Skip to content

Commit

Permalink
Allow configuring the client session key via IHP_SESSION_SECRET env var
Browse files Browse the repository at this point in the history
When the IHP_SESSION_SECRET env var is set, it's used instead of the Config/client_session_key.aes file.

When the Config/client_session_key.aes is missing an no IHP_SESSION_SECRET is defined, a random key will be generated and temporarly be used. This means that all sessions (e.g. login sessions) will be gone after the server is restarted and need to re-login.
  • Loading branch information
mpscholten committed Sep 17, 2021
1 parent 877ed13 commit dc977b8
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion IHP/Server.hs
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ import qualified Data.List as List
import qualified Data.ByteString.Char8 as ByteString
import qualified Network.Wai.Middleware.Cors as Cors

import qualified System.Environment as Env
import qualified System.Directory as Directory

run :: (FrontController RootApplication, Job.Worker RootApplication) => ConfigBuilder -> IO ()
run configBuilder = do
Expand Down Expand Up @@ -125,7 +127,14 @@ initStaticMiddleware FrameworkConfig { environment } = do

initSessionMiddleware :: Vault.Key (Session IO String String) -> FrameworkConfig -> IO Middleware
initSessionMiddleware sessionVault FrameworkConfig { sessionCookie } = do
store <- fmap clientsessionStore (ClientSession.getKey "Config/client_session_key.aes")
let path = "Config/client_session_key.aes"

hasSessionSecretEnvVar <- isJust <$> Env.lookupEnv "IHP_SESSION_SECRET"
doesConfigDirectoryExist <- Directory.doesDirectoryExist "Config"
store <- clientsessionStore <$>
if hasSessionSecretEnvVar || not doesConfigDirectoryExist
then ClientSession.getKeyEnv "IHP_SESSION_SECRET"
else ClientSession.getKey path
let sessionMiddleware :: Middleware = withSession store "SESSION" sessionCookie sessionVault
pure sessionMiddleware

Expand Down

0 comments on commit dc977b8

Please sign in to comment.