Add AttachAccessTokenFromCookie middleware and update Kernel and SocialAuthController

This commit introduces the AttachAccessTokenFromCookie middleware, which injects the access token from a cookie into the Authorization header if not already present. Additionally, it updates the Kernel to include this middleware in the API middleware stack. The SocialAuthController is modified to set the domain for the access token cookie based on the environment, enhancing security and functionality in token management.

Author: Level237

app/Http/Controllers/Auth/SocialAuthController.php

@@ -55,9 +55,10 @@ public function handleGoogleCallback(): RedirectResponse
         // Refresh Token (Créer un jeton de durée de vie plus longue pour le rafraîchissement)
         $refreshToken = $user->createToken('GoogleRefreshToken', [], Carbon::now()->addDays(30))->accessToken;
 
-        $domain = config('app.env') === 'production' ? parse_url(config('app.url'), PHP_URL_HOST) : null;
+        $domain = (config('app.env') === 'production') ? '.akevas.com' : null;
         $secure = config('app.env') === 'production';
 
+        
         return redirect("{$frontendUrl}/auth/callback")->cookie('accessToken', $accessToken, 
         Carbon::now()->addMinutes(config('passport.token_ttl'))->timestamp, 
         '/', $domain, $secure, true, false, 'none') // ttl, path, domain, secure, httpOnly, raw, sameSite

app/Http/Kernel.php

@@ -43,9 +43,11 @@ class Kernel extends HttpKernel
 
         'api' => [
             // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
+            \App\Http\Middleware\AttachAccessTokenFromCookie::class,
             \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            // \App\Http\Middleware\EncryptCookies::class,
+          
+            //\App\Http\Middleware\EncryptCookies::class,
         ],
     ];
 

app/Http/Middleware/AttachAccessTokenFromCookie.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class AttachAccessTokenFromCookie
+{
+    
+    public function handle(Request $request, Closure $next)
+    {
+        // 1. Vérifier si l'en-tête Authorization est déjà présent (pour ne pas écraser)
+        if (!$request->headers->has('Authorization') && $request->cookie('accessToken')) {
+            
+            // 2. Lire le token depuis le cookie 'accessToken'
+            $accessToken = $request->cookie('accessToken');
+            
+            // 3. Injecter le token dans l'en-tête Authorization au format Bearer
+            $request->headers->set('Authorization', 'Bearer ' . $accessToken);
+        }
+        
+        return $next($request);
+    }
+}

app/Http/Middleware/EncryptCookies.php

@@ -12,6 +12,7 @@ class EncryptCookies extends Middleware
      * @var array<int, string>
      */
     protected $except = [
-        //
+        'accessToken',    // ⬅️ Ajouter le cookie d'authentification
+        'refreshToken',   // ⬅️ Ajouter le cookie de rafraîchissement
     ];
 }

config/cors.php

@@ -28,6 +28,7 @@
     'exposed_headers' => ["*"],
 
     'max_age' => 0,
+    "Access-Control-Allow-Credentials" =>true,
 
     'supports_credentials' => true,
        // Très important !