| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- import type { CookieOptions, Request } from "express";
- const LOCAL_HOSTS = new Set(["localhost", "127.0.0.1", "::1"]);
- function isIpAddress(host: string) {
- // Basic IPv4 check and IPv6 presence detection.
- if (/^\d{1,3}(\.\d{1,3}){3}$/.test(host)) return true;
- return host.includes(":");
- }
- function isSecureRequest(req: Request) {
- if (req.protocol === "https") return true;
- const forwardedProto = req.headers["x-forwarded-proto"];
- if (!forwardedProto) return false;
- const protoList = Array.isArray(forwardedProto)
- ? forwardedProto
- : forwardedProto.split(",");
- return protoList.some(proto => proto.trim().toLowerCase() === "https");
- }
- export function getSessionCookieOptions(
- req: Request
- ): Pick<CookieOptions, "domain" | "httpOnly" | "path" | "sameSite" | "secure"> {
- // const hostname = req.hostname;
- // const shouldSetDomain =
- // hostname &&
- // !LOCAL_HOSTS.has(hostname) &&
- // !isIpAddress(hostname) &&
- // hostname !== "127.0.0.1" &&
- // hostname !== "::1";
- // const domain =
- // shouldSetDomain && !hostname.startsWith(".")
- // ? `.${hostname}`
- // : shouldSetDomain
- // ? hostname
- // : undefined;
- const secure = isSecureRequest(req);
- // Scope the cookie to /chat/ so it is not sent to unrelated paths on the same domain.
- // Must match the Apache Alias base path for the chatbot.
- const basePath = process.env.COOKIE_BASE_PATH ?? "/";
- return {
- httpOnly: true,
- path: basePath,
- // SameSite=Lax is correct for same-site deployments (www.homelegance.com/chat/).
- // SameSite=None would require Secure=true which fails behind Apache proxy without trust-proxy config.
- sameSite: "lax",
- secure,
- };
- }
|
