fix: read cookieName-client if cookie with cookieName is not present

* fix: cookie host

* feat: add test for url utils

* fix: url test

* fix: multi domain cookie if allowed

.github/CONTRIBUTING.md

@@ -10,7 +10,7 @@ We're so excited you're interested in helping with Authorizer! We are happy to h
 ## Where to ask questions?
 
 1. Check our [Github Issues](https://github.com/authorizerdev/authorizer/issues) to see if someone has already answered your question.
-2. Join our community on [Discord](https://discord.gg/WDvCxwkX) and feel free to ask us your questions
+2. Join our community on [Discord](https://discord.gg/Zv2D5h6kkK) and feel free to ask us your questions
 
 As you gain experience with Authorizer, please help answer other people's questions! :pray:
 
@@ -19,7 +19,7 @@ As you gain experience with Authorizer, please help answer other people's questi
 You can get started by taking a look at our [Github issues](https://github.com/authorizerdev/authorizer/issues)  
 If you find one that looks interesting and no one else is already working on it, comment on that issue and start contributing 🙂.
 
-Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/WDvCxwkX). We're happy to help!:raised_hands:
+Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/Zv2D5h6kkK). We're happy to help!:raised_hands:
 
 ### Contributions that are ALWAYS welcome
 

Makefile

@@ -4,4 +4,6 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 cmd:
 	cd server && go build -ldflags "-w -X main.Version=$(VERSION)" -o '../build/server'
 clean:
-	rm -rf build
+	rm -rf build
+test:
+	cd server && go test ./...

README.md

@@ -15,7 +15,7 @@
 - [Getting Started](#getting-started)
 - [Contributing](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md)
 - [Docs](http://docs.authorizer.dev/)
-- [Join Community](https://discord.gg/2fXUQN3E)
+- [Join Community](https://discord.gg/Zv2D5h6kkK)
 
 # Introduction
 
@@ -180,3 +180,9 @@ This example demonstrates how you can use [`@authorizerdev/authorizer-js`](/auth
 	onLoad();
 </script>
 ```
+
+---
+
+### Support my work
+
+<a href="https://www.buymeacoffee.com/lakhansamani" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>

server/constants/constants.go

@@ -14,6 +14,7 @@ var (
 	JWT_SECRET                   = ""
 	ALLOWED_ORIGINS              = []string{}
 	AUTHORIZER_URL               = ""
+	APP_URL                      = ""
 	PORT                         = "8080"
 	REDIS_URL                    = ""
 	IS_PROD                      = false

server/handlers/oauthCallback.go

@@ -40,7 +40,7 @@ func processGoogleUserInfo(code string) (db.User, error) {
 	// Parse and verify ID Token payload.
 	idToken, err := verifier.Verify(ctx, rawIDToken)
 	if err != nil {
-		return user, fmt.Errorf("unable to verify id_token:", err.Error())
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
 	}
 
 	// Extract custom claims

server/handlers/verifyEmail.go

@@ -69,6 +69,6 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			db.Mgr.SaveSession(sessionData)
 		}()
 		utils.SetCookie(c, accessToken)
-		c.Redirect(http.StatusTemporaryRedirect, claim.Host)
+		c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)
 	}
 }

server/main.go

@@ -32,6 +32,8 @@ func GinContextToContextMiddleware() gin.HandlerFunc {
 func CORSMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		origin := c.Request.Header.Get("Origin")
+		constants.APP_URL = origin
+		log.Println("=> APP_URL:", constants.APP_URL)
 		c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
 		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
 		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")

server/utils/cookie.go

@@ -1,7 +1,6 @@
 package utils
 
 import (
-	"log"
 	"net/http"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -11,17 +10,24 @@ import (
 func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
-
 	host := GetHostName(constants.AUTHORIZER_URL)
-	log.Println("=> cookie host", host)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}
+
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", domain, secure, httpOnly)
 }
 
 func GetCookie(gc *gin.Context) (string, error) {
 	cookie, err := gc.Request.Cookie(constants.COOKIE_NAME)
 	if err != nil {
-		return "", err
+		cookie, err = gc.Request.Cookie(constants.COOKIE_NAME + "-client")
+		if err != nil {
+			return "", err
+		}
 	}
 
 	return cookie.Value, nil
@@ -31,11 +37,13 @@ func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
 
-	if !constants.IS_PROD {
-		secure = false
+	host := GetDomainName(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
 	}
 
-	host := GetHostName(constants.AUTHORIZER_URL)
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", domain, secure, httpOnly)
 }

server/utils/urls.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 )
 
-// function to get hostname
+// GetHostName function to get hostname
 func GetHostName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {
@@ -17,7 +17,7 @@ func GetHostName(auth_url string) string {
 	return host
 }
 
-// function to get domain name
+// GetDomainName function to get domain name
 func GetDomainName(auth_url string) string {
 	u, err := url.Parse(auth_url)
 	if err != nil {

server/utils/urls_test.go

@@ -0,0 +1,25 @@
+package utils
+
+import "testing"
+
+func TestGetHostName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetHostName(authorizer_url)
+	want := "test.herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %s, wanted %s", got, want)
+	}
+}
+
+func TestGetDomainName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := GetDomainName(authorizer_url)
+	want := "herokuapp.com"
+
+	if got != want {
+		t.Errorf("GetHostName Test failed got %q, wanted %q", got, want)
+	}
+}

server/utils/verificationToken.go

@@ -8,8 +8,9 @@ import (
 )
 
 type UserInfo struct {
-	Email string `json:"email"`
-	Host  string `json:"host"`
+	Email       string `json:"email"`
+	Host        string `json:"host"`
+	RedirectURL string `json:"redirect_url"`
 }
 
 type CustomClaim struct {
@@ -28,7 +29,7 @@ func CreateVerificationToken(email string, tokenType string) (string, error) {
 			ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
 		},
 		tokenType,
-		UserInfo{Email: email, Host: constants.AUTHORIZER_URL},
+		UserInfo{Email: email, Host: constants.AUTHORIZER_URL, RedirectURL: constants.APP_URL},
 	}
 
 	return t.SignedString([]byte(constants.JWT_SECRET))