From a9aa5be5c94a7ef6aaa5d9c31d0b439522d349c6 Mon Sep 17 00:00:00 2001
From: Christoph Heiss <contact@christoph-heiss.at>
Date: Wed, 22 Jun 2022 19:29:06 +0200
Subject: [PATCH] refactor: Make cookie 'secure' setting more configurable

Signed-off-by: Christoph Heiss <contact@christoph-heiss.at>
---
 next.config.js         |  4 ++++
 src/lib/withSession.ts | 15 +++++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/next.config.js b/next.config.js
index 8a97b10..c411a02 100644
--- a/next.config.js
+++ b/next.config.js
@@ -9,4 +9,8 @@ module.exports = {
       path.join(__dirname, 'src/styles'),
     ],
   },
+  serverRuntimeConfig: {
+    COOKIE_PASSWORD: process.env.COOKIE_PASSWORD ?? 'developmentdevelopmentdevelopment',
+    INSECURE_COOKIES: process.env.INSECURE_COOKIES,
+  },
 };
diff --git a/src/lib/withSession.ts b/src/lib/withSession.ts
index d94459c..db358fc 100644
--- a/src/lib/withSession.ts
+++ b/src/lib/withSession.ts
@@ -1,15 +1,22 @@
-import { withIronSessionApiRoute, withIronSessionSsr } from 'iron-session/next';
 import {
   GetServerSidePropsContext,
   GetServerSidePropsResult,
   NextApiHandler,
 } from 'next';
+import getConfig from 'next/config';
+import { withIronSessionApiRoute, withIronSessionSsr } from 'iron-session/next';
+
+const { serverRuntimeConfig } = getConfig();
+
+const secureCookies = serverRuntimeConfig.INSECURE_COOKIES !== undefined
+  ? !serverRuntimeConfig.INSECURE_COOKIES
+  : process.env.NODE_ENV === 'production';
 
 const sessionOptions = {
-  cookieName: 'wgdash_user',
-  password: process.env.COOKIE_PASSWORD ?? 'developmentdevelopmentdevelopment',
+  cookieName: 'user',
+  password: serverRuntimeConfig.COOKIE_PASSWORD,
   cookieOptions: {
-    secure: process.env.NODE_ENV === 'production',
+    secure: secureCookies,
   },
 };