refactor: changed auth module to work with signed cookies

packages/hoppscotch-backend/.env.example

@@ -6,6 +6,7 @@ POSTMARK_SERVER_TOKEN=************************************************"
 POSTMARK_SENDER_EMAIL=************************************************"
 
 # Auth Tokens Config
+SIGNED_COOKIE_SECRET='add some secret here'
 JWT_SECRET='add some secret here'
 REFRESH_TOKEN_VALIDITY="604800000" # Default validity is 7 days
 ACCESS_TOKEN_VALIDITY="120000" # Default validity is 1 day
@@ -13,13 +14,13 @@ ACCESS_TOKEN_VALIDITY="120000" # Default validity is 1 day
 # Hoppscotch App Domain Config
 APP_DOMAIN="************************************************""
 REDIRECT_URL="************************************************""
-WHITELISTED_ORIGINS ="************************************************"
+WHITELISTED_ORIGINS="************************************************"
 
 # Google Auth Config
 GOOGLE_CLIENT_ID="************************************************"
 GOOGLE_CLIENT_SECRET="************************************************"
 GOOGLE_CALLBACK_URL="************************************************"
-GOOGLE_SCOPE= ['email', 'profile'],
+GOOGLE_SCOPE="['email', 'profile'],"
 
 # Github Auth Config
 GITHUB_CLIENT_ID="************************************************"

packages/hoppscotch-backend/prisma/schema.prisma

@@ -98,6 +98,7 @@ model User {
 model Account {
   id                   String   @id @default(cuid())
   userId               String
+  user                 User     @relation(fields: [userId], references: [uid], onDelete: Cascade)
   provider             String
   providerAccountId    String
   providerRefreshToken String?
@@ -105,8 +106,6 @@ model Account {
   providerScope        String?
   loggedIn             DateTime @default(now()) @db.Timestamp(3)
 
-  user User @relation(fields: [userId], references: [uid], onDelete: Cascade)
-
   @@unique(fields: [provider, providerAccountId], name: "verifyProviderAccount")
 }
 

packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts

@@ -22,7 +22,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([
         (request: Request) => {
-          const ATCookie = request.cookies['access_token'];
+          const ATCookie = request.signedCookies['access_token'];
           if (!ATCookie) {
             throw new ForbiddenException(COOKIES_NOT_FOUND);
           }

packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts

@@ -21,7 +21,7 @@ export class RTJwtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([
         (request: Request) => {
-          const RTCookie = request.cookies['refresh_token'];
+          const RTCookie = request.signedCookies['refresh_token'];
           if (!RTCookie) {
             throw new ForbiddenException(COOKIES_NOT_FOUND);
           }

packages/hoppscotch-backend/src/decorators/rt-cookie.decorator.ts

@@ -4,6 +4,6 @@ import { GqlExecutionContext } from '@nestjs/graphql';
 export const RTCookie = createParamDecorator(
   (data: unknown, context: ExecutionContext) => {
     const ctx = GqlExecutionContext.create(context);
-    return ctx.getContext().req.cookies['refresh_token'];
+    return ctx.getContext().req.signedCookies['refresh_token'];
   },
 );

packages/hoppscotch-backend/src/main.ts

@@ -31,7 +31,7 @@ async function bootstrap() {
       origin: true,
     });
   }
-  app.use(cookieParser());
+  app.use(cookieParser(process.env.SIGNED_COOKIE_SECRET));
   await app.listen(process.env.PORT || 3170);
 }
 bootstrap();

packages/hoppscotch-backend/src/utils.ts

@@ -164,12 +164,14 @@ export const authCookieHandler = (
     secure: true,
     sameSite: 'lax',
     maxAge: accessTokenValidity,
+    signed: true,
   });
   res.cookie('refresh_token', authTokens.refresh_token, {
     httpOnly: true,
     secure: true,
     sameSite: 'lax',
     maxAge: refreshTokenValidity,
+    signed: true,
   });
   if (redirect) {
     res.status(HttpStatus.OK).redirect(process.env.REDIRECT_URL);