From a6ad86bd59f0233b6a5b606921868bdcd96bbcc5 Mon Sep 17 00:00:00 2001
From: Balu Babu <balub997@gmail.com>
Date: Fri, 20 Jan 2023 07:56:19 +0530
Subject: [PATCH] chore: replaced hardcoded values with env variables in
 app.module.ts, main.ts and utils.ts

---
 .../migration.sql                                |  0
 packages/hoppscotch-backend/src/app.module.ts    |  4 ++++
 .../src/auth/auth.controller.ts                  |  2 --
 .../src/auth/strategies/jwt.strategy.ts          |  3 ---
 packages/hoppscotch-backend/src/main.ts          |  4 +++-
 packages/hoppscotch-backend/src/utils.ts         | 16 +++++++++++++++-
 6 files changed, 22 insertions(+), 7 deletions(-)
 rename packages/hoppscotch-backend/prisma/migrations/{20230119072446_auth => 20230119233519_auth}/migration.sql (100%)

diff --git a/packages/hoppscotch-backend/prisma/migrations/20230119072446_auth/migration.sql b/packages/hoppscotch-backend/prisma/migrations/20230119233519_auth/migration.sql
similarity index 100%
rename from packages/hoppscotch-backend/prisma/migrations/20230119072446_auth/migration.sql
rename to packages/hoppscotch-backend/prisma/migrations/20230119233519_auth/migration.sql
diff --git a/packages/hoppscotch-backend/src/app.module.ts b/packages/hoppscotch-backend/src/app.module.ts
index 62a88af0c..5ffd49e90 100644
--- a/packages/hoppscotch-backend/src/app.module.ts
+++ b/packages/hoppscotch-backend/src/app.module.ts
@@ -8,6 +8,10 @@ import { AuthModule } from './auth/auth.module';
 @Module({
   imports: [
     GraphQLModule.forRoot<ApolloDriverConfig>({
+      cors: process.env.PRODUCTION !== 'true' && {
+        origin: ['http://localhost:3170', 'http://localhost:3000'],
+        credentials: true,
+      },
       playground: process.env.PRODUCTION !== 'true',
       debug: process.env.PRODUCTION !== 'true',
       autoSchemaFile: true,
diff --git a/packages/hoppscotch-backend/src/auth/auth.controller.ts b/packages/hoppscotch-backend/src/auth/auth.controller.ts
index f79127619..3107ba1f9 100644
--- a/packages/hoppscotch-backend/src/auth/auth.controller.ts
+++ b/packages/hoppscotch-backend/src/auth/auth.controller.ts
@@ -63,8 +63,6 @@ export class AuthController {
   async googleAuthRedirect(@Request() req, @Res() res) {
     const authTokens = await this.authService.generateAuthTokens(req.user.uid);
     if (E.isLeft(authTokens)) throwHTTPErr(authTokens.left);
-    console.log('google', authTokens);
-
     authCookieHandler(res, authTokens.right, true);
   }
 
diff --git a/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts b/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts
index 9770df5e2..d589e82c5 100644
--- a/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts
+++ b/packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts
@@ -22,8 +22,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([
         (request: Request) => {
-          console.log('here1', request.cookies);
-
           const ATCookie = request.cookies['access_token'];
           if (!ATCookie) {
             throw new ForbiddenException(COOKIES_NOT_FOUND);
@@ -37,7 +35,6 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
 
   async validate(payload: AccessTokenPayload) {
     if (!payload) throw new ForbiddenException(INVALID_ACCESS_TOKEN);
-    console.log('here', payload);
 
     const user = await this.usersService.findUserById(payload.sub);
     if (O.isNone(user)) {
diff --git a/packages/hoppscotch-backend/src/main.ts b/packages/hoppscotch-backend/src/main.ts
index 782f8c20f..9585f2c21 100644
--- a/packages/hoppscotch-backend/src/main.ts
+++ b/packages/hoppscotch-backend/src/main.ts
@@ -19,8 +19,10 @@ async function bootstrap() {
 
   if (process.env.PRODUCTION === 'false') {
     console.log('Enabling CORS with development settings');
+
     app.enableCors({
-      origin: true,
+      origin: process.env.WHITELISTED_ORIGINS.split(','),
+      credentials: true,
     });
   } else {
     console.log('Enabling CORS with production settings');
diff --git a/packages/hoppscotch-backend/src/utils.ts b/packages/hoppscotch-backend/src/utils.ts
index 1e7d1072f..ba079ed88 100644
--- a/packages/hoppscotch-backend/src/utils.ts
+++ b/packages/hoppscotch-backend/src/utils.ts
@@ -146,17 +146,31 @@ export const authCookieHandler = (
   authTokens: AuthTokens,
   redirect: boolean,
 ) => {
+  const currentTime = DateTime.now();
+  const accessTokenValidity = currentTime
+    .plus({
+      milliseconds: parseInt(process.env.ACCESS_TOKEN_VALIDITY),
+    })
+    .toMillis();
+  const refreshTokenValidity = currentTime
+    .plus({
+      milliseconds: parseInt(process.env.REFRESH_TOKEN_VALIDITY),
+    })
+    .toMillis();
+
   res.cookie('access_token', authTokens.access_token, {
     httpOnly: true,
     secure: true,
     sameSite: 'lax',
+    maxAge: accessTokenValidity,
   });
   res.cookie('refresh_token', authTokens.refresh_token, {
     httpOnly: true,
     secure: true,
     sameSite: 'lax',
+    maxAge: refreshTokenValidity,
   });
   if (redirect) {
-    res.status(HttpStatus.OK).redirect('http://localhost:3170/graphql');
+    res.status(HttpStatus.OK).redirect(process.env.REDIRECT_URL);
   } else res.status(HttpStatus.OK).send();
 };