From ad23104700e4bdffce61c7d4aa1b954036f0a056 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 26 Mar 2024 11:04:15 -0400
Subject: [PATCH] fix: send, echo, and remove a copy of the cookie without the
 domain to try and work better with localhost

---
 account/jwt.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/account/jwt.go b/account/jwt.go
index b92d0e2..e0fceb2 100644
--- a/account/jwt.go
+++ b/account/jwt.go
@@ -120,6 +120,14 @@ func SetAuthCookie(jc jape.Context, c *config.Manager, jwt string) {
 			Path:     "/",
 			Domain:   c.Config().Core.Domain,
 		})
+		http.SetCookie(jc.ResponseWriter, &http.Cookie{
+			Name:     routeableApi.AuthTokenName(),
+			Value:    jwt,
+			MaxAge:   int((24 * time.Hour).Seconds()),
+			Secure:   true,
+			HttpOnly: true,
+			Path:     "/",
+		})
 	}
 }
 
@@ -159,6 +167,14 @@ func EchoAuthCookie(jc jape.Context, config *config.Manager) {
 			Path:     "/",
 			Domain:   config.Config().Core.Domain,
 		})
+		http.SetCookie(jc.ResponseWriter, &http.Cookie{
+			Name:     cookies[0].Name,
+			Value:    cookies[0].Value,
+			MaxAge:   int(exp.Time.Sub(time.Now()).Seconds()),
+			Secure:   true,
+			HttpOnly: true,
+			Path:     "/",
+		})
 	}
 }
 
@@ -183,5 +199,14 @@ func ClearAuthCookie(jc jape.Context, config *config.Manager) {
 			Path:     "/",
 			Domain:   config.Config().Core.Domain,
 		})
+		http.SetCookie(jc.ResponseWriter, &http.Cookie{
+			Name:     routeableApi.AuthTokenName(),
+			Value:    "",
+			Expires:  time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
+			MaxAge:   -1,
+			Secure:   true,
+			HttpOnly: true,
+			Path:     "/",
+		})
 	}
 }