From ac9dc15a0455d1deb8872c314dd505e847b166c0 Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Tue, 27 Feb 2024 21:07:21 +0100 Subject: [PATCH 1/3] Added new-session-secret binary --- exe/IHP/CLI/NewSessionSecret.hs | 15 +++++++++++++++ ihp.cabal | 6 ++++++ 2 files changed, 21 insertions(+) create mode 100644 exe/IHP/CLI/NewSessionSecret.hs diff --git a/exe/IHP/CLI/NewSessionSecret.hs b/exe/IHP/CLI/NewSessionSecret.hs new file mode 100644 index 000000000..32f8c3ac8 --- /dev/null +++ b/exe/IHP/CLI/NewSessionSecret.hs @@ -0,0 +1,15 @@ +module Main where + +import Prelude +import Main.Utf8 (withUtf8) +import qualified Web.ClientSession as ClientSession +import qualified Data.ByteString as ByteString +import qualified Data.ByteString.Char8 as Char8 +import qualified Data.ByteString.Base64 as Base64 + +-- Prints a private key to be used as the IHP_SESSION_SECRET +main :: IO () +main = withUtf8 do + (string, _) <- ClientSession.randomKey + let encoded = Base64.encode string + ByteString.putStr encoded \ No newline at end of file diff --git a/ihp.cabal b/ihp.cabal index 41d1e0cee..ef9df3c4d 100644 --- a/ihp.cabal +++ b/ihp.cabal @@ -467,3 +467,9 @@ executable hash-password build-depends: ihp hs-source-dirs: exe main-is: IHP/CLI/HashPassword.hs + +executable new-session-secret + import: shared-properties + build-depends: ihp + hs-source-dirs: exe + main-is: IHP/CLI/NewSessionSecret.hs From e642c72a61bd76ebebcd042caa3350bce8bbfdcc Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Tue, 27 Feb 2024 21:11:09 +0100 Subject: [PATCH 2/3] added notes on how generate a new session secret using new-session-secret --- Guide/deployment.markdown | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/Guide/deployment.markdown b/Guide/deployment.markdown index 4b05ade3b..643e875b1 100644 --- a/Guide/deployment.markdown +++ b/Guide/deployment.markdown @@ -620,19 +620,28 @@ $ ./build/bin/RunProdServer #### `IHP_SESSION_SECRET` -In production setup's you want to configure the `IHP_SESSION_SECRET` env variable. It's a private key used to encrypt your session state. If it's not specified, a new one will generated on each container start. This means that all your users will have to re-login on each container start. +In production setup's you want to configure the `IHP_SESSION_SECRET` env variable. It's a private key used to encrypt your session state. If it's not specified, a new one will generated on each app start. This means that all your users will have to re-login on each app start. **Note on `Config/client_session_key.aes`:** The `IHP_SESSION_SECRET` env variable is an alternative for placing a `Config/client_session_key.aes` inside the your repository. If IHP detects a `Config/` folder, and no `IHP_SESSION_SECRET` is set, it will automatically create a `Config/client_session_key.aes` file. This is designed for persistent sessions in development mode. -When you start an app without specifying the `IHP_SESSION_SECRET` and no `Config/client_session_key.aes` is found, the app will output the randomly generated one. So you can get a new secret key by starting a new container and copying the value: +When you start an app without specifying the `IHP_SESSION_SECRET` and no `Config/client_session_key.aes` is found, the app will output the randomly generated one. So you can get a new secret key by starting a new container and copying the value. + +An easier way is to use the `new-session-secret` CLI command: ```bash -$ ./build/bin/RunProdServer -IHP_SESSION_SECRET=1J8jtRW331a0IbHBCHmsFNoesQUNFnuHqY8cB5927KsoV5sYmiq3DMmvsYk5S7EDma9YhqZLZWeTFu2pGOxMT2F/5PnifW/5ffwJjZvZcJh9MKPh3Ez9fmPEyxZBDxVp -Server started +$ new-session-secret +1J8jtRW331a0IbHBCHmsFNoesQUNFnuHqY8cB5927KsoV5sYmiq3DMmvsYk5S7EDma9YhqZLZWeTFu2pGOxMT2F/5PnifW/5ffwJjZvZcJh9MKPh3Ez9fmPEyxZBDxVp ``` -There we can copy the `IHP_SESSION_SECRET=1J8jtRW331a0IbHBCHmsFNoesQUNFnuHqY8cB5927KsoV5sYmiq3DMmvsYk5S7EDma9YhqZLZWeTFu2pGOxMT2F/5PnifW/5ffwJjZvZcJh9MKPh3Ez9fmPEyxZBDxVp` value and use it as our secret: +On macOS you can directly copy this into your clipboard like this: + +```bash +$ new-session-secret | pbcopy +``` + +Then you can paste the value where needed. + +Now we can use this secret and pass it to the app binary via the `IHP_SESSION_SECRET` env var: ```bash $ export IHP_SESSION_SECRET="1J8jtRW331a0IbHBCHmsFNoesQUNFnuHqY8cB5927KsoV5sYmiq3DMmvsYk5S7EDma9YhqZLZWeTFu2pGOxMT2F/5PnifW/5ffwJjZvZcJh9MKPh3Ez9fmPEyxZBDxVp" From fc09bd92f4a4b4948b51a4d1e4a221ae5d115c70 Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Tue, 27 Feb 2024 21:18:23 +0100 Subject: [PATCH 3/3] fixed cabal build --- ihp.cabal | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ihp.cabal b/ihp.cabal index ef9df3c4d..217fcbbc3 100644 --- a/ihp.cabal +++ b/ihp.cabal @@ -469,7 +469,8 @@ executable hash-password main-is: IHP/CLI/HashPassword.hs executable new-session-secret - import: shared-properties - build-depends: ihp + default-language: Haskell2010 + default-extensions: BlockArguments + build-depends: base, clientsession, bytestring, with-utf8, base64-bytestring hs-source-dirs: exe main-is: IHP/CLI/NewSessionSecret.hs