fix: CORS header and made cookie cache the samesite and domain value

Author: jbriones1

src/auth/urls.py

@@ -12,7 +12,7 @@
 import database
 from auth import crud
 from auth.models import LoginBodyModel
-from constants import IS_PROD
+from constants import DOMAIN, IS_PROD, SAMESITE
 from utils.shared_models import DetailModel
 
 _logger = logging.getLogger(__name__)
@@ -40,7 +40,7 @@ def generate_session_id_b64(num_bytes: int) -> str:
     "/login",
     description="Create a login session.",
     response_description="Successfully validated with SFU's CAS",
-    response_model=None,
+    response_model=str,
     responses={
         307: { "description": "Successful validation, with redirect" },
         400: { "description": "Origin is missing.", "model": DetailModel },
@@ -87,8 +87,8 @@ async def login_user(
             value=session_id,
             secure=IS_PROD,
             httponly=True,
-            samesite=None if IS_PROD else "lax",
-            domain=".sfucsss.org" if IS_PROD else None
+            samesite=SAMESITE,
+            domain=DOMAIN
         )  # this overwrites any past, possibly invalid, session_id
         return response
 

src/constants.py

@@ -26,3 +26,7 @@
 
 # https://docs.github.com/en/enterprise-server@3.10/admin/identity-and-access-management/iam-configuration-reference/username-considerations-for-external-authentication
 GITHUB_USERNAME_LEN = 39
+
+# COOKIE
+SAMESITE=None if IS_PROD else "lax"
+DOMAIN=".sfucsss.org" if IS_PROD else None

src/main.py

@@ -20,7 +20,7 @@
 if not IS_PROD:
     print("Running local environment")
     origins = [
-        "http://localhost:*", # default Angular
+        "http://localhost:4200", # default Angular
         "http://localhost:8080", # for existing applications/sites
     ]
     app = FastAPI(