Make the cookie encryption key and timeout configurable in settings file

clone-deps.sh

@@ -11,4 +11,5 @@ darcs clone $VERVIS/darcs-rev
 darcs clone $VERVIS/ssh
 darcs clone $VERVIS/persistent-migration
 darcs clone $VERVIS/persistent-email-address
+darcs clone $VERVIS/time-interval-aeson
 darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd

config/settings-default.yaml

@@ -24,6 +24,15 @@ ip-from-header: "_env:IP_FROM_HEADER:false"
 # Uncomment to set an explicit approot
 #approot:        "_env:APPROOT:http://localhost:3000"
 
+# Encryption key file for encrypting the session cookie sent to clients
+client-session-key:     config/client_session_key.aes
+
+# How much time after the last request it takes for the session cookie to
+# expire
+client-session-timeout:
+  amount:               2
+  unit:                 hours
+
 ###############################################################################
 # Development
 ###############################################################################

src/Vervis/Foundation.hs

@@ -19,8 +19,8 @@ import Prelude (init, last)
 
 import Control.Monad.Logger (logWarn)
 import Control.Monad.Trans.Maybe
-import Data.Time.Interval (fromTimeUnit)
-import Data.Time.Units (Day)
+import Data.Time.Interval (fromTimeUnit, toTimeUnit)
+import Data.Time.Units (Minute, Day)
 import Database.Persist.Sql (ConnectionPool, runSqlPool)
 import Graphics.SVGFonts.ReadFont (PreparedFont)
 import Text.Shakespeare.Text (textFile)
@@ -96,10 +96,12 @@ instance Yesod App where
 
     -- Store session data on the client in encrypted cookies,
     -- default session idle timeout is 120 minutes
-    makeSessionBackend _ =
+    makeSessionBackend app =
         -- sslOnlySessions $
-        Just <$>
-        defaultClientSessionBackend 120 "config/client_session_key.aes"
+        let s = appSettings app
+            t = fromIntegral (toTimeUnit $ appClientSessionTimeout s :: Minute)
+            k = appClientSessionKeyFile s
+        in  Just <$> defaultClientSessionBackend t k
 
     -- Yesod Middleware allows you to run code before and after each handler function.
     -- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.

src/Vervis/Settings.hs

@@ -31,6 +31,8 @@ import Control.Exception           (throw)
 import Data.Aeson                  (Result (..), fromJSON, withObject, (.!=),
                                     (.:?))
 import Data.FileEmbed              (embedFile)
+import Data.Time.Interval (TimeInterval)
+import Data.Time.Interval.Aeson (interval)
 import Data.Yaml                   (decodeEither')
 import Database.Persist.Postgresql (PostgresConf)
 import Language.Haskell.TH.Syntax  (Exp, Name, Q)
@@ -59,6 +61,11 @@ data AppSettings = AppSettings
       -- behind a reverse proxy.
     , appIpFromHeader           :: Bool
 
+      -- | Path of session cookie encryption key file
+    , appClientSessionKeyFile   :: FilePath
+      -- | Idle timeout for session cookie expiration
+    , appClientSessionTimeout   :: TimeInterval
+
       -- | Use detailed request logging system
     , appDetailedRequestLogging :: Bool
       -- | Should all log messages be displayed?
@@ -106,6 +113,9 @@ instance FromJSON AppSettings where
         appPort                   <- o .: "http-port"
         appIpFromHeader           <- o .: "ip-from-header"
 
+        appClientSessionKeyFile   <- o .: "client-session-key"
+        appClientSessionTimeout   <- interval <$> o .: "client-session-timeout"
+
         appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
         appShouldLogAll           <- o .:? "should-log-all"   .!= defaultDev
         appReloadTemplates        <- o .:? "reload-templates" .!= defaultDev

stack.yaml

@@ -16,6 +16,7 @@ packages:
   - '../hit-network'
   - '../persistent-migration'
   - '../persistent-email-address'
+  - '../time-interval-aeson'
 # - '../yesod-auth-account'
   - location:
      git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account

vervis.cabal

@@ -302,6 +302,7 @@ library
                      , text
                      , time
                      , time-interval
+                     , time-interval-aeson
                      , time-units
                      , transformers
                        -- probably should be replaced with lenses once I learn