d81d772cdf
* feat(lib): add more tests to lib package Add more tests to the lib package to make it more robust overall. Additionally, tidy any methods that can be modified without changing behaviour and tighten types where possible. * fix(lib): update missed imports * fix: revert stylistic changes * Update getSchedule.test.ts --------- Co-authored-by: Omar López <zomars@me.com>
75 lines
2.2 KiB
TypeScript
75 lines
2.2 KiB
TypeScript
import type { CookieOption, CookiesOptions } from "next-auth";
|
|
|
|
import { isENVDev } from "@calcom/lib/env";
|
|
|
|
/**
|
|
* Copy from 'https://github.com/nextauthjs/next-auth/blob/227ff2259f/src/core/lib/cookie.ts' as we can't import it directly
|
|
*
|
|
* Use secure cookies if the site uses HTTPS
|
|
* This being conditional allows cookies to work non-HTTPS development URLs
|
|
* Honour secure cookie option, which sets 'secure' and also adds '__Secure-'
|
|
* prefix, but enable them by default if the site URL is HTTPS; but not for
|
|
* non-HTTPS URLs like http://localhost which are used in development).
|
|
* For more on prefixes see https://googlechrome.github.io/samples/cookie-prefixes/
|
|
*
|
|
*/
|
|
|
|
const NEXTAUTH_COOKIE_DOMAIN = process.env.NEXTAUTH_COOKIE_DOMAIN || "";
|
|
|
|
export function defaultCookies(useSecureCookies: boolean): CookiesOptions {
|
|
const cookiePrefix = useSecureCookies ? "__Secure-" : "";
|
|
|
|
const defaultOptions: CookieOption["options"] = {
|
|
domain: isENVDev ? undefined : NEXTAUTH_COOKIE_DOMAIN,
|
|
// To enable cookies on widgets,
|
|
// https://stackoverflow.com/questions/45094712/iframe-not-reading-cookies-in-chrome
|
|
// But we need to set it as `lax` in development
|
|
sameSite: useSecureCookies ? "none" : "lax",
|
|
path: "/",
|
|
secure: useSecureCookies,
|
|
};
|
|
return {
|
|
sessionToken: {
|
|
name: `${cookiePrefix}next-auth.session-token`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
callbackUrl: {
|
|
name: `${cookiePrefix}next-auth.callback-url`,
|
|
options: defaultOptions,
|
|
},
|
|
csrfToken: {
|
|
name: `${cookiePrefix}next-auth.csrf-token`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
pkceCodeVerifier: {
|
|
name: `${cookiePrefix}next-auth.pkce.code_verifier`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
state: {
|
|
name: `${cookiePrefix}next-auth.state`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
nonce: {
|
|
name: `${cookiePrefix}next-auth.nonce`,
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
path: "/",
|
|
secure: useSecureCookies,
|
|
},
|
|
},
|
|
};
|
|
}
|