get access token from cookie instead of auth header

src/app.module.ts

@@ -1,4 +1,4 @@
-import { Module } from '@nestjs/common'
+import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common'
 import { JwtStrategy } from './modules/auth/strategies/jwt.strategy'
 import { ConfigModule } from './settings/config.module'
 import { AuthModule } from './modules/auth/auth.module'
@@ -10,6 +10,7 @@ import { JwtRefreshStrategy } from './modules/auth/strategies/jwt-refresh.strate
 import { CqrsModule } from '@nestjs/cqrs'
 import { DecksModule } from './modules/decks/decks.module'
 import { CardsModule } from './modules/cards/cards.module'
+import { LoggerMiddleware } from './infrastructure/middlewares/logs-middleware'
 
 @Module({
   imports: [
@@ -37,4 +38,8 @@ import { CardsModule } from './modules/cards/cards.module'
   providers: [JwtStrategy, JwtRefreshStrategy],
   exports: [CqrsModule],
 })
-export class AppModule {}
+export class AppModule implements NestModule {
+  configure(consumer: MiddlewareConsumer) {
+    // consumer.apply(LoggerMiddleware).forRoutes('*') // applies the middleware to all routes
+  }
+}

src/infrastructure/middlewares/logs-middleware.ts

@@ -0,0 +1,10 @@
+import { Injectable, NestMiddleware } from '@nestjs/common'
+import { Request, Response, NextFunction } from 'express'
+
+@Injectable()
+export class LoggerMiddleware implements NestMiddleware {
+  use(req: Request, res: Response, next: NextFunction) {
+    console.log('Received cookies:', JSON.stringify(req.cookies))
+    next()
+  }
+}

src/main.ts

@@ -8,6 +8,12 @@ import { pipesSetup } from './settings/pipes-setup'
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule)
+  app.enableCors({
+    origin: true,
+    credentials: true,
+  })
+  app.use(cookieParser())
+
   app.setGlobalPrefix('v1')
   const config = new DocumentBuilder()
     .setTitle('Flashcards')
@@ -18,7 +24,6 @@ async function bootstrap() {
   SwaggerModule.setup('docs', app, document)
   pipesSetup(app)
   app.useGlobalFilters(new HttpExceptionFilter())
-  app.use(cookieParser())
   await app.listen(process.env.PORT || 3000)
   const logger = new Logger('NestApplication')
   logger.log(`Application is running on: ${await app.getUrl()}`)

src/modules/auth/auth.controller.ts

@@ -48,8 +48,14 @@ export class AuthController {
     const userData = req.user.data
     res.cookie('refreshToken', userData.refreshToken, {
       httpOnly: true,
-      // secure: true,
+      sameSite: 'none',
       path: '/v1/auth/refresh-token',
+      secure: true,
+    })
+    res.cookie('accessToken', userData.accessToken, {
+      httpOnly: true,
+      sameSite: 'none',
+      secure: true,
     })
     return { accessToken: req.user.data.accessToken }
   }

src/modules/auth/strategies/jwt.strategy.ts

@@ -4,6 +4,7 @@ import { ExtractJwt, Strategy } from 'passport-jwt'
 import { AuthService } from '../auth.service'
 import { AppSettings } from '../../../settings/app-settings'
 import { UsersService } from '../../users/services/users.service'
+import { Request as RequestType } from 'express'
 
 @Injectable()
 export class JwtStrategy extends PassportStrategy(Strategy) {
@@ -13,7 +14,10 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     private userService: UsersService
   ) {
     super({
-      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      jwtFromRequest: ExtractJwt.fromExtractors([
+        JwtStrategy.extractJWT,
+        ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ]),
       ignoreExpiration: false,
       secretOrKey: appSettings.auth.ACCESS_JWT_SECRET_KEY,
     })
@@ -26,4 +30,11 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     }
     return user
   }
+
+  private static extractJWT(req: RequestType): string | null {
+    if (req.cookies && 'accessToken' in req.cookies && req.cookies.accessToken.length > 0) {
+      return req.cookies.accessToken
+    }
+    return null
+  }
 }