fix: auth

2025-11-19 19:21:39 +10:00 · 2025-02-09 00:46:25 +11:00
parent f5bfec1990
commit e128e9369e
13 changed files with 188 additions and 142 deletions
--- a/packages/auth/server/lib/session/session-cookies.ts
+++ b/packages/auth/server/lib/session/session-cookies.ts
@ -1,6 +1,7 @@
 import type { Context } from 'hono';
-import { getSignedCookie, setSignedCookie } from 'hono/cookie';
+import { deleteCookie, getSignedCookie, setSignedCookie } from 'hono/cookie';

+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { appLog } from '@documenso/lib/utils/debugger';
 import { env } from '@documenso/lib/utils/env';

@ -16,6 +17,12 @@ const getAuthSecret = () => {
  return authSecret;
 };

+const getAuthDomain = () => {
+  const url = new URL(NEXT_PUBLIC_WEBAPP_URL());
+
+  return url.hostname;
+};
+
 export const extractSessionCookieFromHeaders = (headers: Headers): string | null => {
  const cookieHeader = headers.get('cookie') || '';
  const cookiePairs = cookieHeader.split(';');
@ -51,10 +58,24 @@ export const setSessionCookie = async (c: Context, sessionToken: string) => {
    path: '/',
    // sameSite: '', // whats the default? we need to change this for embed right?
    // secure: true,
-    domain: 'localhost', // todo
+    domain: getAuthDomain(),
  }).catch((err) => {
    appLog('SetSessionCookie', `Error setting signed cookie: ${err}`);

    throw err;
  });
 };
+
+/**
+ * Set the session cookie into the Hono context.
+ *
+ * @param c - The Hono context.
+ * @param sessionToken - The session token to set.
+ */
+export const deleteSessionCookie = (c: Context) => {
+  deleteCookie(c, sessionCookieName, {
+    path: '/',
+    secure: true,
+    domain: getAuthDomain(),
+  });
+};