add app setting enable SSL_ONLY

2021-09-28 22:07:53 -05:00 · 2021-09-28 22:07:53 -05:00 · 71938b3e0a
parent 3ecb38b89a
commit 71938b3e0a
3 changed files with 32 additions and 5 deletions
--- a/config/settings.yml
+++ b/config/settings.yml
@ -41,3 +41,5 @@ archive-socks-proxy-host: "_env:ARCHIVE_SOCKS_PROXY_HOST"
 archive-socks-proxy-port: "_env:ARCHIVE_SOCKS_PROXY_PORT"

 source-code-uri: "_env:SOURCE_CODE_URI:https://github.com/jonschoning/espial"
+
+ssl-only: "_env:SSL_ONLY" # false
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@ -1,5 +1,6 @@
 {-# LANGUAGE DeriveGeneric #-}
 {-# LANGUAGE StandaloneDeriving #-}
+{-# LANGUAGE NamedFieldPuns #-}
 {-# OPTIONS_GHC -fno-warn-unused-matches #-}

 module Foundation where
@ -41,6 +42,9 @@ instance YesodPersist App where
 instance YesodPersistRunner App where
    getDBRunner = defaultGetDBRunner appConnPool

+session_timeout_minutes :: Int
+session_timeout_minutes = 10080 -- (7 days)
+
 -- Yesod

 instance Yesod App where
@ -49,11 +53,28 @@ instance Yesod App where
            Nothing -> getApprootText guessApproot app req
            Just root -> root

-    makeSessionBackend _ = Just <$> defaultClientSessionBackend
-        10080 -- min (7 days)
-        "config/client_session_key.aes"
+    makeSessionBackend :: App -> IO (Maybe SessionBackend)
+    makeSessionBackend App {appSettings} = do
+      backend <-
+        defaultClientSessionBackend
+          session_timeout_minutes
+          "config/client_session_key.aes"
+      maybeSSLOnly $ pure (Just backend)
+      where
+        maybeSSLOnly =
+          if appSSLOnly appSettings
+            then sslOnlySessions
+            else id

-    yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
+    yesodMiddleware :: HandlerFor App res -> HandlerFor App res
+    yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
+      where
+        maybeSSLOnly handler = do
+          yesod <- getYesod
+          (if appSSLOnly (appSettings yesod)
+             then sslOnlyMiddleware session_timeout_minutes
+             else id)
+            handler

    defaultLayout widget = do
        req <- getRequest
--- a/src/Settings.hs
+++ b/src/Settings.hs
@ -64,6 +64,8 @@ data AppSettings = AppSettings

    , appSourceCodeUri                :: Maybe Text
    -- ^ Uri to app source code
+
+    , appSSLOnly :: Bool
    }

 instance FromJSON AppSettings where
@ -96,7 +98,9 @@ instance FromJSON AppSettings where

        appArchiveSocksProxyHost   <- o .:? "archive-socks-proxy-host"
        appArchiveSocksProxyPort   <- o .:? "archive-socks-proxy-port"
-        appSourceCodeUri          <- o .:? "source-code-uri"
+        appSourceCodeUri           <- o .:? "source-code-uri"
+
+        appSSLOnly                 <- fromMaybe False <$> o .:? "ssl-only"

        return AppSettings {..}