80 lines
2.4 KiB
TypeScript
80 lines
2.4 KiB
TypeScript
import type { CookieOption, CookiesOptions } from "next-auth";
|
|
|
|
import { isENVDev } from "@calcom/lib/env";
|
|
|
|
/**
|
|
* Copy from 'https://github.com/nextauthjs/next-auth/blob/227ff2259f/src/core/lib/cookie.ts' as we can't import it directly
|
|
*
|
|
* Use secure cookies if the site uses HTTPS
|
|
* This being conditional allows cookies to work non-HTTPS development URLs
|
|
* Honour secure cookie option, which sets 'secure' and also adds '__Secure-'
|
|
* prefix, but enable them by default if the site URL is HTTPS; but not for
|
|
* non-HTTPS URLs like http://localhost which are used in development).
|
|
* For more on prefixes see https://googlechrome.github.io/samples/cookie-prefixes/
|
|
*
|
|
*/
|
|
|
|
const NEXTAUTH_COOKIE_DOMAIN = process.env.NEXTAUTH_COOKIE_DOMAIN || "";
|
|
|
|
export function defaultCookies(useSecureCookies: boolean): CookiesOptions {
|
|
const cookiePrefix = useSecureCookies ? "__Secure-" : "";
|
|
|
|
const defaultOptions: CookieOption["options"] = {
|
|
domain: isENVDev
|
|
? process.env.ORGANIZATIONS_ENABLED
|
|
? //FIXME: This is causing login to not work if someone uses anything other .cal.local for testing
|
|
".cal.local"
|
|
: undefined
|
|
: NEXTAUTH_COOKIE_DOMAIN,
|
|
// To enable cookies on widgets,
|
|
// https://stackoverflow.com/questions/45094712/iframe-not-reading-cookies-in-chrome
|
|
// But we need to set it as `lax` in development
|
|
sameSite: useSecureCookies ? "none" : "lax",
|
|
path: "/",
|
|
secure: useSecureCookies,
|
|
};
|
|
return {
|
|
sessionToken: {
|
|
name: `${cookiePrefix}next-auth.session-token`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
callbackUrl: {
|
|
name: `${cookiePrefix}next-auth.callback-url`,
|
|
options: defaultOptions,
|
|
},
|
|
csrfToken: {
|
|
name: `${cookiePrefix}next-auth.csrf-token`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
pkceCodeVerifier: {
|
|
name: `${cookiePrefix}next-auth.pkce.code_verifier`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
state: {
|
|
name: `${cookiePrefix}next-auth.state`,
|
|
options: {
|
|
...defaultOptions,
|
|
httpOnly: true,
|
|
},
|
|
},
|
|
nonce: {
|
|
name: `${cookiePrefix}next-auth.nonce`,
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
path: "/",
|
|
secure: useSecureCookies,
|
|
},
|
|
},
|
|
};
|
|
}
|