src/Network/Hawk/Internal/Types.hs

{-# LANGUAGE GeneralizedNewtypeDeriving #-}

module Network.Hawk.Internal.Types where

import           Control.Applicative
import           Data.ByteString           (ByteString)
import qualified Data.ByteString.Lazy      as BL
import           Data.Text                 (Text)
import           Data.Time.Clock.POSIX     (POSIXTime)
import           Network.HTTP.Types.Method (Method)

import           Network.Hawk.Algo

-- | Identifies a particular client so that their credentials can be
-- looked up.
type ClientId = Text

-- | Extension data included in verification hash. This can be
-- anything or nothing, depending on what the application needs.
type ExtData = ByteString

-- | Struct for attributes which will be encoded in the Hawk
-- @Authorization@ header and included in the verification. The
-- terminology (and spelling) come from the original Javascript
-- implementation of Hawk.
data HeaderArtifacts = HeaderArtifacts
  { haMethod    :: Method           -- ^ Signed request method.
  -- fixme: replace host/port/resource with SplitURL
  , haHost      :: ByteString       -- ^ Request host.
  , haPort      :: Maybe Int        -- ^ Request port.
  , haResource  :: ByteString       -- ^ Request path and query params.
  , haId        :: ClientId         -- ^ Client identifier.
  , haTimestamp :: POSIXTime        -- ^ Time of request.
  , haNonce     :: ByteString       -- ^ Nonce value.
  , haMac       :: ByteString       -- ^ Entire header hash.
  , haHash      :: Maybe ByteString -- ^ Payload hash.
  , haExt       :: Maybe ExtData    -- ^ Optional application-specific data.
  , haApp       :: Maybe Text       -- ^ Oz application, Iron-encoded.
  , haDlg       :: Maybe Text       -- ^ Oz delegated-by application.
  } deriving (Show, Eq)

----------------------------------------------------------------------------

-- | Value of @Content-Type@ HTTP headers.
type ContentType = ByteString -- fixme: CI ByteString

-- | Payload data and content type bundled up for convenience.
data PayloadInfo = PayloadInfo
                   { payloadContentType :: ContentType
                   , payloadData        :: BL.ByteString
                   } deriving Show

----------------------------------------------------------------------------

-- | Authorization attributes for a Hawk message. This is generated by
-- 'Network.Hawk.Client.message' and verified by
-- 'Network.Hawk.Server.authenticateMessage'.
data MessageAuth = MessageAuth
                   { msgId        :: ClientId   -- ^ User identifier.
                   , msgTimestamp :: POSIXTime  -- ^ Message time.
                   , msgNonce     :: ByteString -- ^ Nonce string.
                   , msgHash      :: ByteString -- ^ Message hash.
                   , msgMac :: ByteString -- ^ Hash of all message parameters.
                   } deriving (Show, Eq)

----------------------------------------------------------------------------

-- | Represents the @WWW-Authenticate@ header which the server uses to
-- respond when the client isn't authenticated.
data WwwAuthenticateHeader = WwwAuthenticateHeader
  { wahError :: ByteString       -- ^ Error message
  , wahTs    :: Maybe POSIXTime  -- ^ Server's timestamp
  , wahTsm   :: Maybe ByteString -- ^ Timestamp mac
  } deriving (Show, Eq)

-- | Represents the @Server-Authorization@ header which the server
-- sends back to the client.
data ServerAuthorizationHeader = ServerAuthorizationHeader
  { sahMac  :: ByteString       -- ^ Hash of all response parameters.
  , sahHash :: Maybe ByteString -- ^ Optional payload hash.
  , sahExt  :: Maybe ExtData    -- ^ Optional application-specific data.
  } deriving (Show, Eq)