fixed tests and package vulnerabilities

2026-01-17 11:12:40 -05:00
parent cf97dffbfb
commit f58178a253
12 changed files with 4432 additions and 2412 deletions
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -149,16 +149,14 @@ router.post(
      // Set tokens as httpOnly cookies
      res.cookie("accessToken", token, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 15 * 60 * 1000, // 15 minutes
      });

      res.cookie("refreshToken", refreshToken, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days
      });
@@ -256,16 +254,14 @@ router.post(
      // Set tokens as httpOnly cookies
      res.cookie("accessToken", token, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 15 * 60 * 1000, // 15 minutes
      });

      res.cookie("refreshToken", refreshToken, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days
      });
@@ -438,16 +434,14 @@ router.post(
      // Set tokens as httpOnly cookies
      res.cookie("accessToken", token, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 15 * 60 * 1000,
      });

      res.cookie("refreshToken", refreshToken, {
        httpOnly: true,
-        secure:
-          process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+        secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
        sameSite: "strict",
        maxAge: 7 * 24 * 60 * 60 * 1000,
      });
@@ -748,7 +742,7 @@ router.post("/refresh", async (req, res) => {
    // Set new access token cookie
    res.cookie("accessToken", newAccessToken, {
      httpOnly: true,
-      secure: process.env.NODE_ENV === "prod" || process.env.NODE_ENV === "qa",
+      secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
      sameSite: "strict",
      maxAge: 15 * 60 * 1000,
    });