From 01e4ce0fa7c369996ec4ef3a033d16d6fa0eb715 Mon Sep 17 00:00:00 2001 From: Joris Date: Thu, 31 Mar 2016 18:45:36 +0200 Subject: Use https link and secure cookie when activated --- README.md | 10 ---------- application.conf | 1 + src/client/elm/LoggedIn/User/View.elm | 11 +++++++++++ src/server/Conf.hs | 4 +++- src/server/Controller/Index.hs | 8 +++----- src/server/Controller/SignIn.hs | 10 ++++++++-- src/server/Cookie.hs | 25 ++++++++++++++----------- src/server/LoginSession.hs | 12 +++++++----- src/server/Main.hs | 2 +- 9 files changed, 48 insertions(+), 35 deletions(-) create mode 100644 src/client/elm/LoggedIn/User/View.elm diff --git a/README.md b/README.md index 78e9d36..7c78b0e 100644 --- a/README.md +++ b/README.md @@ -19,13 +19,3 @@ npm install elm package install npm start ``` - -## Configuration - -``` -hostname = localhost:3000 -port = 3000 -currency = € -signInExpiration = 5 minutes -noReplyMail = "no-reply@mail.com" -``` diff --git a/application.conf b/application.conf index 5c2eab8..49b81a7 100644 --- a/application.conf +++ b/application.conf @@ -3,5 +3,6 @@ port = 3000 currency = "€" signInExpiration = 5 minutes noReplyMail = "no-reply@mail.com" +https = False importMaybe "local.conf" diff --git a/src/client/elm/LoggedIn/User/View.elm b/src/client/elm/LoggedIn/User/View.elm new file mode 100644 index 0000000..35ea940 --- /dev/null +++ b/src/client/elm/LoggedIn/User/View.elm @@ -0,0 +1,11 @@ +module LoggedIn.User.View + ( view + ) where + +import Html exposing (..) + +view : LoggedData -> Html +view loggedData = + div + [] + [ text "Hey" ] diff --git a/src/server/Conf.hs b/src/server/Conf.hs index 14da50f..13d5981 100644 --- a/src/server/Conf.hs +++ b/src/server/Conf.hs @@ -15,6 +15,7 @@ data Conf = Conf , signInExpiration :: NominalDiffTime , currency :: Text , noReplyMail :: Text + , https :: Bool } deriving Show getConf :: FilePath -> IO (Either Text Conf) @@ -26,5 +27,6 @@ getConf path = Conf.lookup "port" conf <*> Conf.lookup "signInExpiration" conf <*> Conf.lookup "currency" conf <*> - Conf.lookup "noReplyMail" conf + Conf.lookup "noReplyMail" conf <*> + Conf.lookup "https" conf ) diff --git a/src/server/Controller/Index.hs b/src/server/Controller/Index.hs index f84f945..1e1f942 100644 --- a/src/server/Controller/Index.hs +++ b/src/server/Controller/Index.hs @@ -69,7 +69,7 @@ validateSignIn conf textToken = do then return . Left $ SignInExpired else do - LoginSession.put (signInToken . entityVal $ signInValue) + LoginSession.put conf (signInToken . entityVal $ signInValue) mbUser <- liftIO . runDb $ do signInTokenToUsed . entityKey $ signInValue getUser . signInEmail . entityVal $ signInValue @@ -86,7 +86,5 @@ getLoggedUser = do Just token -> do liftIO . runDb . getUserFromToken $ token -signOut :: ActionM () -signOut = do - LoginSession.delete - status ok200 +signOut :: Conf -> ActionM () +signOut conf = LoginSession.delete conf >> status ok200 diff --git a/src/server/Controller/SignIn.hs b/src/server/Controller/SignIn.hs index f6804e1..0fbe7c5 100644 --- a/src/server/Controller/SignIn.hs +++ b/src/server/Controller/SignIn.hs @@ -17,7 +17,8 @@ import qualified Data.Text as T import qualified Data.Text.Lazy as TL import qualified Data.Text.Encoding as TE -import Conf +import Conf (Conf) +import qualified Conf import SendMail @@ -38,7 +39,12 @@ signIn conf login = case maybeUser of Just user -> do token <- liftIO . runDb $ createSignInToken login - let url = T.concat ["http://", hostname conf, "?signInToken=", token] + let url = T.concat [ + if Conf.https conf then "https://" else "http://", + Conf.hostname conf, + "?signInToken=", + token + ] maybeSentMail <- liftIO . sendMail $ SignIn.getMail conf (entityVal user) url [login] case maybeSentMail of Right _ -> diff --git a/src/server/Cookie.hs b/src/server/Cookie.hs index 7ff5493..1495fc1 100644 --- a/src/server/Cookie.hs +++ b/src/server/Cookie.hs @@ -15,6 +15,9 @@ import qualified Data.Text as TS import qualified Data.Text.Encoding as TS import qualified Data.Text.Lazy.Encoding as TL +import Conf (Conf) +import qualified Conf + import qualified Data.Map as Map import qualified Data.ByteString.Lazy as BSL @@ -26,28 +29,28 @@ import Blaze.ByteString.Builder ( toLazyByteString ) import Web.Scotty.Trans import Web.Cookie -makeSimpleCookie :: TS.Text -> TS.Text -> SetCookie -makeSimpleCookie n v = +makeSimpleCookie :: Conf -> TS.Text -> TS.Text -> SetCookie +makeSimpleCookie conf name value = def - { setCookieName = TS.encodeUtf8 n - , setCookieValue = TS.encodeUtf8 v + { setCookieName = TS.encodeUtf8 name + , setCookieValue = TS.encodeUtf8 value , setCookiePath = Just $ TS.encodeUtf8 "/" - , setCookieSecure = True + , setCookieSecure = Conf.https conf } setCookie :: (Monad m, ScottyError e) => SetCookie -> ActionT e m () -setCookie c = addHeader "Set-Cookie" (TL.decodeUtf8 . toLazyByteString $ renderSetCookie c) +setCookie name = addHeader "Set-Cookie" (TL.decodeUtf8 . toLazyByteString $ renderSetCookie name) -setSimpleCookie :: (Monad m, ScottyError e) => TS.Text -> TS.Text -> ActionT e m () -setSimpleCookie n v = setCookie $ makeSimpleCookie n v +setSimpleCookie :: (Monad m, ScottyError e) => Conf -> TS.Text -> TS.Text -> ActionT e m () +setSimpleCookie conf name value = setCookie $ makeSimpleCookie conf name value getCookie :: (Monad m, ScottyError e) => TS.Text -> ActionT e m (Maybe TS.Text) -getCookie c = liftM (Map.lookup c) getCookies +getCookie name = liftM (Map.lookup name) getCookies getCookies :: (Monad m, ScottyError e) => ActionT e m (Map.Map TS.Text TS.Text) getCookies = liftM (Map.fromList . maybe [] parse) $ header "Cookie" where parse = parseCookiesText . BSL.toStrict . TL.encodeUtf8 -deleteCookie :: (Monad m, ScottyError e) => TS.Text -> ActionT e m () -deleteCookie c = setCookie $ (makeSimpleCookie c "") { setCookieExpires = Just $ posixSecondsToUTCTime 0 } +deleteCookie :: (Monad m, ScottyError e) => Conf -> TS.Text -> ActionT e m () +deleteCookie conf name = setCookie $ (makeSimpleCookie conf name "") { setCookieExpires = Just $ posixSecondsToUTCTime 0 } diff --git a/src/server/LoginSession.hs b/src/server/LoginSession.hs index 3897b4c..6f6d620 100644 --- a/src/server/LoginSession.hs +++ b/src/server/LoginSession.hs @@ -15,16 +15,18 @@ import Control.Monad.IO.Class (liftIO) import Data.Text (Text) import qualified Data.Text.Encoding as TE +import Conf (Conf) + sessionName :: Text sessionName = "SESSION" sessionKeyFile :: FilePath sessionKeyFile = "sessionKey" -put :: Text -> ActionM () -put value = do +put :: Conf -> Text -> ActionM () +put conf value = do encrypted <- liftIO $ encrypt value - setSimpleCookie sessionName encrypted + setSimpleCookie conf sessionName encrypted encrypt :: Text -> IO Text encrypt value = do @@ -47,5 +49,5 @@ decrypt encrypted = do let decrypted = TE.decodeUtf8 <$> CS.decrypt key (TE.encodeUtf8 encrypted) return decrypted -delete :: ActionM () -delete = deleteCookie sessionName +delete :: Conf -> ActionM () +delete conf = deleteCookie conf sessionName diff --git a/src/server/Main.hs b/src/server/Main.hs index 387f782..c6e930a 100644 --- a/src/server/Main.hs +++ b/src/server/Main.hs @@ -57,7 +57,7 @@ api conf = do email <- param "email" :: ActionM Text signIn conf email - post "/api/signOut" signOut + post "/api/signOut" (signOut conf) -- Users -- cgit v1.2.3