Make the cookie encryption key and timeout configurable in settings file
This commit is contained in:
parent
870123bfcc
commit
c420b8d8ea
6 changed files with 29 additions and 5 deletions
|
@ -11,4 +11,5 @@ darcs clone $VERVIS/darcs-rev
|
||||||
darcs clone $VERVIS/ssh
|
darcs clone $VERVIS/ssh
|
||||||
darcs clone $VERVIS/persistent-migration
|
darcs clone $VERVIS/persistent-migration
|
||||||
darcs clone $VERVIS/persistent-email-address
|
darcs clone $VERVIS/persistent-email-address
|
||||||
|
darcs clone $VERVIS/time-interval-aeson
|
||||||
darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd
|
darcs clone $VERVIS/yesod-mail-send --to-hash 2800294a41daf57cd420710bc79c8c9b06c0d3dd
|
||||||
|
|
|
@ -24,6 +24,15 @@ ip-from-header: "_env:IP_FROM_HEADER:false"
|
||||||
# Uncomment to set an explicit approot
|
# Uncomment to set an explicit approot
|
||||||
#approot: "_env:APPROOT:http://localhost:3000"
|
#approot: "_env:APPROOT:http://localhost:3000"
|
||||||
|
|
||||||
|
# Encryption key file for encrypting the session cookie sent to clients
|
||||||
|
client-session-key: config/client_session_key.aes
|
||||||
|
|
||||||
|
# How much time after the last request it takes for the session cookie to
|
||||||
|
# expire
|
||||||
|
client-session-timeout:
|
||||||
|
amount: 2
|
||||||
|
unit: hours
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Development
|
# Development
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
|
@ -19,8 +19,8 @@ import Prelude (init, last)
|
||||||
|
|
||||||
import Control.Monad.Logger (logWarn)
|
import Control.Monad.Logger (logWarn)
|
||||||
import Control.Monad.Trans.Maybe
|
import Control.Monad.Trans.Maybe
|
||||||
import Data.Time.Interval (fromTimeUnit)
|
import Data.Time.Interval (fromTimeUnit, toTimeUnit)
|
||||||
import Data.Time.Units (Day)
|
import Data.Time.Units (Minute, Day)
|
||||||
import Database.Persist.Sql (ConnectionPool, runSqlPool)
|
import Database.Persist.Sql (ConnectionPool, runSqlPool)
|
||||||
import Graphics.SVGFonts.ReadFont (PreparedFont)
|
import Graphics.SVGFonts.ReadFont (PreparedFont)
|
||||||
import Text.Shakespeare.Text (textFile)
|
import Text.Shakespeare.Text (textFile)
|
||||||
|
@ -96,10 +96,12 @@ instance Yesod App where
|
||||||
|
|
||||||
-- Store session data on the client in encrypted cookies,
|
-- Store session data on the client in encrypted cookies,
|
||||||
-- default session idle timeout is 120 minutes
|
-- default session idle timeout is 120 minutes
|
||||||
makeSessionBackend _ =
|
makeSessionBackend app =
|
||||||
-- sslOnlySessions $
|
-- sslOnlySessions $
|
||||||
Just <$>
|
let s = appSettings app
|
||||||
defaultClientSessionBackend 120 "config/client_session_key.aes"
|
t = fromIntegral (toTimeUnit $ appClientSessionTimeout s :: Minute)
|
||||||
|
k = appClientSessionKeyFile s
|
||||||
|
in Just <$> defaultClientSessionBackend t k
|
||||||
|
|
||||||
-- Yesod Middleware allows you to run code before and after each handler function.
|
-- Yesod Middleware allows you to run code before and after each handler function.
|
||||||
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.
|
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.
|
||||||
|
|
|
@ -31,6 +31,8 @@ import Control.Exception (throw)
|
||||||
import Data.Aeson (Result (..), fromJSON, withObject, (.!=),
|
import Data.Aeson (Result (..), fromJSON, withObject, (.!=),
|
||||||
(.:?))
|
(.:?))
|
||||||
import Data.FileEmbed (embedFile)
|
import Data.FileEmbed (embedFile)
|
||||||
|
import Data.Time.Interval (TimeInterval)
|
||||||
|
import Data.Time.Interval.Aeson (interval)
|
||||||
import Data.Yaml (decodeEither')
|
import Data.Yaml (decodeEither')
|
||||||
import Database.Persist.Postgresql (PostgresConf)
|
import Database.Persist.Postgresql (PostgresConf)
|
||||||
import Language.Haskell.TH.Syntax (Exp, Name, Q)
|
import Language.Haskell.TH.Syntax (Exp, Name, Q)
|
||||||
|
@ -59,6 +61,11 @@ data AppSettings = AppSettings
|
||||||
-- behind a reverse proxy.
|
-- behind a reverse proxy.
|
||||||
, appIpFromHeader :: Bool
|
, appIpFromHeader :: Bool
|
||||||
|
|
||||||
|
-- | Path of session cookie encryption key file
|
||||||
|
, appClientSessionKeyFile :: FilePath
|
||||||
|
-- | Idle timeout for session cookie expiration
|
||||||
|
, appClientSessionTimeout :: TimeInterval
|
||||||
|
|
||||||
-- | Use detailed request logging system
|
-- | Use detailed request logging system
|
||||||
, appDetailedRequestLogging :: Bool
|
, appDetailedRequestLogging :: Bool
|
||||||
-- | Should all log messages be displayed?
|
-- | Should all log messages be displayed?
|
||||||
|
@ -106,6 +113,9 @@ instance FromJSON AppSettings where
|
||||||
appPort <- o .: "http-port"
|
appPort <- o .: "http-port"
|
||||||
appIpFromHeader <- o .: "ip-from-header"
|
appIpFromHeader <- o .: "ip-from-header"
|
||||||
|
|
||||||
|
appClientSessionKeyFile <- o .: "client-session-key"
|
||||||
|
appClientSessionTimeout <- interval <$> o .: "client-session-timeout"
|
||||||
|
|
||||||
appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
|
appDetailedRequestLogging <- o .:? "detailed-logging" .!= defaultDev
|
||||||
appShouldLogAll <- o .:? "should-log-all" .!= defaultDev
|
appShouldLogAll <- o .:? "should-log-all" .!= defaultDev
|
||||||
appReloadTemplates <- o .:? "reload-templates" .!= defaultDev
|
appReloadTemplates <- o .:? "reload-templates" .!= defaultDev
|
||||||
|
|
|
@ -16,6 +16,7 @@ packages:
|
||||||
- '../hit-network'
|
- '../hit-network'
|
||||||
- '../persistent-migration'
|
- '../persistent-migration'
|
||||||
- '../persistent-email-address'
|
- '../persistent-email-address'
|
||||||
|
- '../time-interval-aeson'
|
||||||
# - '../yesod-auth-account'
|
# - '../yesod-auth-account'
|
||||||
- location:
|
- location:
|
||||||
git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account
|
git: https://dev.angeley.es/s/fr33domlover/r/yesod-auth-account
|
||||||
|
|
|
@ -302,6 +302,7 @@ library
|
||||||
, text
|
, text
|
||||||
, time
|
, time
|
||||||
, time-interval
|
, time-interval
|
||||||
|
, time-interval-aeson
|
||||||
, time-units
|
, time-units
|
||||||
, transformers
|
, transformers
|
||||||
-- probably should be replaced with lenses once I learn
|
-- probably should be replaced with lenses once I learn
|
||||||
|
|
Loading…
Reference in a new issue