configure auth cookies

This commit is contained in:
Yisroel Baum 2026-07-02 01:17:13 +03:00
parent db18fae479
commit 4ee20396e8
Signed by: yisroelbaum
GPG key ID: 0FA60884F75520A9
3 changed files with 77 additions and 6 deletions

View file

@ -0,0 +1,28 @@
<?php
namespace App\Auth;
class AuthCookieSettings
{
public function __construct(
private bool $secure,
private ?string $domain,
private string $sameSite,
) {
}
public function isSecure(): bool
{
return $this->secure;
}
public function getDomain(): ?string
{
return $this->domain;
}
public function getSameSite(): string
{
return $this->sameSite;
}
}

View file

@ -2,6 +2,7 @@
namespace App\Controllers; namespace App\Controllers;
use App\Auth\AuthCookieSettings;
use App\Auth\UseCases\AuthenticateUser\AuthenticateUser; use App\Auth\UseCases\AuthenticateUser\AuthenticateUser;
use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest; use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest;
use App\Auth\UseCases\CreateSession\CreateSession; use App\Auth\UseCases\CreateSession\CreateSession;
@ -20,6 +21,7 @@ class AuthController
private AuthenticateUser $authenticateUser, private AuthenticateUser $authenticateUser,
private CreateSession $createSession, private CreateSession $createSession,
private Logout $logout, private Logout $logout,
private AuthCookieSettings $cookieSettings,
) { ) {
} }
@ -55,11 +57,11 @@ class AuthController
value: $session->getToken(), value: $session->getToken(),
expire: $session->getExpiresAt()->getTimestamp(), expire: $session->getExpiresAt()->getTimestamp(),
path: '/', path: '/',
domain: null, domain: $this->cookieSettings->getDomain(),
secure: false, secure: $this->cookieSettings->isSecure(),
httpOnly: true, httpOnly: true,
raw: false, raw: false,
sameSite: Cookie::SAMESITE_LAX, sameSite: $this->cookieSettings->getSameSite(),
)); ));
} }
@ -98,11 +100,11 @@ class AuthController
value: '', value: '',
expire: 1, expire: 1,
path: '/', path: '/',
domain: null, domain: $this->cookieSettings->getDomain(),
secure: false, secure: $this->cookieSettings->isSecure(),
httpOnly: true, httpOnly: true,
raw: false, raw: false,
sameSite: Cookie::SAMESITE_LAX, sameSite: $this->cookieSettings->getSameSite(),
)); ));
} }
} }

View file

@ -2,6 +2,7 @@
namespace App\Providers; namespace App\Providers;
use App\Auth\AuthCookieSettings;
use App\Auth\BcryptPasswordHasher; use App\Auth\BcryptPasswordHasher;
use App\Auth\Clock; use App\Auth\Clock;
use App\Auth\PasswordHasher; use App\Auth\PasswordHasher;
@ -32,5 +33,45 @@ class AppServiceProvider extends ServiceProvider
Filesystem::class, Filesystem::class,
LaravelFilesystem::class, LaravelFilesystem::class,
); );
$this->app->bind(
AuthCookieSettings::class,
function (): AuthCookieSettings {
$secureCookie = config('session.secure');
$sessionDomain = config('session.domain');
$sameSite = config('session.same_site');
return new AuthCookieSettings(
secure: $this->booleanConfig($secureCookie),
domain: $this->nullableStringConfig($sessionDomain),
sameSite: is_string($sameSite) ? $sameSite : 'lax',
);
}
);
}
private function booleanConfig(mixed $value): bool
{
if (is_bool($value)) {
return $value;
}
if (is_int($value)) {
return $value === 1;
}
if (is_string($value)) {
return in_array(strtolower($value), ['1', 'true'], true);
}
return false;
}
private function nullableStringConfig(mixed $value): ?string
{
if (! is_string($value) || trim($value) === '') {
return null;
}
return $value;
} }
} }