conf: overhaul security settings

conf/app.ini

@@ -146,6 +146,27 @@ SSL_MODE = disable
 ; For "sqlite3" only, make sure to use absolute path.
 PATH = data/gogs.db
 
+[security]
+; Whether to show the install page, set this to "true" to bypass it.
+INSTALL_LOCK = false
+; The secret to encrypt cookie values, 2FA code, etc.
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; The days remembered for auto-login.
+LOGIN_REMEMBER_DAYS = 7
+; The cookie name to stoed auto-login information.
+COOKIE_REMEMBER_NAME = gogs_incredible
+; The cookie name to stored logged in username.
+COOKIE_USERNAME = gogs_awesome
+; Whether to set secure cookie.
+COOKIE_SECURE = false
+; The HTTP header for reverse proxy authentication via username.
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Whether to set cookie to indicate user login status.
+ENABLE_LOGIN_STATUS_COOKIE = false
+; The cookie name to store user login status.
+LOGIN_STATUS_COOKIE_NAME = login_status
+
 ; Attachment settings for releases
 [release.attachment]
 ; Whether attachments are enabled. Defaults to `true`
@@ -184,21 +205,6 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Disable regular (non-admin) users to create organizations
 DISABLE_REGULAR_ORG_CREATION = false
 
-[security]
-INSTALL_LOCK = false
-; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-SECRET_KEY = !#@FDEWREWR&*(
-; Auto-login remember days
-LOGIN_REMEMBER_DAYS = 7
-COOKIE_USERNAME = gogs_awesome
-COOKIE_REMEMBER_NAME = gogs_incredible
-COOKIE_SECURE = false
-; Reverse proxy authentication header name of user name
-REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
-; Enable to set cookie to indicate user login status
-ENABLE_LOGIN_STATUS_COOKIE = false
-LOGIN_STATUS_COOKIE_NAME = login_status
-
 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180
 RESET_PASSWD_CODE_LIVE_MINUTES = 180

conf/locale/locale_en-US.ini

@@ -1226,8 +1226,16 @@ config.db.ssl_mode_helper = (for "postgres" only)
 config.db.path = Path
 config.db.path_helper = (for "sqlite3"only)
 
+config.security_config = Security configuration
+config.security.login_remember_days = Login remember days
+config.security.cookie_remember_name = Remember cookie
+config.security.cookie_username = Username cookie
+config.security.cookie_secure = Enable secure cookie
+config.security.reverse_proxy_auth_user = Reverse proxy authentication header
+config.security.enable_login_status_cookie = Enable login status cookie
+config.security.login_status_cookie_name = Login status cookie
+
 config.log_file_root_path = Log File Root Path
-config.reverse_auth_user = Reverse Authentication User
 
 config.http_config = HTTP Configuration
 config.http_access_control_allow_origin = Access Control Allow Origin