mirror of
https://github.com/plausible/analytics.git
synced 2024-12-24 10:02:10 +03:00
63fabcbb5f
* Reconfigure session cookie * Allow configure secure cookie (#3277) * Update config/runtime.exs Co-authored-by: ruslandoga <doga.ruslan@gmail.com> * fix runtime conf * Revert "fix runtime conf" This reverts commitff37e479e4
. * Revert "Update config/runtime.exs" This reverts commit5d9b310b02
. * Revert "Allow configure secure cookie (#3277)" This reverts commit7401a2ad3f
. * Read SECURE_COOKIE with defaults per cloud/selfhost * Include environment in cookie name * Remove redundant option * Format * s/Map.replace/Map.put * up * One more try * Prevent browser refreshes on socket connection error We'll keep the log and don't make the page look dumb even if there's some misconfiguration going on. --------- Co-authored-by: ruslandoga <doga.ruslan@gmail.com>
95 lines
2.6 KiB
Elixir
95 lines
2.6 KiB
Elixir
defmodule PlausibleWeb.Endpoint do
|
|
use Sentry.PlugCapture
|
|
use Phoenix.Endpoint, otp_app: :plausible
|
|
|
|
@session_options [
|
|
# key to be patched
|
|
key: "",
|
|
store: :cookie,
|
|
signing_salt: "I45i0SKHEku2f3tJh6y4v8gztrb/eG5KGCOe/o/AwFb7VHeuvDOn7AAq6KsdmOFM",
|
|
# 5 years, this is super long but the SlidingSessionTimeout will log people out if they don't return for 2 weeks
|
|
max_age: 60 * 60 * 24 * 365 * 5,
|
|
extra: "SameSite=Lax"
|
|
# domain added dynamically via RuntimeSessionAdapter, see below
|
|
]
|
|
|
|
# Serve at "/" the static files from "priv/static" directory.
|
|
#
|
|
# You should set gzip to true if you are running phx.digest
|
|
# when deploying your static files in production.
|
|
plug(PlausibleWeb.Tracker)
|
|
plug(PlausibleWeb.Favicon)
|
|
|
|
plug(Plug.Static,
|
|
at: "/",
|
|
from: :plausible,
|
|
gzip: false,
|
|
only: ~w(css images js favicon.ico robots.txt)
|
|
)
|
|
|
|
plug(Plug.Static,
|
|
at: "/kaffy",
|
|
from: :kaffy,
|
|
gzip: false,
|
|
only: ~w(assets)
|
|
)
|
|
|
|
# Code reloading can be explicitly enabled under the
|
|
# :code_reloader configuration of your endpoint.
|
|
if code_reloading? do
|
|
socket("/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket)
|
|
plug(Phoenix.LiveReloader)
|
|
plug(Phoenix.CodeReloader)
|
|
end
|
|
|
|
plug(Plug.RequestId)
|
|
plug(PromEx.Plug, prom_ex_module: Plausible.PromEx)
|
|
plug(Plug.Telemetry, event_prefix: [:phoenix, :endpoint])
|
|
|
|
plug(Plug.Parsers,
|
|
parsers: [:urlencoded, :multipart, :json],
|
|
pass: ["*/*"],
|
|
json_decoder: Phoenix.json_library()
|
|
)
|
|
|
|
plug(Sentry.PlugContext)
|
|
|
|
plug(Plug.MethodOverride)
|
|
plug(Plug.Head)
|
|
|
|
plug(PlausibleWeb.Plugs.RuntimeSessionAdapter, @session_options)
|
|
|
|
socket("/live", PlausibleWeb.LiveSocket,
|
|
websocket: [
|
|
check_origin: true,
|
|
connect_info: [session: {__MODULE__, :patch_session_opts, []}]
|
|
]
|
|
)
|
|
|
|
plug(CORSPlug)
|
|
plug(PlausibleWeb.Router)
|
|
|
|
def secure_cookie?, do: config!(:secure_cookie)
|
|
|
|
def websocket_url() do
|
|
config!(:websocket_url)
|
|
end
|
|
|
|
def patch_session_opts() do
|
|
# `host()` provided by Phoenix.Endpoint's compilation hooks
|
|
# is used to inject the domain - this way we can authenticate
|
|
# websocket requests within single root domain, in case websocket_url()
|
|
# returns a ws{s}:// scheme (in which case SameSite=Lax is not applicable).
|
|
@session_options
|
|
|> Keyword.put(:domain, host())
|
|
|> Keyword.put(:key, "_plausible_#{Application.fetch_env!(:plausible, :environment)}")
|
|
|> Keyword.put(:secure, secure_cookie?())
|
|
end
|
|
|
|
defp config!(key) do
|
|
:plausible
|
|
|> Application.fetch_env!(__MODULE__)
|
|
|> Keyword.fetch!(key)
|
|
end
|
|
end
|