change(config): Add server field to config

server: The `server` field will just contain things related to the server. I dunno how to explain it, but it's for that.
useSecureCookies: `server.useSecureCookies` is the equivalent of `COOKIE_SECURE`.
config/compatibility.yml: Add documentation for the new `server` field.

config/compatibility.yml

@@ -26,5 +26,10 @@ store:
     # proxyAttachments is the same as DIRECT_RESPONSE_ATTACHMENT; defaults to false
     proxyAttachments: true
 
+# Server configuration
+server:
+    # useSecureConfig is the same as COOKIE_SECURE; if in production (which is for end-users), it will be true, else it'll be false
+    useSecureConfig: true
+
 # baseUrl is the same as BASE_URL; not required
-baseUrl: https://example.com
+baseUrl: https://example.com

libs/server/config.ts

@@ -31,9 +31,15 @@ export interface S3StoreConfiguration {
 
 export type StoreConfiguration = S3StoreConfiguration;
 
+export interface ServerConfiguration {
+    useSecureCookies: boolean;
+    // TODO: Move baseUrl to here
+}
+
 export interface Configuration {
     auth: AuthConfiguration;
     store: StoreConfiguration;
+    server: ServerConfiguration;
     baseUrl?: string;
 }
 
@@ -130,9 +136,20 @@ export function loadConfig() {
         store.proxyAttachments = env.parseBool(env.getEnvRaw('DIRECT_RESPONSE_ATTACHMENT', false), store.proxyAttachments ?? false);
     }
 
+    let server: ServerConfiguration;
+    if (!baseConfig.server) {
+        server = {} as ServerConfiguration;
+    } else {
+        server = baseConfig.server;
+    }
+    {
+        server.useSecureCookies = env.parseBool(env.getEnvRaw('COOKIE_SECURE', false), process.env.NODE_ENV === 'production');
+    }
+
     loaded = {
         auth,
         store,
+        server,
         baseUrl: env.getEnvRaw('BASE_URL', false) ?? baseConfig.baseUrl,
     };
 }