From dde1c37f85d1c2630d807404785c703d9c3727ad Mon Sep 17 00:00:00 2001
From: baozhoutao <baozhoutao@hotoa.com>
Date: Fri, 2 Aug 2024 11:37:15 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E6=94=AF=E6=8C=81=E8=AE=BE=E7=BD=AEauth?=
 =?UTF-8?q?=20cookies=20sameSite=20#6949?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/utils/src/cookies.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/packages/utils/src/cookies.ts b/packages/utils/src/cookies.ts
index 07797392d3..2c3bf55195 100644
--- a/packages/utils/src/cookies.ts
+++ b/packages/utils/src/cookies.ts
@@ -1,7 +1,8 @@
 const Cookies = require('cookies');
 const psl = require('psl');
 
-const useSubdomainCookies = process.env.STEEDOS_AUTH_USE_SUBDOMAIN_COOKIES === 'true';
+const useSubdomainCookies = process.env.STEEDOS_AUTH_COOKIES_USE_SUBDOMAIN === 'true';
+const sameSite = process.env.STEEDOS_AUTH_COOKIES_USE_SAMESITE || null;
 
 // 从请求的 Host 头中提取二级域名部分
 function getSubdomain(host) {
@@ -19,6 +20,11 @@ export function setCookie(req, res, name, value, options = {domain: null, maxAge
     const domain = getSubdomain(host);
     options.domain = `.${domain}`; // 动态设置二级域名
   }
+
+  if(sameSite){
+    (options as any).sameSite = sameSite;
+  }
+
   cookies.set(name, value, options);
 }
 
@@ -29,6 +35,11 @@ export function clearCookie(req, res, name, options = {domain: null, maxAge: 0,
     const domain = getSubdomain(host);
     options.domain = `.${domain}`; // 动态设置二级域名
   }
+
+  if(sameSite){
+    (options as any).sameSite = sameSite;
+  }
+
   options.maxAge = 0; // 通过将 maxAge 设置为 0 来清除 cookie
   cookies.set(name, null, options);
 }
\ No newline at end of file