From 5540e16949774e772862057c23c1959d9aa299f6 Mon Sep 17 00:00:00 2001
From: Olakunle Arewa <arewa.olakunle@gmail.com>
Date: Sun, 25 Aug 2024 19:38:35 +0100
Subject: [PATCH] feat: support for securing cookies

---
 html/cookies.go | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 html/cookies.go

diff --git a/html/cookies.go b/html/cookies.go
new file mode 100644
index 0000000..a58358a
--- /dev/null
+++ b/html/cookies.go
@@ -0,0 +1,29 @@
+package html
+
+import (
+	"net/http"
+)
+
+// SecureCookie makes sure the passed cookies is only accessible
+// to the browser, over HTTPS from the server's domain(for PUT, POST e.t.c)
+func SecureCookie(appEnv string, cookie *http.Cookie) *http.Cookie {
+	cookie.HttpOnly = true          // No JS access
+	cookie.Secure = appEnv != "dev" // HTTPS only
+
+	if appEnv != "dev" {
+		cookie.SameSite = http.SameSiteLaxMode
+	}
+
+	return cookie
+}
+
+// LockCookie is SecureCookie with strict mode for same site settings
+func LockCookie(appEnv string, cookie *http.Cookie) *http.Cookie {
+	SecureCookie(appEnv, cookie)
+
+	if appEnv != "dev" {
+		cookie.SameSite = http.SameSiteStrictMode
+	}
+
+	return cookie
+}