From 36172bf310b34dee9cb7f2c3fe4a0ccfae5e76ac Mon Sep 17 00:00:00 2001 From: jdl Date: Sat, 4 Jan 2025 13:36:55 +0100 Subject: [PATCH] Cleanup --- README.md | 2 +- hub/app.go | 18 +++++++++--------- hub/cookie.go | 3 ++- hub/main.go | 2 +- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 64c9077..c6cc0e1 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE Type=simple User=user WorkingDirectory=/home/user/ -ExecStart=/home/user/hub -listen :https -secure=true -root-dir=/home/user +ExecStart=/home/user/hub -listen :https -root-dir=/home/user Restart=always RestartSec=8 TimeoutStopSec=24 diff --git a/hub/app.go b/hub/app.go index 3be11cf..3b1259e 100644 --- a/hub/app.go +++ b/hub/app.go @@ -19,14 +19,14 @@ var templateFS embed.FS type Config struct { RootDir string ListenAddr string - Secure bool + Insecure bool } type App struct { - api *api.API - mux *http.ServeMux - tmpl map[string]*template.Template - secure bool + api *api.API + mux *http.ServeMux + tmpl map[string]*template.Template + insecure bool } func NewApp(conf Config) (*App, error) { @@ -36,10 +36,10 @@ func NewApp(conf Config) (*App, error) { } app := &App{ - api: api, - mux: http.NewServeMux(), - tmpl: webutil.ParseTemplateSet(templateFuncs, templateFS), - secure: conf.Secure, + api: api, + mux: http.NewServeMux(), + tmpl: webutil.ParseTemplateSet(templateFuncs, templateFS), + insecure: conf.Insecure, } app.registerRoutes() diff --git a/hub/cookie.go b/hub/cookie.go index a816c59..2048d6b 100644 --- a/hub/cookie.go +++ b/hub/cookie.go @@ -17,8 +17,9 @@ func (a *App) setCookie(w http.ResponseWriter, name, value string) { Name: name, Value: value, Path: "/", - Secure: a.secure, + Secure: !a.insecure, SameSite: http.SameSiteStrictMode, + HttpOnly: true, MaxAge: 86400 * 365 * 10, }) } diff --git a/hub/main.go b/hub/main.go index e1f8f67..7f698c5 100644 --- a/hub/main.go +++ b/hub/main.go @@ -15,7 +15,7 @@ func Main() { conf := Config{} flag.StringVar(&conf.RootDir, "root-dir", "", "[REQUIRED] Root directory.") flag.StringVar(&conf.ListenAddr, "listen", "", "[REQUIRED] Listen address.") - flag.BoolVar(&conf.Secure, "secure", false, "Use secure cookies.") + flag.BoolVar(&conf.Insecure, "insecure", false, "Don't use secure cookies.") flag.Parse()