDomain()
if (!res.ok) { if (!res.ok) {
// * If refresh fails, clear cookies // * If refresh fails, clear cookies
cookieStore.delete('access_token') cookieStore.set('access_token', '', { maxAge: 0, path: '/', domain: cookieDomain })
cookieStore.delete('refresh_token') cookieStore.set('refresh_token', '', { maxAge: 0, path: '/', domain: cookieDomain })
return NextResponse.json({ error: 'Refresh failed' }, { status: 401 }) return NextResponse.json({ error: 'Refresh failed' }, { status: 401 })
} }
@@ -32,6 +42,7 @@ export async function POST() {
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 15 maxAge: 60 * 15
}) })
@@ -40,6 +51,7 @@ export async function POST() {
secure: process.env.NODE_ENV === 'production', secure: process.env.NODE_ENV === 'production',
sameSite: 'lax', sameSite: 'lax',
path: '/', path: '/',
domain: cookieDomain,
maxAge: 60 * 60 * 24 * 30 maxAge: 60 * 60 * 24 * 30
}) })