From 7c08015cb4953516a9eed11ffab36ce591e9a7f6 Mon Sep 17 00:00:00 2001
From: jbergner <jbergner@send.nrw>
Date: Wed, 6 Aug 2025 05:48:01 +0200
Subject: [PATCH] =?UTF-8?q?Anpassung=20f=C3=BCr=20Login-Problem=20bei=20Te?=
 =?UTF-8?q?stverbindungen=20mit=20Cookie=20Secure=3DTrue.=20Umgebungsvaria?=
 =?UTF-8?q?ble=20EW=5FFORCEINSECURECOOKIE=20hinzugef=C3=BCgt.=20Wenn=20Pro?=
 =?UTF-8?q?duktiv=20und=20Var=20=3D=20True=20Dann=20Autoset=20Wenn=20False?=
 =?UTF-8?q?=20dann=20Secure!=20Wenn=20Produktiv=20=3D=20False=20Dann=20Aut?=
 =?UTF-8?q?oset.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile  |  3 ++-
 compose.yml |  1 -
 main.go     | 21 +++++++++++++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8579674..f84e108 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,8 @@ EXPOSE 8080
 ENV EW_USERNAME=admin \
     EW_PASSWORD=admin \
     EW_DB=/data/machines.json \
-    EW_PRODUCTIVE=true
+    EW_PRODUCTIVE=true \
+    EW_FORCEINSECURECOOKIE=false
 
 
 ENTRYPOINT ["/bin/edgewol"]
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index 9df7165..0211013 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,7 +2,6 @@ services:
   api:
     image: git.send.nrw/sendnrw/edge-wol:latest
     container_name: edgewol
-    restart: unless-stopped
     volumes:
       - /docker/edgewol/machines.json:/data/machines.json
     #labels:
diff --git a/main.go b/main.go
index ce4ecb4..d875d00 100644
--- a/main.go
+++ b/main.go
@@ -185,7 +185,12 @@ func generateSessionToken() string {
 func main() {
 	// Determine DB path and load machines.
 	hashedPassword = hashPassword(password)
-	dbPath = GetENV("EW_DB", "/data/machines.json")
+	if productive {
+		dbPath = GetENV("EW_DB", "/data/machines.json")
+	} else {
+		dbPath = "./machines.json"
+	}
+
 	loadMachines()
 
 	// Save on SIGINT/SIGTERM.
@@ -223,13 +228,25 @@ func main() {
 				// Speichere Session
 				sessionStore[token] = user
 
+				var envSecure bool
+				if productive {
+					var forceInsecure bool = Enabled("EW_FORCEINSECURECOOKIE", false)
+					if forceInsecure {
+						envSecure = r.TLS != nil
+					} else {
+						envSecure = true
+					}
+				} else {
+					envSecure = r.TLS != nil
+				}
+
 				// Cookie setzen
 				http.SetCookie(w, &http.Cookie{
 					Name:     "session",
 					Value:    token,
 					Path:     "/",
 					HttpOnly: true,
-					Secure:   true,
+					Secure:   envSecure,
 					SameSite: http.SameSiteLaxMode,
 				})