fixed:cookies

Author: doTryCatch

src/controllers/authController.ts

@@ -13,7 +13,7 @@ class AuthController {
         body.email,
         body.password,
         body.name,
-        body.role
+        body.role,
       );
       return res
         .status(201)
@@ -35,9 +35,11 @@ class AuthController {
       // Set JWT token as HTTP-only cookie
       res.cookie("token", result.token, {
         httpOnly: true,
-        secure: true,
-        sameSite: "strict",
+        secure: process.env.NODE_ENV === "production",
+        sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
         maxAge: 24 * 60 * 60 * 1000, // 1 day
+        domain: process.env.COOKIE_DOMAIN || undefined,
+        path: "/",
       });
 
       return res.status(200).json({ message: "Login successful", ...result });
@@ -59,8 +61,10 @@ class AuthController {
   logout = async (req: Request, res: Response) => {
     res.clearCookie("token", {
       httpOnly: true,
-      sameSite: "none",
-      secure: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
+      domain: process.env.COOKIE_DOMAIN || undefined,
+      path: "/",
     });
     return res.status(200).json({ message: "Logout successful" });
   };

src/server.ts

@@ -11,13 +11,17 @@ app.use(cookieParser());
 
 // CORS options
 const corsOptions = {
-  origin: [
-    "https://blog-content-management-demo.vercel.app",
-    "https://blogcontentmanagement.netlify.app",
-  ], // allow only your frontend
+  origin: process.env.NODE_ENV === "production" 
+    ? [
+        "https://blog-content-management-demo.vercel.app",
+        "https://blogcontentmanagement.netlify.app",
+        process.env.FRONTEND_URL, // Allow custom frontend URL from env
+      ].filter(Boolean) // Remove undefined values
+    : true, // Allow all origins in development
   credentials: true, // allow cookies to be sent
   methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"], // Explicitly allow methods
-  allowedHeaders: ["Content-Type", "Authorization"], // Allow headers
+  allowedHeaders: ["Content-Type", "Authorization", "Cookie"], // Allow headers including cookies
+  optionsSuccessStatus: 200, // For legacy browser support
 };
 
 app.use(cors(corsOptions));

src/services/adminServices.ts

@@ -2,7 +2,7 @@ import { prisma } from "../config/prisma";
 
 export class AdminService {
   async getAllUsers() {
-    // ✅ Fetch only users with role = 'USER'
+    // Fetch only users with role = 'USER'
     return prisma.user.findMany({
       where: { role: "USER" },
       select: {
@@ -23,7 +23,7 @@ export class AdminService {
       throw new Error("User not found");
     }
 
-    // ❌ Prevent admin from deleting other admins
+    // Prevent admin from deleting other admins
     if (user.role === "ADMIN") {
       throw new Error("Cannot delete an admin account");
     }

src/services/authServices.ts

@@ -4,23 +4,23 @@ import { generateToken } from "../utils/generateTokenJWT";
 import { Response } from "express";
 
 export class AuthService {
-  // 🔹 Register a new user
+  // Register a new user
   async register(
     email: string,
     password: string,
     name?: string,
-    role?: "USER" | "ADMIN",
+    role?: "USER" | "ADMIN"
   ) {
-    // 1️⃣ Check if user already exists
+    //  Check if user already exists
     const existingUser = await prisma.user.findUnique({ where: { email } });
     if (existingUser) {
       throw new Error("A user with this email already exists");
     }
 
-    // 2️⃣ Hash the password
+    //Hash the password
     const hashedPassword = await bcrypt.hash(password, 12);
 
-    // 3️⃣ Create new user
+    //Create new user
     const user = await prisma.user.create({
       data: {
         email,
@@ -30,7 +30,7 @@ export class AuthService {
       },
     });
 
-    // 4️⃣ Generate JWT token
+    //  Generate JWT token
     const token = generateToken({
       id: user.id,
       email: user.email,
@@ -41,17 +41,17 @@ export class AuthService {
     return { user, token };
   }
 
-  // 🔹 Login existing user
+  //  Login existing user
   async login(email: string, password: string) {
-    // 1️⃣ Find user by email
+    //  Find user by email
     const user = await prisma.user.findUnique({ where: { email } });
     if (!user) throw new Error("User not found");
 
-    // 2️⃣ Compare password
+    //  Compare password
     const isMatch = await bcrypt.compare(password, user.password);
     if (!isMatch) throw new Error("Invalid credentials");
 
-    // 3️⃣ Generate token
+    //  Generate token
     const token = generateToken({
       id: user.id,
       email: user.email,
@@ -62,13 +62,15 @@ export class AuthService {
     return { user, token };
   }
 
-  // 🔹 Logout user (clear JWT cookie)
+  // Logout user (clear JWT cookie)
   async logout(res: Response) {
     try {
       res.clearCookie("token", {
         httpOnly: true,
-        secure: true,
-        sameSite: "none",
+        secure: process.env.NODE_ENV === "production",
+        sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
+        domain: process.env.COOKIE_DOMAIN || undefined,
+        path: "/",
       });
       return { message: "Logged out successfully" };
     } catch {