From 038976ca4d114b1e43eddf5cd9b540fc7b931672 Mon Sep 17 00:00:00 2001
From: Jan Bader <jan.bader@ub-software.de>
Date: Wed, 23 Nov 2016 22:29:13 +0100
Subject: [PATCH] Make Cookie non-secure while in dev

---
 main.go | 46 +++++++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 21 deletions(-)

diff --git a/main.go b/main.go
index b38441e..00e1247 100644
--- a/main.go
+++ b/main.go
@@ -64,27 +64,31 @@ func loginPost(c *gin.Context) {
 	username, _ := c.GetPostForm("username")
 	password, _ := c.GetPostForm("password")
 
-	if username == "jan" && password == "passwort" {
-		// Create token
-		token := jwt.New(jwt.SigningMethodHS256)
-
-		// Set claims
-		//token.Claims["name"] = "Jan Bader"
-		//token.Claims["admin"] = true
-		//token.Claims["exp"] = time.Now().Add(time.Hour * expiration).Unix()
-
-		// Generate encoded token and send it as response.
-		t, err := token.SignedString([]byte(secret))
-		if err != nil {
-			c.AbortWithStatus(http.StatusUnauthorized)
-		}
-
-		c.SetCookie("authentication", t, (int)((expiration * time.Hour).Seconds()), "/", "localhost:8080", true, true)
-
-		c.JSON(http.StatusOK, map[string]string{
-			"token": t,
-		})
+	if username != "jan" || password != "passwort" {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
 	}
 
-	c.AbortWithStatus(http.StatusUnauthorized)
+	// Create token
+	token := jwt.New(jwt.SigningMethodHS256)
+
+	// Set claims
+	//token.Claims["name"] = "Jan Bader"
+	//token.Claims["admin"] = true
+	//token.Claims["exp"] = time.Now().Add(time.Hour * expiration).Unix()
+
+	// Generate encoded token and send it as response.
+	t, err := token.SignedString([]byte(secret))
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+	}
+
+	maxAge := (int)((expiration * time.Hour).Seconds())
+	c.SetCookie("authentication", t, maxAge, "", "", false, true)
+
+	c.JSON(http.StatusOK, map[string]string{
+		"token": t,
+	})
+	return
+
 }