remove secure_cookies option from config

config/config.example.yml

@@ -9,7 +9,6 @@ server:
     internal_port: 3001
     next_port: 3002
     internal_hostname: "pangolin"
-    secure_cookies: true
     session_cookie_name: "p_session_token"
     resource_access_token_param: "p_token"
     resource_session_request_param: "p_session_request"

install/fs/config.yml

@@ -9,7 +9,6 @@ server:
     internal_port: 3001
     next_port: 3002
     internal_hostname: "pangolin"
-    secure_cookies: true
     session_cookie_name: "p_session_token"
     resource_access_token_param: "p_token"
     resource_session_request_param: "p_session_request"

server/auth/sessions/app.ts

@@ -24,7 +24,6 @@ export const SESSION_COOKIE_EXPIRES =
     60 *
     60 *
     config.getRawConfig().server.dashboard_session_length_hours;
-export const SECURE_COOKIES = config.getRawConfig().server.secure_cookies;
 export const COOKIE_DOMAIN =
     "." + new URL(config.getRawConfig().app.dashboard_url).hostname;
 
@@ -108,24 +107,15 @@ export function serializeSessionCookie(
     isSecure: boolean
 ): string {
     if (isSecure) {
-        logger.debug("Setting cookie for secure origin");
-        if (SECURE_COOKIES) {
-            return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${COOKIE_DOMAIN}`;
-        } else {
-            return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${COOKIE_DOMAIN}`;
-        }
+        return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${COOKIE_DOMAIN}`;
     } else {
         return `${SESSION_COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Max-Age=${SESSION_COOKIE_EXPIRES}; Path=/;`;
     }
 }
 
 export function createBlankSessionTokenCookie(isSecure: boolean): string {
     if (isSecure) {
-        if (SECURE_COOKIES) {
-            return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Secure; Domain=${COOKIE_DOMAIN}`;
-        } else {
-            return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Domain=${COOKIE_DOMAIN}`;
-        }
+        return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Secure; Domain=${COOKIE_DOMAIN}`;
     } else {
         return `${SESSION_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Max-Age=0; Path=/;`;
     }

server/auth/sessions/resource.ts

@@ -9,7 +9,6 @@ export const SESSION_COOKIE_NAME =
     config.getRawConfig().server.session_cookie_name;
 export const SESSION_COOKIE_EXPIRES =
     1000 * 60 * 60 * config.getRawConfig().server.resource_session_length_hours;
-export const SECURE_COOKIES = config.getRawConfig().server.secure_cookies;
 
 export async function createResourceSession(opts: {
     token: string;
@@ -170,7 +169,7 @@ export function serializeResourceSessionCookie(
     token: string,
     isHttp: boolean = false
 ): string {
-    if (SECURE_COOKIES && !isHttp) {
+    if (!isHttp) {
         return `${cookieName}_s=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Secure; Domain=${"." + domain}`;
     } else {
         return `${cookieName}=${token}; HttpOnly; SameSite=Strict; Max-Age=${SESSION_COOKIE_EXPIRES / 1000}; Path=/; Domain=${"." + domain}`;
@@ -179,9 +178,10 @@ export function serializeResourceSessionCookie(
 
 export function createBlankResourceSessionTokenCookie(
     cookieName: string,
-    domain: string
+    domain: string,
+    isHttp: boolean = false
 ): string {
-    if (SECURE_COOKIES) {
+    if (!isHttp) {
         return `${cookieName}_s=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Secure; Domain=${"." + domain}`;
     } else {
         return `${cookieName}=; HttpOnly; SameSite=Strict; Max-Age=0; Path=/; Domain=${"." + domain}`;

server/routers/badger/exchangeSession.ts

@@ -12,8 +12,7 @@ import {
     serializeResourceSessionCookie,
     validateResourceSessionToken
 } from "@server/auth/sessions/resource";
-import { generateSessionToken } from "@server/auth";
-import { SESSION_COOKIE_EXPIRES } from "@server/auth/sessions/app";
+import { generateSessionToken, SESSION_COOKIE_EXPIRES } from "@server/auth/sessions/app";
 import { SESSION_COOKIE_EXPIRES as RESOURCE_SESSION_COOKIE_EXPIRES } from "@server/auth/sessions/resource";
 import config from "@server/lib/config";
 import { response } from "@server/lib";

server/routers/badger/verifySession.ts

@@ -26,8 +26,8 @@ import {
 import { Resource, roleResources, userResources } from "@server/db/schema";
 import logger from "@server/logger";
 import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken";
-import { generateSessionToken } from "@server/auth";
 import NodeCache from "node-cache";
+import { generateSessionToken } from "@server/auth/sessions/app";
 
 // We'll see if this speeds anything up
 const cache = new NodeCache({

server/setup/scripts/1.0.0-beta10.ts

@@ -27,14 +27,16 @@ export default async function migration() {
         const fileContents = fs.readFileSync(filePath, "utf8");
         rawConfig = yaml.load(fileContents);
 
-        rawConfig.server.secure_cookies = true;
+        delete rawConfig.server.secure_cookies;
 
         // Write the updated YAML back to the file
         const updatedYaml = yaml.dump(rawConfig);
         fs.writeFileSync(filePath, updatedYaml, "utf8");
+
+        console.log(`Removed deprecated config option: secure_cookies.`);
     } catch (e) {
         console.log(
-            `Failed to set secure_cookies to true in config. Please set it manually. https://docs.fossorial.io/Pangolin/Configuration/config`
+            `Was unable to remove deprecated config option: secure_cookies. Error: ${e}`
         );
         return;
     }