Merge pull request #99 from opticSquid/fix/add-same-site

opticSquid · web-flow · commit 1be71b8a0bbd · 2025-07-11T15:27:49.000+05:30
Adds domain to cookie
diff --git a/Dockerfile b/Dockerfile
@@ -12,6 +12,6 @@ FROM amazoncorretto:21-alpine
 
 WORKDIR /app
 
-COPY --from=builder /usr/src/app/target/hangout-auth-api-2.3.3.jar .
+COPY --from=builder /usr/src/app/target/hangout-auth-api-2.3.4.jar .
 
-CMD ["java", "-jar", "hangout-auth-api-2.3.3.jar"]
+CMD ["java", "-jar", "hangout-auth-api-2.3.4.jar"]
diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
 	</parent>
 	<groupId>com.hangout.core</groupId>
 	<artifactId>hangout-auth-api</artifactId>
-	<version>2.3.3</version>
+	<version>2.3.4</version>
 	<name>hangout-auth-api</name>
 	<description>Microservice for authentication and authorization of users in Hangout</description>
 	<properties>
diff --git a/src/main/java/com/hangout/core/auth_api/config/SecurityConfiguration.java b/src/main/java/com/hangout/core/auth_api/config/SecurityConfiguration.java
@@ -98,7 +98,7 @@ CorsConfigurationSource myCorsConfigurationSource() {
 						.name()));
 		internalServiceConfiguration
 				.setAllowedMethods(Arrays.asList(HttpMethod.OPTIONS.name(), HttpMethod.POST.name()));
-		clientConfiguration.setAllowCredentials(false);
+		clientConfiguration.setAllowCredentials(true);
 		internalServiceConfiguration.setAllowCredentials(false);
 		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 		source.setCorsConfigurations(Map.of(
diff --git a/src/main/java/com/hangout/core/auth_api/controller/AuthController.java b/src/main/java/com/hangout/core/auth_api/controller/AuthController.java
@@ -5,6 +5,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseCookie;
@@ -44,6 +45,8 @@
 @RequiredArgsConstructor
 @Slf4j
 public class AuthController {
+    @Value("${hangout.cookie.domain}")
+    private String cookieDomain;
     @Autowired
     private UserDetailsServiceImpl userDetailsService;
     @Autowired
@@ -136,7 +139,8 @@ private ResponseCookie createCookie(String refreshToken) {
         ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN, refreshToken)
                 .maxAge(calculateMaxAgeFromDate(refreshTokenUtil.getExpiresAt(refreshToken)))
                 .httpOnly(true)
-                .sameSite("Strict")
+                .sameSite("SameSite")
+                .domain(cookieDomain)
                 .path("/auth-api/v1/auth/renew")
                 .build();
         return cookie;
diff --git a/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -64,6 +64,11 @@
       "name": "hangout.client.origin",
       "type": "java.lang.String",
       "description": "The comma separated list of the origins of the list of user facing clients"
+    },
+    {
+      "name": "hangout.cookie.domain",
+      "type": "java.lang.String",
+      "description": "Domain for the generated cookie"
     }
   ]
 }
diff --git a/src/main/resources/application-home.yml b/src/main/resources/application-home.yml
@@ -37,11 +37,13 @@ hangout:
       secret: kTYpg95oeqgnBhfi16DYSe2NT2T6kXPDKGrLeXpSA2rc7Jltt32AtYGPdmsYFoKt0H2_dJj8RPgbP3UGzD6ONSDJOWbbMvSU1MyNDM2xj5ncv2oN1iewNXz6gEyTdeuR3IolmGnPBPFVZR78is6MnS7W7WBpRvQCoaes9l7GhMHf6MhtX4nstm9LkTUx5-MQw4Tg5XTgo82FApVcg1x9hvDno6WTci_gJ9874xsAi5wg9V15cXFTesJ3GJfGf4NTkX9SqqAVG_D08oLOXFAXjvLDYVrl_O_9JMyCBgVEyMV81UMw8v72nYGAfDPy2uH3nTUOTXA4qlijAXOFGxV7kg
       long-term-expiry: 604800000 # 7 daya
       short-term-expiry: 600000 # 10 mins
+  cookie:
+    domain: localhost
   notification-service:
     url: http://localhost:5012
   ip-api:
     url: http://ip-api.com
   internal-services:
     origin: http://localhost:5012, http://localhost:5013
   client:
-    origin: http://localhost:3000
+    origin: http://localhost:5173
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -83,6 +83,8 @@ hangout:
       secret: ${REFRESH_TOKEN_SECRET}
       long-term-expiry: ${REFRESH_TOKEN_LONG_TERM_EXPIRY}
       short-term-expiry: ${REFRESH_TOKEN_SHORT_TERM_EXPIRY}
+  cookie:
+    domain: ${COOKIE_DOMAIN}
   notification-service:
     url: ${NOTIFICATION_SERVICE}
   ip-api:

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,11 @@`
`64`	`64`	`"name": "hangout.client.origin",`
`65`	`65`	`"type": "java.lang.String",`
`66`	`66`	`"description": "The comma separated list of the origins of the list of user facing clients"`
	`67`	`+ },`
	`68`	`+ {`
	`69`	`+ "name": "hangout.cookie.domain",`
	`70`	`+ "type": "java.lang.String",`
	`71`	`+ "description": "Domain for the generated cookie"`
`67`	`72`	`}`
`68`	`73`	`]`
`69`	`74`	`}`