From 35682796b8e927ae3c7ae90900ef3c678f833009 Mon Sep 17 00:00:00 2001
From: Xvezda <xvezda@naver.com>
Date: Thu, 16 May 2024 21:14:39 +0900
Subject: [PATCH] =?UTF-8?q?chore:=20=EC=BF=A0=ED=82=A4=20=EC=A7=80?=
 =?UTF-8?q?=EC=9A=B0=EA=B8=B0=20=EC=98=B5=EC=85=98=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/api/src/services/auth/v1/route.ts | 33 ++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/apps/api/src/services/auth/v1/route.ts b/apps/api/src/services/auth/v1/route.ts
index d6ead47..8838c7e 100644
--- a/apps/api/src/services/auth/v1/route.ts
+++ b/apps/api/src/services/auth/v1/route.ts
@@ -119,7 +119,13 @@ const withPrevUrl: MiddlewareHandler<{
 
 			prevUrl = payload['http:cheda.kr/state'].url;
 
-			deleteCookie(c, 'state');
+			deleteCookie(c, 'state', {
+				httpOnly: true,
+				...c.env.DEV ? {} : {
+					secure: true,
+					domain: '.cheda.kr',
+				},
+			});
 		}
 	} catch (e) {
 		console.error(e);
@@ -173,8 +179,21 @@ const decryptToken = async <C extends Context = Context>(context: C, token: stri
 };
 
 const deleteSessionCookies = (c: Context) => {
-	deleteCookie(c, 'session_id');
-	deleteCookie(c, 'session_sid');
+	deleteCookie(c, 'session_id', {
+		sameSite: 'None',
+		secure: true,
+		...c.env.DEV ? {} : {
+			domain: '.cheda.kr',
+		},
+	});
+	deleteCookie(c, 'session_sid', {
+		httpOnly: true,
+		sameSite: 'None',
+		secure: true,
+		...c.env.DEV ? {} : {
+			domain: '.cheda.kr',
+		},
+	});
 };
 
 const withSession: MiddlewareHandler<{
@@ -349,7 +368,13 @@ app.get('/callback', async (c) => {
 		console.error(e);
 		/* noop */
 	} finally {
-		deleteCookie(c, 'state');
+		deleteCookie(c, 'state', {
+			httpOnly: true,
+			...c.env.DEV ? {} : {
+				secure: true,
+				domain: '.cheda.kr',
+			},
+		});
 	}
 
 	if (!state) {