feat: add option to make cookie secure

2025-10-29 05:05:42 +00:00 · 2025-01-21 18:13:18 +02:00
parent a28e55ae4c
commit 2988b5f22f
2 changed files with 13 additions and 1 deletions
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -36,17 +36,28 @@ func Run(config types.Config, users types.UserList) {

 	domain, domainErr := utils.GetRootURL(config.AppURL)

-	log.Info().Str("domain", domain).Msg("Using domain")
+	log.Info().Str("domain", domain).Msg("Using domain for cookies")

 	if domainErr != nil {
 		log.Fatal().Err(domainErr).Msg("Failed to get domain")
 		os.Exit(1)
 	}
+
+	var isSecure bool
+
+	if config.CookieSecure {
+		isSecure = true
+	} else {
+		isSecure = false
+	}
 	
 	store.Options(sessions.Options{
 		Domain: fmt.Sprintf(".%s", domain),
 		Path: "/",
+		HttpOnly: true,
+		Secure: isSecure,
 	})
+	
  	router.Use(sessions.Sessions("tinyauth", store))

 	router.Use(func(c *gin.Context) {