summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-01-09 12:04:42 -0500
committerBen Sima <ben@bsima.me>2021-01-09 12:04:42 -0500
commite11131dbcf13c4b33a4321fdead44269f3e088c9 (patch)
tree6240f8dc2e4dc83f59f919d15db50b1bf72ee46e
parent8ebaba711f62e026663b0bd4562c79695c79ec4c (diff)
Fix live cookie settings
Auth was broken without the xsrf thing disabled. Anyway, its best to have well-defined live and test settings. I will re-enable xsrf when I figure out the js snippet I need.
-rw-r--r--Biz/Dev.nix2
-rw-r--r--Biz/Devalloc.hs18
-rw-r--r--Biz/Devalloc.nix16
3 files changed, 31 insertions, 5 deletions
diff --git a/Biz/Dev.nix b/Biz/Dev.nix
index 1dc2204..f372484 100644
--- a/Biz/Dev.nix
+++ b/Biz/Dev.nix
@@ -18,6 +18,8 @@ bild.os {
enable = true;
port = 8095;
package = bild.ghc ./Devalloc.hs;
+ keep = "/var/devalloc/keep";
+ depo = "/var/devalloc/depo";
};
}
diff --git a/Biz/Devalloc.hs b/Biz/Devalloc.hs
index 5e23e67..6b17e40 100644
--- a/Biz/Devalloc.hs
+++ b/Biz/Devalloc.hs
@@ -201,13 +201,14 @@ main = Exception.bracket startup shutdown run
jwk <- Auth.generateKey
putText "@"
putText "devalloc"
+ putText <| "area: " <> (show <| area cfg)
putText <| "port: " <> (show <| port cfg)
putText <| "depo: " <> (Text.pack <| depo cfg)
putText <| "keep: " <> (Text.pack <| keep cfg)
let jwtCfg = Auth.defaultJWTSettings jwk
let cooks = case area cfg of
- Test -> devCookieSettings
- Live -> Auth.defaultCookieSettings
+ Test -> liveCookieSettings
+ Live -> liveCookieSettings
let ctx = cooks :. jwtCfg :. EmptyContext
let app = serveWithContext paths ctx (toServant <| htmlApp cooks kp cfg jwk oAuthArgs)
return (cfg, app, kp)
@@ -216,8 +217,16 @@ main = Exception.bracket startup shutdown run
run :: (Config, Wai.Application, Acid.AcidState Keep) -> IO ()
run (cfg, app, _) = Warp.run (port cfg) (logStdout app)
-devCookieSettings :: Auth.CookieSettings
-devCookieSettings =
+liveCookieSettings :: Auth.CookieSettings
+liveCookieSettings =
+ Auth.defaultCookieSettings
+ { Auth.cookieIsSecure = Auth.Secure,
+ -- TODO: fix this, add js snippet
+ Auth.cookieXsrfSetting = Nothing
+ }
+
+testCookieSettings :: Auth.CookieSettings
+testCookieSettings =
Auth.defaultCookieSettings
{ Auth.cookieIsSecure = Auth.NotSecure,
Auth.cookieXsrfSetting = Nothing
@@ -366,7 +375,6 @@ htmlApp cooks kp cfg jwk oAuthArgs =
pure <. HtmlApp <| Home oAuthArgs,
githubAuth =
auth kp cooks jwk oAuthArgs,
- -- TODO: guard on (AuthResult)
selectRepo = \case
Auth.NoSuchUser -> throwError err401 {errBody = "No such user"}
Auth.BadPassword -> throwError err401 {errBody = "Bad password"}
diff --git a/Biz/Devalloc.nix b/Biz/Devalloc.nix
index b7c7503..40b06c4 100644
--- a/Biz/Devalloc.nix
+++ b/Biz/Devalloc.nix
@@ -19,6 +19,16 @@ in
incoming HTTP traffic.
'';
};
+ keep = lib.mkOption {
+ type = lib.types.path;
+ default = "/var/devalloc/keep";
+ description = "Keep location";
+ };
+ depo = lib.mkOption {
+ type = lib.types.path;
+ default = "/var/devalloc/depo";
+ description = "depo location";
+ };
package = lib.mkOption {
type = lib.types.package;
description = "devalloc package to use";
@@ -28,6 +38,10 @@ in
systemd.services.devalloc = {
path = [ cfg.package pkgs.git ];
wantedBy = [ "multi-user.target" ];
+ preStart = ''
+ mkdir -p ${cfg.keep}
+ mkdir -p ${cfg.depo}
+ '';
script = ''
${cfg.package}/bin/devalloc
'';
@@ -38,6 +52,8 @@ in
Environment = [
"PORT=${toString cfg.port}"
"AREA=Live"
+ "DEPO=${cfg.depo}"
+ "KEEP=${cfg.keep}"
];
EnvironmentFile="/run/devalloc/env";
KillSignal = "INT";