scotty-login-session-0.1.2.0: Simple library for Scotty sessions and authorization

Copyright(c) Miles Frankel, 2017
LicenseGPL-2
Safe HaskellNone
LanguageHaskell2010

Web.Scotty.Login.Session

Description

A Simple library for session adding and checking, with automatic SQLite backup of session store. The session store is kept in memory for fast access. Session cookie expiration and database syncing timing are configurable. Note that this packages does not handle user authorization; you will have to roll your own (the package persistent is recommended) or use another package.

Example usage:

{-# LANGUAGE OverloadedStrings   #-}
{-# LANGUAGE ScopedTypeVariables #-}

module Main where
import qualified Data.Text.Lazy           as T
import           Web.Scotty               as S
import           Web.Scotty.Login.Session

conf :: SessionConfig
conf = defaultSessionConfig

main :: IO ()
main = do
  initializeCookieDb conf
  scotty 8000 routes

routes :: ScottyM ()
routes = do
  S.get "/denied" $ S.text "access denied"
  S.get "/login" $ do S.html $ T.pack $ unlines $
                        [ "<form method=\"POST\" action=\"/login\">"
                        , "<input type=\"text\" name=\"username\">"
                        , "<input type=\"password\" name=\"password\">"
                        , "<input type=\"submit\" name=\"login\" value=\"login\">"
                        , "</form>" ]
  S.post "/login" $ do
    (usn :: String) <- param "username"
    (pass :: String) <- param "password"
    if usn == "guest" && pass == "password"
      then do addSession conf
              redirect "/authed"
      else do redirect "/denied"
  S.get "/authcheck" $ authCheck (redirect "/denied") $
    S.text "authorized"
  S.get "/logout" $ removeSession conf

Synopsis

Documentation

initializeCookieDb :: SessionConfig -> IO () Source

Reload the session database into memory, and fork the database sync and cleanup thread. This must be called before invoking scotty.

addSession :: SessionConfig -> ActionT Text IO Session Source

Add a session. This gives the user a SessionId cookie, and inserts a corresponding entry into the session store. It also returns the Session that was just inserted.

removeSession :: SessionConfig -> ActionT Text IO () Source

Remove a session. Does not take a sessionConfig (doesn't need one)

Example usage:

  S.get "/logout" $ removeSession conf

authCheck Source

Arguments

:: (MonadIO m, ScottyError e) 
=> ActionT e m ()

The action to perform if user is denied

-> ActionT e m ()

The action to perform if user is authorized

-> ActionT e m () 

Check whether a user is authorized.

Example usage:

   S.get "/auth_test" $ authCheck (redirect "/denied") $
     S.text "authorized"

authCheckWithSession Source

Arguments

:: (MonadIO m, ScottyError e) 
=> ActionT e m ()

The action to perform if user is denied

-> (Session -> ActionT e m ())

The action to perform if user is authorized

-> ActionT e m () 

Check whether a user is authorized, and return the Session that they are authorized for

Example usage:

   S.get "/auth_test" $ authCheck (redirect "/denied") $
     s -> S.text $ "authorized as " ++ show s

data SessionConfig Source

Configuration for the session database.

Constructors

SessionConfig 

Fields

dbPath :: String

Path to SQLite database file

syncInterval :: NominalDiffTime

Time between syncs to database (seconds)

expirationInterval :: NominalDiffTime

Cookie expiration time (seconds)

debugMode :: Bool

Debug Mode (extra logging)

defaultSessionConfig :: SessionConfig Source

Default settings for the session store. May not be suitable for all applications.

They are:

  • dbPath = "sessions.sqlite",
  • syncInterval = 1200 seconds (20 minutes),
  • expirationInterval = 86400 seconds (1 day)
  • debugMode = False