From f611e0c87157155954b15582be04878b9f7dccbd Mon Sep 17 00:00:00 2001
From: rmanach <romain.manach@intercloud.com>
Date: Mon, 24 Nov 2025 17:24:33 +0100
Subject: [PATCH] remove useless isSecure dyn attr for cookies

---
 .env.example               |  4 +---
 handlers/login/handler.go  |  2 +-
 main.go                    |  4 +---
 services/authentication.go | 13 +++----------
 4 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/.env.example b/.env.example
index 0dfa847..413df1f 100644
--- a/.env.example
+++ b/.env.example
@@ -6,10 +6,8 @@ API_ADMIN_PASSWORD=
 # in seconds (default to 30s)
 API_SESSION_EXPIRATION_DURATION=
 
-# default to 8585
+# default to 8080
 API_PORT=
-# default to "false"
-API_SECURE=
 
 # default to "./store"
 API_STORE_DIR=
\ No newline at end of file
diff --git a/handlers/login/handler.go b/handlers/login/handler.go
index 7e0966d..f93482b 100644
--- a/handlers/login/handler.go
+++ b/handlers/login/handler.go
@@ -73,7 +73,7 @@ func postLogin(w http.ResponseWriter, r *http.Request, a services.IAuthenticate)
 		return
 	}
 
-	cookie := session.GenerateCookie(a.IsSecure())
+	cookie := session.GenerateCookie()
 	http.SetCookie(w, cookie)
 
 	tmpl, err := templates.ExecuteLoginSuccessTmpl(w)
diff --git a/main.go b/main.go
index 6a28a50..d9f525e 100644
--- a/main.go
+++ b/main.go
@@ -24,8 +24,6 @@ const (
 )
 
 var (
-	isSecure = os.Getenv("API_SECURE") == "true"
-
 	port = sync.OnceValue[int](func() int {
 		port, err := strconv.Atoi(os.Getenv("API_PORT"))
 		if err != nil {
@@ -51,7 +49,7 @@ func main() {
 	ctx, fnCancel := signal.NotifyContext(context.Background(), os.Kill, os.Interrupt)
 	defer fnCancel()
 
-	auth := services.NewAuthentication(ctx, isSecure)
+	auth := services.NewAuthentication(ctx)
 	bs := services.NewStore(storeDir())
 
 	srv := server.NewServer(
diff --git a/services/authentication.go b/services/authentication.go
index d0a2d80..969fe86 100644
--- a/services/authentication.go
+++ b/services/authentication.go
@@ -67,7 +67,7 @@ type Session struct {
 	expirationTime time.Time
 }
 
-func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
+func (s *Session) GenerateCookie() *http.Cookie {
 	s.l.RLock()
 	defer s.l.RUnlock()
 
@@ -75,7 +75,7 @@ func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
 		Name:     "session_id",
 		Value:    s.sessionID,
 		HttpOnly: true,
-		Secure:   isSecure,
+		Secure:   true,
 		Expires:  s.expirationTime,
 	}
 }
@@ -83,7 +83,6 @@ func (s *Session) GenerateCookie(isSecure bool) *http.Cookie {
 type IAuthenticate interface {
 	IsLogged(r *http.Request) bool
 	Authenticate(username, password string) (*Session, error)
-	IsSecure() bool
 }
 
 var _ IAuthenticate = (*Authentication)(nil)
@@ -95,17 +94,15 @@ type Authentication struct {
 	fnCancel context.CancelFunc
 
 	sessions map[string]*Session
-	isSecure bool
 }
 
-func NewAuthentication(ctx context.Context, isSecure bool) *Authentication {
+func NewAuthentication(ctx context.Context) *Authentication {
 	ctxChild, fnCancel := context.WithCancel(ctx)
 
 	s := &Authentication{
 		ctx:      ctxChild,
 		fnCancel: fnCancel,
 		sessions: map[string]*Session{},
-		isSecure: isSecure,
 	}
 	s.purgeWorker()
 
@@ -146,10 +143,6 @@ func (a *Authentication) purgeWorker() {
 	}()
 }
 
-func (a *Authentication) IsSecure() bool {
-	return a.isSecure
-}
-
 func (a *Authentication) Stop() {
 	a.fnCancel()
 }