[add] configurable cookie attribute settings
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Evan Reichard 2023-10-24 18:41:25 -04:00
parent 912b054502
commit 3577dd89a0
3 changed files with 14 additions and 6 deletions

View File

@ -86,6 +86,8 @@ The service is now accessible at: `http://localhost:8585`. I recommend registeri
| LISTEN_PORT | 8585 | Port the server listens at | | LISTEN_PORT | 8585 | Port the server listens at |
| REGISTRATION_ENABLED | false | Whether to allow registration (applies to both WebApp & KOSync API) | | REGISTRATION_ENABLED | false | Whether to allow registration (applies to both WebApp & KOSync API) |
| COOKIE_SESSION_KEY | <EMPTY> | Optional secret cookie session key (auto generated if not provided) | | COOKIE_SESSION_KEY | <EMPTY> | Optional secret cookie session key (auto generated if not provided) |
| COOKIE_SECURE | true | Set Cookie `Secure` attribute (i.e. only works over HTTPS) |
| COOKIE_HTTP_ONLY | true | Set Cookie `HttpOnly` attribute (i.e. inacessible via JavaScript) |
## Security ## Security

View File

@ -52,8 +52,8 @@ func NewApi(db *database.DBManager, c *config.Config) *API {
store := cookie.NewStore(newToken) store := cookie.NewStore(newToken)
store.Options(sessions.Options{ store.Options(sessions.Options{
MaxAge: 60 * 60 * 24 * 7, MaxAge: 60 * 60 * 24 * 7,
Secure: true, Secure: c.CookieSecure,
HttpOnly: true, HttpOnly: c.CookieHTTPOnly,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
}) })
api.Router.Use(sessions.Sessions("token", store)) api.Router.Use(sessions.Sessions("token", store))

View File

@ -11,8 +11,8 @@ type Config struct {
ListenPort string ListenPort string
// DB Configuration // DB Configuration
DBType string DBType string
DBName string DBName string
// Data Paths // Data Paths
ConfigPath string ConfigPath string
@ -20,8 +20,12 @@ type Config struct {
// Miscellaneous Settings // Miscellaneous Settings
RegistrationEnabled bool RegistrationEnabled bool
CookieSessionKey string
SearchEnabled bool SearchEnabled bool
// Cookie Settings
CookieSessionKey string
CookieSecure bool
CookieHTTPOnly bool
} }
func Load() *Config { func Load() *Config {
@ -32,9 +36,11 @@ func Load() *Config {
ConfigPath: getEnv("CONFIG_PATH", "/config"), ConfigPath: getEnv("CONFIG_PATH", "/config"),
DataPath: getEnv("DATA_PATH", "/data"), DataPath: getEnv("DATA_PATH", "/data"),
ListenPort: getEnv("LISTEN_PORT", "8585"), ListenPort: getEnv("LISTEN_PORT", "8585"),
CookieSessionKey: trimLowerString(getEnv("COOKIE_SESSION_KEY", "")),
RegistrationEnabled: trimLowerString(getEnv("REGISTRATION_ENABLED", "false")) == "true", RegistrationEnabled: trimLowerString(getEnv("REGISTRATION_ENABLED", "false")) == "true",
SearchEnabled: trimLowerString(getEnv("SEARCH_ENABLED", "false")) == "true", SearchEnabled: trimLowerString(getEnv("SEARCH_ENABLED", "false")) == "true",
CookieSessionKey: trimLowerString(getEnv("COOKIE_SESSION_KEY", "")),
CookieSecure: trimLowerString(getEnv("COOKIE_SECURE", "true")) == "true",
CookieHTTPOnly: trimLowerString(getEnv("COOKIE_HTTP_ONLY", "true")) == "true",
} }
} }