From df730e4d21e6e8879823e998fa7020fe898cffa8 Mon Sep 17 00:00:00 2001
From: Balu Babu <balub997@gmail.com>
Date: Wed, 24 Jul 2024 21:44:39 +0530
Subject: [PATCH] feat: Ability to toggle cookies to work in HTTP (#4194)

* feat: added new env variable

* feat: made http secure cookie conditional

* chore: added comments to env files

* chore: changed target of hopp-old-backend service to prod
---
 .env.example                                   | 3 +++
 packages/hoppscotch-backend/src/auth/helper.ts | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index e9c64eb9d..28feaf08b 100644
--- a/.env.example
+++ b/.env.example
@@ -9,6 +9,9 @@ MAGIC_LINK_TOKEN_VALIDITY= 3
 REFRESH_TOKEN_VALIDITY="604800000" # Default validity is 7 days (604800000 ms) in ms
 ACCESS_TOKEN_VALIDITY="86400000" # Default validity is 1 day (86400000 ms) in ms
 SESSION_SECRET='add some secret here'
+# Reccomended to be true, set to false if you are using http
+# Note: Some auth providers may not support http requests
+ALLOW_SECURE_COOKIES=true
 
 # Hoppscotch App Domain Config
 REDIRECT_URL="http://localhost:3000"
diff --git a/packages/hoppscotch-backend/src/auth/helper.ts b/packages/hoppscotch-backend/src/auth/helper.ts
index bd2a9fcfd..9c5c051d6 100644
--- a/packages/hoppscotch-backend/src/auth/helper.ts
+++ b/packages/hoppscotch-backend/src/auth/helper.ts
@@ -52,13 +52,13 @@ export const authCookieHandler = (
 
   res.cookie(AuthTokenType.ACCESS_TOKEN, authTokens.access_token, {
     httpOnly: true,
-    secure: true,
+    secure: configService.get('ALLOW_SECURE_COOKIES') === 'true',
     sameSite: 'lax',
     maxAge: accessTokenValidity,
   });
   res.cookie(AuthTokenType.REFRESH_TOKEN, authTokens.refresh_token, {
     httpOnly: true,
-    secure: true,
+    secure: configService.get('ALLOW_SECURE_COOKIES') === 'true',
     sameSite: 'lax',
     maxAge: refreshTokenValidity,
   });