From e11131dbcf13c4b33a4321fdead44269f3e088c9 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Sat, 9 Jan 2021 12:04:42 -0500 Subject: Fix live cookie settings Auth was broken without the xsrf thing disabled. Anyway, its best to have well-defined live and test settings. I will re-enable xsrf when I figure out the js snippet I need. --- Biz/Dev.nix | 2 ++ Biz/Devalloc.hs | 18 +++++++++++++----- Biz/Devalloc.nix | 16 ++++++++++++++++ 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/Biz/Dev.nix b/Biz/Dev.nix index 1dc2204..f372484 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -18,6 +18,8 @@ bild.os { enable = true; port = 8095; package = bild.ghc ./Devalloc.hs; + keep = "/var/devalloc/keep"; + depo = "/var/devalloc/depo"; }; } diff --git a/Biz/Devalloc.hs b/Biz/Devalloc.hs index 5e23e67..6b17e40 100644 --- a/Biz/Devalloc.hs +++ b/Biz/Devalloc.hs @@ -201,13 +201,14 @@ main = Exception.bracket startup shutdown run jwk <- Auth.generateKey putText "@" putText "devalloc" + putText <| "area: " <> (show <| area cfg) putText <| "port: " <> (show <| port cfg) putText <| "depo: " <> (Text.pack <| depo cfg) putText <| "keep: " <> (Text.pack <| keep cfg) let jwtCfg = Auth.defaultJWTSettings jwk let cooks = case area cfg of - Test -> devCookieSettings - Live -> Auth.defaultCookieSettings + Test -> liveCookieSettings + Live -> liveCookieSettings let ctx = cooks :. jwtCfg :. EmptyContext let app = serveWithContext paths ctx (toServant <| htmlApp cooks kp cfg jwk oAuthArgs) return (cfg, app, kp) @@ -216,8 +217,16 @@ main = Exception.bracket startup shutdown run run :: (Config, Wai.Application, Acid.AcidState Keep) -> IO () run (cfg, app, _) = Warp.run (port cfg) (logStdout app) -devCookieSettings :: Auth.CookieSettings -devCookieSettings = +liveCookieSettings :: Auth.CookieSettings +liveCookieSettings = + Auth.defaultCookieSettings + { Auth.cookieIsSecure = Auth.Secure, + -- TODO: fix this, add js snippet + Auth.cookieXsrfSetting = Nothing + } + +testCookieSettings :: Auth.CookieSettings +testCookieSettings = Auth.defaultCookieSettings { Auth.cookieIsSecure = Auth.NotSecure, Auth.cookieXsrfSetting = Nothing @@ -366,7 +375,6 @@ htmlApp cooks kp cfg jwk oAuthArgs = pure <. HtmlApp <| Home oAuthArgs, githubAuth = auth kp cooks jwk oAuthArgs, - -- TODO: guard on (AuthResult) selectRepo = \case Auth.NoSuchUser -> throwError err401 {errBody = "No such user"} Auth.BadPassword -> throwError err401 {errBody = "Bad password"} diff --git a/Biz/Devalloc.nix b/Biz/Devalloc.nix index b7c7503..40b06c4 100644 --- a/Biz/Devalloc.nix +++ b/Biz/Devalloc.nix @@ -19,6 +19,16 @@ in incoming HTTP traffic. ''; }; + keep = lib.mkOption { + type = lib.types.path; + default = "/var/devalloc/keep"; + description = "Keep location"; + }; + depo = lib.mkOption { + type = lib.types.path; + default = "/var/devalloc/depo"; + description = "depo location"; + }; package = lib.mkOption { type = lib.types.package; description = "devalloc package to use"; @@ -28,6 +38,10 @@ in systemd.services.devalloc = { path = [ cfg.package pkgs.git ]; wantedBy = [ "multi-user.target" ]; + preStart = '' + mkdir -p ${cfg.keep} + mkdir -p ${cfg.depo} + ''; script = '' ${cfg.package}/bin/devalloc ''; @@ -38,6 +52,8 @@ in Environment = [ "PORT=${toString cfg.port}" "AREA=Live" + "DEPO=${cfg.depo}" + "KEEP=${cfg.keep}" ]; EnvironmentFile="/run/devalloc/env"; KillSignal = "INT"; -- cgit v1.2.3