fix: add __HOST prefix to cookies (#175)

frontend/src/hooks.server.ts

@@ -1,4 +1,5 @@
 import { env } from '$env/dynamic/private';
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import type { Handle, HandleServerError } from '@sveltejs/kit';
 import { AxiosError } from 'axios';
 import jwt from 'jsonwebtoken';
@@ -9,7 +10,7 @@ import jwt from 'jsonwebtoken';
 process.env.INTERNAL_BACKEND_URL = env.INTERNAL_BACKEND_URL ?? 'http://localhost:8080';
 
 export const handle: Handle = async ({ event, resolve }) => {
-	const accessToken = event.cookies.get('access_token');
+	const accessToken = event.cookies.get(ACCESS_TOKEN_COOKIE_NAME);
 
 	let isSignedIn: boolean = false;
 	let isAdmin: boolean = false;

frontend/src/lib/constants.ts

@@ -0,0 +1,2 @@
+export const HTTPS_ENABLED = process.env.PUBLIC_APP_URL?.startsWith('https://') ?? false;
+export const ACCESS_TOKEN_COOKIE_NAME = HTTPS_ENABLED ? '__Host-access_token' : 'access_token';

frontend/src/routes/+layout.server.ts

@@ -1,10 +1,11 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import AppConfigService from '$lib/services/app-config-service';
 import UserService from '$lib/services/user-service';
 import type { LayoutServerLoad } from './$types';
 
 export const load: LayoutServerLoad = async ({ cookies }) => {
-	const userService = new UserService(cookies.get('access_token'));
-	const appConfigService = new AppConfigService(cookies.get('access_token'));
+	const userService = new UserService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
+	const appConfigService = new AppConfigService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 
 	const user = await userService
 		.getCurrent()

frontend/src/routes/authorize/+page.server.ts

@@ -1,9 +1,10 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import OidcService from '$lib/services/oidc-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ url, cookies }) => {
 	const clientId = url.searchParams.get('client_id');
-	const oidcService = new OidcService(cookies.get('access_token'));
+	const oidcService = new OidcService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 
 	const client = await oidcService.getClient(clientId!);
 

frontend/src/routes/settings/account/+page.server.ts

@@ -1,10 +1,11 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import UserService from '$lib/services/user-service';
 import WebAuthnService from '$lib/services/webauthn-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const webauthnService = new WebAuthnService(cookies.get('access_token'));
-	const userService = new UserService(cookies.get('access_token'));
+	const webauthnService = new WebAuthnService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
+	const userService = new UserService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const account = await userService.getCurrent();
 	const passkeys = await webauthnService.listCredentials();
 	return {

frontend/src/routes/settings/admin/application-configuration/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import AppConfigService from '$lib/services/app-config-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const appConfigService = new AppConfigService(cookies.get('access_token'));
+	const appConfigService = new AppConfigService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const appConfig = await appConfigService.list(true);
 	return { appConfig };
 };

frontend/src/routes/settings/admin/oidc-clients/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import OIDCService from '$lib/services/oidc-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const oidcService = new OIDCService(cookies.get('access_token'));
+	const oidcService = new OIDCService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const clients = await oidcService.listClients();
 	return clients;
 };

frontend/src/routes/settings/admin/oidc-clients/[id]/+page.server.ts

@@ -1,7 +1,8 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import OidcService from '$lib/services/oidc-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ params, cookies }) => {
-	const oidcService = new OidcService(cookies.get('access_token'));
+	const oidcService = new OidcService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	return await oidcService.getClient(params.id);
 };

frontend/src/routes/settings/admin/user-groups/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import UserGroupService from '$lib/services/user-group-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const userGroupService = new UserGroupService(cookies.get('access_token'));
+	const userGroupService = new UserGroupService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const userGroups = await userGroupService.list();
 	return userGroups;
 };

frontend/src/routes/settings/admin/user-groups/[id]/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import UserGroupService from '$lib/services/user-group-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ params, cookies }) => {
-	const userGroupService = new UserGroupService(cookies.get('access_token'));
+	const userGroupService = new UserGroupService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const userGroup = await userGroupService.get(params.id);
 
 	return { userGroup };

frontend/src/routes/settings/admin/users/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import UserService from '$lib/services/user-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const userService = new UserService(cookies.get('access_token'));
+	const userService = new UserService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const users = await userService.list();
 	return users;
 };

frontend/src/routes/settings/admin/users/[id]/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import UserService from '$lib/services/user-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ params, cookies }) => {
-	const userService = new UserService(cookies.get('access_token'));
+	const userService = new UserService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const user = await userService.get(params.id);
 	return user;
 };

frontend/src/routes/settings/audit-log/+page.server.ts

@@ -1,8 +1,9 @@
+import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import AuditLogService from '$lib/services/audit-log-service';
 import type { PageServerLoad } from './$types';
 
 export const load: PageServerLoad = async ({ cookies }) => {
-	const auditLogService = new AuditLogService(cookies.get('access_token'));
+	const auditLogService = new AuditLogService(cookies.get(ACCESS_TOKEN_COOKIE_NAME));
 	const auditLogs = await auditLogService.list({
 		sort: {
 			column: 'createdAt',