From 1a2cb935401443bec8b4f9c9a99566942ed87b90 Mon Sep 17 00:00:00 2001
From: Asara <amarpreet@minhas.io>
Date: Sat, 5 Oct 2019 21:22:56 -0400
Subject: [PATCH] Add basic token split

---
 main.go               | 6 +++++-
 packages/auth/auth.go | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 71c5f49..4b048bb 100644
--- a/main.go
+++ b/main.go
@@ -55,7 +55,11 @@ func Routes() *chi.Mux {
 	// enable cors testing
 	// LOCK THIS DOWN FOR PRODUCTION
 	cors := cors.New(cors.Options{
-		AllowedOrigins: []string{"*"},
+		AllowedOrigins:   []string{"*"},
+		AllowedMethods:   []string{"GET", "POST"},
+		ExposedHeaders:   []string{"Link"},
+		AllowCredentials: true,
+		MaxAge:           360,
 	})
 
 	router.Use(
diff --git a/packages/auth/auth.go b/packages/auth/auth.go
index 1f88f6b..5b0a15b 100644
--- a/packages/auth/auth.go
+++ b/packages/auth/auth.go
@@ -171,9 +171,9 @@ func refresh(w http.ResponseWriter, r *http.Request) {
 
 func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {
 	splitToken := strings.Split(jwt, ".")
-	dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/"}
+	dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: "sudosci.test", MaxAge: 360, Secure: false}
 	http.SetCookie(w, &dataCookie)
-	signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/"}
+	signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: "sudosci.test", MaxAge: 360, Secure: false}
 	http.SetCookie(w, &signatureCookie)
 	return strings.Join(splitToken[:2], ".")
 }