wai-middleware-auth- Authentication middleware that secures WAI application

Safe HaskellNone





data AuthSettings Source #

Settings for creating the Auth middleware.

To create a value, use defaultAuthSettings and then various setter functions.

Since: 0.1.0

defaultAuthSettings :: AuthSettings Source #

Default middleware settings. See various setters in order to change available settings

Since: 0.1.0

setAuthKey :: IO Key -> AuthSettings -> AuthSettings Source #

Set the function to get client session key for encrypting cookie data.

Default: getDefaultKey

Since: 0.1.0

setAuthAppRootStatic :: Text -> AuthSettings -> AuthSettings Source #

The application root for this application.

| Set the root for this Aplication. Required for external Authentication providers to perform proper redirect.

Default: use the APPROOT environment variable.

Since: 0.1.0

setAuthAppRootGeneric :: (Request -> IO Text) -> AuthSettings -> AuthSettings Source #

More generalized version of setAuthApprootStatic.

Since: 0.1.0

setAuthSessionAge :: Int -> AuthSettings -> AuthSettings Source #

Number of seconds to keep an authentication cookie active

Default: 3600

Since: 0.1.0

setAuthPrefix :: Text -> AuthSettings -> AuthSettings Source #

Set the cookie key.

Default: "auth_state"

Since: 0.1.0

setAuthCookieName :: ByteString -> AuthSettings -> AuthSettings Source #

Set the cookie name.

Default: "auth_state"

Since: 0.1.0

setAuthProviders :: Providers -> AuthSettings -> AuthSettings Source #

Set Authentication providers to be used.

Default is empty.

Since: 0.1.0

setAuthProvidersTemplate :: (Maybe Text -> Render Provider -> Providers -> Builder) -> AuthSettings -> AuthSettings Source #

Set a custom template that will be rendered for a providers page

Default: providersTemplate

Since: 0.1.0


mkAuthMiddleware :: AuthSettings -> IO Middleware Source #

Creates an Authentication middleware that will make sure application is protected, thus allowing access only to users that go through an authentication process with one of the available providers. If more than one provider is specified, user will be directed to a page were one can be chosen from a list.

Since: 0.1.0


smartAppRoot :: Request -> Text Source #

Determine approot by:

  • Respect the Host header and isSecure property, together with the following de facto standards: x-forwarded-protocol, x-forwarded-ssl, x-url-scheme, x-forwarded-proto, front-end-https. (Note: this list may be updated at will in the future without doc updates.)

Normally trusting headers in this way is insecure, however in the case of approot, the worst that can happen is that the client will get an incorrect URL. Note that this does not work for some situations, e.g.:

  • Reverse proxies not setting one of the above mentioned headers
  • Applications hosted somewhere besides the root of the domain name
  • Reverse proxies that modify the host header


waiMiddlewareAuthVersion :: Version Source #

Current version

Since: 0.1.0

getAuthUser :: Request -> Maybe AuthUser Source #

Get the username for the current user.

If called on a Request behind the middleware, should always return a Just value.

Since: 0.1.0