From f5cf5c46196af8265b454cf97bc0b5dcae348179 Mon Sep 17 00:00:00 2001
From: Moon Patel <moonpatel2003@gmail.com>
Date: Sun, 15 Oct 2023 01:38:43 +0530
Subject: [PATCH] fix: set cookies error while authentication in production

---
 backend/.env.example   | 5 ++++-
 backend/routes/auth.js | 6 +++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/backend/.env.example b/backend/.env.example
index 7eba8b4..4ea36c0 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -12,4 +12,7 @@ CONNECTION_STRING=
 PORT=8080
 
 # path to the chess engine
-CHESS_ENGINE_PATH=./engine/stockfish16.exe
\ No newline at end of file
+CHESS_ENGINE_PATH=./engine/stockfish16.exe
+
+# hostname
+HOSTNAME=http://localhost:8080
\ No newline at end of file
diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 3e1ad19..3c804d6 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -60,7 +60,7 @@ router.post("/signup", async (req, res, next) => {
         const authToken = createJSONToken(userDoc.id);
 
         const { id, username, email } = userDoc;
-        res.status(201).cookie("auth-token", authToken, { httpOnly: true, sameSite: "strict" }).json({
+        res.setHeader('Host',process.env.HOSTNAME).status(201).cookie("auth-token", authToken, { httpOnly: true, sameSite: "strict" }).json({
             success: true,
             user: { id, username, email },
             token: authToken,
@@ -99,7 +99,7 @@ router.post("/login", async (req, res, next) => {
 
         const token = createJSONToken(user.id);
         res.cookie("auth-token", token, { httpOnly: true, sameSite: "strict" });
-        return res
+        return res.setHeader('Host',process.env.HOSTNAME)
             .status(200)
             .json({ token, user: { id: user.id, username: user.username, email: user.email }, success: true });
     } catch (error) {
@@ -112,7 +112,7 @@ router.post("/login", async (req, res, next) => {
 
 router.delete("/logout", checkAuth, (req, res, next) => {
     try {
-        res.clearCookie("auth-token", { httpOnly: true, sameSite: "strict" });
+        res.setHeader('Host',process.env.HOSTNAME).clearCookie("auth-token", { httpOnly: true, sameSite: "strict" });
         res.status(200).json({ success: true });
     } catch (err) {
         next(err);