1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-27 18:04:53 +09:00

Use HTTPS for avatar URL if approot in settings is https://

This commit is contained in:
fr33domlover 2018-03-06 00:55:52 +00:00
parent 3398b56931
commit 33af9fb289
7 changed files with 76 additions and 12 deletions

View file

@ -1,6 +1,6 @@
{- This file is part of Vervis.
-
- Written in 2016 by fr33domlover <fr33domlover@riseup.net>.
- Written in 2016, 2018 by fr33domlover <fr33domlover@riseup.net>.
-
- Copying is an act of love. Please copy, reuse and share.
-
@ -28,9 +28,8 @@ import Network.Wai (isSecure)
import Yesod.Core (MonadHandler)
import Yesod.Core.Handler (waiRequest)
getAvatarUrl :: MonadHandler m => Text -> m (Maybe Text)
getAvatarUrl email = do
secure <- isSecure <$> waiRequest
getAvatarUrl :: MonadHandler m => Bool -> Text -> m (Maybe Text)
getAvatarUrl secure email = do
let opts = def
{ optSecure = secure
, optTryGravatar = False

View file

@ -27,8 +27,9 @@ import Text.Hamlet (hamletFile)
import Yesod.Auth.Account
import Yesod.Auth.Account.Message (AccountMsg (MsgUsernameExists))
import Yesod.Auth.Message (AuthMessage (IdentifierNotFound))
import Yesod.Default.Util (addStaticContentExternal)
import Yesod.Core.Types (Logger)
import Yesod.Default.Util (addStaticContentExternal)
import Yesod.Mail.Send
import qualified Yesod.Core.Unsafe as Unsafe

View file

@ -31,6 +31,7 @@ import Text.Blaze.Html (toHtml)
import Yesod.Auth.Account (newAccountR)
import Vervis.Model.Ident
import Vervis.Secure
import Vervis.Widget (avatarW)
-- | Get list of users
@ -108,4 +109,5 @@ getPersonR ident = do
Entity sid _s <- getBy404 $ UniqueSharer ident
Entity _pid p <- getBy404 $ UniquePersonIdent sid
return p
secure <- getSecure
defaultLayout $(widgetFile "person")

61
src/Vervis/Secure.hs Normal file
View file

@ -0,0 +1,61 @@
{- This file is part of Vervis.
-
- Written in 2018 by fr33domlover <fr33domlover@riseup.net>.
-
- Copying is an act of love. Please copy, reuse and share.
-
- The author(s) have dedicated all copyright and related and neighboring
- rights to this software to the public domain worldwide. This software is
- distributed without any warranty.
-
- You should have received a copy of the CC0 Public Domain Dedication along
- with this software. If not, see
- <http://creativecommons.org/publicdomain/zero/1.0/>.
-}
-- | Sometimes we need to give the user a URL with a different domain than the
-- main web application, but with the same protocol scheme: If we're running in
-- HTTPS, then provide an HTTPS URL. And if we're running plain HTTP, provide
-- an HTTP URL (not because HTTPS is bad, but because we may be serving that
-- URL too and simply not providing SSL for it).
--
-- In order to construct that URL, we need to figure out whether the request
-- we're serving is secured with HTTPS.
--
-- Since the web app may be running behind a reverse proxy, checking the
-- request itself isn't enough - we need to know whether a reverse proxy may be
-- serving our web app via HTTPS.
--
-- One way to detect that is @Forwarded@ headers in the request, but it seems
-- they can be faked, i.e. just inserted manually by an HTTP client. So our
-- approach here is to rely on the configured approot: If you use a reverse
-- proxy, specify the approot in your web app settings file, otherwise only the
-- request itself will be consulted.
module Vervis.Secure
( getSecure
)
where
import Prelude
import Control.Monad ((<=<))
import Data.Text (Text)
import Network.Wai (isSecure)
import Yesod.Core.Handler (getsYesod, waiRequest)
import qualified Data.Text as T (take)
import Vervis.Foundation
import Vervis.Settings
getSecure :: Handler Bool
getSecure = do
let detectScheme t =
case T.take 5 t of
"https" -> Just True
"http:" -> Just False
_ -> Nothing
msec <- getsYesod $ detectScheme <=< appRoot . appSettings
case msec of
Nothing -> isSecure <$> waiRequest
Just sec -> return sec

View file

@ -1,6 +1,6 @@
{- This file is part of Vervis.
-
- Written in 2016 by fr33domlover <fr33domlover@riseup.net>.
- Written in 2016, 2018 by fr33domlover <fr33domlover@riseup.net>.
-
- Copying is an act of love. Please copy, reuse and share.
-
@ -53,9 +53,9 @@ revisionW =
changes = $darcsTotalPatches :: Int
in $(widgetFile "widget/revision")
avatarW :: Text -> WidgetT site IO ()
avatarW email = do
murl <- getAvatarUrl email
avatarW :: Bool -> Text -> WidgetT site IO ()
avatarW secure email = do
murl <- getAvatarUrl secure email
[whamlet|
<div>
$maybe url <- murl

View file

@ -1,6 +1,6 @@
$# This file is part of Vervis.
$#
$# Written in 2016 by fr33domlover <fr33domlover@riseup.net>.
$# Written in 2016, 2018 by fr33domlover <fr33domlover@riseup.net>.
$#
$# ♡ Copying is an act of love. Please copy, reuse and share.
$#
@ -12,7 +12,7 @@ $# You should have received a copy of the CC0 Public Domain Dedication along
$# with this software. If not, see
$# <http://creativecommons.org/publicdomain/zero/1.0/>.
^{avatarW $ personEmail person}
^{avatarW secure $ personEmail person}
<ul>
<li>

View file

@ -92,8 +92,8 @@ library
Text.FilePath.Local
Text.Jasmine.Local
Web.PathPieces.Local
Yesod.Paginate.Local
Yesod.Mail.Send
Yesod.Paginate.Local
Vervis.Application
Vervis.Avatar
@ -160,6 +160,7 @@ library
Vervis.Readme
Vervis.Render
Vervis.Role
Vervis.Secure
Vervis.Settings
Vervis.Settings.StaticFiles
Vervis.SourceTree