From baebdbe399ac9cfe93f435de8df1bc535f68c33a Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <p.jentsch@uni-bielefeld.de>
Date: Fri, 9 Oct 2020 14:43:23 +0200
Subject: [PATCH] Add new config variables (defaults are what you want if you
 don't have http to https redirect enabled)

---
 .env.tpl      | 16 ++++++++++++----
 web/config.py | 27 ++++++++++++++++-----------
 2 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/.env.tpl b/.env.tpl
index ba4732d2..eea32232 100644
--- a/.env.tpl
+++ b/.env.tpl
@@ -100,15 +100,23 @@ NOPAQUE_CONTACT_EMAIL_ADRESS=
 # Choose one: http, https
 # NOPAQUE_PROTOCOL=
 
-# DEFAULT: 5
-# NOPAQUE_RESSOURCES_PER_PAGE=
+# DEFAULT: True
+# Choose one: False, True
+# NOPAQUE_REMEMBER_COOKIE_HTTPONLY=
+
+# DEFAULT: False
+# Choose one: False, True
+# HINT: Set to true if you redirect http to https
+# NOPAQUE_REMEMBER_COOKIE_SECURE=
 
 # DEFAULT: hard to guess string
 # HINT: Use this bash command `python -c "import uuid; print(uuid.uuid4().hex)"`
 # NOPAQUE_SECRET_KEY=
 
-# DEFAULT: 10
-# NOPAQUE_USERS_PER_PAGE=
+# DEFAULT: False
+# Choose one: False, True
+# HINT: Set to true if you redirect http to https
+# NOPAQUE_SESSION_COOKIE_SECURE=
 
 
 ################################################################################
diff --git a/web/config.py b/web/config.py
index 2b2ffb69..066592a0 100644
--- a/web/config.py
+++ b/web/config.py
@@ -19,9 +19,10 @@ DEFAULT_SMTP_USE_SSL = 'False'
 DEFAULT_SMTP_USE_TLS = 'False'
 DEFAULT_NUM_PROXIES = '0'
 DEFAULT_PROTOCOL = 'http'
-DEFAULT_RESSOURCES_PER_PAGE = '5'
-DEFAULT_USERS_PER_PAGE = '10'
+DEFAULT_REMEMBER_COOKIE_HTTPONLY = 'True'
+DEFAULT_REMEMBER_COOKIE_SECURE = 'False'
 DEFAULT_SECRET_KEY = 'hard to guess string'
+DEFAULT_SESSION_COOKIE_SECURE = 'False'
 
 
 class Config:
@@ -55,15 +56,19 @@ class Config:
     NUM_PROXIES = int(os.environ.get('NOPAQUE_NUM_PROXIES',
                                      DEFAULT_NUM_PROXIES))
     PROTOCOL = os.environ.get('NOPAQUE_PROTOCOL', DEFAULT_PROTOCOL)
-    RESSOURCES_PER_PAGE = int(os.environ.get('NOPAQUE_RESSOURCES_PER_PAGE',
-                                             DEFAULT_RESSOURCES_PER_PAGE))
-    SECRET_KEY = os.environ.get('NOPAQUE_SECRET_KEY', DEFAULT_SECRET_KEY)
-    USERS_PER_PAGE = int(os.environ.get('NOPAQUE_USERS_PER_PAGE',
-                                        DEFAULT_USERS_PER_PAGE))
-    if PROTOCOL == 'https':
-        REMEMBER_COOKIE_HTTPONLY = True
-        REMEMBER_COOKIE_SECURE = True
-        SESSION_COOKIE_SECURE = True
+    REMEMBER_COOKIE_HTTPONLY = os.environ.get(
+        'NOPAQUE_REMEMBER_COOKIE_HTTPONLY',
+        DEFAULT_REMEMBER_COOKIE_HTTPONLY
+    ).lower() == 'true'
+    REMEMBER_COOKIE_SECURE = os.environ.get(
+        'NOPAQUE_REMEMBER_COOKIE_SECURE',
+        DEFAULT_REMEMBER_COOKIE_SECURE
+    ).lower() == 'true'
+    SECRET_KEY = os.environ.get('RECIPY_SECRET_KEY', DEFAULT_SECRET_KEY)
+    SESSION_COOKIE_SECURE = os.environ.get(
+        'NOPAQUE_SESSION_COOKIE_SECURE',
+        DEFAULT_SESSION_COOKIE_SECURE
+    ).lower() == 'true'
 
     ''' ### Logging ### '''
     LOG_DATE_FORMAT = os.environ.get('NOPAQUE_LOG_DATE_FORMAT',
-- 
GitLab