* @param {object} options options
* @param {string | string[]} options.encryptionSecret encryption secret
* @param {object} options.authenticator authenticator options
* @param {object} options options
* @param {string | string[]} options.encryptionSecret encryption secret
* @param {object} options.authenticator authenticator options
- * @param {boolean} options.authenticator.secureAuthOnly disable auth over non-https
- * @param {string[]} options.authenticator.forbiddenPAMIdentifiers reject these identifiers for PAM auth
- * @param {string[]} options.authenticator.authnEnabled in order of preference for storing new credentials
+ * @param {boolean=} options.authenticator.secureAuthOnly disable auth over non-https
+ * @param {string=} options.authenticator.sessionCookieSameSite sameSite setting for session cookie, default Lax
+ * @param {string[]=} options.authenticator.forbiddenPAMIdentifiers reject these identifiers for PAM auth
+ * @param {string[]=} options.authenticator.authnEnabled in order of preference for storing new credentials
* @param {number=} options.authenticator.inactiveSessionLifespanSeconds session timeout
* @param {string[]=} options.authenticator.loginBlurb text for login page
* @param {string[]=} options.authenticator.indieAuthBlurb text for indieauth login section
* @param {string[]=} options.authenticator.userBlurb text for local user login section
* @param {string[]=} options.authenticator.otpBlurb text for otp entry
* @param {number=} options.authenticator.inactiveSessionLifespanSeconds session timeout
* @param {string[]=} options.authenticator.loginBlurb text for login page
* @param {string[]=} options.authenticator.indieAuthBlurb text for indieauth login section
* @param {string[]=} options.authenticator.userBlurb text for local user login section
* @param {string[]=} options.authenticator.otpBlurb text for otp entry
* @param {string=} options.dingus.proxyPrefix base url prefix
*/
constructor(logger, db, options) {
* @param {string=} options.dingus.proxyPrefix base url prefix
*/
constructor(logger, db, options) {
this.options = options;
this.basicRealm = options.authenticator.basicRealm || packageName;
this.secureAuthOnly = options.authenticator.secureAuthOnly ?? true;
this.options = options;
this.basicRealm = options.authenticator.basicRealm || packageName;
this.secureAuthOnly = options.authenticator.secureAuthOnly ?? true;
common.addCookie(res, Enum.SessionCookie, ctx.cookie[Enum.SessionCookie], {
httpOnly: true,
maxAge: this.cookieLifespan,
common.addCookie(res, Enum.SessionCookie, ctx.cookie[Enum.SessionCookie], {
httpOnly: true,
maxAge: this.cookieLifespan,
path: `${this.proxyPrefix}/`,
secure: this.secureAuthOnly,
});
path: `${this.proxyPrefix}/`,
secure: this.secureAuthOnly,
});
common.addCookie(res, Enum.SessionCookie, '""', {
httpOnly: true,
maxAge: 0,
common.addCookie(res, Enum.SessionCookie, '""', {
httpOnly: true,
maxAge: 0,
path: `${this.proxyPrefix}/`,
secure: this.secureAuthOnly,
});
path: `${this.proxyPrefix}/`,
secure: this.secureAuthOnly,
});