50 lines
1.7 KiB
JavaScript
50 lines
1.7 KiB
JavaScript
const isProduction = process.env.NODE_ENV === "production";
|
|
const forceSecureCookie = process.env.COOKIE_SECURE === "true";
|
|
|
|
const COOKIE_MAX_AGE_MS = 1000 * 60 * 60 * 24 * 90; // 90 days
|
|
const LOCAL_ORIGIN_REGEX = /^http:\/\/(localhost|127\.0\.0\.1|aeropi\.local)(:\d+)?$/i;
|
|
const LOCAL_HOST_REGEX = /^(localhost|127\.0\.0\.1|aeropi\.local)(:\d+)?$/i;
|
|
|
|
const getHeaderValue = (req, key) => {
|
|
if (!req || !req.headers) return "";
|
|
const raw = req.headers[key];
|
|
if (Array.isArray(raw)) return raw[0] || "";
|
|
return raw || "";
|
|
};
|
|
|
|
const isLocalRequest = (req) => {
|
|
const origin = getHeaderValue(req, "origin");
|
|
const host = getHeaderValue(req, "host");
|
|
return LOCAL_ORIGIN_REGEX.test(origin) || LOCAL_HOST_REGEX.test(host);
|
|
};
|
|
|
|
const isHttpsRequest = (req) => {
|
|
if (!req) return false;
|
|
const forwardedProto = String(getHeaderValue(req, "x-forwarded-proto")).split(",")[0].trim().toLowerCase();
|
|
const reqProtocol = String(req.protocol || "").toLowerCase();
|
|
const origin = String(getHeaderValue(req, "origin") || "").toLowerCase();
|
|
if (forwardedProto === "https" || reqProtocol === "https") return true;
|
|
return origin.startsWith("https://");
|
|
};
|
|
|
|
const shouldUseSecureCookie = (req) => {
|
|
if (forceSecureCookie) return true;
|
|
if (isLocalRequest(req)) return false;
|
|
if (isHttpsRequest(req)) return true;
|
|
return isProduction;
|
|
};
|
|
|
|
const getCookiesOptions = (req) => {
|
|
const secure = shouldUseSecureCookie(req);
|
|
return {
|
|
maxAge: COOKIE_MAX_AGE_MS,
|
|
httpOnly: true,
|
|
sameSite: secure ? "none" : "lax",
|
|
secure,
|
|
};
|
|
};
|
|
|
|
const cookiesOptions = getCookiesOptions();
|
|
|
|
module.exports = { cookiesOptions, getCookiesOptions };
|