updated the Cookie configuration to dynamically use the domain name a…

…nd secure attributes based on the application environment
rajumb0232 · Nov 8, 2024 · 4aad34c · 4aad34c
1 parent 9c1abe7
commit 4aad34c
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/E-Stores-API/.env.example b/E-Stores-API/.env.example
@@ -1,4 +1,6 @@
 // use this template to create the .env file.
+DOMAIN=
+IS_HTTPS=
 MAIL_USERNAME=
 MAIL_PASSWORD=
 POSTGRES_URL=

diff --git a/E-Stores-API/src/main/java/com/devb/estores/config/AppEnv.java b/E-Stores-API/src/main/java/com/devb/estores/config/AppEnv.java
@@ -14,6 +14,8 @@
 public class AppEnv {
 
     private String baseURL;
+    private String domain;
+    private boolean isHttps;
     private Jwt jwt;
 
     @Getter

diff --git a/E-Stores-API/src/main/java/com/devb/estores/util/CookieManager.java b/E-Stores-API/src/main/java/com/devb/estores/util/CookieManager.java
@@ -1,30 +1,35 @@
 package com.devb.estores.util;
 
+import com.devb.estores.config.AppEnv;
+import lombok.AllArgsConstructor;
 import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Service;
 
 @Service
+@AllArgsConstructor
 public class CookieManager {
 
+    private final AppEnv appEnv;
+
     public String configure(String name,String value, long maxAge) {
         ResponseCookie cookie = ResponseCookie.from(name, value)
-                .domain("localhost")
+                .domain(appEnv.getDomain())
                 .path("/")
                 .httpOnly(true)
                 .sameSite("Lax")
-                .secure(false)
+                .secure(appEnv.isHttps())
                 .maxAge(maxAge)
                 .build();
         return cookie.toString();
     }
 
     public String invalidate(String name){
        ResponseCookie cookie = ResponseCookie.from(name, "")
-               .domain("localhost")
+               .domain(appEnv.getDomain())
                .path("/")
                .httpOnly(true)
                .sameSite("Lax")
-               .secure(false)
+               .secure(appEnv.isHttps())
                .maxAge(0)
                .build();
         return cookie.toString();

diff --git a/E-Stores-API/src/main/resources/application.yml b/E-Stores-API/src/main/resources/application.yml
@@ -41,6 +41,8 @@ server:
 #Application Configuration
 app:
   base-url: /api/fkv1
+  domain: ${DOMAIN}
+  is-https: ${IS_HTTPS}
   jwt:
     secret: ${JWT_SECRET}
     access-expiration-seconds: 3600