refactor: Improve cookie security and centralized utility

[Cristhianzl]

This pull request introduces a utility function to standardize cookie settings and updates the codebase to use it, along with minor improvements to code formatting and type definitions. The most important changes are grouped below:

Cookie Handling Updates:

• Added a new utility function, setCookieWithOptions, in src/utils/utils.ts to centralize and standardize cookie options (path, secure, sameSite).
• Updated cookie-setting logic in src/contexts/authContext.tsx and src/controllers/API/queries/auth/use-post-refresh-access.ts to use setCookieWithOptions for consistency. [1] [2]

Type and Interface Enhancements:

• Modified the CookieOptions interface in src/utils/utils.ts to include a new httpOnly property and updated the sameSite property to use lowercase values for better compatibility.

Code Formatting:

• Improved readability of the brokenEdgeMessage function in src/utils/utils.ts by reformatting a complex string template.

Summary by CodeRabbit

• Refactor
  • Improved cookie handling by centralizing cookie option configuration, ensuring consistent and secure settings across authentication features.
  • Enhanced code readability and maintainability for cookie-related utilities.
• Style
  • Reformatted certain messages for improved readability.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes centralize and standardize cookie option configuration in the frontend codebase by introducing a utility function, setCookieWithOptions, and updating cookie-setting logic to use this function. The CookieOptions interface is updated for consistency, and minor code formatting improvements are made for readability.

Changes

Cohort / File(s)	Change Summary
Auth Context Cookie Setting src/frontend/src/contexts/authContext.tsx	Replaced hardcoded cookie options with the setCookieWithOptions utility when setting authentication-related cookies in the login flow.
Refresh Token Cookie Handling src/frontend/src/controllers/API/queries/auth/use-post-refresh-access.ts	Updated refresh token cookie setting to use setCookieWithOptions utility instead of hardcoded options.
Cookie Options Utility & Formatting src/frontend/src/utils/utils.ts	Added setCookieWithOptions utility, updated CookieOptions interface (sameSite type, added httpOnly), and reformatted a function.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cz/improve-cookie

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[deon-sanchez]

Great job Cris

[mfortman11]

Let's add a unit test around the util functions

[mfortman11]

if you're going to name this setCookieWithOptions and make it a function can you have it perform the whole cookie.set operation? Otherwise feels like this should be a constant or be called getCookieOptions

[Cristhianzl]

hey @mfortman11 could you please check again.
I changed the approach.

[mfortman11]

Small comment to fix

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	3% (754/25083)	1.37% (262/19090)	1.16% (63/5405)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
146	0 💤	0 ❌	0 🔥	4.841s ⏱️

[codecov]

Codecov Report

❌ Patch coverage is 47.36842% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.92%. Comparing base (c807c3a) to head (a23378b).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
src/frontend/src/contexts/authContext.tsx	0.00%	7 Missing ⚠️
src/frontend/src/utils/utils.ts	57.14%	3 Missing ⚠️

❌ Your project status has failed because the head coverage (2.69%) is below the target coverage (10.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9240      +/-   ##
==========================================
+ Coverage   32.61%   34.92%   +2.31%     
==========================================
  Files        1193     1431     +238     
  Lines       56001    66817   +10816     
  Branches     5278     5279       +1     
==========================================
+ Hits        18264    23338    +5074     
- Misses      37687    43419    +5732     
- Partials       50       60      +10     

Flag	Coverage Δ
frontend	2.69% <47.36%> (+1.48%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...rc/controllers/API/queries/auth/use-post-logout.ts	100.00% <100.00%> (+100.00%)	⬆️
...ollers/API/queries/auth/use-post-refresh-access.ts	94.44% <100.00%> (+94.44%)	⬆️
src/frontend/src/stores/authStore.ts	94.44% <100.00%> (+94.44%)	⬆️
src/frontend/src/utils/utils.ts	16.21% <57.14%> (+16.21%)	⬆️
src/frontend/src/contexts/authContext.tsx	0.00% <0.00%> (ø)

... and 249 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate failed

Failed conditions
17.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud