aboutsummaryrefslogtreecommitdiff
path: root/src/Sproxy
diff options
context:
space:
mode:
authorIgor Pashev <pashev.igor@gmail.com>2016-12-01 22:32:09 +0300
committerIgor Pashev <pashev.igor@gmail.com>2016-12-01 22:43:08 +0300
commitb0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f (patch)
tree41417f4dd08e3fc541b02ac07cc0e9494a8fceb5 /src/Sproxy
parented878508e2425ae902a7427b4e7726d35f8d29ce (diff)
downloadsproxy2-b0c5ffbe1d2dbbf1f9c460be0b4f18500c50a90f.tar.gz
BREAKING: Allow !include in config file
This changes semantics of these options: - key - oauth2.<provider>.client_secret They are no longer files, but strings. To read content from files, use !include. The point of being files or read from files is to segregate secrets from non-sensitive easily discoverable settings. With !include it is much more simple and flexible.
Diffstat (limited to 'src/Sproxy')
-rw-r--r--src/Sproxy/Config.hs4
-rw-r--r--src/Sproxy/Server.hs21
2 files changed, 8 insertions, 17 deletions
diff --git a/src/Sproxy/Config.hs b/src/Sproxy/Config.hs
index 4cae025..e0f35a3 100644
--- a/src/Sproxy/Config.hs
+++ b/src/Sproxy/Config.hs
@@ -24,7 +24,7 @@ data ConfigFile = ConfigFile {
, cfSslCert :: Maybe FilePath
, cfSslKey :: Maybe FilePath
, cfSslCertChain :: [FilePath]
-, cfKey :: Maybe FilePath
+, cfKey :: Maybe String
, cfListen80 :: Maybe Bool
, cfHttpsPort :: Maybe Word16
, cfBackends :: [BackendConf]
@@ -83,7 +83,7 @@ instance FromJSON BackendConf where
data OAuth2Conf = OAuth2Conf {
oa2ClientId :: String
-, oa2ClientSecret :: FilePath
+, oa2ClientSecret :: String
} deriving (Show)
instance FromJSON OAuth2Conf where
diff --git a/src/Sproxy/Server.hs b/src/Sproxy/Server.hs
index 6e24bfd..7b65f32 100644
--- a/src/Sproxy/Server.hs
+++ b/src/Sproxy/Server.hs
@@ -5,13 +5,12 @@ module Sproxy.Server (
import Control.Concurrent (forkIO)
import Control.Exception (bracketOnError)
import Control.Monad (void, when)
-import Data.ByteString as BS (hGetLine, readFile)
import Data.ByteString.Char8 (pack)
import Data.HashMap.Strict as HM (fromList, lookup, toList)
import Data.Maybe (fromMaybe)
import Data.Text (Text)
import Data.Word (Word16)
-import Data.Yaml (decodeFileEither)
+import Data.Yaml.Include (decodeFileEither)
import Network.HTTP.Client (Manager, ManagerSettings(..), defaultManagerSettings, newManager, socketConnection)
import Network.HTTP.Client.Internal (Connection)
import Network.Socket ( Socket, Family(AF_INET, AF_UNIX), SockAddr(SockAddrInet, SockAddrUnix),
@@ -25,7 +24,7 @@ import System.Entropy (getEntropy)
import System.Environment (setEnv)
import System.Exit (exitFailure)
import System.FilePath.Glob (compile)
-import System.IO (IOMode(ReadMode), hIsEOF, hPutStrLn, stderr, withFile)
+import System.IO (hPutStrLn, stderr)
import System.Posix.User ( GroupEntry(..), UserEntry(..),
getAllGroupEntries, getRealUserID,
getUserEntryForName, setGroupID, setGroups, setUserID )
@@ -47,7 +46,6 @@ server :: FilePath -> IO ()
server configFile = do
cf <- readConfigFile configFile
Log.start $ cfLogLevel cf
- Log.debug $ show cf
sock <- socket AF_INET Stream 0
setSocketOption sock ReuseAddr 1
@@ -78,7 +76,7 @@ server configFile = do
key <- maybe
(Log.info "using new random key" >> getEntropy 32)
- (\f -> Log.info ("reading key from " ++ f) >> BS.readFile f)
+ (return . pack)
(cfKey cf)
let
@@ -139,16 +137,9 @@ newOAuth2Client (name, cfg) =
exitFailure
Just provider -> do
Log.info $ "oauth2: adding " ++ show name
- client_secret <- withFile secret_file ReadMode $ \h -> do
- empty <- hIsEOF h
- if empty then do
- Log.error $ "oauth2: empty secret file for "
- ++ show name ++ ": " ++ show secret_file
- return $ pack ""
- else BS.hGetLine h
- return (name, provider (pack client_id, client_secret))
- where client_id = oa2ClientId cfg
- secret_file = oa2ClientSecret cfg
+ return (name, provider (client_id, client_secret))
+ where client_id = pack $ oa2ClientId cfg
+ client_secret = pack $ oa2ClientSecret cfg
newBackendManager :: BackendConf -> IO Manager