From 480fb4818c76641adcebef743183e3c66d40a827 Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Fri, 28 Mar 2025 07:18:50 +0800
Subject: [PATCH] api: allow authentication when on http

---
 internal/api/v1/auth/oidc.go  | 2 +-
 internal/api/v1/auth/utils.go | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/internal/api/v1/auth/oidc.go b/internal/api/v1/auth/oidc.go
index bb386e0..d9f33b0 100644
--- a/internal/api/v1/auth/oidc.go
+++ b/internal/api/v1/auth/oidc.go
@@ -162,7 +162,7 @@ func (auth *OIDCProvider) RedirectLoginPage(w http.ResponseWriter, r *http.Reque
 		MaxAge:   300,
 		HttpOnly: true,
 		SameSite: http.SameSiteLaxMode,
-		Secure:   true,
+		Secure:   r.TLS != nil,
 		Path:     "/",
 	})
 
diff --git a/internal/api/v1/auth/utils.go b/internal/api/v1/auth/utils.go
index 91eec3e..bd7f9a8 100644
--- a/internal/api/v1/auth/utils.go
+++ b/internal/api/v1/auth/utils.go
@@ -43,7 +43,7 @@ func setTokenCookie(w http.ResponseWriter, r *http.Request, name, value string,
 		MaxAge:   int(ttl.Seconds()),
 		Domain:   cookieFQDN(r),
 		HttpOnly: true,
-		Secure:   true,
+		Secure:   r.TLS != nil,
 		SameSite: http.SameSiteLaxMode,
 		Path:     "/",
 	})
@@ -56,7 +56,6 @@ func clearTokenCookie(w http.ResponseWriter, r *http.Request, name string) {
 		MaxAge:   -1,
 		Domain:   cookieFQDN(r),
 		HttpOnly: true,
-		Secure:   true,
 		SameSite: http.SameSiteLaxMode,
 		Path:     "/",
 	})