Release v0.20: регистрация, авторизация, личный кабинет

Co-authored-by: Cursor <cursoragent@cursor.com>

internal/config/config.go

@@ -8,10 +8,12 @@ import (
 )
 
 type Config struct {
-	HTTPAddr     string
-	DatabaseURL  string
-	ReadTimeout  time.Duration
-	WriteTimeout time.Duration
+	HTTPAddr       string
+	DatabaseURL    string
+	ReadTimeout    time.Duration
+	WriteTimeout   time.Duration
+	SessionTTL     time.Duration
+	CookieSecure   bool
 }
 
 func Load() (Config, error) {
@@ -21,6 +23,8 @@ func Load() (Config, error) {
 		DatabaseURL:  os.Getenv("DATABASE_URL"),
 		ReadTimeout:  durationEnv("HTTP_READ_TIMEOUT", 10*time.Second),
 		WriteTimeout: durationEnv("HTTP_WRITE_TIMEOUT", 30*time.Second),
+		SessionTTL:   sessionTTL(),
+		CookieSecure: env("COOKIE_SECURE", "false") == "true",
 	}
 	if cfg.DatabaseURL == "" {
 		return cfg, fmt.Errorf("DATABASE_URL is required")
@@ -35,6 +39,15 @@ func env(key, fallback string) string {
 	return fallback
 }
 
+func sessionTTL() time.Duration {
+	if v := os.Getenv("SESSION_TTL_HOURS"); v != "" {
+		if h, err := strconv.Atoi(v); err == nil && h > 0 {
+			return time.Duration(h) * time.Hour
+		}
+	}
+	return 168 * time.Hour
+}
+
 func durationEnv(key string, fallback time.Duration) time.Duration {
 	v := os.Getenv(key)
 	if v == "" {