From 7bada9f32ba43132ce3ed37c2c5ba2c29cfebcaf Mon Sep 17 00:00:00 2001
From: ZdenekSrotyr <zdenek.srotyr@keboola.com>
Date: Thu, 9 Apr 2026 16:31:50 +0200
Subject: [PATCH] fix: force secure cookie in production, reduce max_age to 1
 day

Use TESTING env var to detect production instead of relying on
request scheme, and align cookie max_age with JWT expiry (86400s).
---
 app/auth/providers/google.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/auth/providers/google.py b/app/auth/providers/google.py
index e26264e..4268457 100644
--- a/app/auth/providers/google.py
+++ b/app/auth/providers/google.py
@@ -89,12 +89,12 @@ async def google_callback(request: Request):
         jwt_token = create_access_token(user["id"], user["email"], user["role"])
 
         # Redirect to dashboard with token in cookie
-        is_https = request.url.scheme == "https"
+        is_production = os.environ.get("TESTING", "").lower() not in ("1", "true")
         response = RedirectResponse(url="/dashboard", status_code=302)
         response.set_cookie(
             key="access_token", value=jwt_token,
-            httponly=True, max_age=86400 * 30, samesite="lax",
-            secure=is_https,
+            httponly=True, max_age=86400, samesite="lax",
+            secure=is_production,
         )
         return response