From 80363de8a9d91a5a96495513a9fd3bf1f22dc8a4 Mon Sep 17 00:00:00 2001
From: adrien2p <adrien.deperetti@gmail.com>
Date: Tue, 22 Nov 2022 09:59:50 +0100
Subject: [PATCH] fix: authentication strategy cookies and split cookies per
 domain

---
 .../src/auth-strategies/facebook/admin.ts     |  7 +++-
 .../src/auth-strategies/facebook/store.ts     | 10 +++--
 .../src/auth-strategies/google/admin.ts       |  4 +-
 .../src/auth-strategies/google/store.ts       | 10 +++--
 .../src/auth-strategies/jwt-override.ts       | 37 ++++++++++++++++++-
 .../src/auth-strategies/linkedin/admin.ts     |  4 +-
 .../src/auth-strategies/linkedin/store.ts     | 10 +++--
 .../src/auth-strategies/twitter/admin.ts      |  4 +-
 .../src/auth-strategies/twitter/store.ts      | 10 +++--
 .../medusa-plugin-auth/src/types/index.ts     |  3 +-
 10 files changed, 76 insertions(+), 23 deletions(-)

diff --git a/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts
index 4446dcc..ed5b237 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts
@@ -2,7 +2,10 @@ import passport from 'passport';
 import { Strategy as FacebookStrategy } from 'passport-facebook';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	ADMIN_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -80,7 +83,7 @@ export function getFacebookAdminAuthRouter(facebook: FacebookAuthOptions, config
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: facebook.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.admin.successRedirect);
 	};
 
 	router.get(facebook.admin.authCallbackPath, cors(adminCorsOptions));
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts
index 0ccdbac..73ac2e2 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts
@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { FacebookAuthOptions } from './types';
 
@@ -86,10 +90,10 @@ export function getFacebookStoreAuthRouter(facebook: FacebookAuthOptions, config
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: facebook.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.store.successRedirect);
 		}
 	);
 
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts
index ecf369e..6f3d76e 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts
@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -82,7 +82,7 @@ export function getGoogleAdminAuthRouter(google: GoogleAuthOptions, configModule
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: google.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.admin.successRedirect);
 	};
 
 	router.get(google.admin.authCallbackPath, cors(adminCorsOptions));
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts
index 1a23111..fe74d1f 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/google/store.ts
@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { GoogleAuthOptions } from './index';
 
@@ -88,10 +92,10 @@ export function getGoogleStoreAuthRouter(google: GoogleAuthOptions, configModule
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: google.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.store.successRedirect);
 		}
 	);
 
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/jwt-override.ts b/packages/medusa-plugin-auth/src/auth-strategies/jwt-override.ts
index 7d3f2a6..3e976f7 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/jwt-override.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/jwt-override.ts
@@ -1,7 +1,7 @@
 import passport from 'passport';
 import { Strategy as JWTStrategy } from 'passport-jwt';
 import { ConfigModule } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME } from '../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, STORE_AUTH_TOKEN_COOKIE_NAME } from "../types";
 
 export function loadJwtOverrideStrategy(configModule: ConfigModule): void {
 	const { jwt_secret } = configModule.projectConfig;
@@ -9,7 +9,9 @@ export function loadJwtOverrideStrategy(configModule: ConfigModule): void {
 		'jwt',
 		new JWTStrategy(
 			{
-				jwtFromRequest: (req) => req.cookies[AUTH_TOKEN_COOKIE_NAME] ?? req.session.jwt,
+				jwtFromRequest: (req) => {
+					return req.cookies[STORE_AUTH_TOKEN_COOKIE_NAME] ?? req.cookies[ADMIN_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt
+				},
 				secretOrKey: jwt_secret,
 			},
 			async (jwtPayload, done) => {
@@ -17,4 +19,35 @@ export function loadJwtOverrideStrategy(configModule: ConfigModule): void {
 			}
 		)
 	);
+
+	// The bellow code will be available for the next version of medusa core
+	/*passport.use(
+		'admin-jwt',
+		new JWTStrategy(
+			{
+				jwtFromRequest: (req) => {
+					return req.cookies[ADMIN_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt
+				},
+				secretOrKey: jwt_secret,
+			},
+			async (jwtPayload, done) => {
+				return done(null, jwtPayload);
+			}
+		)
+	);
+
+	passport.use(
+		'store-jwt',
+		new JWTStrategy(
+			{
+				jwtFromRequest: (req) => {
+					return req.cookies[STORE_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt_store
+				},
+				secretOrKey: jwt_secret,
+			},
+			async (jwtPayload, done) => {
+				return done(null, jwtPayload);
+			}
+		)
+	);*/
 }
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts
index 3f27888..22c4dcf 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts
@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as LinkedinStrategy } from 'passport-linkedin-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -84,7 +84,7 @@ export function getLinkedinAdminAuthRouter(linkedin: LinkedinAuthOptions, config
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: linkedin.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.admin.successRedirect);
 	};
 
 	router.get(linkedin.admin.authCallbackPath, cors(adminCorsOptions));
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts
index be13ec2..50f397a 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts
@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { LinkedinAuthOptions } from './index';
 
@@ -90,10 +94,10 @@ export function getLinkedinStoreAuthRouter(linkedin: LinkedinAuthOptions, config
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: linkedin.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.store.successRedirect);
 		}
 	);
 
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/twitter/admin.ts b/packages/medusa-plugin-auth/src/auth-strategies/twitter/admin.ts
index 1b483a9..aaabc70 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/twitter/admin.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/twitter/admin.ts
@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as TwitterStrategy } from '@superfaceai/passport-twitter-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -81,7 +81,7 @@ export function getTwitterAdminAuthRouter(twitter: TwitterAuthOptions, configMod
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: twitter.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.admin.successRedirect);
 	};
 
 	router.get(twitter.admin.authCallbackPath, cors(adminCorsOptions));
diff --git a/packages/medusa-plugin-auth/src/auth-strategies/twitter/store.ts b/packages/medusa-plugin-auth/src/auth-strategies/twitter/store.ts
index 5afcfe4..4443096 100644
--- a/packages/medusa-plugin-auth/src/auth-strategies/twitter/store.ts
+++ b/packages/medusa-plugin-auth/src/auth-strategies/twitter/store.ts
@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS, CUSTOMER_METADATA_KEY } from '../../types';
+import {
+	TWENTY_FOUR_HOURS_IN_MS,
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { TwitterAuthOptions } from './index';
 
@@ -91,10 +95,10 @@ export function getTwitterStoreAuthRouter(twitter: TwitterAuthOptions, configMod
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: twitter.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.store.successRedirect);
 		}
 	);
 
diff --git a/packages/medusa-plugin-auth/src/types/index.ts b/packages/medusa-plugin-auth/src/types/index.ts
index 9476a70..0a80a99 100644
--- a/packages/medusa-plugin-auth/src/types/index.ts
+++ b/packages/medusa-plugin-auth/src/types/index.ts
@@ -3,7 +3,8 @@ import { FacebookAuthOptions } from '../auth-strategies/facebook';
 import { TwitterAuthOptions } from '../auth-strategies/twitter';
 import { LinkedinAuthOptions } from '../auth-strategies/linkedin';
 
-export const AUTH_TOKEN_COOKIE_NAME = 'auth_token';
+export const STORE_AUTH_TOKEN_COOKIE_NAME = 'store_auth_token';
+export const ADMIN_AUTH_TOKEN_COOKIE_NAME = 'admin_auth_token';
 
 export const CUSTOMER_METADATA_KEY = 'useSocialAuth';