Fix: cookie timeout

cmds/genToken.go

@@ -0,0 +1,37 @@
+package cmds
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/go-resty/resty/v2"
+	"github.com/spf13/cobra"
+)
+
+type genLoginUrlPayload struct {
+	LoginUrl string `json:"loginUrl"`
+}
+
+type loginPayload struct {
+	Token string `json:"token"`
+}
+
+var genTokenCmd = &cobra.Command{
+	Use: "gen-token",
+	Run: func(cmd *cobra.Command, args []string) {
+		client := resty.New()
+
+		var payload genLoginUrlPayload
+		resp, err := client.R().
+			SetBody(`{"userId": "testuser1"}`).
+			SetAuthToken("poop").
+			SetResult(&payload).
+			Post("http://localhost:8080/auth/gen-login-url")
+
+		if err != nil || resp.StatusCode() != http.StatusOK {
+			panic(err)
+		}
+
+		fmt.Printf("url: %s\n", payload.LoginUrl)
+	},
+}

cmds/root.go

@@ -21,4 +21,5 @@ func init() {
 	cobra.EnableTraverseRunHooks = true
 
 	RootCmd.AddCommand(serveCmd)
+	RootCmd.AddCommand(genTokenCmd)
 }

cmds/serve.go

@@ -101,6 +101,7 @@ var serveCmd = &cobra.Command{
 			Use(middlewares.AccessLog).
 			Use(middlewares.CORSHandler)
 
+		backend.OPTIONS("/*any", utils.GetHealthz)
 		backend.GET("/healthz", utils.GetHealthz)
 
 		apiGroup := backend.NewGroup("/api").
@@ -136,6 +137,8 @@ var serveCmd = &cobra.Command{
 func init() {
 	serveCmd.Flags().
 		String("port", "8080", "Port to listen on")
+	serveCmd.Flags().
+		Bool("https", false, "Enable https mode")
 	serveCmd.Flags().
 		String("external-url", "http://localhost:8080", "External url for login")
 	serveCmd.Flags().

handlers/auth/postLogin.go

@@ -63,10 +63,14 @@ func (self *Handlers) PostLogin(
 	}
 
 	http.SetCookie(w, &http.Cookie{
-		Name:  "refresh_token",
+		Name:     "refresh_token",
-		Value: session.RefreshToken,
+		Value:    session.RefreshToken,
+		Path:     "/",
+		Secure:   viper.GetBool("https"),
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
 		Expires: time.Now().Add(time.Duration(
-			viper.GetInt64("REFRESH_TOKEN_TIMEOUT")) * time.Second),
+			viper.GetInt64("refresh-token-timeout")) * time.Second),
 	})
 
 	return utils.Success(w)

middlewares/checkAccessToken.go

@@ -3,6 +3,7 @@ package middlewares
 import (
 	"context"
 	"net/http"
+	"time"
 
 	"gitea.konchin.com/go2025/backend/interfaces"
 	"gitea.konchin.com/go2025/backend/models"
@@ -46,10 +47,12 @@ func refreshAccessToken(
 	}
 
 	http.SetCookie(w, &http.Cookie{
-		Name:     "access_token",
+		Name:   "access_token",
-		Value:    ret,
+		Value:  ret,
-		Path:     "/",
+		Path:   "/",
-		Secure:   false,
+		Secure: viper.GetBool("https"),
+		Expires: time.Now().Add(time.Duration(
+			viper.GetInt64("access-token-timeout")) * time.Second),
 		HttpOnly: true,
 		SameSite: http.SameSiteLaxMode,
 	})

middlewares/checkRefreshToken.go

@@ -62,7 +62,8 @@ func (self *Handlers) CheckRefreshToken(
 				Name:     "refresh_token",
 				Value:    session.RefreshToken,
 				Path:     "/",
-				Secure:   false,
+				Secure:   viper.GetBool("https"),
+				Expires:  claim.ExpiresAt.Time,
 				HttpOnly: true,
 				SameSite: http.SameSiteLaxMode,
 			})