Optionally skip domain in cookie (#43)

If you're using a reverse proxy like Cloudflare Tunnels, you can now set `CONFIG_SKIP_COOKIE_DOMAIN_SECURITY="true"` to avoid login issues. Also makes some UX tweaks to Expenses, and fixes a style issue for Chrome in Windows (#44). Fixes #43 Fixes #44
2025-03-02 07:24:28 +00:00
parent 07bbfbb0a5
commit 05c20ec0a2
6 changed files with 43 additions and 16 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -6,7 +6,7 @@ import 'std/dotenv/load.ts';
 import { baseUrl, generateHash, isRunningLocally } from './utils/misc.ts';
 import { User, UserSession } from './types.ts';
 import { createUserSession, deleteUserSession, getUserByEmail, validateUserAndSession } from './data/user.ts';
-import { isCookieDomainAllowed } from './config.ts';
+import { isCookieDomainAllowed, isCookieDomainSecurityDisabled } from './config.ts';

 const JWT_SECRET = Deno.env.get('JWT_SECRET') || '';
 export const PASSWORD_SALT = Deno.env.get('PASSWORD_SALT') || '';
@@ -173,6 +173,10 @@ export async function logoutUser(request: Request) {
    domain: resolveCookieDomain(request),
  };

+  if (isCookieDomainSecurityDisabled()) {
+    delete cookie.domain;
+  }
+
  const response = new Response('Logged Out', {
    status: 303,
    headers: { 'Location': '/', 'Content-Type': 'text/html; charset=utf-8' },
@@ -222,6 +226,10 @@ export async function createSessionCookie(
    domain: resolveCookieDomain(request),
  };

+  if (isCookieDomainSecurityDisabled()) {
+    delete cookie.domain;
+  }
+
  setCookie(response.headers, cookie);

  return response;
@@ -246,6 +254,10 @@ export async function updateSessionCookie(
    domain: resolveCookieDomain(request),
  };

+  if (isCookieDomainSecurityDisabled()) {
+    delete cookie.domain;
+  }
+
  setCookie(response.headers, cookie);

  return response;