wai-middleware-auth-0.1.1.0: Authentication middleware that secures WAI application

Safe Haskell None Haskell2010

Network.Wai.Middleware.Auth

Contents

Synopsis

# Settings

Settings for creating the Auth middleware.

To create a value, use defaultAuthSettings and then various setter functions.

Since: 0.1.0

Default middleware settings. See various setters in order to change available settings

Since: 0.1.0

Set the function to get client session key for encrypting cookie data.

Default: getDefaultKey

Since: 0.1.0

The application root for this application.

| Set the root for this Aplication. Required for external Authentication providers to perform proper redirect.

Default: use the APPROOT environment variable.

Since: 0.1.0

More generalized version of setAuthApprootStatic.

Since: 0.1.0

Number of seconds to keep an authentication cookie active

Default: 3600

Since: 0.1.0

Set the cookie key.

Default: "auth_state"

Since: 0.1.0

Set the cookie name.

Default: "auth_state"

Since: 0.1.0

Set Authentication providers to be used.

Default is empty.

Since: 0.1.0

Set a custom template that will be rendered for a providers page

Default: providersTemplate

Since: 0.1.0

# Middleware

Creates an Authentication middleware that will make sure application is protected, thus allowing access only to users that go through an authentication process with one of the available providers. If more than one provider is specified, user will be directed to a page were one can be chosen from a list.

Since: 0.1.0

# Helpers

Determine approot by:

• Respect the Host header and isSecure property, together with the following de facto standards: x-forwarded-protocol, x-forwarded-ssl, x-url-scheme, x-forwarded-proto, front-end-https. (Note: this list may be updated at will in the future without doc updates.)

Normally trusting headers in this way is insecure, however in the case of approot, the worst that can happen is that the client will get an incorrect URL. Note that this does not work for some situations, e.g.:

• Reverse proxies not setting one of the above mentioned headers
• Applications hosted somewhere besides the root of the domain name
• Reverse proxies that modify the host header

Since: 0.1.0.0

Current version

Since: 0.1.0

Get the username for the current user.

If called on a Request behind the middleware, should always return a Just value.

Since: 0.1.0