Demo mod: Secure kolačići i blokada TOTP aktivacije

- Secure flag na kolačićima se postavlja i u demo modu (HTTPS kroz Caddy) - Podešavanje 2FA je blokirano u demo modu — handler odbija zahtev, a šablon sakriva dugme i prikazuje obaveštenje
2026-06-19 01:54:36 +02:00
parent 1303b35387
commit b07297f323
6 changed files with 16 additions and 8 deletions
@@ -418,6 +418,12 @@ func (h *Handler) AdminTotpPokreni(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if h.JelDemo {
 		middleware.SetFlash(w, r, h.DB, "greska", "Podešavanje 2FA nije dostupno u demo modu.")
 		http.Redirect(w, r, "/admin/profil", http.StatusSeeOther)
 		return
 	}
 	podesavanja, _ := sqlite.DohvatiSvaPodesavanja(r.Context(), h.DB)
 	totp, err := auth.GenerisuTotpTajnu(k.KorisnickoIme, podesavanja["naziv_firme"])
 	if err != nil {
@@ -25,7 +25,7 @@ func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 			Path:     "/",
 			MaxAge:   -1,
 			HttpOnly: true,
-			Secure:   os.Getenv("NTECH_ENV") == "production",
+			Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		})
 	}
@@ -269,7 +269,7 @@ func (h *Handler) Odjava(w http.ResponseWriter, r *http.Request) {
 		Path:     "/",
 		Expires:  time.Unix(0, 0),
 		MaxAge:   -1,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		HttpOnly: true,
 	})
 	http.Redirect(w, r, "/prijava", http.StatusSeeOther)
@@ -318,7 +318,7 @@ func napraviKolacic(token string, istice time.Time) *http.Cookie {
 		Path:     "/",
 		Expires:  istice,
 		HttpOnly: true,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 		SameSite: http.SameSiteStrictMode,
 	}
 }
@@ -40,7 +40,7 @@ func RequireAuth(db *sql.DB, totpKljuc []byte) func(http.Handler) http.Handler {
 					Path:     "/",
 					Expires:  time.Unix(0, 0),
 					MaxAge:   -1,
-					Secure:   os.Getenv("NTECH_ENV") == "production",
+					Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 					HttpOnly: true,
 				})
 				http.Redirect(w, r, "/prijava", http.StatusSeeOther)
@@ -157,7 +157,7 @@ func postaviFlashGresku(w http.ResponseWriter, poruka string) {
 		Path:     "/",
 		MaxAge:   60,
 		HttpOnly: true,
-		Secure:   os.Getenv("NTECH_ENV") == "production",
+		Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 	})
 }
@@ -39,7 +39,7 @@ func CsrfMiddleware(next http.Handler) http.Handler {
 					Path:     "/",
 					MaxAge:   86400 * 30,
 					HttpOnly: true,
-					Secure:   os.Getenv("NTECH_ENV") == "production",
+					Secure:   os.Getenv("NTECH_ENV") == "production" || os.Getenv("NTECH_ENV") == "demo",
 					SameSite: http.SameSiteStrictMode,
 				})
 			}
@@ -97,9 +97,11 @@
 						Status:
 						<strong>Isključena</strong>
 					</div>
-					<div style="font-size: 13px; color: var(--tekst-sporedni)">Preporučujemo uključivanje dvostepene verifikacije.</div>
+					<div style="font-size: 13px; color: var(--tekst-sporedni)">
 						{{if .JelDemo}}Podešavanje 2FA nije dostupno u demo modu.{{else}}Preporučujemo uključivanje dvostepene verifikacije.{{end}}
 					</div>
 				</div>
-				<a href="/admin/profil/totp/pokreni" class="btn-primarno">Podesi 2FA</a>
+				{{if not .JelDemo}}<a href="/admin/profil/totp/pokreni" class="btn-primarno">Podesi 2FA</a>{{end}}
 			</div>
 		{{ end }}
 	</div>