1
0
Fork 0
mirror of https://code.sup39.dev/repos/Wqawg synced 2024-12-27 17:54:53 +09:00

Make the cookie encryption key and timeout configurable in settings file

This commit is contained in:
fr33domlover 2018-07-01 08:15:23 +00:00
parent 870123bfcc
commit c420b8d8ea
6 changed files with 29 additions and 5 deletions

View file

@ -11,4 +11,5 @@ darcs clone $VERVIS/darcs-rev
darcs clone $VERVIS/ssh
darcs clone $VERVIS/persistent-migration
darcs clone $VERVIS/persistent-email-address
darcs clone $VERVIS/time-interval-aeson
darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd

View file

@ -24,6 +24,15 @@ ip-from-header: "_env:IP_FROM_HEADER:false"
# Uncomment to set an explicit approot
#approot: "_env:APPROOT:http://localhost:3000"
# Encryption key file for encrypting the session cookie sent to clients
client-session-key: config/client_session_key.aes
# How much time after the last request it takes for the session cookie to
# expire
client-session-timeout:
amount: 2
unit: hours
###############################################################################
# Development
###############################################################################

View file

@ -19,8 +19,8 @@ import Prelude (init, last)
import Control.Monad.Logger (logWarn)
import Control.Monad.Trans.Maybe
import Data.Time.Interval (fromTimeUnit)
import Data.Time.Units (Day)
import Data.Time.Interval (fromTimeUnit, toTimeUnit)
import Data.Time.Units (Minute, Day)
import Database.Persist.Sql (ConnectionPool, runSqlPool)
import Graphics.SVGFonts.ReadFont (PreparedFont)
import Text.Shakespeare.Text (textFile)
@ -96,10 +96,12 @@ instance Yesod App where
-- Store session data on the client in encrypted cookies,
-- default session idle timeout is 120 minutes
makeSessionBackend _ =
makeSessionBackend app =
-- sslOnlySessions $
Just <$>
defaultClientSessionBackend 120 "config/client_session_key.aes"
let s = appSettings app
t = fromIntegral (toTimeUnit $ appClientSessionTimeout s :: Minute)
k = appClientSessionKeyFile s
in Just <$> defaultClientSessionBackend t k
-- Yesod Middleware allows you to run code before and after each handler function.
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.

View file

@ -31,6 +31,8 @@ import Control.Exception (throw)
import Data.Aeson (Result (..), fromJSON, withObject, (.!=),
(.:?))
import Data.FileEmbed (embedFile)
import Data.Time.Interval (TimeInterval)
import Data.Time.Interval.Aeson (interval)
import Data.Yaml (decodeEither')
import Database.Persist.Postgresql (PostgresConf)
import Language.Haskell.TH.Syntax (Exp, Name, Q)
@ -59,6 +61,11 @@ data AppSettings = AppSettings
-- behind a reverse proxy.
, appIpFromHeader :: Bool
-- | Path of session cookie encryption key file
, appClientSessionKeyFile :: FilePath
-- | Idle timeout for session cookie expiration
, appClientSessionTimeout :: TimeInterval
-- | Use detailed request logging system
, appDetailedRequestLogging :: Bool
-- | Should all log messages be displayed?
@ -106,6 +113,9 @@ instance FromJSON AppSettings where
appPort <- o .: "http-port"
appIpFromHeader <- o .: "ip-from-header"
appClientSessionKeyFile <- o .: "client-session-key"
appClientSessionTimeout <- interval <$> o .: "client-session-timeout"
appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
appShouldLogAll <- o .:? "should-log-all" .!= defaultDev
appReloadTemplates <- o .:? "reload-templates" .!= defaultDev

View file

@ -16,6 +16,7 @@ packages:
- '../hit-network'
- '../persistent-migration'
- '../persistent-email-address'
- '../time-interval-aeson'
# - '../yesod-auth-account'
- location:
git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account

View file

@ -302,6 +302,7 @@ library
, text
, time
, time-interval
, time-interval-aeson
, time-units
, transformers
-- probably should be replaced with lenses once I learn