add app setting enable SSL_ONLY
This commit is contained in:
parent
3ecb38b89a
commit
71938b3e0a
|
@ -41,3 +41,5 @@ archive-socks-proxy-host: "_env:ARCHIVE_SOCKS_PROXY_HOST"
|
||||||
archive-socks-proxy-port: "_env:ARCHIVE_SOCKS_PROXY_PORT"
|
archive-socks-proxy-port: "_env:ARCHIVE_SOCKS_PROXY_PORT"
|
||||||
|
|
||||||
source-code-uri: "_env:SOURCE_CODE_URI:https://github.com/jonschoning/espial"
|
source-code-uri: "_env:SOURCE_CODE_URI:https://github.com/jonschoning/espial"
|
||||||
|
|
||||||
|
ssl-only: "_env:SSL_ONLY" # false
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{-# LANGUAGE DeriveGeneric #-}
|
{-# LANGUAGE DeriveGeneric #-}
|
||||||
{-# LANGUAGE StandaloneDeriving #-}
|
{-# LANGUAGE StandaloneDeriving #-}
|
||||||
|
{-# LANGUAGE NamedFieldPuns #-}
|
||||||
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
|
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
|
||||||
|
|
||||||
module Foundation where
|
module Foundation where
|
||||||
|
@ -41,6 +42,9 @@ instance YesodPersist App where
|
||||||
instance YesodPersistRunner App where
|
instance YesodPersistRunner App where
|
||||||
getDBRunner = defaultGetDBRunner appConnPool
|
getDBRunner = defaultGetDBRunner appConnPool
|
||||||
|
|
||||||
|
session_timeout_minutes :: Int
|
||||||
|
session_timeout_minutes = 10080 -- (7 days)
|
||||||
|
|
||||||
-- Yesod
|
-- Yesod
|
||||||
|
|
||||||
instance Yesod App where
|
instance Yesod App where
|
||||||
|
@ -49,11 +53,28 @@ instance Yesod App where
|
||||||
Nothing -> getApprootText guessApproot app req
|
Nothing -> getApprootText guessApproot app req
|
||||||
Just root -> root
|
Just root -> root
|
||||||
|
|
||||||
makeSessionBackend _ = Just <$> defaultClientSessionBackend
|
makeSessionBackend :: App -> IO (Maybe SessionBackend)
|
||||||
10080 -- min (7 days)
|
makeSessionBackend App {appSettings} = do
|
||||||
|
backend <-
|
||||||
|
defaultClientSessionBackend
|
||||||
|
session_timeout_minutes
|
||||||
"config/client_session_key.aes"
|
"config/client_session_key.aes"
|
||||||
|
maybeSSLOnly $ pure (Just backend)
|
||||||
|
where
|
||||||
|
maybeSSLOnly =
|
||||||
|
if appSSLOnly appSettings
|
||||||
|
then sslOnlySessions
|
||||||
|
else id
|
||||||
|
|
||||||
yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
|
yesodMiddleware :: HandlerFor App res -> HandlerFor App res
|
||||||
|
yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
|
||||||
|
where
|
||||||
|
maybeSSLOnly handler = do
|
||||||
|
yesod <- getYesod
|
||||||
|
(if appSSLOnly (appSettings yesod)
|
||||||
|
then sslOnlyMiddleware session_timeout_minutes
|
||||||
|
else id)
|
||||||
|
handler
|
||||||
|
|
||||||
defaultLayout widget = do
|
defaultLayout widget = do
|
||||||
req <- getRequest
|
req <- getRequest
|
||||||
|
|
|
@ -64,6 +64,8 @@ data AppSettings = AppSettings
|
||||||
|
|
||||||
, appSourceCodeUri :: Maybe Text
|
, appSourceCodeUri :: Maybe Text
|
||||||
-- ^ Uri to app source code
|
-- ^ Uri to app source code
|
||||||
|
|
||||||
|
, appSSLOnly :: Bool
|
||||||
}
|
}
|
||||||
|
|
||||||
instance FromJSON AppSettings where
|
instance FromJSON AppSettings where
|
||||||
|
@ -98,6 +100,8 @@ instance FromJSON AppSettings where
|
||||||
appArchiveSocksProxyPort <- o .:? "archive-socks-proxy-port"
|
appArchiveSocksProxyPort <- o .:? "archive-socks-proxy-port"
|
||||||
appSourceCodeUri <- o .:? "source-code-uri"
|
appSourceCodeUri <- o .:? "source-code-uri"
|
||||||
|
|
||||||
|
appSSLOnly <- fromMaybe False <$> o .:? "ssl-only"
|
||||||
|
|
||||||
return AppSettings {..}
|
return AppSettings {..}
|
||||||
|
|
||||||
-- | Settings for 'widgetFile', such as which template languages to support and
|
-- | Settings for 'widgetFile', such as which template languages to support and
|
||||||
|
|
Loading…
Reference in a new issue