OPTIONAL COMMIT: make non-oidc auth routes' cookie setting use event instead of manually setting headers, like what is done in refresh

Co-authored-by: Pranav Subramanian <pranav.subramanian@nasa.gov>
Co-authored-by: Jonathan Morton <jonathan.r.morton@nasa.gov>

Author: psubram3

src/routes/auth/changeRole/+server.ts

@@ -1,10 +1,11 @@
-import { base } from '$app/paths';
 import type { RequestHandler } from '@sveltejs/kit';
 import { json } from '@sveltejs/kit';
 import type { ChangeUserRoleRequestBody } from '../../../types/auth';
 
 export const POST: RequestHandler = async event => {
   const body: ChangeUserRoleRequestBody = await event.request.json();
   const { role } = body;
-  return json({ success: true }, { headers: { 'set-cookie': `activeRole=${role}; Path=${base}/` } });
+  event.cookies.set('activeRole', role, { httpOnly: false, path: '/' });
+
+  return json({ success: true });
 };

src/routes/auth/login/+server.ts

@@ -1,4 +1,3 @@
-import { base } from '$app/paths';
 import type { RequestHandler } from '@sveltejs/kit';
 import { json } from '@sveltejs/kit';
 import { jwtDecode } from 'jwt-decode';
@@ -21,10 +20,9 @@ export const POST: RequestHandler = async event => {
       const parsedUserToken: ParsedUserToken = jwtDecode(user.token);
       const defaultRole = parsedUserToken['https://hasura.io/jwt/claims']['x-hasura-default-role'];
 
-      return json(
-        { success: true, user },
-        { headers: { 'set-cookie': `activeRole=${defaultRole}; path=${base}/,user=${userCookie}; Path=${base}/` } },
-      );
+      event.cookies.set('activeRole', defaultRole, { httpOnly: false, path: '/' });
+      event.cookies.set('user', userCookie, { httpOnly: false, path: '/' });
+      return json({ success: true, user });
     } else {
       return json({ message, success: false });
     }

src/routes/auth/logout/+server.ts

@@ -1,21 +1,16 @@
 import { base } from '$app/paths';
+import { env } from '$env/dynamic/public';
 import type { RequestHandler } from '@sveltejs/kit';
 import { json } from '@sveltejs/kit';
 import { reqGatewayForwardCookies } from '../../../utilities/requests';
-import { env } from '$env/dynamic/public';
 
 export const POST: RequestHandler = async event => {
   const invalidated =
     env.PUBLIC_AUTH_SSO_ENABLED === 'true'
       ? await reqGatewayForwardCookies<boolean>('/auth/logoutSSO', event.request.headers.get('cookie') ?? '', base)
       : true;
 
-  return json(
-    { message: 'Logout successful', success: invalidated },
-    {
-      headers: {
-        'set-cookie': `activeRole=deleted; path=${base}/; expires=Thu, 01 Jan 1970 00:00:00 GMT,user=deleted; path=${base}/; expires=Thu, 01 Jan 1970 00:00:00 GMT`,
-      },
-    },
-  );
+  event.cookies.delete('activeRole', { path: '/' });
+  event.cookies.delete('user', { path: '/' });
+  return json({ message: 'Logout successful', success: invalidated });
 };