Safe Haskell | None |
---|---|
Language | Haskell2010 |
A generic authentication hook for TsWeb routing. The goal here is to be able to specify authentication requirements in a view's type, so that the routing statically guarantees that a view can only be entered when session preconditions are met. A full example of this is under the Example module of this source tree, but a synopsis follows. Given a session/user definition like so:
data UserT f = User
{ _userId :: C f Int
, _userLogin :: C f Text
} deriving (Generic)
...
data SessionDataT f = SessionData
{ _sdUser :: PrimaryKey UserT (Nullable f)
, _sdRemember :: C f Bool
} deriving (Generic)
...
userP :: Proxy
User
userP = Proxy
then we can define a logged-in Authorize
check as
instance Authorize SessionData User where checkAuth _ = _sdUser <$>readSession
>>= case UserId Nothing -> pure Nothing UserId (Just uid) ->queryMaybe
(select
$ q uid) >>= case QSimply (Just user) -> pure $ Just user _ -> pure Nothing where q uid = do u <-all_
$ _dbUser dbguard_
$ _userId u ==.val_
uid pure u
A view requiring an authenticated user would have a signature like
authd :: ListContains n User xs => TsActionCtxT lts xs SessionData a
authd = do
user :: User <- getExtra
...
Finally, the route for only allowing logged-in users would look like
runroute
ro rw $path
#authd "authd" $get
$auth
userP authd
That view is statically defined to only be accessible to logged-in users; any anonymous session will either go to an alternate (non-auth) view, or get a 404.
Synopsis
- class Authorize sess perm where
- checkAuth :: ListContains n ReadOnlyPool xs => Proxy perm -> TsActionCtxT lts xs sess (Maybe perm)
- auth :: (Authorize sess perm, ListContains n ReadOnlyPool xs, Authorize sess perm) => Proxy perm -> TsActionCtxT lts (perm ': xs) sess () -> TsActionCtxT lts xs sess ()
Documentation
class Authorize sess perm where Source #
A class for session data that needs to be statically verified against routes. This could be checks for optional session info, or to validate the value of that session information.
checkAuth :: ListContains n ReadOnlyPool xs => Proxy perm -> TsActionCtxT lts xs sess (Maybe perm) Source #
Load a value out of the session or return Nothing. Used in the context
of auth
, the wrapped view will only be called when this returns Just; a
Nothing value will cause the wrapped view to be skipped.
auth :: (Authorize sess perm, ListContains n ReadOnlyPool xs, Authorize sess perm) => Proxy perm -> TsActionCtxT lts (perm ': xs) sess () -> TsActionCtxT lts xs sess () Source #
Guarantee that the Spock session hold some verified piece of data. If the
requisite data can be loaded, then the view is called with the data in its
ctxExtras; otherwise jumpNext
is called and the view is
skipped.