security: fix hardcoded aes key, rate limiter shutdown, stale cache errors, body limit, session cookies

This commit is contained in:
2026-04-20 01:48:53 +02:00
parent bbf208b4bf
commit dccd9d8f59
7 changed files with 43 additions and 16 deletions

View File

@@ -97,13 +97,13 @@ func (s *Service) ValidateSession(ctx context.Context, sessionID string) (*datab
}
func SetSessionCookie(w http.ResponseWriter, sessionID string, expiresAt time.Time) {
isProd := os.Getenv("ENV") == "production"
secure := os.Getenv("ENV") == "production" || os.Getenv("FORCE_SECURE_COOKIES") == "true"
http.SetCookie(w, &http.Cookie{
Name: "session_id",
Value: sessionID,
Expires: expiresAt,
HttpOnly: true,
Secure: isProd,
Secure: secure,
SameSite: http.SameSiteStrictMode,
Path: "/",
})