feat: Ability to toggle cookies to work in HTTP (#4194)

* feat: added new env variable

* feat: made http secure cookie conditional

* chore: added comments to env files

* chore: changed target of hopp-old-backend service to prod

.env.example

@@ -9,6 +9,9 @@ MAGIC_LINK_TOKEN_VALIDITY= 3
 REFRESH_TOKEN_VALIDITY="604800000" # Default validity is 7 days (604800000 ms) in ms
 ACCESS_TOKEN_VALIDITY="86400000" # Default validity is 1 day (86400000 ms) in ms
 SESSION_SECRET='add some secret here'
+# Reccomended to be true, set to false if you are using http
+# Note: Some auth providers may not support http requests
+ALLOW_SECURE_COOKIES=true
 
 # Hoppscotch App Domain Config
 REDIRECT_URL="http://localhost:3000"

packages/hoppscotch-backend/src/auth/helper.ts

@@ -52,13 +52,13 @@ export const authCookieHandler = (
 
   res.cookie(AuthTokenType.ACCESS_TOKEN, authTokens.access_token, {
     httpOnly: true,
-    secure: true,
+    secure: configService.get('ALLOW_SECURE_COOKIES') === 'true',
     sameSite: 'lax',
     maxAge: accessTokenValidity,
   });
   res.cookie(AuthTokenType.REFRESH_TOKEN, authTokens.refresh_token, {
     httpOnly: true,
-    secure: true,
+    secure: configService.get('ALLOW_SECURE_COOKIES') === 'true',
     sameSite: 'lax',
     maxAge: refreshTokenValidity,
   });