fix: cookie dev

2025-10-02 15:39:26 +07:00
parent f4580c42ee
commit 1987508887
1 changed files with 9 additions and 8 deletions
--- a/controllers/auth.controller.js
+++ b/controllers/auth.controller.js
@@ -29,8 +29,8 @@ class AuthController {
      // Set refresh token in cookie
      res.cookie('refreshToken', tokens.refreshToken, {
        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
+        secure: false, //masih dev
+        sameSite: 'lax',
        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
      });

@@ -71,8 +71,8 @@ class AuthController {
      // Set refresh token in cookie
      res.cookie('refreshToken', tokens.refreshToken, {
        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
+        secure: false, // masih dev
+        sameSite: 'lax',
        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
      });

@@ -98,8 +98,9 @@ class AuthController {

      return res.status(200).json(setResponse(result, 'Token refreshed successfully', 200));
    } catch (err) {
-      return res.status(err.statusCode || 500).json(
-        setResponse(null, err.message || 'Refresh token failed', err.statusCode || 500)
+      const status = err.statusCode && err.statusCode < 500 ? err.statusCode : 401;
+      return res.status(status).json(
+        setResponse(null, err.message || 'Refresh token invalid', status)
      );
    }
  }
@@ -109,8 +110,8 @@ class AuthController {
    try {
      res.clearCookie('refreshToken', {
        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
+        sameSite: 'none',
+        secure: true
      });
      return res.status(200).json(setResponse(null, 'Logged out successfully', 200));
    } catch (err) {