feat: add refresh token and auth token path option

Author: pvaneveld

packages/core/src/tokensource/cookies-base.test.ts

@@ -1,5 +1,5 @@
 import { parse, type SerializeOptions, serialize } from "cookie";
-import { describe, expect, it } from "vitest";
+import { describe, expect, it, } from "vitest";
 import {
 	type BaseCookieSourceOptions,
 	BaseCookieTokenSource,
@@ -13,7 +13,7 @@ import {
  * support multiple Set-Cookie headers, so we just 'join' them with a comma.
  */
 class TestAdapter implements CookieAdapter<Request, Response> {
-	constructor(private options: BaseCookieSourceOptions) {}
+	constructor(private options: BaseCookieSourceOptions<Request>) {}
 
 	getCookie(request: Request, name: string): string | undefined {
 		const header = request.headers.get("cookie");
@@ -55,7 +55,7 @@ class TestAdapter implements CookieAdapter<Request, Response> {
 class TestCookieTokenSource extends BaseCookieTokenSource<Request, Response> {
 	protected adapter: CookieAdapter<Request, Response>;
 
-	constructor(options: BaseCookieSourceOptions) {
+	constructor(options: BaseCookieSourceOptions<Request>) {
 		super(options);
 		this.adapter = new TestAdapter(options);
 	}
@@ -282,7 +282,7 @@ describe("CookieTokenSource", () => {
 		cookieTokenSource.deleteAccessToken(request, response);
 
 		const cookies = getCookies(response);
-		expect(cookies).toEqual([{ userToken: "" }, { guestToken: "" }]);
+		expect(cookies).toEqual([{ userToken: "", Path: "/" }, { guestToken: "", Path: "/" }]);
 	});
 
 	// Test for deleting refresh tokens
@@ -305,8 +305,8 @@ describe("CookieTokenSource", () => {
 		const cookies = getCookies(response);
 		expect(cookies).toEqual([
 			{ refreshToken: "", Path: "/refresh" },
-			{ guestRefreshTokenExists: "" },
-			{ userRefreshTokenExists: "" },
+			{ guestRefreshTokenExists: "" , Path: "/"},
+			{ userRefreshTokenExists: "" , Path: "/"},
 		]);
 	});
 
@@ -330,4 +330,31 @@ describe("CookieTokenSource", () => {
 		const cookies = getCookies(response);
 		expect(cookies).toEqual([{ refreshToken: "", Path: "/refresh" }]);
 	});
+
+	it("should get the refresh path from the refresh path function", () => {
+		const request: Request = new Request("http://localhost");
+
+		const cookieTokenSource = new TestCookieTokenSource({
+			secure: true,
+			sameSite: "strict",
+			refreshTokenPath: () => "/refresh",
+		});
+
+		const result = cookieTokenSource["_getRefreshTokenPath"](request);
+		expect(result).toBe("/refresh");
+	});
+
+	it("should get the cookiePath from the cookiePath function", () => {
+		const request: Request = new Request("http://localhost");
+
+		const cookieTokenSource = new TestCookieTokenSource({
+			secure: true,
+			sameSite: "strict",
+			refreshTokenPath: "/refresh",
+			cookiePathFn: () => "/cookie",
+		});
+
+		const result = cookieTokenSource["options"].cookiePathFn?.(request);
+		expect(result).toBe("/cookie");
+	});
 });

packages/core/src/tokensource/cookies-base.ts

@@ -63,14 +63,15 @@ type CookieSettings = {
 	expiresIn: number | "session";
 };
 
-export type BaseCookieSourceOptions = {
+export type BaseCookieSourceOptions<TRequest> = {
 	secure: boolean;
 	sameSite: "strict" | "lax" | "none" | boolean;
-	refreshTokenPath: string;
+	refreshTokenPath: string | ((request: TRequest) => string | undefined);
 	cookieNames?: Partial<CookieNames>;
 	guestToken?: CookieSettings;
 	userToken?: CookieSettings;
 	refreshToken?: CookieSettings;
+	cookiePathFn?: (request: TRequest) => string | undefined;
 };
 
 export abstract class BaseCookieTokenSource<TRequest, TResponse>
@@ -79,7 +80,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 	protected cookieNames: CookieNames;
 	protected abstract adapter: CookieAdapter<TRequest, TResponse>;
 
-	constructor(protected options: BaseCookieSourceOptions) {
+	constructor(protected options: BaseCookieSourceOptions<TRequest>) {
 		this.cookieNames = {
 			...DEFAULT_COOKIE_NAMES,
 			...(options.cookieNames ?? {}),
@@ -96,7 +97,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 
 	deleteRefreshToken(request: TRequest, response: TResponse): void {
 		this.adapter.clearCookie(request, response, this.cookieNames.refreshToken, {
-			path: this.options.refreshTokenPath,
+			path: this._getRefreshTokenPath(request),
 			domain: this.adapter.getPrivateDomain(request),
 		});
 
@@ -128,6 +129,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 		if (this.adapter.getCookie(request, name)) {
 			this.adapter.clearCookie(request, response, name, {
 				domain: this.adapter.getPublicDomain(request),
+				path: this.options.cookiePathFn?.(request) ?? "/",
 			});
 		}
 	}
@@ -140,6 +142,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 		if (this.adapter.getCookie(request, name)) {
 			this.adapter.clearCookie(request, response, name, {
 				domain: this.adapter.getPublicDomain(request),
+				path: this.options.cookiePathFn?.(request) ?? "/",
 			});
 		}
 	}
@@ -180,7 +183,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 				opts.expiresIn === "session"
 					? undefined
 					: new Date(Date.now() + opts.expiresIn * 1000),
-			path: "/",
+			path: this.options.cookiePathFn?.(request) ?? "/",
 		};
 
 		if (isAuthenticated) {
@@ -189,7 +192,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 				response,
 				this.cookieNames.userData,
 				token,
-				cookieOptions,
+				cookieOptions
 			);
 			this.deleteAccessTokenByName(
 				request,
@@ -244,7 +247,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 				opts.expiresIn === "session"
 					? undefined
 					: new Date(Date.now() + opts.expiresIn * 1000),
-			path: "/",
+			path: this.options.cookiePathFn?.(request) ?? "/",
 		};
 
 		if (isAuthenticated) {
@@ -299,7 +302,7 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 			{
 				...cookieOptions,
 				httpOnly: true,
-				path: this.options.refreshTokenPath,
+				path: this._getRefreshTokenPath(request),
 			},
 		);
 
@@ -331,4 +334,9 @@ export abstract class BaseCookieTokenSource<TRequest, TResponse>
 			);
 		}
 	}
+
+	private _getRefreshTokenPath(req: TRequest): string | undefined {
+		const path = this.options.refreshTokenPath;
+		return typeof path === "function" ? path(req) : path;
+	}
 }

packages/express-adapter/src/cookies.ts

@@ -5,9 +5,11 @@ import {
 } from "@labdigital/federated-token/tokensource";
 import type { CookieOptions, Request, Response } from "express";
 
-type ExpressCookieSourceOptions = BaseCookieSourceOptions & {
+type ExpressCookieSourceOptions = BaseCookieSourceOptions<Request> & {
+	refreshTokenPath: string | ((request: Request) => string | undefined);
 	publicDomainFn?: (request: Request) => string | undefined;
 	privateDomainFn?: (request: Request) => string | undefined;
+	cookiePathFn?: (request: Request) => string | undefined;
 };
 
 class ExpressCookieAdapter implements CookieAdapter<Request, Response> {

packages/fastify-adapter/src/cookies.test.ts

@@ -1,6 +1,6 @@
 import type { CookieSerializeOptions } from "@fastify/cookie";
 import type { FastifyReply, FastifyRequest } from "fastify";
-import { describe, expect, it } from "vitest";
+import { describe, expect, it, } from "vitest";
 import { CookieTokenSource } from "./cookies";
 
 type CookieValue = {

packages/fastify-adapter/src/cookies.ts

@@ -6,9 +6,11 @@ import {
 } from "@labdigital/federated-token/tokensource";
 import type { FastifyReply, FastifyRequest } from "fastify";
 
-type FastifyCookieSourceOptions = BaseCookieSourceOptions & {
+type FastifyCookieSourceOptions = BaseCookieSourceOptions<FastifyRequest> & {
+	refreshTokenPath: string | ((request: Request) => string | undefined);
 	publicDomainFn?: (request: FastifyRequest) => string | undefined;
 	privateDomainFn?: (request: FastifyRequest) => string | undefined;
+	cookiePathFn?: (request: Request) => string | undefined;
 };
 
 class FastifyCookieAdapter