feat: Add cookie domain config (#736)

* Cookie domain config * clean up * default empty string
sidebase · Apr 25, 2024 · 9bd9f45 · 9bd9f45
1 parent 6ad830b
commit 9bd9f45
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 5 deletions.
diff --git a/docs/content/2.configuration/2.nuxt-config.md b/docs/content/2.configuration/2.nuxt-config.md
@@ -239,6 +239,13 @@ type ProviderLocal = {
      * @example 'strict'
      */
      sameSiteAttribute?:  boolean | 'lax' | 'strict' | 'none' | undefined,
+    /**
+     * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+     *
+     * @default ''
+     * @example sidebase.io
+     */
+    cookieDomain?: string;
   },
   /**
    * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.
@@ -376,6 +383,13 @@ type ProviderRefresh = {
      * @example 'strict'
      */
      sameSiteAttribute?:  boolean | 'lax' | 'strict' | 'none' | undefined,
+    /**
+     * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+     *
+     * @default ''
+     * @example sidebase.io
+     */
+    cookieDomain?: string;
   },
   /**
    * Settings for the authentication-refreshToken that `nuxt-auth` receives from the `signIn` endpoint and that can be used to authenticate subsequent requests.
@@ -423,6 +437,13 @@ type ProviderRefresh = {
      * @example 60 * 60 * 24
      */
     maxAgeInSeconds?: number,
+    /**
+     * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+     *
+     * @default ''
+     * @example sidebase.io
+     */
+    cookieDomain?: string;
   },
   /**
    * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.

diff --git a/src/module.ts b/src/module.ts
@@ -56,7 +56,8 @@ const defaultsByBackend: {
       cookieName: 'auth.token',
       headerName: 'Authorization',
       maxAgeInSeconds: 30 * 60,
-      sameSiteAttribute: 'lax'
+      sameSiteAttribute: 'lax',
+      cookieDomain: ''
     },
     sessionDataType: { id: 'string | number' }
   },
@@ -79,14 +80,16 @@ const defaultsByBackend: {
       type: 'Bearer',
       cookieName: 'auth.token',
       headerName: 'Authorization',
-      maxAgeInSeconds: 5 * 60,
-      sameSiteAttribute: 'none' // 5 minutes
+      maxAgeInSeconds: 5 * 60, // 5 minutes
+      sameSiteAttribute: 'none',
+      cookieDomain: ''
     },
     refreshToken: {
       signInResponseRefreshTokenPointer: '/refreshToken',
       refreshRequestTokenPointer: '/refreshToken',
       cookieName: 'auth.refresh-token',
-      maxAgeInSeconds: 60 * 60 * 24 * 7 // 7 days
+      maxAgeInSeconds: 60 * 60 * 24 * 7, // 7 days
+      cookieDomain: ''
     },
     sessionDataType: { id: 'string | number' }
   },

diff --git a/src/runtime/composables/local/useAuthState.ts b/src/runtime/composables/local/useAuthState.ts
@@ -24,7 +24,12 @@ export const useAuthState = (): UseAuthStateReturn => {
   const commonAuthState = makeCommonAuthState<SessionData>()
 
   // Re-construct state from cookie, also setup a cross-component sync via a useState hack, see https://github.com/nuxt/nuxt/issues/13020#issuecomment-1397282717
-  const _rawTokenCookie = useCookie<string | null>(config.token.cookieName, { default: () => null, maxAge: config.token.maxAgeInSeconds, sameSite: config.token.sameSiteAttribute })
+  const _rawTokenCookie = useCookie<string | null>(config.token.cookieName, {
+    default: () => null,
+    domain: config.token.cookieDomain,
+    maxAge: config.token.maxAgeInSeconds,
+    sameSite: config.token.sameSiteAttribute
+  })
 
   const rawToken = useState('auth:raw-token', () => _rawTokenCookie.value)
   watch(rawToken, () => { _rawTokenCookie.value = rawToken.value })

diff --git a/src/runtime/composables/refresh/useAuthState.ts b/src/runtime/composables/refresh/useAuthState.ts
@@ -17,6 +17,7 @@ export const useAuthState = (): UseAuthStateReturn => {
     config.refreshToken.cookieName,
     {
       default: () => null,
+      domain: config.refreshToken.cookieDomain,
       maxAge: config.refreshToken.maxAgeInSeconds,
       sameSite: 'lax'
     }

diff --git a/src/runtime/types.ts b/src/runtime/types.ts
@@ -167,6 +167,13 @@ export type ProviderLocal = {
      * @example 'strict'
      */
     sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined;
+    /**
+     * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+     *
+     * @default ''
+     * @example sidebase.io
+     */
+    cookieDomain?: string;
   };
   /**
    * Define an interface for the session data object that `nuxt-auth` expects to receive from the `getSession` endpoint.
@@ -245,6 +252,13 @@ export type ProviderLocalRefresh = Omit<ProviderLocal, 'type'> & {
      * Note: Your backend may reject / expire the token earlier / differently.
      */
     maxAgeInSeconds?: number;
+    /**
+     * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3
+     *
+     * @default ''
+     * @example sidebase.io
+     */
+    cookieDomain?: string;
   };
 };