fix: update COOKIE_DOMAIN in .example.env for subdomain support and enhance cookie settings in authenticate function

mitchdowney · mitchdowney · commit 93de4bd5c1bc · 2025-07-23T01:59:55.000-05:00
diff --git a/.example.env b/.example.env
@@ -23,7 +23,7 @@ AUTH_JWT_SECRET=your-secret-whatever
 USER_AGENT=Podverse/API-2
 
 # Use the public facing domain, not the internal docker network ip address.
-COOKIE_DOMAIN=localhost
+COOKIE_DOMAIN=localhost # prefix with a dot for subdomains, e.g. .podverse.fm or .beta.podverse.fm
 COOKIE_IS_SECURE=
 
 #####
diff --git a/src/lib/auth/index.ts b/src/lib/auth/index.ts
@@ -100,6 +100,7 @@ export const authenticate = (req: Request, res: Response, next: NextFunction) =>
     res.cookie('jwt', token, {
       httpOnly: true,
       secure: process.env.NODE_ENV === 'production',
+      ...(config.api.cookie.domain !== 'localhost' ? { domain: config.api.cookie.domain } : {}),
       maxAge: 31536000000 // 1 year in milliseconds
     });
 
