feat(auth): allow customizing cookie options

posva · posva · commit 3a18102b1939 · 2023-12-01T12:08:40.000+01:00
Close #1458
diff --git a/packages/nuxt/src/module.ts b/packages/nuxt/src/module.ts
@@ -84,9 +84,12 @@ export default defineNuxtModule<VueFireNuxtModuleOptions>({
     nuxt.options.runtimeConfig.public.vuefire.config = _options.config
     nuxt.options.runtimeConfig.public.vuefire.appCheck = options.appCheck
 
+    // server only options
     nuxt.options.runtimeConfig.vuefire ??= {}
     markRaw(nuxt.options.runtimeConfig.vuefire)
     nuxt.options.runtimeConfig.vuefire.admin ??= options.admin
+    // allows getting the session cookie options
+    nuxt.options.runtimeConfig.vuefire.auth ??= options.auth
 
     // configure transpilation
     const { resolve } = createResolver(import.meta.url)
@@ -173,8 +176,6 @@ export default defineNuxtModule<VueFireNuxtModuleOptions>({
     addPluginTemplate({
       src: normalize(resolve(templatesDir, 'plugin.ejs')),
       options: {
-        // FIXME: not needed
-        ...options,
         ssr: nuxt.options.ssr,
       },
     })
@@ -384,6 +385,12 @@ interface VueFireRuntimeConfig {
      * @internal
      */
     admin?: VueFireNuxtModuleOptionsResolved['admin']
+
+    /**
+     * Authentication options.
+     * @internal
+     */
+    auth?: VueFireNuxtModuleOptionsResolved['auth']
   }
 }
 
diff --git a/packages/nuxt/src/module/options.ts b/packages/nuxt/src/module/options.ts
@@ -71,7 +71,30 @@ export interface VueFireNuxtModuleOptions {
          * permissions on your Google Cloud project. You can find more information about what happens behind the scenes
          * in Firebase docs: [Manage Session Cookies](https://firebase.google.com/docs/auth/admin/manage-cookies).
          */
-        sessionCookie?: boolean
+        sessionCookie?:
+          | boolean
+          | {
+              /**
+               * maxAge property of the cookie. Defaults to 5 days.
+               */
+              maxAge?: number
+              /**
+               * Whether to use a secure cookie. Defaults to `true`.
+               */
+              secure?: boolean
+              /**
+               * Whether to use a httpOnly cookie. Defaults to `true`.
+               */
+              httpOnly?: boolean
+              /**
+               * The path of the cookie. Defaults to `/`.
+               */
+              path: string
+              /**
+               * The sameSite property of the cookie. Defaults to `lax`.
+               */
+              sameSite: 'lax' | 'strict' | 'none'
+            }
       } & VueFireNuxtAuthDependencies)
 
   /**
diff --git a/packages/nuxt/src/runtime/auth/api.session-verification.ts b/packages/nuxt/src/runtime/auth/api.session-verification.ts
@@ -49,6 +49,10 @@ export default defineEventHandler(async (event) => {
           httpOnly: true,
           path: '/',
           sameSite: 'lax',
+          // add user overrides
+          ...(typeof runtimeConfig.vuefire?.auth?.sessionCookie === 'object'
+            ? runtimeConfig.vuefire?.auth?.sessionCookie
+            : {}),
         })
         setResponseStatus(event, 201)
         return ''
