refactor: Make a COOKIE_DOMAIN constant

sandboxnu · Nov 27, 2023 · cc54f31 · cc54f31
1 parent 16aae79
commit cc54f31
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/packages/api-v2/src/auth/auth.controller.ts b/packages/api-v2/src/auth/auth.controller.ts
@@ -31,6 +31,7 @@ import {
 } from "../../src/student/student.errors";
 import { BadToken, InvalidPayload, TokenExpiredError } from "./auth.errors";
 import { Throttle } from "@nestjs/throttler";
+import { COOKIE_DOMAIN } from "../../src/constants";
 
 @Controller("auth")
 export class AuthController {
@@ -61,14 +62,13 @@ export class AuthController {
     const { accessToken } = student;
 
     const isSecure = process.env.NODE_ENV !== "development";
-    const domain =
-      process.env.NODE_ENV === "production" ? "graduatenu.com" : "localhost";
+
     // Store JWT token in a cookie
     response.cookie("auth_cookie", accessToken, {
       httpOnly: true,
       sameSite: "strict",
       secure: isSecure,
-      domain,
+      domain: COOKIE_DOMAIN,
     });
     if (process.env.NODE_ENV !== "testing") {
       await this.emailConfirmationService.sendVerificationLink(
@@ -93,14 +93,13 @@ export class AuthController {
     const { accessToken } = student;
 
     const isSecure = process.env.NODE_ENV !== "development";
-    const domain =
-      process.env.NODE_ENV === "production" ? "graduatenu.com" : "localhost";
+
     // Store JWT token in a cookie
     response.cookie("auth_cookie", accessToken, {
       httpOnly: true,
       sameSite: "strict",
       secure: isSecure,
-      domain,
+      domain: COOKIE_DOMAIN,
     });
 
     return student;
@@ -158,13 +157,12 @@ export class AuthController {
     @Res({ passthrough: true }) response: Response
   ): Promise<void> {
     const isSecure = process.env.NODE_ENV !== "development";
-    const domain =
-      process.env.NODE_ENV === "production" ? "graduatenu.com" : "localhost";
+
     response.clearCookie("auth_cookie", {
       httpOnly: true,
       sameSite: "strict",
       secure: isSecure,
-      domain,
+      domain: COOKIE_DOMAIN,
     });
   }
 }
diff --git a/packages/api-v2/src/constants.ts b/packages/api-v2/src/constants.ts
@@ -0,0 +1,9 @@
+/**
+ * The root Domain on which all cookies should be set. (See:
+ * https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_where_cookies_are_sent)
+ *
+ * In production, this should be set to "graduatenu.com" which allows
+ * api.graduatenu.com to set cookies on every other *.graduatenu.com domain.
+ */
+export const COOKIE_DOMAIN =
+  process.env.NODE_ENV === "production" ? "graduatenu.com" : "localhost";