chore: cookie secure by default with env var to disable secure cookie
Some checks failed
Release Workflow / determine-release-type (push) Has been cancelled
Release Workflow / checks (push) Has been cancelled
Release Workflow / e2e-tests (push) Has been cancelled
Release Workflow / build-images (push) Has been cancelled
Release Workflow / publish-release (push) Has been cancelled
Some checks failed
Release Workflow / determine-release-type (push) Has been cancelled
Release Workflow / checks (push) Has been cancelled
Release Workflow / e2e-tests (push) Has been cancelled
Release Workflow / build-images (push) Has been cancelled
Release Workflow / publish-release (push) Has been cancelled
This commit is contained in:
parent
8f8b370679
commit
a3ea8384d1
3 changed files with 5 additions and 2 deletions
|
|
@ -1,2 +1,3 @@
|
|||
DATABASE_URL=:memory:
|
||||
APP_SECRET=8b9acd4456dd5db0a4a3c4f4e1240b2c3ae08bb59690167197425e4a25dd9a69
|
||||
DISABLE_SECURE_COOKIES=true
|
||||
|
|
|
|||
|
|
@ -22,10 +22,10 @@ export type AuthMiddlewareContext = MiddlewareContext<MiddlewareOptions, AuthCon
|
|||
const createBetterAuth = (secret: string) =>
|
||||
betterAuth({
|
||||
secret,
|
||||
trustedOrigins: config.trustedOrigins ?? ["*"],
|
||||
trustedOrigins: config.trustedOrigins,
|
||||
advanced: {
|
||||
cookiePrefix: "zerobyte",
|
||||
useSecureCookies: false,
|
||||
useSecureCookies: !config.disableSecureCookies,
|
||||
},
|
||||
onAPIError: {
|
||||
throw: true,
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ const envSchema = type({
|
|||
APP_VERSION: "string = 'dev'",
|
||||
TRUSTED_ORIGINS: "string?",
|
||||
DISABLE_RATE_LIMITING: 'string = "false"',
|
||||
DISABLE_SECURE_COOKIES: 'string = "false"',
|
||||
APP_SECRET: "32 <= string <= 256",
|
||||
}).pipe((s) => ({
|
||||
__prod__: s.NODE_ENV === "production",
|
||||
|
|
@ -46,6 +47,7 @@ const envSchema = type({
|
|||
appVersion: s.APP_VERSION,
|
||||
trustedOrigins: s.TRUSTED_ORIGINS?.split(",").map((origin) => origin.trim()),
|
||||
disableRateLimiting: s.DISABLE_RATE_LIMITING === "true",
|
||||
disableSecureCookies: s.DISABLE_SECURE_COOKIES === "true",
|
||||
appSecret: s.APP_SECRET,
|
||||
}));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue