From 1987508887d3905862fa37558e932bea2e8db909 Mon Sep 17 00:00:00 2001 From: Antony Kurniawan Date: Thu, 2 Oct 2025 15:39:26 +0700 Subject: [PATCH] fix: cookie dev --- controllers/auth.controller.js | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/controllers/auth.controller.js b/controllers/auth.controller.js index 8c3b405..87425c1 100644 --- a/controllers/auth.controller.js +++ b/controllers/auth.controller.js @@ -29,8 +29,8 @@ class AuthController { // Set refresh token in cookie res.cookie('refreshToken', tokens.refreshToken, { httpOnly: true, - secure: process.env.NODE_ENV === 'production', - sameSite: 'strict', + secure: false, //masih dev + sameSite: 'lax', maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari }); @@ -71,8 +71,8 @@ class AuthController { // Set refresh token in cookie res.cookie('refreshToken', tokens.refreshToken, { httpOnly: true, - secure: process.env.NODE_ENV === 'production', - sameSite: 'strict', + secure: false, // masih dev + sameSite: 'lax', maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari }); @@ -98,8 +98,9 @@ class AuthController { return res.status(200).json(setResponse(result, 'Token refreshed successfully', 200)); } catch (err) { - return res.status(err.statusCode || 500).json( - setResponse(null, err.message || 'Refresh token failed', err.statusCode || 500) + const status = err.statusCode && err.statusCode < 500 ? err.statusCode : 401; + return res.status(status).json( + setResponse(null, err.message || 'Refresh token invalid', status) ); } } @@ -109,8 +110,8 @@ class AuthController { try { res.clearCookie('refreshToken', { httpOnly: true, - secure: process.env.NODE_ENV === 'production', - sameSite: 'strict', + sameSite: 'none', + secure: true }); return res.status(200).json(setResponse(null, 'Logged out successfully', 200)); } catch (err) {