diff options
author | Joey Hess <joey@kitenet.net> | 2012-07-26 04:50:09 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2012-07-26 04:50:09 -0400 |
commit | 9d6b59d0e21e5917d098a84b7b1654bd8d07efb3 (patch) | |
tree | 311bcd513942dab91b2d753037eaf81e626fc5ea /Assistant/Threads | |
parent | b36804d6486b342bee7f5b4b621228bc193c4844 (diff) |
use the secret token for authentication, and add to all dynamic urls
Diffstat (limited to 'Assistant/Threads')
-rw-r--r-- | Assistant/Threads/WebApp.hs | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/Assistant/Threads/WebApp.hs b/Assistant/Threads/WebApp.hs index 06909fd53..50add3735 100644 --- a/Assistant/Threads/WebApp.hs +++ b/Assistant/Threads/WebApp.hs @@ -23,10 +23,14 @@ import Yesod.Static import Text.Hamlet import Network.Socket (PortNumber) import Text.Blaze.Renderer.String +import Data.Text + +thisThread :: String +thisThread = "WebApp" data WebApp = WebApp { daemonStatus :: DaemonStatusHandle - , secretToken :: String + , secretToken :: Text , baseTitle :: String , getStatic :: Static } @@ -46,6 +50,16 @@ instance Yesod WebApp where webapp <- getYesod hamletToRepHtml $(hamletFile $ hamletTemplate "default-layout") + {- Require an auth token be set when accessing any (non-static route) -} + isAuthorized _ _ = checkAuthToken secretToken + + {- Add the auth token to every url generated, except static subsite + - urls (which can show up in Permission Denied pages). -} + joinPath = insertAuthToken secretToken excludeStatic + where + excludeStatic [] = True + excludeStatic (p:_) = p /= "static" + getHomeR :: Handler RepHtml getHomeR = defaultLayout $ do [whamlet|Hello, World<p><a href=@{ConfigR}>config|] @@ -75,14 +89,16 @@ mkWebApp st dstatus = do token <- genRandomToken return $ WebApp { daemonStatus = dstatus - , secretToken = token + , secretToken = pack token , baseTitle = reldir , getStatic = $(embed "static") } -{- Creates a html shim file that's used to redirect into the webapp. -} +{- Creates a html shim file that's used to redirect into the webapp, + - to avoid exposing the secretToken when launching the web browser. -} writeHtmlShim :: WebApp -> PortNumber -> Annex () writeHtmlShim webapp port = do + liftIO $ debug thisThread ["running on port", show port] htmlshim <- fromRepo gitAnnexHtmlShim liftIO $ viaTmp go htmlshim $ genHtmlShim webapp port where @@ -96,4 +112,5 @@ writeHtmlShim webapp port = do genHtmlShim :: WebApp -> PortNumber -> String genHtmlShim webapp port = renderHtml $(shamletFile $ hamletTemplate "htmlshim") where - url = "http://localhost:" ++ show port ++ "/?" ++ secretToken webapp + url = "http://localhost:" ++ show port ++ + "/?auth=" ++ unpack (secretToken webapp) |