From 8ff1528493a0936633fb681d7c111b8ba300debe Mon Sep 17 00:00:00 2001
From: Teddy Schmitz <teddy@schmitz.hk>
Date: Sat, 25 Nov 2023 20:13:07 +0000
Subject: [PATCH] refactor: add a function to generate cookies for reply (#20)

---
 services/auth/login.js        | 14 +++-----------
 services/auth/profile.js      | 14 +++-----------
 services/auth/refresh.js      | 13 ++-----------
 services/auth/registration.js | 10 ++--------
 utils/cookies.js              | 13 +++++++++++++
 5 files changed, 23 insertions(+), 41 deletions(-)
 create mode 100644 utils/cookies.js

diff --git a/services/auth/login.js b/services/auth/login.js
index d4ea516..f4966dd 100644
--- a/services/auth/login.js
+++ b/services/auth/login.js
@@ -1,5 +1,6 @@
-import { verifyValueWithHash, secureCookie } from "../../utils/credential.js";
+import { verifyValueWithHash } from "../../utils/credential.js";
 import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js";
+import { refreshCookie, fgpCookie } from "../../utils/cookies.js";
 import config from "../../config.js";
 
 export const loginHandler = async function (request, reply) {
@@ -47,18 +48,9 @@ export const loginHandler = async function (request, reply) {
       access_token: userAccessToken.token,
       access_token_expiry: userAccessToken.expiration,
     };
-    const expireDate = new Date();
-    expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days
 
     reply.headers({
-      "set-cookie": [
-        `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-        `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-      ],
+      "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)],
       "x-authc-app-origin": config.APPLICATIONORIGIN,
     });
 
diff --git a/services/auth/profile.js b/services/auth/profile.js
index 3918d45..5304279 100644
--- a/services/auth/profile.js
+++ b/services/auth/profile.js
@@ -1,6 +1,7 @@
-import { createHash, secureCookie } from "../../utils/credential.js";
+import { createHash } from "../../utils/credential.js";
 import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js";
 import config from "../../config.js";
+import { refreshCookie, fgpCookie } from "../../utils/cookies.js";
 
 export const userProfileHandler = async function (request, reply) {
   try {
@@ -50,18 +51,9 @@ export const userProfileHandler = async function (request, reply) {
       access_token: userAccessToken.token,
       access_token_expiry: userAccessToken.expiration,
     };
-    const expireDate = new Date();
-    expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days
 
     reply.headers({
-      "set-cookie": [
-        `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-        `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-      ],
+      "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)],
       "x-authc-app-origin": config.APPLICATIONORIGIN,
     });
 
diff --git a/services/auth/refresh.js b/services/auth/refresh.js
index f7d4054..8e1713f 100644
--- a/services/auth/refresh.js
+++ b/services/auth/refresh.js
@@ -1,7 +1,7 @@
 import { makeAccesstoken, makeRefreshtoken, validateJWT } from "../../utils/jwt.js";
 import config from "../../config.js";
 import { parse } from "cookie";
-import { secureCookie } from "../../utils/credential.js";
+import { refreshCookie, fgpCookie } from "../../utils/cookies.js";
 
 export const tokenRefreshHandler = async function (request, reply) {
   try {
@@ -37,18 +37,9 @@ export const tokenRefreshHandler = async function (request, reply) {
       access_token: userAccessToken.token,
       access_token_expiry: userAccessToken.expiration,
     };
-    const expireDate = new Date();
-    expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days
 
     reply.headers({
-      "set-cookie": [
-        `userRefreshToken=${userRefreshToken.token}; Path=/; Expires=${expireDate}; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-        `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-      ],
+      "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)],
       "x-authc-app-origin": config.APPLICATIONORIGIN,
     });
 
diff --git a/services/auth/registration.js b/services/auth/registration.js
index 013a819..5f6e19b 100644
--- a/services/auth/registration.js
+++ b/services/auth/registration.js
@@ -3,6 +3,7 @@ import { randomUUID } from "crypto";
 import { createId } from "@paralleldrive/cuid2";
 import { makeAccesstoken, makeRefreshtoken } from "../../utils/jwt.js";
 import config from "../../config.js";
+import { refreshCookie, fgpCookie } from "../../utils/cookies.js";
 
 export const registrationHandler = async function (request, reply) {
   try {
@@ -53,14 +54,7 @@ export const registrationHandler = async function (request, reply) {
     expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days
 
     reply.headers({
-      "set-cookie": [
-        `userRefreshToken=${
-          userRefreshToken.token
-        }; Path=/; Expires=${expireDate}; SameSite=None; HttpOnly; ${secureCookie()}`,
-        `Fgp=${userAccessToken.userFingerprint}; Path=/; Max-Age=3600; SameSite=${
-          config.SAMESITE
-        }; HttpOnly; ${secureCookie()}`,
-      ],
+      "set-cookie": [refreshCookie(userRefreshToken.token), fgpCookie(userAccessToken.userFingerprint)],
       "x-authc-app-origin": config.REGISTRATIONORIGIN,
     });
 
diff --git a/utils/cookies.js b/utils/cookies.js
new file mode 100644
index 0000000..9c146d5
--- /dev/null
+++ b/utils/cookies.js
@@ -0,0 +1,13 @@
+import { secureCookie } from "./credential.js";
+import config from "../config.js";
+
+export function refreshCookie(token) {
+  const expireDate = new Date();
+  expireDate.setTime(expireDate.getTime() + 7 * 24 * 60 * 60 * 1000); // TODO: Make configurable now, set to 7 days
+  return `userRefreshToken=${token}; Path=/; Expires=${expireDate}; SameSite=${
+    config.SAMESITE
+  }; HttpOnly; ${secureCookie()}`;
+}
+export function fgpCookie(fingerprint) {
+  return `Fgp=${fingerprint}; Path=/; Max-Age=3600; SameSite=${config.SAMESITE}; HttpOnly; ${secureCookie()}`;
+}