From b07297f323d23c047e6a5a7d144a3a230bd15b3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dalibor=20Markovi=C4=87?= <dalibor31@gmail.com>
Date: Fri, 19 Jun 2026 01:54:36 +0200
Subject: [PATCH] =?UTF-8?q?Demo=20mod:=20Secure=20kola=C4=8Di=C4=87i=20i?=
 =?UTF-8?q?=20blokada=20TOTP=20aktivacije?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Secure flag na kolačićima se postavlja i u demo modu (HTTPS kroz Caddy)
- Podešavanje 2FA je blokirano u demo modu — handler odbija zahtev,
  a šablon sakriva dugme i prikazuje obaveštenje
---
 internal/handler/admin.go                | 6 ++++++
 internal/handler/dashboard.go            | 2 +-
 internal/handler/prijava.go              | 4 ++--
 internal/middleware/auth.go              | 4 ++--
 internal/middleware/csrf.go              | 2 +-
 web/templates/stranice/admin_profil.html | 6 ++++--
 6 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/internal/handler/admin.go b/internal/handler/admin.go
index 302136b..b81d109 100644
--- a/internal/handler/admin.go
+++ b/internal/handler/admin.go
@@ -418,6 +418,12 @@ func (h *Handler) AdminTotpPokreni(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if h.JelDemo {
+		middleware.SetFlash(w, r, h.DB, "greska", "Podešavanje 2FA nije dostupno u demo modu.")
+		http.Redirect(w, r, "/admin/profil", http.StatusSeeOther)
+		return
+	}
+
 	podesavanja, _ := sqlite.DohvatiSvaPodesavanja(r.Context(), h.DB)
 	totp, err := auth.GenerisuTotpTajnu(k.KorisnickoIme, podesavanja["naziv_firme"])
 	if err != nil {
diff --git a/internal/handler/dashboard.go b/internal/handler/dashboard.go
index 5db3152..cd752f8 100644
--- a/internal/handler/dashboard.go
+++ b/internal/handler/dashboard.go
@@ -25,7 +25,7 @@ func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 			Path:     "/",
 			MaxAge:   -1,
 			HttpOnly: true,
-			Secure:   os.Getenv("NTECH_ENV") == "production",
+			Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		})
 	}
 
diff --git a/internal/handler/prijava.go b/internal/handler/prijava.go
index 2c6964e..f92adf9 100644
--- a/internal/handler/prijava.go
+++ b/internal/handler/prijava.go
@@ -269,7 +269,7 @@ func (h *Handler) Odjava(w http.ResponseWriter, r *http.Request) {
 		Path:     "/",
 		Expires:  time.Unix(0, 0),
 		MaxAge:   -1,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		HttpOnly: true,
 	})
 	http.Redirect(w, r, "/prijava", http.StatusSeeOther)
@@ -318,7 +318,7 @@ func napraviKolacic(token string, istice time.Time) *http.Cookie {
 		Path:     "/",
 		Expires:  istice,
 		HttpOnly: true,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		SameSite: http.SameSiteStrictMode,
 	}
 }
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
index 21ad350..c8b5447 100644
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -40,7 +40,7 @@ func RequireAuth(db *sql.DB, totpKljuc []byte) func(http.Handler) http.Handler {
 					Path:     "/",
 					Expires:  time.Unix(0, 0),
 					MaxAge:   -1,
-					Secure:   os.Getenv("NTECH_ENV") == "production",
+					Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 					HttpOnly: true,
 				})
 				http.Redirect(w, r, "/prijava", http.StatusSeeOther)
@@ -157,7 +157,7 @@ func postaviFlashGresku(w http.ResponseWriter, poruka string) {
 		Path:     "/",
 		MaxAge:   60,
 		HttpOnly: true,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 	})
 }
 
diff --git a/internal/middleware/csrf.go b/internal/middleware/csrf.go
index ed5916c..6cdfec4 100644
--- a/internal/middleware/csrf.go
+++ b/internal/middleware/csrf.go
@@ -39,7 +39,7 @@ func CsrfMiddleware(next http.Handler) http.Handler {
 					Path:     "/",
 					MaxAge:   86400 * 30,
 					HttpOnly: true,
-					Secure:   os.Getenv("NTECH_ENV") == "production",
+					Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 					SameSite: http.SameSiteStrictMode,
 				})
 			}
diff --git a/web/templates/stranice/admin_profil.html b/web/templates/stranice/admin_profil.html
index 1211f6f..df10a92 100644
--- a/web/templates/stranice/admin_profil.html
+++ b/web/templates/stranice/admin_profil.html
@@ -97,9 +97,11 @@
 						Status:
 						<strong>Isključena</strong>
 					</div>
-					<div style="font-size: 13px; color: var(--tekst-sporedni)">Preporučujemo uključivanje dvostepene verifikacije.</div>
+					<div style="font-size: 13px; color: var(--tekst-sporedni)">
+						{{if .JelDemo}}Podešavanje 2FA nije dostupno u demo modu.{{else}}Preporučujemo uključivanje dvostepene verifikacije.{{end}}
+					</div>
 				</div>
-				<a href="/admin/profil/totp/pokreni" class="btn-primarno">Podesi 2FA</a>
+				{{if not .JelDemo}}<a href="/admin/profil/totp/pokreni" class="btn-primarno">Podesi 2FA</a>{{end}}
 			</div>
 		{{ end }}
 	</div>