Make Cookie non-secure while in dev

2016-11-23 22:29:13 +01:00 · 2016-11-23 22:29:13 +01:00 · 038976ca4d
commit 038976ca4d
parent b5c81aa956
1 changed files with 25 additions and 21 deletions
--- a/main.go
+++ b/main.go
@ -64,7 +64,11 @@ func loginPost(c *gin.Context) {
 	username, _ := c.GetPostForm("username")
 	password, _ := c.GetPostForm("password")

-	if username == "jan" && password == "passwort" {
+	if username != "jan" || password != "passwort" {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
 	// Create token
 	token := jwt.New(jwt.SigningMethodHS256)

@ -79,12 +83,12 @@ func loginPost(c *gin.Context) {
 		c.AbortWithStatus(http.StatusUnauthorized)
 	}

-		c.SetCookie("authentication", t, (int)((expiration * time.Hour).Seconds()), "/", "localhost:8080", true, true)
+	maxAge := (int)((expiration * time.Hour).Seconds())
+	c.SetCookie("authentication", t, maxAge, "", "", false, true)

 	c.JSON(http.StatusOK, map[string]string{
 		"token": t,
 	})
-	}
+	return

-	c.AbortWithStatus(http.StatusUnauthorized)
 }