feat(authentication): control secure cookies through separate constant

disable eslint consistent type imports (problem with import classes)

Author: MatthewPattell

.eslintrc.js

@@ -29,6 +29,7 @@ module.exports = {
   settings: {},
   rules: {
     '@typescript-eslint/no-unsafe-return': 'off',
+    '@typescript-eslint/consistent-type-imports': 'off',
     'no-await-in-loop': 'off',
     'prettier/prettier': [
       'error',

example/middlewares.json

@@ -112,6 +112,7 @@
       },
       "convertResult": {
         "payload.cookies": "$middleware.payload.cookies",
+        "tokens.access": "$middleware.access",
         "tokens.refresh": "$middleware.refresh"
       }
     }
@@ -146,6 +147,7 @@
       },
       "convertResult": {
         "payload.cookies": "$middleware.payload.cookies",
+        "tokens.access": "$middleware.access",
         "tokens.refresh": "$middleware.refresh"
       }
     }
@@ -180,6 +182,7 @@
       },
       "convertResult": {
         "payload.cookies": "$middleware.payload.cookies",
+        "tokens.access": "$middleware.access",
         "tokens.refresh": "$middleware.refresh"
       }
     }

microservices/authentication/README.md

@@ -38,6 +38,7 @@ This microservice provides authentication mechanism for microservices.
 - `DB_USERNAME` - Database user name. Default: `postgres`
 - `DB_PASSWORD` - Database password. Default: `example`
 - `DB_DATABASE` - Database db name. Default: `ms-authentication`
+- `IS_SECURE_COOKIE` - Set secure cookie for `returnType: cookies`. Default: `1`
 
 ### <a id="how-to-run"></a>HOW TO RUN:
 1. Run `Inverted Json` job server.

microservices/authentication/__tests__/services/methods/create-auth-token-test.ts

@@ -5,10 +5,8 @@ import jsonwebtoken from 'jsonwebtoken';
 import rewiremock from 'rewiremock';
 import TokenType from '@constants/token-type';
 import Token from '@entities/token';
-import {
-  CreateAuthToken as OriginalCreateAuthToken,
-  TokenCreateReturnType,
-} from '@services/methods/create-auth-token';
+import type { CreateAuthToken as OriginalCreateAuthToken } from '@services/methods/create-auth-token';
+import { TokenCreateReturnType } from '@services/methods/create-auth-token';
 
 const { CreateAuthToken } = rewiremock.proxy<{ CreateAuthToken: typeof OriginalCreateAuthToken }>(
   () => require('@services/methods/create-auth-token'),
@@ -106,7 +104,7 @@ describe('services/methods/create-auth-token', () => {
             action: 'add',
             name: 'jwt-access',
             value: token.access,
-            options: { httpOnly: true, secure: false },
+            options: { httpOnly: true, secure: true },
           },
         ],
       },

microservices/authentication/__tests__/services/methods/renew-auth-token-test.ts

@@ -4,7 +4,7 @@ import { expect } from 'chai';
 import rewiremock from 'rewiremock';
 import Token from '@entities/token';
 import { TokenCreateReturnType } from '@services/methods/create-auth-token';
-import { RenewAuthToken as OriginalRenewAuthToken } from '@services/methods/renew-auth-token';
+import type { RenewAuthToken as OriginalRenewAuthToken } from '@services/methods/renew-auth-token';
 import Jwt from '@services/tokens/jwt';
 
 const { RenewAuthToken } = rewiremock.proxy<{ RenewAuthToken: typeof OriginalRenewAuthToken }>(
@@ -49,7 +49,7 @@ describe('services/methods/renew-auth-token', () => {
                 action: 'add',
                 name: 'jwt-access',
                 value: token.access,
-                options: { httpOnly: true, secure: false },
+                options: { httpOnly: true, secure: true },
               },
             ],
           },

microservices/authentication/src/constants/index.ts

@@ -15,6 +15,7 @@ const MS_ENABLE_REMOTE_MIDDLEWARE = Number(process.env.MS_ENABLE_REMOTE_MIDDLEWA
 const MS_JWT_PARAMS = JSON.parse(process.env.MS_JWT_PARAMS || '{}');
 const MS_JWT_SECRET_KEY = process.env.MS_JWT_SECRET_KEY || undefined;
 const MS_REMOTE_CONFIG = Number(process.env.MS_REMOTE_CONFIG || 1);
+const IS_SECURE_COOKIE = Boolean(Number(process.env.IS_SECURE_COOKIE || 1));
 
 const DB_FROM_CONFIG_MS = Number(process.env.DB_FROM_CONFIG_MS ?? 1);
 const DB_ENV = {
@@ -44,4 +45,5 @@ export {
   IS_TEST,
   IS_BUILD,
   SRC_FOLDER,
+  IS_SECURE_COOKIE,
 };

microservices/authentication/src/services/methods/create-auth-token.ts

@@ -2,11 +2,11 @@ import { IsTimestamp, IsUndefinable } from '@lomray/microservice-helpers';
 import type { IMicroserviceResponseCookie } from '@lomray/microservice-nodejs-lib';
 import { IsEnum, IsObject, IsString, Length } from 'class-validator';
 import { JSONSchema } from 'class-validator-jsonschema';
-import { Repository } from 'typeorm';
+import type { Repository } from 'typeorm';
 import type { IJwtConfig } from '@config/jwt';
-import { IS_PROD } from '@constants/index';
+import { IS_SECURE_COOKIE } from '@constants/index';
 import TokenType from '@constants/token-type';
-import Token from '@entities/token';
+import type Token from '@entities/token';
 import Jwt from '@services/tokens/jwt';
 import Personal from '@services/tokens/personal';
 
@@ -167,7 +167,7 @@ class CreateAuthToken {
                 action: 'add',
                 name: 'jwt-access',
                 value: result['access'],
-                options: { httpOnly: true, secure: IS_PROD },
+                options: { httpOnly: true, secure: IS_SECURE_COOKIE },
               },
             ],
           },

microservices/authentication/src/services/methods/renew-auth-token.ts

@@ -3,10 +3,10 @@ import type { IMicroserviceResponseCookie } from '@lomray/microservice-nodejs-li
 import { BaseException } from '@lomray/microservice-nodejs-lib';
 import { IsEnum, IsObject, IsString, Length } from 'class-validator';
 import { JSONSchema } from 'class-validator-jsonschema';
-import { Repository } from 'typeorm';
+import type { Repository } from 'typeorm';
 import type { IJwtConfig } from '@config/jwt';
-import { IS_PROD } from '@constants/index';
-import Token from '@entities/token';
+import { IS_SECURE_COOKIE } from '@constants/index';
+import type Token from '@entities/token';
 import { TokenCreateReturnType } from '@services/methods/create-auth-token';
 import { IdentifyAuthToken } from '@services/methods/identity-auth-token';
 import Jwt from '@services/tokens/jwt';
@@ -146,7 +146,7 @@ class RenewAuthToken {
                 action: 'add',
                 name: 'jwt-access',
                 value: result['access'],
-                options: { httpOnly: true, secure: IS_PROD },
+                options: { httpOnly: true, secure: IS_SECURE_COOKIE },
               },
             ],
           },

package-lock.json

@@ -42,7 +42,7 @@
 		"@commitlint/cli": "^13.1.0",
 		"@commitlint/config-conventional": "^13.1.0",
 		"@istanbuljs/nyc-config-typescript": "^1.0.1",
-		"@lomray/eslint-config": "^1.1.0",
+		"@lomray/eslint-config": "^1.2.1",
 		"@lomray/prettier-config": "^1.0.1",
 		"@rollup/plugin-json": "^4.1.0",
 		"@rollup/plugin-replace": "^4.0.0",