Cherry pick cookie changes from v2.x

packages/api/src/express/index.ts

@@ -31,6 +31,8 @@ const {
   UNCHAINED_COOKIE_NAME = 'unchained_token',
   UNCHAINED_COOKIE_PATH = '/',
   UNCHAINED_COOKIE_DOMAIN,
+  UNCHAINED_COOKIE_SAMESITE,
+  UNCHAINED_COOKIE_INSECURE,
 } = process.env;
 
 const addContext = async function middlewareWithContext(
@@ -119,6 +121,18 @@ export const connect = (
 ) => {
   const passport = setupPassport(unchainedAPI);
 
+  const name = UNCHAINED_COOKIE_NAME;
+  const domain = UNCHAINED_COOKIE_DOMAIN;
+  const path = UNCHAINED_COOKIE_PATH;
+  const secure = UNCHAINED_COOKIE_INSECURE ? false : true;
+  const sameSite = ({
+    none: 'none',
+    lax: 'lax',
+    strict: 'strict',
+    '1': true,
+    '0': false,
+  }[UNCHAINED_COOKIE_SAMESITE?.trim()?.toLowerCase()] || false) as boolean | 'none' | 'lax' | 'strict';
+
   expressApp.use(
     session({
       secret: process.env.UNCHAINED_TOKEN_SECRET,
@@ -127,14 +141,14 @@ export const connect = (
         dbName: db.databaseName,
         collectionName: 'sessions',
       }),
-      name: UNCHAINED_COOKIE_NAME,
+      name,
       saveUninitialized: false,
       resave: false,
       cookie: {
-        domain: UNCHAINED_COOKIE_DOMAIN,
-        path: UNCHAINED_COOKIE_PATH,
-        sameSite: 'none',
-        secure: true,
+        domain,
+        path,
+        sameSite,
+        secure,
         httpOnly: true,
         maxAge: 1000 * 60 * 60 * 24 * 7,
       },

packages/api/src/fastify/index.ts

@@ -28,7 +28,8 @@ const {
   UNCHAINED_COOKIE_NAME = 'unchained_token',
   UNCHAINED_COOKIE_PATH = '/',
   UNCHAINED_COOKIE_DOMAIN,
-  NODE_ENV,
+  UNCHAINED_COOKIE_SAMESITE,
+  UNCHAINED_COOKIE_INSECURE,
 } = process.env;
 
 const middlewareHook = async function middlewareHook(req: any, reply: any) {
@@ -84,20 +85,33 @@ export const connect = (
     db,
   }: { graphqlHandler: YogaServerInstance<any, any>; db: mongodb.Db; unchainedAPI: UnchainedCore },
 ) => {
+  const cookieName = UNCHAINED_COOKIE_NAME;
+  const domain = UNCHAINED_COOKIE_DOMAIN;
+  const path = UNCHAINED_COOKIE_PATH;
+  const secure = UNCHAINED_COOKIE_INSECURE ? false : true;
+  const sameSite = ({
+    none: 'none',
+    lax: 'lax',
+    strict: 'strict',
+    '1': true,
+    '0': false,
+  }[UNCHAINED_COOKIE_SAMESITE?.trim()?.toLowerCase()] || false) as boolean | 'none' | 'lax' | 'strict';
+
   fastify.register(fastifyCookie);
   fastify.register(fastifySession, {
     secret: process.env.UNCHAINED_TOKEN_SECRET,
-    cookieName: UNCHAINED_COOKIE_NAME,
+    cookieName,
     store: MongoStore.create({
       client: (db as any).client,
       dbName: db.databaseName,
       collectionName: 'sessions',
     }),
     cookie: {
-      domain: UNCHAINED_COOKIE_DOMAIN,
-      httpOnly: Boolean(NODE_ENV === 'production'),
-      path: UNCHAINED_COOKIE_PATH,
-      secure: NODE_ENV === 'production',
+      domain,
+      httpOnly: true,
+      path,
+      secure,
+      sameSite,
       maxAge: 1000 * 60 * 60 * 24 * 7,
     },
   });

packages/core-assortments/src/module/configureAssortmentProductsModule.ts

@@ -158,13 +158,13 @@ export const configureAssortmentProductsModule = ({
         { upsert: true, returnDocument: 'after' },
       );
 
+      if (!assortmentProduct) return null;
+
       await emit('ASSORTMENT_ADD_PRODUCT', { assortmentProduct });
 
       if (!options?.skipInvalidation) {
         await invalidateCache({ assortmentIds: [assortmentProduct.assortmentId] });
       }
-
-      return assortmentProduct;
     },
 
     delete: async (assortmentProductId, options) => {

packages/core-users/src/module/configureUsersModule.ts

@@ -683,9 +683,12 @@ export const configureUsersModule = async ({
         returnDocument: 'after',
       });
 
-      await emit('USER_UPDATE_BILLING_ADDRESS', {
-        user: removeConfidentialServiceHashes(user),
-      });
+      if (updatedUser) {
+        await emit('USER_UPDATE_BILLING_ADDRESS', {
+          user: removeConfidentialServiceHashes(updatedUser),
+        });
+      }
+
       return updatedUser;
     },