From 2a2483d0eee9ac4852a26b123f5d39a8fc9a8ca4 Mon Sep 17 00:00:00 2001
From: ogabrielluiz <gabriel@langflow.org>
Date: Tue, 28 May 2024 21:45:29 -0300
Subject: [PATCH] chore: Add domain attribute to cookies in login.py and
 auth.py

---
 src/backend/base/langflow/api/v1/login.py           | 5 +++++
 src/backend/base/langflow/services/settings/auth.py | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/src/backend/base/langflow/api/v1/login.py b/src/backend/base/langflow/api/v1/login.py
index 69a1d5876..3851bbd2d 100644
--- a/src/backend/base/langflow/api/v1/login.py
+++ b/src/backend/base/langflow/api/v1/login.py
@@ -46,6 +46,7 @@ async def login_to_get_access_token(
             samesite=auth_settings.REFRESH_SAME_SITE,
             secure=auth_settings.REFRESH_SECURE,
             expires=auth_settings.REFRESH_TOKEN_EXPIRE_SECONDS,
+            domain=auth_settings.COOKIE_DOMAIN,
         )
         response.set_cookie(
             "access_token_lf",
@@ -54,6 +55,7 @@ async def login_to_get_access_token(
             samesite=auth_settings.ACCESS_SAME_SITE,
             secure=auth_settings.ACCESS_SECURE,
             expires=auth_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
+            domain=auth_settings.COOKIE_DOMAIN,
         )
         variable_service.initialize_user_variables(user.id, db)
         # Create default folder for user if it doesn't exist
@@ -84,6 +86,7 @@ async def auto_login(
             samesite=auth_settings.ACCESS_SAME_SITE,
             secure=auth_settings.ACCESS_SECURE,
             expires=None,  # Set to None to make it a session cookie
+            domain=auth_settings.COOKIE_DOMAIN,
         )
         variable_service.initialize_user_variables(user_id, db)
         create_default_folder_if_it_doesnt_exist(db, user_id)
@@ -117,6 +120,7 @@ async def refresh_token(
             samesite=auth_settings.REFRESH_SAME_SITE,
             secure=auth_settings.REFRESH_SECURE,
             expires=auth_settings.REFRESH_TOKEN_EXPIRE_SECONDS,
+            domain=auth_settings.COOKIE_DOMAIN,
         )
         response.set_cookie(
             "access_token_lf",
@@ -125,6 +129,7 @@ async def refresh_token(
             samesite=auth_settings.ACCESS_SAME_SITE,
             secure=auth_settings.ACCESS_SECURE,
             expires=auth_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
+            domain=auth_settings.COOKIE_DOMAIN,
         )
         return tokens
     else:
diff --git a/src/backend/base/langflow/services/settings/auth.py b/src/backend/base/langflow/services/settings/auth.py
index 0ea3c237e..8e321ed19 100644
--- a/src/backend/base/langflow/services/settings/auth.py
+++ b/src/backend/base/langflow/services/settings/auth.py
@@ -47,6 +47,9 @@ class AuthSettings(BaseSettings):
     ACCESS_HTTPONLY: bool = False
     """The HttpOnly attribute of the access token cookie."""
 
+    COOKIE_DOMAIN: str | None = None
+    """The domain attribute of the cookies. If None, the domain is not set."""
+
     pwd_context: CryptContext = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
     class Config: