Safe Haskell | None |
---|---|
Language | Haskell2010 |
- data SqliteJwt = SqliteJwt {}
- data User = User {}
- data AuthFailure
- sqliteJwtInit :: String -> Snaplet Sqlite -> SnapletInit b SqliteJwt
- registerUser :: Handler b SqliteJwt ()
- loginUser :: Handler b SqliteJwt ()
- requireAuth :: (User -> Handler b SqliteJwt a) -> Handler b SqliteJwt a
- createUser :: Text -> Text -> Handler b SqliteJwt (Either AuthFailure User)
- login :: Text -> Text -> Handler b SqliteJwt (Either AuthFailure User)
- jsonResponse :: MonadSnap m => m ()
- writeJSON :: (MonadSnap m, ToJSON a) => a -> m ()
- reqJSON :: (MonadSnap m, FromJSON b) => m b
Introduction
NOTE: This is still very much a work-in-progress project!
A snap middleware for implementing JWT-based authentication with user accounts persisted in a SQLite3 database. It's intended use is to protect server API routes used in single-page web applications (SPA) and mobile applications.
See the https://github.com/nurpax/snap-reactjs-todo project for a full application using this library. It implements a todo application as an SPA using React and Redux with a Haskell API server running on Snap and uses this library to implement logins and route authentication. This blog post has a walk-through of the application's source code.
Types
User account User ID and login name.
If you need to store additional fields for your user accounts, persist them
in your application SQL tables and key them by userId
.
data AuthFailure Source #
Types of errors that can happen on login or new user creation.
UnknownUser | The login name does not exist. |
DuplicateLogin | The login name already exists. |
WrongPassword | Failed the password check. |
Initialization
:: String | JWT secret signing key filename |
-> Snaplet Sqlite | The sqlite-simple snaplet |
-> SnapletInit b SqliteJwt |
Initializer for the sqlite-simple JwtAuth snaplet.
If the secret random key jwtSigningKeyFname
doesn't exist in the current
working directory, a new random key will be generated. Otherwise the
existing key will be loaded as the site signing key. This key is used to
sign the JWTs generated by the login procedure.
Initialization will automatically setup SQL tables used to store user accounts. It will also automatically upgrade the SQL schema if necessary.
High-level handlers
Use these handlers to implement user registration, login and protecting routes with authentication.
If you need to customize error handling or need a different JSON schema for communicating between the server and client, you may wish the re- implement these using the low-level handlers documented later in the API ref.
registerUser :: Handler b SqliteJwt () Source #
requireAuth :: (User -> Handler b SqliteJwt a) -> Handler b SqliteJwt a Source #
Run a handler with the currently logged in user.
Verify authentication from the JWT token passed in the Authorization
header, and run the user provided action
with the logged in user.
On errors such as missing or malformed JWT or failure to verify the JWT, error out early and issue an HTTP 401 error.
Lower-level login handlers
Use these if you need more customized login/register user functionality.
:: Text | Login name of the user to be created |
-> Text | Password of the new user |
-> Handler b SqliteJwt (Either AuthFailure User) |
Create a new user.
:: Text | Login name of the user logging in |
-> Text | Password |
-> Handler b SqliteJwt (Either AuthFailure User) |
Login a user
Utility functions
Helper functions for JSON request parameters and JSON responses.
jsonResponse :: MonadSnap m => m () Source #