From bb52e1bee3dc0ee2da3b14f70ac97286a51450ad Mon Sep 17 00:00:00 2001
From: Hayden Hargreaves <hhargreaves2006@gmail.com>
Date: Fri, 9 Jan 2026 10:07:55 -0700
Subject: [PATCH] (FIX): Dev environemnt fixes in the backend

---
 internal/app/server/cookies.go | 55 ++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 15 deletions(-)

diff --git a/internal/app/server/cookies.go b/internal/app/server/cookies.go
index 78ac8f6..4201ba9 100644
--- a/internal/app/server/cookies.go
+++ b/internal/app/server/cookies.go
@@ -21,8 +21,6 @@ func (s *Server) SetCookie(ctx *gin.Context, name, value string, duration time.D
 		path     string = "/"
 		httpOnly bool   = false // NOTE: Should use false so React can see it!
 		maxAge   int
-		secure   bool   = true
-		domain   string = ""
 	)
 
 	if duration < 0 {
@@ -36,19 +34,46 @@ func (s *Server) SetCookie(ctx *gin.Context, name, value string, duration time.D
 		maxAge = int(time.Until(time.Now().Add(duration)).Seconds())
 	}
 
-	// TODO: This whole system is stupid now
-	if s.deps.EnvironmentConfig.Environment == "prod" {
-		secure = true
-		// domain = "potion.gophernest"
-		// domain = s.deps.EnvironmentConfig.Domain
-		domain = ".gophernest.net"
-
-	} else if s.deps.EnvironmentConfig.Environment == "dev" {
-		secure = false
-		// domain = s.deps.EnvironmentConfig.Domain
-		domain = "localhost"
+	switch s.deps.EnvironmentConfig.Environment {
+	case "prod":
+		// Cross-site between subdomains, HTTPS only
+		ctx.SetSameSite(http.SameSiteNoneMode)
+		ctx.SetCookie(
+			name,
+			value,
+			maxAge,
+			path,
+			".gophernest.net", // or your backend domain / parent
+			true,              // secure
+			httpOnly,
+		)
+	case "dev":
+		// Local dev on http://localhost:PORT
+		ctx.SetSameSite(http.SameSiteLaxMode)
+		ctx.SetCookie(
+			name,
+			value,
+			maxAge,
+			path,
+			"",    // no Domain → default to current host
+			false, // not secure on plain HTTP
+			httpOnly,
+		)
 	}
 
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetCookie(name, value, maxAge, path, domain, secure, httpOnly)
+	// TODO: This whole system is stupid now
+	// if s.deps.EnvironmentConfig.Environment == "prod" {
+	// 	secure = true
+	// 	// domain = "potion.gophernest"
+	// 	// domain = s.deps.EnvironmentConfig.Domain
+	// 	domain = ".gophernest.net"
+	//
+	// } else if s.deps.EnvironmentConfig.Environment == "dev" {
+	// 	secure = false
+	// 	// domain = s.deps.EnvironmentConfig.Domain
+	// 	domain = "localhost"
+	// }
+	//
+	// ctx.SetSameSite(http.SameSiteNoneMode)
+	// ctx.SetCookie(name, value, maxAge, path, domain, secure, httpOnly)
 }