feat: change sameSite option to strict

frouriojs · Jun 3, 2024 · ef00799 · ef00799
1 parent 5bb2632
commit ef00799
Show file tree

Hide file tree

Showing 15 changed files with 573 additions and 251 deletions.
diff --git a/.github/workflows/deploy-client.yml b/.github/workflows/deploy-client.yml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -41,3 +41,4 @@ jobs:
           cp server/.env.example server/.env
           docker compose up -d
       - run: npm test
+      - run: npm run build
diff --git a/client/.env.example b/client/.env.example
@@ -1,3 +1,2 @@
 NEXT_PUBLIC_FIREBASE_CONFIG={}
-NEXT_PUBLIC_AUTH_EMULATOR_URL=http://localhost:9099
 NEXT_PUBLIC_GA_ID=
diff --git a/client/aspida.config.js b/client/aspida.config.js
diff --git a/client/next.config.js b/client/next.config.js
@@ -1,14 +1,24 @@
+require('dotenv').config({ path: '../server/.env' });
+
 /** @type {import('next').NextConfig} */
 module.exports = {
   reactStrictMode: true,
   pageExtensions: ['page.tsx'],
-  basePath:
-    process.env.GITHUB_REPOSITORY !== undefined
-      ? `/${process.env.GITHUB_REPOSITORY.split('/')[1]}`
-      : '',
-  output: 'export',
-  trailingSlash: true,
+  env: {
+    API_BASE_PATH: process.env.API_BASE_PATH,
+    FIREBASE_AUTH_EMULATOR_HOST: process.env.FIREBASE_AUTH_EMULATOR_HOST,
+  },
   transpilePackages: ['api', 'commonConstantsWithClient'],
   eslint: { ignoreDuringBuilds: true },
   typescript: { ignoreBuildErrors: true },
+  ...(process.env.NODE_ENV === 'development'
+    ? {
+        rewrites: async () => [
+          {
+            source: `${process.env.API_BASE_PATH}/:path*`,
+            destination: `http://localhost:31577${process.env.API_BASE_PATH}/:path*`,
+          },
+        ],
+      }
+    : { output: 'export' }),
 };
diff --git a/client/utils/apiClient.ts b/client/utils/apiClient.ts
@@ -2,4 +2,6 @@ import aspida from '@aspida/axios';
 import api from 'api/$api';
 import axios from 'axios';
 
-export const apiClient = api(aspida(axios.create({ withCredentials: true })));
+export const apiClient = api(
+  aspida(axios.create({ withCredentials: true }), { baseURL: process.env.API_BASE_PATH }),
+);
diff --git a/client/utils/firebase.ts b/client/utils/firebase.ts
@@ -5,10 +5,12 @@ import { connectAuthEmulator, getAuth } from 'firebase/auth';
 export const createAuth = () => {
   if (getApps().length > 0) return getAuth();
 
-  if (process.env.NEXT_PUBLIC_AUTH_EMULATOR_URL !== undefined) {
+  if (process.env.FIREBASE_AUTH_EMULATOR_HOST !== undefined) {
     // https://firebase.google.com/docs/emulator-suite/connect_auth
     const auth = getAuth(initializeApp({ apiKey: 'fake-api-key', authDomain: location.hostname }));
-    connectAuthEmulator(auth, process.env.NEXT_PUBLIC_AUTH_EMULATOR_URL, { disableWarnings: true });
+    connectAuthEmulator(auth, `http://${process.env.FIREBASE_AUTH_EMULATOR_HOST}`, {
+      disableWarnings: true,
+    });
 
     return auth;
   } else {

diff --git a/package.json b/package.json
@@ -6,6 +6,9 @@
     "dev": "run-p dev:*",
     "dev:client": "npm run dev --prefix client",
     "dev:server": "npm run dev --prefix server",
+    "build": "run-p build:*",
+    "build:client": "npm run build --prefix client",
+    "build:server": "npm run build --prefix server",
     "generate": "run-p generate:*",
     "generate:client": "npm run generate --prefix client",
     "generate:server": "npm run generate --prefix server",

diff --git a/server/.env.example b/server/.env.example
@@ -1,7 +1,5 @@
 PORT=31577
 API_BASE_PATH=/api
-API_ORIGIN=http://localhost:31577
-CORS_ORIGIN=http://localhost:3000
 FIREBASE_AUTH_EMULATOR_HOST=localhost:9099
 FIREBASE_SERVER_KEY={}
 S3_ENDPOINT=http://localhost:9000

diff --git a/server/api/session/controller.ts b/server/api/session/controller.ts
@@ -12,7 +12,7 @@ const options: CookieSerializeOptions = {
   httpOnly: true,
   secure: true,
   path: '/',
-  sameSite: 'none',
+  sameSite: 'strict',
 };
 
 export default defineController(() => ({

diff --git a/server/out b/server/out
@@ -0,0 +1 @@
+../client/out