From 9f647cdf16ea6e0c8b5495b320eb1dd834784f8d Mon Sep 17 00:00:00 2001
From: Danielle McLean <dani@00dani.me>
Date: Thu, 19 Oct 2017 12:21:39 +1100
Subject: [PATCH] Add sslOnlyMiddleware to the Foundation

---
 src/Foundation.hs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index fc70ddf..8385eec 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -67,6 +67,9 @@ mkYesodData "App" $(parseRoutesFile "config/routes")
 -- | A convenient synonym for creating forms.
 type Form x = Html -> MForm (HandlerT App IO) (FormResult x, Widget)
 
+sessionLifetime :: Int
+sessionLifetime = 120 -- minutes
+
 -- Please see the documentation for the Yesod typeclass. There are a number
 -- of settings which can be configured by overriding methods here.
 instance Yesod App where
@@ -77,7 +80,7 @@ instance Yesod App where
     -- Store session data on the client in encrypted cookies,
     -- default session idle timeout is 120 minutes
     makeSessionBackend _ = sslOnlySessions . strictSameSiteSessions $ Just <$> defaultClientSessionBackend
-        120    -- timeout in minutes
+        sessionLifetime
         "config/client_session_key.aes"
 
     -- Redirect static requests to a subdomain - this is recommended for best
@@ -97,7 +100,7 @@ instance Yesod App where
     --   b) Validates that incoming write requests include that token in either a header or POST parameter.
     -- To add it, chain it together with the defaultMiddleware: yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
     -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
-    yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
+    yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware . sslOnlyMiddleware sessionLifetime
 
     defaultLayout widget = do
         master <- getYesod