Make the cookie encryption key and timeout configurable in settings file

This commit is contained in:
fr33domlover 2018-07-01 08:15:23 +00:00
parent 870123bfcc
commit c420b8d8ea
6 changed files with 29 additions and 5 deletions

View file

@ -11,4 +11,5 @@ darcs clone $VERVIS/darcs-rev
darcs clone $VERVIS/ssh darcs clone $VERVIS/ssh
darcs clone $VERVIS/persistent-migration darcs clone $VERVIS/persistent-migration
darcs clone $VERVIS/persistent-email-address darcs clone $VERVIS/persistent-email-address
darcs clone $VERVIS/time-interval-aeson
darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd

View file

@ -24,6 +24,15 @@ ip-from-header: "_env:IP_FROM_HEADER:false"
# Uncomment to set an explicit approot # Uncomment to set an explicit approot
#approot: "_env:APPROOT:http://localhost:3000" #approot: "_env:APPROOT:http://localhost:3000"
# Encryption key file for encrypting the session cookie sent to clients
client-session-key: config/client_session_key.aes
# How much time after the last request it takes for the session cookie to
# expire
client-session-timeout:
amount: 2
unit: hours
############################################################################### ###############################################################################
# Development # Development
############################################################################### ###############################################################################

View file

@ -19,8 +19,8 @@ import Prelude (init, last)
import Control.Monad.Logger (logWarn) import Control.Monad.Logger (logWarn)
import Control.Monad.Trans.Maybe import Control.Monad.Trans.Maybe
import Data.Time.Interval (fromTimeUnit) import Data.Time.Interval (fromTimeUnit, toTimeUnit)
import Data.Time.Units (Day) import Data.Time.Units (Minute, Day)
import Database.Persist.Sql (ConnectionPool, runSqlPool) import Database.Persist.Sql (ConnectionPool, runSqlPool)
import Graphics.SVGFonts.ReadFont (PreparedFont) import Graphics.SVGFonts.ReadFont (PreparedFont)
import Text.Shakespeare.Text (textFile) import Text.Shakespeare.Text (textFile)
@ -96,10 +96,12 @@ instance Yesod App where
-- Store session data on the client in encrypted cookies, -- Store session data on the client in encrypted cookies,
-- default session idle timeout is 120 minutes -- default session idle timeout is 120 minutes
makeSessionBackend _ = makeSessionBackend app =
-- sslOnlySessions $ -- sslOnlySessions $
Just <$> let s = appSettings app
defaultClientSessionBackend 120 "config/client_session_key.aes" t = fromIntegral (toTimeUnit $ appClientSessionTimeout s :: Minute)
k = appClientSessionKeyFile s
in Just <$> defaultClientSessionBackend t k
-- Yesod Middleware allows you to run code before and after each handler function. -- Yesod Middleware allows you to run code before and after each handler function.
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks. -- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.

View file

@ -31,6 +31,8 @@ import Control.Exception (throw)
import Data.Aeson (Result (..), fromJSON, withObject, (.!=), import Data.Aeson (Result (..), fromJSON, withObject, (.!=),
(.:?)) (.:?))
import Data.FileEmbed (embedFile) import Data.FileEmbed (embedFile)
import Data.Time.Interval (TimeInterval)
import Data.Time.Interval.Aeson (interval)
import Data.Yaml (decodeEither') import Data.Yaml (decodeEither')
import Database.Persist.Postgresql (PostgresConf) import Database.Persist.Postgresql (PostgresConf)
import Language.Haskell.TH.Syntax (Exp, Name, Q) import Language.Haskell.TH.Syntax (Exp, Name, Q)
@ -59,6 +61,11 @@ data AppSettings = AppSettings
-- behind a reverse proxy. -- behind a reverse proxy.
, appIpFromHeader :: Bool , appIpFromHeader :: Bool
-- | Path of session cookie encryption key file
, appClientSessionKeyFile :: FilePath
-- | Idle timeout for session cookie expiration
, appClientSessionTimeout :: TimeInterval
-- | Use detailed request logging system -- | Use detailed request logging system
, appDetailedRequestLogging :: Bool , appDetailedRequestLogging :: Bool
-- | Should all log messages be displayed? -- | Should all log messages be displayed?
@ -106,6 +113,9 @@ instance FromJSON AppSettings where
appPort <- o .: "http-port" appPort <- o .: "http-port"
appIpFromHeader <- o .: "ip-from-header" appIpFromHeader <- o .: "ip-from-header"
appClientSessionKeyFile <- o .: "client-session-key"
appClientSessionTimeout <- interval <$> o .: "client-session-timeout"
appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
appShouldLogAll <- o .:? "should-log-all" .!= defaultDev appShouldLogAll <- o .:? "should-log-all" .!= defaultDev
appReloadTemplates <- o .:? "reload-templates" .!= defaultDev appReloadTemplates <- o .:? "reload-templates" .!= defaultDev

View file

@ -16,6 +16,7 @@ packages:
- '../hit-network' - '../hit-network'
- '../persistent-migration' - '../persistent-migration'
- '../persistent-email-address' - '../persistent-email-address'
- '../time-interval-aeson'
# - '../yesod-auth-account' # - '../yesod-auth-account'
- location: - location:
git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account

View file

@ -302,6 +302,7 @@ library
, text , text
, time , time
, time-interval , time-interval
, time-interval-aeson
, time-units , time-units
, transformers , transformers
-- probably should be replaced with lenses once I learn -- probably should be replaced with lenses once I learn