From 21cd47cc982c103be5e494cd12e49f196d13dfc3 Mon Sep 17 00:00:00 2001
From: patrick brisbin <pbrisbin@gmail.com>
Date: Tue, 25 Nov 2014 11:12:39 -0500
Subject: [PATCH] Add envClientSessionBackend, ENV-based session key

This can be useful if:

1. You can't rely on a persistent file system (e.g. Heroku)
2. Your application is open source (e.g. you can't commit the key)

By keeping a consistent value in the environment variable, your users will
have consistent sessions without relying on the file system.

Usage:

    makeSessionBackend _ = fmap Just $ envClientSessionBackend 120 "SESSION_KEY"
---
 yesod-core/Yesod/Core.hs             |  1 +
 yesod-core/Yesod/Core/Class/Yesod.hs | 26 ++++++++++++++++++++++++++
 yesod-core/yesod-core.cabal          |  2 +-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/yesod-core/Yesod/Core.hs b/yesod-core/Yesod/Core.hs
index 9b293172..1f8d3d25 100644
--- a/yesod-core/Yesod/Core.hs
+++ b/yesod-core/Yesod/Core.hs
@@ -45,6 +45,7 @@ module Yesod.Core
     , SessionBackend (..)
     , customizeSessionCookies
     , defaultClientSessionBackend
+    , envClientSessionBackend
     , clientSessionBackend
     , clientSessionDateCacher
     , loadClientSession
diff --git a/yesod-core/Yesod/Core/Class/Yesod.hs b/yesod-core/Yesod/Core/Class/Yesod.hs
index 5dbaff24..c95dbdf3 100644
--- a/yesod-core/Yesod/Core/Class/Yesod.hs
+++ b/yesod-core/Yesod/Core/Class/Yesod.hs
@@ -598,6 +598,32 @@ defaultClientSessionBackend minutes fp = do
   (getCachedDate, _closeDateCacher) <- clientSessionDateCacher timeout
   return $ clientSessionBackend key getCachedDate
 
+-- | Create a @SessionBackend@ which reads the session key from the named
+-- environment variable.
+--
+-- This can be useful if:
+--
+-- 1. You can't rely on a persistent file system (e.g. Heroku)
+-- 2. Your application is open source (e.g. you can't commit the key)
+--
+-- By keeping a consistent value in the environment variable, your users will
+-- have consistent sessions without relying on the file system.
+--
+-- Note: A suitable value should only be obtained in one of two ways:
+--
+-- 1. Run this code without the variable set, a value will be generated and
+--    printed on @/dev/stdout/@
+-- 2. Use @clientsession-generate@
+--
+envClientSessionBackend :: Int -- ^ minutes
+                        -> String -- ^ environment variable name
+                        -> IO SessionBackend
+envClientSessionBackend minutes name = do
+    key <- CS.getKeyEnv name
+    let timeout = fromIntegral (minutes * 60)
+    (getCachedDate, _closeDateCacher) <- clientSessionDateCacher timeout
+    return $ clientSessionBackend key getCachedDate
+
 jsToHtml :: Javascript -> Html
 jsToHtml (Javascript b) = preEscapedToMarkup $ toLazyText b
 
diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal
index fdfffded..d06e3f08 100644
--- a/yesod-core/yesod-core.cabal
+++ b/yesod-core/yesod-core.cabal
@@ -34,7 +34,7 @@ library
                    , blaze-builder         >= 0.2.1.4  && < 0.4
                    , transformers          >= 0.2.2
                    , mtl
-                   , clientsession         >= 0.9      && < 0.10
+                   , clientsession         >= 0.9.1    && < 0.10
                    , random                >= 1.0.0.2  && < 1.2
                    , cereal                >= 0.3
                    , old-locale            >= 1.0.0.2  && < 1.1