authkit-js/utils/cookies.js

Express auth toolkit (JWT, Sessions with Redis, Google/GitHub OAuth) in JavaScript

const { randomBytes } = require('crypto');


function cookieOptions(base) {
const env = (base && base.env) || process.env.NODE_ENV;
const domain = base && base.domain;
const path = (base && base.path) != null ? base.path : '/';
const crossSite = !!(base && base.crossSite);
let sameSite = (base && base.sameSite) != null ? base.sameSite : (crossSite ? 'none' : 'lax');
let secure = (base && typeof base.secure === 'boolean') ? base.secure : (env === 'production' || crossSite);
// When SameSite=None, browsers require Secure=true
if (sameSite === 'none' && secure !== true) secure = true;
return { httpOnly: true, domain, path, sameSite, secure };
}


function makeId(bytes = 32) {
return randomBytes(bytes).toString('hex');
}


module.exports = { cookieOptions, makeId };