wip: try to send cookie

2026-03-08 20:39:04 +01:00
parent c9a2cd8d66
commit 6eca085b6e
5 changed files with 22 additions and 10 deletions
--- a/README.md
+++ b/README.md
@@ -1,8 +1,10 @@
 # FakeMoney
 A PayPal-like payment processor for virtual money, intended to be used for simulation games.

-## Frontend
+## Development
+
+### Frontend
 Is written in angular + bootstrap.

-## Backend
-Uses NextJS + PostgreSQL.
+### Backend
+Uses NextJS + PostgreSQL with JWT as cookies.
--- a/client/angular.json
+++ b/client/angular.json
@@ -65,6 +65,9 @@
          "defaultConfiguration": "production"
        },
        "serve": {
+          "options": {
+            "proxyConfig": "proxy.json"
+          },
          "builder": "@angular/build:dev-server",
          "configurations": {
            "production": {
--- a/client/proxy.json
+++ b/client/proxy.json
@@ -0,0 +1,8 @@
+{
+  "/api": {
+    "target": "http://localhost:3000",
+    "secure": false,
+    "changeOrigin": true,
+    "withCredentials": true
+  }
+}
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -7,6 +7,7 @@ import { db, testConnection } from "./util/db";
 import { logger } from "./util/logging";

 const app: Express = express();
+// TODO replace with frontend URL
 app.use(cors({ origin: 'http://localhost:4200', credentials: true}));
 app.use(cookieParser());
 app.use(express.json());
@@ -20,12 +21,12 @@ app.use('/api/auth', authRouter);

 const PORT: number = parseInt(process.env.PORT as string) || 3000;

-// Start server after DB connection is established
 async function startServer() {
-  await testConnection(); // Test DB connection first
+  await testConnection();

  // Sync models (use migrations in production!)
-  await db.sync({ alter: true }); // Use { force: true } to drop and recreate tables (development only!)
+  // Use { force: true } to drop and recreate tables (development only!)
+  await db.sync({ alter: true });

  app.listen(PORT, () => {
    logger.info(`🚀 Backend Server running on http://localhost:${PORT}`);
--- a/server/src/routes/auth.ts
+++ b/server/src/routes/auth.ts
@@ -17,11 +17,9 @@ router.post('/login', async (req, res) => {

    // successfully authenticated
    res.cookie('jwt', 'toekn', {
-      /*
      httpOnly: true,    // Prevent XSS
-      secure: true,      // HTTPS only
-      sameSite: 'strict', // CSRF protection
-      */
+      secure: false,      // HTTPS only
+      sameSite: 'lax', // CSRF protection
      maxAge: 86400000,  // 1 day
    });
    res.json({ message: 'Logged in successfully' });