feat(db): add new columns to medications and users tables for enhanced data tracking

feat(oidc): refactor setAuthCookies to use centralized cookie options for consistency
feat(nginx): update configuration to pass cookies through proxy for improved session handling

backend/src/db/client.ts

@@ -165,7 +165,11 @@ async function runMigrations() {
     { name: "notes", sql: "ALTER TABLE medications ADD COLUMN notes TEXT" },
     { name: "generic_name", sql: "ALTER TABLE medications ADD COLUMN generic_name TEXT" },
     { name: "intake_reminders_enabled", sql: "ALTER TABLE medications ADD COLUMN intake_reminders_enabled INTEGER NOT NULL DEFAULT 0" },
+    { name: "pill_weight_mg", sql: "ALTER TABLE medications ADD COLUMN pill_weight_mg REAL" },
+    { name: "taken_by", sql: "ALTER TABLE medications ADD COLUMN taken_by TEXT" },
     { name: "users_email", sql: "ALTER TABLE users ADD COLUMN email TEXT" },
+    { name: "users_avatar_url", sql: "ALTER TABLE users ADD COLUMN avatar_url TEXT" },
+    { name: "users_oidc_subject", sql: "ALTER TABLE users ADD COLUMN oidc_subject TEXT" },
     { name: "user_settings_expiry_warning_days", sql: "ALTER TABLE user_settings ADD COLUMN expiry_warning_days INTEGER NOT NULL DEFAULT 90" },
   ];
 

backend/src/routes/oidc.ts

@@ -201,8 +201,9 @@ export async function oidcRoutes(app: FastifyInstance) {
           expiresAt,
         });
         
-        // Set cookies
-        setAuthCookies(reply, accessToken, refreshToken);
+        // Set cookies (use app's centralized cookie options)
+        console.log(`[OIDC] Setting cookies for user ${user.username}, NODE_ENV=${env.NODE_ENV}, secure=${app.config.cookieOptions.secure}`);
+        setAuthCookies(app, reply, accessToken, refreshToken);
         
         // Redirect to frontend dashboard
         // In dev: CORS_ORIGINS contains the frontend URL
@@ -308,22 +309,8 @@ async function generateRefreshToken(
   return { refreshToken, tokenId, expiresAt };
 }
 
-function setAuthCookies(reply: FastifyReply, accessToken: string, refreshToken: string) {
-  const isProduction = env.NODE_ENV === "production";
-  
-  reply.setCookie("access_token", accessToken, {
-    httpOnly: true,
-    secure: isProduction,
-    sameSite: "lax",
-    path: "/",
-    maxAge: env.ACCESS_TOKEN_TTL_MINUTES * 60,
-  });
-  
-  reply.setCookie("refresh_token", refreshToken, {
-    httpOnly: true,
-    secure: isProduction,
-    sameSite: "lax",
-    path: "/",
-    maxAge: env.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60,
-  });
+function setAuthCookies(app: FastifyInstance, reply: FastifyReply, accessToken: string, refreshToken: string) {
+  // Use the same cookie options as regular auth for consistency
+  reply.setCookie("access_token", accessToken, app.config.cookieOptions);
+  reply.setCookie("refresh_token", refreshToken, app.config.refreshCookieOptions);
 }

frontend/nginx.conf

@@ -26,6 +26,10 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         
+        # Pass cookies through
+        proxy_pass_header Set-Cookie;
+        proxy_cookie_path / /;
+        
         # Timeout for uploads
         proxy_read_timeout 60s;
         proxy_send_timeout 60s;