feat: allow the sdk to optionally send cookies with the request to custom domains

TICKET: BG-59381

Author: vitalir-bg

modules/bitgo/test/unit/local.ts

@@ -43,6 +43,50 @@ describe('Constructor', function () {
     bitgo.should.have.property('decrypt');
     bitgo.should.have.property('_validate');
   });
+
+  describe('cookiesPropagationEnabled argument', function () {
+    it('fail to instantiate with invalid combinations of arguments', function() {
+      (() => {
+        new BitGoJS.BitGo({ env: 'testnet', cookiesPropagationEnabled: true } as any);
+      }).should.throw(/Cookies are only allowed when custom URIs are in use/);
+      (() => {
+        new BitGoJS.BitGo({ env: 'custom', customRootURI: 'https://app.bitgo.com', cookiesPropagationEnabled: true } as any);
+      }).should.throw(/Cookies are only allowed when custom URIs are in use/);
+    });
+
+    it('cookiesPropagationEnabled is enabled explicitly', function() {
+      const bitgo = new BitGoJS.BitGo({
+        env: 'custom',
+        customRootURI: 'https://app.example.local',
+        cookiesPropagationEnabled: true,
+      });
+
+      bitgo.should.have.property('cookiesPropagationEnabled');
+      bitgo.cookiesPropagationEnabled.should.equal(true);
+    });
+
+    it('cookiesPropagationEnabled is disabled explicitly', function() {
+      const bitgo = new BitGoJS.BitGo({
+        env: 'custom',
+        customRootURI: 'https://app.example.local',
+        cookiesPropagationEnabled: false,
+      });
+
+      bitgo.should.have.property('cookiesPropagationEnabled');
+      bitgo.cookiesPropagationEnabled.should.equal(false);
+    });
+
+    it('cookiesPropagationEnabled is disabled by default', function() {
+      const bitgo = new BitGoJS.BitGo({
+        env: 'custom',
+        customRootURI: 'https://app.example.local',
+      });
+
+      bitgo.should.have.property('cookiesPropagationEnabled');
+      bitgo.cookiesPropagationEnabled.should.equal(false);
+    });
+  });
+
 });
 
 describe('BitGo environment', function () {

modules/sdk-api/src/bitgoAPI.ts

@@ -26,6 +26,7 @@ import {
   defaultConstants,
   EncryptOptions,
   EnvironmentName,
+  Environments,
   getAddressP2PKH,
   getSharedSecret,
   GetSharingKeyOptions,
@@ -128,8 +129,10 @@ export class BitGoAPI implements BitGoBase {
   protected readonly _clientId?: string;
   protected readonly _clientSecret?: string;
   protected _validate: boolean;
+  public readonly cookiesPropagationEnabled: boolean;
 
   constructor(params: BitGoAPIOptions = {}) {
+    this.cookiesPropagationEnabled = false;
     if (
       !common.validateParams(
         params,
@@ -183,10 +186,23 @@ export class BitGoAPI implements BitGoBase {
       if (params.stellarFederationServerUrl) {
         common.Environments[env].stellarFederationServerUrl = params.stellarFederationServerUrl;
       }
+      if (
+        params.customRootURI &&
+        params.customRootURI !== Environments.prod.uri &&
+        params.customRootURI !== Environments.test.uri &&
+        params.cookiesPropagationEnabled
+      ) {
+        this.cookiesPropagationEnabled = true;
+      }
     } else {
       env = params.env || (process.env.BITGO_ENV as EnvironmentName);
     }
 
+    // if this hasn't been set to true already some conditions are not met
+    if (params.cookiesPropagationEnabled && !this.cookiesPropagationEnabled) {
+      throw new Error('Cookies are only allowed when custom URIs are in use');
+    }
+
     if (params.authVersion !== undefined) {
       this._authVersion = params.authVersion;
     }
@@ -275,6 +291,18 @@ export class BitGoAPI implements BitGoBase {
     });
   }
 
+  /**
+   * Get a superagent request for specified http method and URL configured to the SDK configuration
+   * @param method - http method for the new request
+   * @param url - URL for the new request
+   */
+  protected getAgentRequest(method: typeof patchedRequestMethods[number], url: string): superagent.SuperAgentRequest {
+    let req: superagent.SuperAgentRequest = superagent[method](url);
+    if (this.cookiesPropagationEnabled) {
+      req = req.withCredentials();
+    }
+    return req;
+  }
   /**
    * Create a basecoin object
    * @param name
@@ -303,7 +331,7 @@ export class BitGoAPI implements BitGoBase {
    * @param method
    */
   private requestPatch(method: typeof patchedRequestMethods[number], url: string) {
-    let req: superagent.SuperAgentRequest = superagent[method](url);
+    let req = this.getAgentRequest(method, url);
     if (this._proxy) {
       debug('proxying request through %s', this._proxy);
       req = req.proxy(this._proxy);
@@ -536,7 +564,7 @@ export class BitGoAPI implements BitGoBase {
     // client constants call cannot be authenticated using the normal HMAC validation
     // scheme, so we need to use a raw superagent instance to do this request.
     // Proxy settings must still be respected however
-    const resultPromise = superagent.get(this.url('/client/constants'));
+    const resultPromise = this.getAgentRequest('get', this.url('/client/constants'));
     resultPromise.set('BitGo-SDK-Version', this._version);
     const result = await (this._proxy ? resultPromise.proxy(this._proxy) : resultPromise);
     BitGoAPI._constants[env] = result.body.constants;

modules/sdk-api/src/types.ts

@@ -20,6 +20,7 @@ export interface BitGoAPIOptions {
   useProduction?: boolean;
   userAgent?: string;
   validate?: boolean;
+  cookiesPropagationEnabled?: boolean;
 }
 
 export interface AccessTokenOptions {