Add an option to control the secure parameter for cookies

2024-09-19 03:10:29 +05:00 · 2023-11-01 21:02:08 +05:00 · 2023-11-01 21:02:08 +05:00 · 7e2559afcb
parent 3520042abe
commit 7e2559afcb
4 changed files with 14 additions and 7 deletions
--- a/.env
+++ b/.env
@ -3,3 +3,7 @@ P_DBPATH="db.sqlite3"
 P_LOGLEVEL="debug"
 P_ENABLEGINLOGGER="true"
 P_PRODUCTION="false"
+
+# Disabled for development
+# (not recommended for production environments)
+P_SECURECOOKIE="false"
--- a/config/main.go
+++ b/config/main.go
@ -15,6 +15,8 @@ type Config struct {
 	HeaderAuth      bool   `default:"false"`
 	DefaultUsername string
 	DefaultPassword string
+	// Controls the "secure" option for a token cookie.
+	SecureCookie bool `default:"true"`
 }

 func GetConfig() (*Config, error) {
--- a/readme.md
+++ b/readme.md
@ -24,6 +24,7 @@ Service settings can be set through environment variables.
 | P_HEADERAUTH        | Enable Trusted Header Auth (SSO)                                 | `false`                               |
 | P_DEFAULTUSERNAME   | Data for the first user.                                         |                                       |
 | P_DEFAULTPASSWORD   | Data for the first user.                                         |                                       |
+| P_SECURECOOKIE      | Controls the "secure" option for a token cookie.                 | `true`                                |

 ## Docker-compose example
 ```yml
--- a/views/auth.go
+++ b/views/auth.go
@ -79,7 +79,7 @@ func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 				ShowError(c, err)
 				return
 			}
-			SetTokenCookie(c, token)
+			SetTokenCookie(c, token, cfg)
 			return
 		}

@ -99,7 +99,7 @@ func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 			ShowError(c, err)
 			return
 		}
-		SetTokenCookie(c, newToken)
+		SetTokenCookie(c, newToken, cfg)
 	}
 }

@ -132,7 +132,7 @@ func CreateUser(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 		ShowError(c, err)
 		return
 	}
-	SetTokenCookie(c, token)
+	SetTokenCookie(c, token, cfg)

 	// Redirect to homepage.
 	c.Redirect(http.StatusFound, "/")
@ -154,13 +154,13 @@ func AuthorizeUser(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 		ShowError(c, err)
 		return
 	}
-	SetTokenCookie(c, token)
+	SetTokenCookie(c, token, cfg)

 	// Redirect to homepage.
 	c.Redirect(http.StatusFound, "/")
 }

-// Save token for one day in cookies
-func SetTokenCookie(c *gin.Context, token string) {
-	c.SetCookie("phoenix-token", token, TOKEN_LIFETIME_IN_SECONDS, "/", "", false, true)
+// Save token in cookies
+func SetTokenCookie(c *gin.Context, token string, cfg *config.Config) {
+	c.SetCookie("phoenix-token", token, TOKEN_LIFETIME_IN_SECONDS, "/", "", cfg.SecureCookie, true)
 }