Merge branch 'development'

tjtanjin · tjtanjin · commit 7d30003390c2 · 2025-06-13T23:57:47.000+08:00
diff --git a/config/env/.env.template b/config/env/.env.template
@@ -5,9 +5,6 @@ API_BASE_URL=http://localhost:3000
 # frontend website (for handling cors and cookie), acccepts comma-separated-values
 FRONTEND_WEBSITE_URLS=FRONTEND_WEBSITE_URL_1,FRONTEND_WEBSITE_URL_2
 
-# used to secure live environments, should allow both frontend/backend domains (do not include protocol)
-COOKIE_DOMAIN=COOKIE_DOMAIN
-
 # plugin configurations
 MAX_PLUGIN_IMAGE_FILE_SIZE=1048576 # (bytes)
 
diff --git a/src/api/index.ts b/src/api/index.ts
@@ -137,8 +137,6 @@ app.use(
       secure: process.env.NODE_ENV !== 'local',
       // in production, use "lax" as frontend and backend have the same root domain
       sameSite: process.env.NODE_ENV === 'local' ? 'none' : 'lax',
-      // if not in production, leave domain as undefined
-      domain: process.env.NODE_ENV === 'local' ? undefined : process.env.COOKIE_DOMAIN,
       // expire after 3 months (milliseconds)
       maxAge: 1000 * 60 * 60 * 24 * 30 * 3,
     },
diff --git a/src/api/middleware/csrfMiddleware.ts b/src/api/middleware/csrfMiddleware.ts
@@ -18,8 +18,6 @@ const csrfMiddleware: RequestHandler = (req, res, next) => {
       secure: process.env.NODE_ENV !== 'local',
       // in production, use "lax" as frontend and backend have the same root domain
       sameSite: process.env.NODE_ENV === 'local' ? 'none' : 'lax',
-      // if not in production, leave domain as undefined
-      domain: process.env.NODE_ENV === 'local' ? undefined : process.env.COOKIE_DOMAIN,
     });
     return next();
   }
diff --git a/src/api/middleware/userSessionMiddleware.ts b/src/api/middleware/userSessionMiddleware.ts
@@ -13,7 +13,9 @@ import { getUserData } from '../services/authentication/authentication';
  * @returns 403 if session not found, else proceed
  */
 const checkUserSession = (req: Request, res: Response, next: NextFunction) => {
-  Logger.debug(`checkUserSession: sessionID: ${req.sessionID}, sessionUserID: ${req.session?.userId}, sessionProvider: ${req.session?.provider}`);
+  Logger.debug(
+    `checkUserSession: sessionID: ${req.sessionID}, sessionUserID: ${req.session?.userId}, sessionProvider: ${req.session?.provider}`
+  );
   getUserData(req.sessionID, req.session.userId || null, req.session.provider as string)
     .then((userData) => {
       if (!userData) {
diff --git a/src/api/services/authentication/authentication.ts b/src/api/services/authentication/authentication.ts
@@ -77,7 +77,9 @@ const getUserData = async (sessionId: string, userId: string | null, provider: s
     const encryptedToken = await redisEphemeralClient.get(`${process.env.USER_TOKEN_PREFIX as string}:${sessionId}`);
     Logger.debug(`getUserData: sessionID: ${sessionId}, encryptedToken found: ${!!encryptedToken}`);
     const accessToken = encryptedToken ? decrypt(encryptedToken) : null;
-    Logger.debug(`getUserData: sessionID: ${sessionId}, attempting to call getUserProviderDataFromProvider. AccessToken is null: ${!accessToken}`);
+    Logger.debug(
+      `getUserData: sessionID: ${sessionId}, attempting to call getUserProviderDataFromProvider. AccessToken is null: ${!accessToken}`
+    );
     const userProviderData = await getUserProviderDataFromProvider(sessionId, userId, accessToken, provider);
     if (userProviderData) {
       // get user data, will create user if user does not exist
@@ -218,7 +220,9 @@ const getUserProviderDataFromProvider = async (
   provider: string
 ) => {
   if (!accessToken) {
-    Logger.debug(`getUserProviderDataFromProvider: sessionID: ${sessionId}, accessToken is null, attempting to call refreshProviderTokens.`);
+    Logger.debug(
+      `getUserProviderDataFromProvider: sessionID: ${sessionId}, accessToken is null, attempting to call refreshProviderTokens.`
+    );
     const tokenResponse = await refreshProviderTokens(sessionId, userId, provider);
     accessToken = tokenResponse ? tokenResponse.accessToken : null;
   }
@@ -285,7 +289,9 @@ const refreshProviderTokens = async (sessionId: string, userId: string | null, p
     // save user tokens if response is valid
     if (tokenResponse) {
       const successfullySavedTokens = await saveUserTokens(sessionId, userId, tokenResponse);
-      Logger.debug(`refreshProviderTokens: sessionID: ${sessionId}, successfullySavedTokens: ${successfullySavedTokens}`);
+      Logger.debug(
+        `refreshProviderTokens: sessionID: ${sessionId}, successfullySavedTokens: ${successfullySavedTokens}`
+      );
       if (successfullySavedTokens) {
         return tokenResponse;
       }

Original file line number	Diff line number	Diff line change
`@@ -18,8 +18,6 @@ const csrfMiddleware: RequestHandler = (req, res, next) => {`
`18`	`18`	`secure: process.env.NODE_ENV !== 'local',`
`19`	`19`	`// in production, use "lax" as frontend and backend have the same root domain`
`20`	`20`	`sameSite: process.env.NODE_ENV === 'local' ? 'none' : 'lax',`
`21`		`- // if not in production, leave domain as undefined`
`22`		`- domain: process.env.NODE_ENV === 'local' ? undefined : process.env.COOKIE_DOMAIN,`
`23`	`21`	`});`
`24`	`22`	`return next();`
`25`	`23`	`}`