chore: Use secure cookies in local development and fix layout nesting (…

…#3949) ## Description - Use secure cookie at local development - Fix layout nesting https://remix.run/docs/en/main/file-conventions/routes#nested-urls-without-layout-nesting ## Steps for reproduction 1. click button 2. expect xyz ## Code Review - [ ] hi @kof, I need you to do - conceptual review (architecture, feature-correctness) - detailed review (read every line) - test it on preview ## Before requesting a review - [ ] made a self-review - [ ] added inline comments where things may be not obvious (the "why", not "what") ## Before merging - [ ] tested locally and on preview environment (preview dev login: 5de6) - [ ] updated [test cases](https://github.com/webstudio-is/webstudio/blob/main/apps/builder/docs/test-cases.md) document - [ ] added tests - [ ] if any new env variables are added, added them to `.env` file
webstudio-is · Aug 16, 2024 · 50575df · 50575df
1 parent 19fd22d
commit 50575df
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 2 deletions.
diff --git a/apps/builder/app/env/env.server.ts b/apps/builder/app/env/env.server.ts
@@ -100,6 +100,9 @@ const env = {
 
   POSTGREST_URL: process.env.POSTGREST_URL ?? "http://localhost:3000",
   POSTGREST_API_KEY: process.env.POSTGREST_API_KEY ?? "",
+
+  SECURE_COOKIE:
+    process.env.SSL === "true" || process.env.NODE_ENV === "production",
 };
 
 export type ServerEnv = typeof env;

diff --git a/...ilder/app/routes/auth.github.callback.tsx → ...lder/app/routes/auth.github_.callback.tsx b/...ilder/app/routes/auth.github.callback.tsx → ...lder/app/routes/auth.github_.callback.tsx
diff --git a/...ilder/app/routes/auth.google.callback.tsx → ...lder/app/routes/auth.google_.callback.tsx b/...ilder/app/routes/auth.google.callback.tsx → ...lder/app/routes/auth.google_.callback.tsx
diff --git a/.../builder/app/routes/rest.assets.$name.tsx → ...builder/app/routes/rest.assets_.$name.tsx b/.../builder/app/routes/rest.assets.$name.tsx → ...builder/app/routes/rest.assets_.$name.tsx
diff --git a/apps/builder/app/services/cookie.server.ts b/apps/builder/app/services/cookie.server.ts
@@ -1,12 +1,13 @@
 import { createCookie } from "@remix-run/node";
+import env from "~/env/env.server";
 import { dashboardPath } from "~/shared/router-utils";
 
 export const returnToCookie = createCookie("returnTo", {
   path: "/",
   httpOnly: true,
   sameSite: "lax",
   maxAge: 60, // 1 minute because it makes no sense to keep it for a long time
-  secure: process.env.NODE_ENV === "production",
+  secure: env.SECURE_COOKIE,
 });
 
 export const returnToPath = async (request: Request) => {

diff --git a/apps/builder/app/services/session.server.ts b/apps/builder/app/services/session.server.ts
@@ -10,7 +10,7 @@ export const sessionStorage = createCookieSessionStorage({
     path: "/", // remember to add this so the cookie will work in all routes
     httpOnly: true, // for security reasons, make this cookie http only
     secrets: env.AUTH_SECRET ? [env.AUTH_SECRET] : undefined, // replace this with an actual secret
-    secure: process.env.NODE_ENV === "production", // enable this in prod only
+    secure: env.SECURE_COOKIE,
   },
 });