chore: Refactor authentication pass between subdomains (#1619)

* fix: Use get request instead of cookie to transfer token between domains

* Add domain to database
Add redirects to team domain when present

* 30s -> 1m

* fix: Avoid redirect loop if subdomain and domain set

* fix: Create a transfer specific token to prevent replay requests

* refactor: Move isCustomDomain out of shared as it won't work on the client

server/middlewares/authentication.js

@@ -1,5 +1,4 @@
 // @flow
-import addMinutes from "date-fns/add_minutes";
 import addMonths from "date-fns/add_months";
 import JWT from "jsonwebtoken";
 import { AuthenticationError, UserSuspendedError } from "../errors";
@@ -62,7 +61,15 @@ export default function auth(options?: { required?: boolean } = {}) {
           throw new AuthenticationError("Invalid API key");
         }
 
-        user = await User.findByPk(apiKey.userId);
+        user = await User.findByPk(apiKey.userId, {
+          include: [
+            {
+              model: Team,
+              as: "team",
+              required: true,
+            },
+          ],
+        });
         if (!user) {
           throw new AuthenticationError("Invalid API key");
         }
@@ -134,12 +141,9 @@ export default function auth(options?: { required?: boolean } = {}) {
           domain,
         });
 
-        ctx.cookies.set("accessToken", user.getJwtToken(), {
-          httpOnly: true,
-          expires: addMinutes(new Date(), 1),
-          domain,
-        });
-        ctx.redirect(`${team.url}/auth/redirect`);
+        ctx.redirect(
+          `${team.url}/auth/redirect?token=${user.getTransferToken()}`
+        );
       } else {
         ctx.cookies.set("accessToken", user.getJwtToken(), {
           httpOnly: false,