feat: allow is logged in to be https cookie

Author: Aldiwildan77

core/entity/discord.go

@@ -33,27 +33,31 @@ func (at *AccessToken) ToHTTPCookies() Cookies {
 	refreshTokenMaxAge := at.ExpiresIn + int(OAuthRefreshTokenMaxAge.Seconds())
 
 	accessTokenCookie := &http.Cookie{
-		Name:   cookiey.CookieAccessToken,
-		Value:  at.AccessToken,
-		MaxAge: at.ExpiresIn,
+		Name:     cookiey.CookieAccessToken,
+		Value:    at.AccessToken,
+		MaxAge:   at.ExpiresIn,
+		HttpOnly: true,
 	}
 
 	refreshTokenCookie := &http.Cookie{
-		Name:   cookiey.CookieRefreshToken,
-		Value:  at.RefreshToken,
-		MaxAge: refreshTokenMaxAge,
+		Name:     cookiey.CookieRefreshToken,
+		Value:    at.RefreshToken,
+		MaxAge:   refreshTokenMaxAge,
+		HttpOnly: true,
 	}
 
 	tokenTypeCookie := &http.Cookie{
-		Name:   cookiey.CookieTokenType,
-		Value:  at.TokenType,
-		MaxAge: at.ExpiresIn,
+		Name:     cookiey.CookieTokenType,
+		Value:    at.TokenType,
+		MaxAge:   at.ExpiresIn,
+		HttpOnly: true,
 	}
 
 	scopeCookie := &http.Cookie{
-		Name:   cookiey.CookieScope,
-		Value:  at.Scope,
-		MaxAge: at.ExpiresIn,
+		Name:     cookiey.CookieScope,
+		Value:    at.Scope,
+		MaxAge:   at.ExpiresIn,
+		HttpOnly: true,
 	}
 
 	isLoggedInCookie := &http.Cookie{

handler/http/discord.go

@@ -47,7 +47,6 @@ func (d *discordHandler) OauthCallback(c echo.Context) error {
 		cookie.Secure = !isLocalhost
 		cookie.Domain = d.cfg.Discord.RedirectDomain
 		cookie.Path = "/"
-		cookie.HttpOnly = true
 		cookie.SameSite = http.SameSiteLaxMode
 
 		c.SetCookie(cookie)
@@ -75,7 +74,6 @@ func (d *discordHandler) RefreshToken(c echo.Context) error {
 		cookie.Secure = !isLocalhost
 		cookie.Domain = d.cfg.Discord.RedirectDomain
 		cookie.Path = "/"
-		cookie.HttpOnly = true
 		cookie.SameSite = http.SameSiteLaxMode
 
 		c.SetCookie(cookie)