refactor(hermes,router,admin): proper cors and cookie domains (#559)

libraries/hermes/package.json

@@ -19,7 +19,6 @@
     "@socket.io/redis-adapter": "^7.2.0",
     "apollo-server-express": "^2.11.0",
     "cookie-parser": "~1.4.6",
-    "cors": "^2.8.5",
     "debug": "~4.3.4",
     "deep-object-diff": "^1.1.9",
     "deepdash": "^5.3.9",

libraries/hermes/src/GraphQl/utils/cookie.plugin.ts

@@ -11,6 +11,9 @@ module.exports = {
           if (cookie.options!.path === '') {
             delete cookie.options.path;
           }
+          if (!cookie.options.domain || cookie.options.domain === '') {
+            cookie.options.domain = requestContext.context.req.hostname;
+          }
           res.cookie(cookie.name, cookie.value, cookie.options);
         });
 

libraries/hermes/src/Rest/Rest.ts

@@ -188,6 +188,9 @@ export class RestController extends ConduitRouter {
           if (r.setCookies && r.setCookies.length) {
             r.setCookies.forEach((cookie: Cookie) => {
               if (cookie.options.path === '') delete cookie.options.path;
+              if (!cookie.options.domain || cookie.options.domain === '') {
+                cookie.options.domain = req.headers.host;
+              }
               res.cookie(cookie.name, cookie.value, cookie.options);
             });
           }

libraries/hermes/src/index.ts

@@ -11,7 +11,6 @@ import {
   SocketPush,
 } from './interfaces';
 import { SwaggerRouterMetadata } from './types';
-import cors from 'cors';
 import cookieParser from 'cookie-parser';
 import path from 'path';
 import { ConduitRoute, ProxyRoute } from './classes';
@@ -286,7 +285,6 @@ export class ConduitRoutingController {
   }
 
   private registerGlobalMiddleware() {
-    this.registerMiddleware(cors(), false);
     this.registerMiddleware(createRouteMiddleware(ConduitGrpcSdk.Logger.winston), false);
     this.registerMiddleware(express.json({ limit: '50mb' }), false);
     this.registerMiddleware(

modules/authentication/src/config/token.config.ts

@@ -11,10 +11,6 @@ const cookieOptions = {
     format: 'Boolean',
     default: false,
   },
-  maxAge: {
-    format: 'Number',
-    default: 900000,
-  },
   domain: {
     format: 'String',
     default: '',

modules/authentication/src/handlers/tokenProvider.ts

@@ -154,7 +154,10 @@ export class TokenProvider {
       cookies.accessToken = {
         name: 'accessToken',
         value: (tokens[0] as AccessToken).token,
-        options: cookieOptions,
+        options: {
+          ...cookieOptions,
+          maxAge: tokenOptions.config.accessTokens.expiryPeriod,
+        },
       };
     }
     if (!isNil(tokens[1]) && tokenOptions.config.refreshTokens.setCookie) {
@@ -163,7 +166,10 @@ export class TokenProvider {
         cookies.refreshToken = {
           name: 'refreshToken',
           value: (tokens[1] as RefreshToken).token,
-          options: cookieOptions,
+          options: {
+            ...cookieOptions,
+            maxAge: tokenOptions.config.refreshTokens.expiryPeriod,
+          },
         };
       }
     }

modules/router/package.json

@@ -24,6 +24,7 @@
     "bcrypt": "^5.0.1",
     "deep-object-diff": "^1.1.9",
     "deepdash": "^5.3.9",
+    "cors": "^2.8.5",
     "graphql-parse-resolve-info": "^4.5.0",
     "graphql-type-json": "^0.3.1",
     "helmet": "^5.1.0",

modules/router/src/security/index.ts

@@ -1,9 +1,10 @@
-import ConduitGrpcSdk from '@conduitplatform/grpc-sdk';
+import ConduitGrpcSdk, { ConfigController } from '@conduitplatform/grpc-sdk';
 import helmet from 'helmet';
 import { RateLimiter } from './handlers/rate-limiter';
 import { ClientValidator } from './handlers/client-validation';
 import { NextFunction, Request, Response } from 'express';
 import ConduitDefaultRouter from '../Router';
+import cors from 'cors';
 
 export default class SecurityModule {
   constructor(
@@ -19,6 +20,15 @@ export default class SecurityModule {
       new RateLimiter(this.grpcSdk).limiter,
       true,
     );
+    this.router.registerGlobalMiddleware(
+      'corsMiddleware',
+      cors({
+        origin: (origin, callback) => {
+          callback(null, ConfigController.getInstance().config.hostUrl);
+        },
+        credentials: true,
+      }),
+    );
     this.router.registerGlobalMiddleware('helmetMiddleware', helmet());
     this.router.registerGlobalMiddleware(
       'helmetGqlFix',

packages/admin/package.json

@@ -33,6 +33,7 @@
     "@grpc/grpc-js": "^1.6.7",
     "@grpc/proto-loader": "^0.6.13",
     "bcrypt": "^5.0.1",
+    "cors": "^2.8.5",
     "convict": "^6.2.3",
     "crypto": "^1.0.1",
     "helmet": "^5.1.0",

packages/admin/src/index.ts

@@ -3,26 +3,27 @@ import { status } from '@grpc/grpc-js';
 import ConduitGrpcSdk, {
   ConduitError,
   ConduitRouteActions,
-  GrpcServer,
+  ConduitRouteObject,
   ConfigController,
   GrpcCallback,
   GrpcRequest,
+  GrpcServer,
   Indexable,
-  ConduitRouteObject,
-  SocketProtoDescription,
   merge,
+  SocketProtoDescription,
 } from '@conduitplatform/grpc-sdk';
 import {
   ConduitCommons,
-  IConduitAdmin,
   GenerateProtoRequest,
   GenerateProtoResponse,
+  IConduitAdmin,
   RegisterAdminRouteRequest,
   RegisterAdminRouteRequest_PathDefinition,
 } from '@conduitplatform/commons';
 import { hashPassword } from './utils/auth';
 import { runMigrations } from './migrations';
 import AdminConfigRawSchema from './config';
+import AppConfigSchema, { Config as ConfigSchema } from './config';
 import * as middleware from './middleware';
 import * as adminRoutes from './routes';
 import * as models from './models';
@@ -35,19 +36,19 @@ import {
   ConduitRoutingController,
   ConduitSocket,
   grpcToConduitRoute,
-  RouteT,
   ProtoGenerator,
   ProxyRoute,
   ProxyRouteT,
   proxyToConduitRoute,
+  RouteT,
 } from '@conduitplatform/hermes';
-import AppConfigSchema, { Config as ConfigSchema } from './config';
 import convict from 'convict';
-import { Response, NextFunction, Request } from 'express';
+import { NextFunction, Request, Response } from 'express';
 import helmet from 'helmet';
 import { generateConfigDefaults } from './utils/config';
 import metricsSchema from './metrics';
 import * as adminProxyRoutes from './routes/proxy';
+import cors from 'cors';
 
 export default class AdminModule extends IConduitAdmin {
   grpcSdk: ConduitGrpcSdk;
@@ -156,6 +157,15 @@ export default class AdminModule extends IConduitAdmin {
       .getConfigManager()
       .get('admin');
     this.onConfig();
+    this._router.registerMiddleware(
+      cors({
+        origin: (origin, callback) => {
+          callback(null, ConfigController.getInstance().config.hostUrl);
+        },
+        credentials: true,
+      }),
+      false,
+    );
     // Register Middleware
     this._router.registerMiddleware(
       (req: ConduitRequest, res: Response, next: NextFunction) => {
@@ -165,6 +175,7 @@ export default class AdminModule extends IConduitAdmin {
       true,
     );
     this._router.registerMiddleware(middleware.getAdminMiddleware(this.commons), true);
+
     this._router.registerMiddleware(
       middleware.getAuthMiddleware(this.grpcSdk, this.commons),
       true,