remove useless isSecure dyn attr for cookies

2025-11-24 17:24:33 +01:00 · 2025-11-24 17:24:33 +01:00 · f611e0c871
commit f611e0c871
parent c734729554
4 changed files with 6 additions and 17 deletions
--- a/.env.example
+++ b/.env.example
@ -6,10 +6,8 @@ API_ADMIN_PASSWORD=
 # in seconds (default to 30s)
 API_SESSION_EXPIRATION_DURATION=

-# default to 8585
+# default to 8080
 API_PORT=
-# default to "false"
-API_SECURE=

 # default to "./store"
 API_STORE_DIR=
--- a/handlers/login/handler.go
+++ b/handlers/login/handler.go
@ -73,7 +73,7 @@ func postLogin(w http.ResponseWriter, r *http.Request, a services.IAuthenticate)
 		return
 	}

-	cookie := session.GenerateCookie(a.IsSecure())
+	cookie := session.GenerateCookie()
 	http.SetCookie(w, cookie)

 	tmpl, err := templates.ExecuteLoginSuccessTmpl(w)
--- a/main.go
+++ b/main.go
@ -24,8 +24,6 @@ const (
 )

 var (
-	isSecure = os.Getenv("API_SECURE") == "true"
-
 	port = sync.OnceValue[int](func() int {
 		port, err := strconv.Atoi(os.Getenv("API_PORT"))
 		if err != nil {
@ -51,7 +49,7 @@ func main() {
 	ctx, fnCancel := signal.NotifyContext(context.Background(), os.Kill, os.Interrupt)
 	defer fnCancel()

-	auth := services.NewAuthentication(ctx, isSecure)
+	auth := services.NewAuthentication(ctx)
 	bs := services.NewStore(storeDir())

 	srv := server.NewServer(
--- a/services/authentication.go
+++ b/services/authentication.go
@ -67,7 +67,7 @@ type Session struct {
 	expirationTime time.Time
 }

-func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
+func (s *Session) GenerateCookie() *http.Cookie {
 	s.l.RLock()
 	defer s.l.RUnlock()

@ -75,7 +75,7 @@ func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
 		Name:     "session_id",
 		Value:    s.sessionID,
 		HttpOnly: true,
-		Secure:   isSecure,
+		Secure:   true,
 		Expires:  s.expirationTime,
 	}
 }
@ -83,7 +83,6 @@ func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
 type IAuthenticate interface {
 	IsLogged(r *http.Request) bool
 	Authenticate(username, password string) (*Session, error)
-	IsSecure() bool
 }

 var _ IAuthenticate = (*Authentication)(nil)
@ -95,17 +94,15 @@ type Authentication struct {
 	fnCancel context.CancelFunc

 	sessions map[string]*Session
-	isSecure bool
 }

-func NewAuthentication(ctx context.Context, isSecure bool) *Authentication {
+func NewAuthentication(ctx context.Context) *Authentication {
 	ctxChild, fnCancel := context.WithCancel(ctx)

 	s := &Authentication{
 		ctx:      ctxChild,
 		fnCancel: fnCancel,
 		sessions: map[string]*Session{},
-		isSecure: isSecure,
 	}
 	s.purgeWorker()

@ -146,10 +143,6 @@ func (a *Authentication) purgeWorker() {
 	}()
 }

-func (a *Authentication) IsSecure() bool {
-	return a.isSecure
-}
-
 func (a *Authentication) Stop() {
 	a.fnCancel()
 }