feat(authentication): control auth cookies through separate constant

Author: MatthewPattell

microservices/authentication/README.md

@@ -39,6 +39,8 @@ This microservice provides authentication mechanism for microservices.
 - `DB_PASSWORD` - Database password. Default: `example`
 - `DB_DATABASE` - Database db name. Default: `ms-authentication`
 - `IS_SECURE_COOKIE` - Set secure cookie for `returnType: cookies`. Default: `1`
+- `IS_HTTPONLY_COOKIE` - Set httpOnly cookie for `returnType: cookies`. Default: `1`
+- `COOKIE_SAME_SITE` - Set sameSite cookie for `returnType: cookies`. Default: `undefined`
 
 ### <a id="how-to-run"></a>HOW TO RUN:
 1. Run `Inverted Json` job server.

microservices/authentication/__tests__/services/methods/create-auth-token-test.ts

@@ -104,7 +104,7 @@ describe('services/methods/create-auth-token', () => {
             action: 'add',
             name: 'jwt-access',
             value: token.access,
-            options: { httpOnly: true, secure: true },
+            options: { httpOnly: true, secure: true, sameSite: undefined },
           },
         ],
       },

microservices/authentication/__tests__/services/methods/renew-auth-token-test.ts

@@ -49,7 +49,7 @@ describe('services/methods/renew-auth-token', () => {
                 action: 'add',
                 name: 'jwt-access',
                 value: token.access,
-                options: { httpOnly: true, secure: true },
+                options: { httpOnly: true, secure: true, sameSite: undefined },
               },
             ],
           },

microservices/authentication/src/constants/index.ts

@@ -15,6 +15,8 @@ const MS_ENABLE_REMOTE_MIDDLEWARE = Number(process.env.MS_ENABLE_REMOTE_MIDDLEWA
 const MS_JWT_PARAMS = JSON.parse(process.env.MS_JWT_PARAMS || '{}');
 const MS_JWT_SECRET_KEY = process.env.MS_JWT_SECRET_KEY || undefined;
 const IS_SECURE_COOKIE = Boolean(Number(process.env.IS_SECURE_COOKIE || 1));
+const IS_HTTPONLY_COOKIE = Boolean(Number(process.env.IS_HTTPONLY_COOKIE || 1));
+const COOKIE_SAME_SITE = (process.env.COOKIE_SAME_SITE || undefined) as undefined;
 const MS_REMOTE_CONFIG = Number(process.env.MS_REMOTE_CONFIG || 1);
 
 const DB_FROM_CONFIG_MS = Number(process.env.DB_FROM_CONFIG_MS ?? 1);
@@ -46,4 +48,6 @@ export {
   IS_BUILD,
   SRC_FOLDER,
   IS_SECURE_COOKIE,
+  COOKIE_SAME_SITE,
+  IS_HTTPONLY_COOKIE,
 };

microservices/authentication/src/services/methods/create-auth-token.ts

@@ -4,7 +4,7 @@ import { IsEnum, IsObject, IsString, Length } from 'class-validator';
 import { JSONSchema } from 'class-validator-jsonschema';
 import type { Repository } from 'typeorm';
 import type { IJwtConfig } from '@config/jwt';
-import { IS_SECURE_COOKIE } from '@constants/index';
+import { COOKIE_SAME_SITE, IS_HTTPONLY_COOKIE, IS_SECURE_COOKIE } from '@constants/index';
 import TokenType from '@constants/token-type';
 import type Token from '@entities/token';
 import Jwt from '@services/tokens/jwt';
@@ -167,7 +167,11 @@ class CreateAuthToken {
                 action: 'add',
                 name: 'jwt-access',
                 value: result['access'],
-                options: { httpOnly: true, secure: IS_SECURE_COOKIE },
+                options: {
+                  httpOnly: IS_HTTPONLY_COOKIE,
+                  secure: IS_SECURE_COOKIE,
+                  sameSite: COOKIE_SAME_SITE,
+                },
               },
             ],
           },

microservices/authentication/src/services/methods/renew-auth-token.ts

@@ -5,7 +5,7 @@ import { IsEnum, IsObject, IsString, Length } from 'class-validator';
 import { JSONSchema } from 'class-validator-jsonschema';
 import type { Repository } from 'typeorm';
 import type { IJwtConfig } from '@config/jwt';
-import { IS_SECURE_COOKIE } from '@constants/index';
+import { COOKIE_SAME_SITE, IS_HTTPONLY_COOKIE, IS_SECURE_COOKIE } from '@constants/index';
 import type Token from '@entities/token';
 import { TokenCreateReturnType } from '@services/methods/create-auth-token';
 import { IdentifyAuthToken } from '@services/methods/identity-auth-token';
@@ -146,7 +146,11 @@ class RenewAuthToken {
                 action: 'add',
                 name: 'jwt-access',
                 value: result['access'],
-                options: { httpOnly: true, secure: IS_SECURE_COOKIE },
+                options: {
+                  httpOnly: IS_HTTPONLY_COOKIE,
+                  secure: IS_SECURE_COOKIE,
+                  sameSite: COOKIE_SAME_SITE,
+                },
               },
             ],
           },