[add] configurable cookie attribute settings
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
912b054502
commit
3577dd89a0
@ -86,6 +86,8 @@ The service is now accessible at: `http://localhost:8585`. I recommend registeri
|
||||
| LISTEN_PORT | 8585 | Port the server listens at |
|
||||
| REGISTRATION_ENABLED | false | Whether to allow registration (applies to both WebApp & KOSync API) |
|
||||
| COOKIE_SESSION_KEY | <EMPTY> | Optional secret cookie session key (auto generated if not provided) |
|
||||
| COOKIE_SECURE | true | Set Cookie `Secure` attribute (i.e. only works over HTTPS) |
|
||||
| COOKIE_HTTP_ONLY | true | Set Cookie `HttpOnly` attribute (i.e. inacessible via JavaScript) |
|
||||
|
||||
## Security
|
||||
|
||||
|
@ -52,8 +52,8 @@ func NewApi(db *database.DBManager, c *config.Config) *API {
|
||||
store := cookie.NewStore(newToken)
|
||||
store.Options(sessions.Options{
|
||||
MaxAge: 60 * 60 * 24 * 7,
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
Secure: c.CookieSecure,
|
||||
HttpOnly: c.CookieHTTPOnly,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
})
|
||||
api.Router.Use(sessions.Sessions("token", store))
|
||||
|
@ -20,8 +20,12 @@ type Config struct {
|
||||
|
||||
// Miscellaneous Settings
|
||||
RegistrationEnabled bool
|
||||
CookieSessionKey string
|
||||
SearchEnabled bool
|
||||
|
||||
// Cookie Settings
|
||||
CookieSessionKey string
|
||||
CookieSecure bool
|
||||
CookieHTTPOnly bool
|
||||
}
|
||||
|
||||
func Load() *Config {
|
||||
@ -32,9 +36,11 @@ func Load() *Config {
|
||||
ConfigPath: getEnv("CONFIG_PATH", "/config"),
|
||||
DataPath: getEnv("DATA_PATH", "/data"),
|
||||
ListenPort: getEnv("LISTEN_PORT", "8585"),
|
||||
CookieSessionKey: trimLowerString(getEnv("COOKIE_SESSION_KEY", "")),
|
||||
RegistrationEnabled: trimLowerString(getEnv("REGISTRATION_ENABLED", "false")) == "true",
|
||||
SearchEnabled: trimLowerString(getEnv("SEARCH_ENABLED", "false")) == "true",
|
||||
CookieSessionKey: trimLowerString(getEnv("COOKIE_SESSION_KEY", "")),
|
||||
CookieSecure: trimLowerString(getEnv("COOKIE_SECURE", "true")) == "true",
|
||||
CookieHTTPOnly: trimLowerString(getEnv("COOKIE_HTTP_ONLY", "true")) == "true",
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user