mirror of
https://code.sup39.dev/repos/Wqawg
synced 2024-12-27 18:34:52 +09:00
Make the cookie encryption key and timeout configurable in settings file
This commit is contained in:
parent
870123bfcc
commit
c420b8d8ea
6 changed files with 29 additions and 5 deletions
|
@ -11,4 +11,5 @@ darcs clone $VERVIS/darcs-rev
|
|||
darcs clone $VERVIS/ssh
|
||||
darcs clone $VERVIS/persistent-migration
|
||||
darcs clone $VERVIS/persistent-email-address
|
||||
darcs clone $VERVIS/time-interval-aeson
|
||||
darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd
|
||||
|
|
|
@ -24,6 +24,15 @@ ip-from-header: "_env:IP_FROM_HEADER:false"
|
|||
# Uncomment to set an explicit approot
|
||||
#approot: "_env:APPROOT:http://localhost:3000"
|
||||
|
||||
# Encryption key file for encrypting the session cookie sent to clients
|
||||
client-session-key: config/client_session_key.aes
|
||||
|
||||
# How much time after the last request it takes for the session cookie to
|
||||
# expire
|
||||
client-session-timeout:
|
||||
amount: 2
|
||||
unit: hours
|
||||
|
||||
###############################################################################
|
||||
# Development
|
||||
###############################################################################
|
||||
|
|
|
@ -19,8 +19,8 @@ import Prelude (init, last)
|
|||
|
||||
import Control.Monad.Logger (logWarn)
|
||||
import Control.Monad.Trans.Maybe
|
||||
import Data.Time.Interval (fromTimeUnit)
|
||||
import Data.Time.Units (Day)
|
||||
import Data.Time.Interval (fromTimeUnit, toTimeUnit)
|
||||
import Data.Time.Units (Minute, Day)
|
||||
import Database.Persist.Sql (ConnectionPool, runSqlPool)
|
||||
import Graphics.SVGFonts.ReadFont (PreparedFont)
|
||||
import Text.Shakespeare.Text (textFile)
|
||||
|
@ -96,10 +96,12 @@ instance Yesod App where
|
|||
|
||||
-- Store session data on the client in encrypted cookies,
|
||||
-- default session idle timeout is 120 minutes
|
||||
makeSessionBackend _ =
|
||||
makeSessionBackend app =
|
||||
-- sslOnlySessions $
|
||||
Just <$>
|
||||
defaultClientSessionBackend 120 "config/client_session_key.aes"
|
||||
let s = appSettings app
|
||||
t = fromIntegral (toTimeUnit $ appClientSessionTimeout s :: Minute)
|
||||
k = appClientSessionKeyFile s
|
||||
in Just <$> defaultClientSessionBackend t k
|
||||
|
||||
-- Yesod Middleware allows you to run code before and after each handler function.
|
||||
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.
|
||||
|
|
|
@ -31,6 +31,8 @@ import Control.Exception (throw)
|
|||
import Data.Aeson (Result (..), fromJSON, withObject, (.!=),
|
||||
(.:?))
|
||||
import Data.FileEmbed (embedFile)
|
||||
import Data.Time.Interval (TimeInterval)
|
||||
import Data.Time.Interval.Aeson (interval)
|
||||
import Data.Yaml (decodeEither')
|
||||
import Database.Persist.Postgresql (PostgresConf)
|
||||
import Language.Haskell.TH.Syntax (Exp, Name, Q)
|
||||
|
@ -59,6 +61,11 @@ data AppSettings = AppSettings
|
|||
-- behind a reverse proxy.
|
||||
, appIpFromHeader :: Bool
|
||||
|
||||
-- | Path of session cookie encryption key file
|
||||
, appClientSessionKeyFile :: FilePath
|
||||
-- | Idle timeout for session cookie expiration
|
||||
, appClientSessionTimeout :: TimeInterval
|
||||
|
||||
-- | Use detailed request logging system
|
||||
, appDetailedRequestLogging :: Bool
|
||||
-- | Should all log messages be displayed?
|
||||
|
@ -106,6 +113,9 @@ instance FromJSON AppSettings where
|
|||
appPort <- o .: "http-port"
|
||||
appIpFromHeader <- o .: "ip-from-header"
|
||||
|
||||
appClientSessionKeyFile <- o .: "client-session-key"
|
||||
appClientSessionTimeout <- interval <$> o .: "client-session-timeout"
|
||||
|
||||
appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
|
||||
appShouldLogAll <- o .:? "should-log-all" .!= defaultDev
|
||||
appReloadTemplates <- o .:? "reload-templates" .!= defaultDev
|
||||
|
|
|
@ -16,6 +16,7 @@ packages:
|
|||
- '../hit-network'
|
||||
- '../persistent-migration'
|
||||
- '../persistent-email-address'
|
||||
- '../time-interval-aeson'
|
||||
# - '../yesod-auth-account'
|
||||
- location:
|
||||
git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account
|
||||
|
|
|
@ -302,6 +302,7 @@ library
|
|||
, text
|
||||
, time
|
||||
, time-interval
|
||||
, time-interval-aeson
|
||||
, time-units
|
||||
, transformers
|
||||
-- probably should be replaced with lenses once I learn
|
||||
|
|
Loading…
Reference in a new issue