Spock-auth-0.2.0.1: Provides authentification helpers for Spock

Safe HaskellNone

Web.Spock.Auth

Contents

Synopsis

Initialisation helpers

authSessCfg :: AuthCfg sess -> SessionCfg (VisitorSession sess userId)Source

Plug this into the spock function to create SessionCfg

data AuthCfg sess Source

Configuration

Constructors

AuthCfg 

Handeling custom session data

writeSessionData :: sess -> SpockAction conn (VisitorSession sess userId) st ()Source

Replacement for writeSession

readSessionData :: SpockAction conn (VisitorSession sess userId) st sessSource

Replacement for readSession

modifySessionData :: (sess -> sess) -> SpockAction conn (VisitorSession sess userId) st ()Source

Replacement for modifySession

Access control

data VisitorSession sess userId Source

Instances

(Eq sess, Eq userId) => Eq (VisitorSession sess userId) 
(Show sess, Show userId) => Show (VisitorSession sess userId) 

data NoAccessReason Source

Describes why access was denied to a user

type NoAccessHandler conn sess userId st = NoAccessReason -> SpockAction conn (VisitorSession sess userId) st ()Source

Define what happens to non-authorized requests

type LoadUserFun conn sess userId st user = userId -> SpockAction conn (VisitorSession sess userId) st (Maybe user)Source

How should a session be transformed into a user? Can access the database using runQuery

type CheckRightsFun conn sess userId st user = user -> [UserRights] -> SpockAction conn (VisitorSession sess userId) st BoolSource

What rights does the current user have? Can access the database using runQuery

type UserRights = TextSource

Assign the current session roles/permission, eg. admin or user

markAsLoggedIn :: userId -> SpockAction conn (VisitorSession sess userId) st ()Source

Mark current visitor as logged in

markAsGuest :: SpockAction conn (VisitorSession sess userId) st ()Source

Mark current visitor as guest

userRoute :: NoAccessHandler conn sess userId st -> LoadUserFun conn sess userId st user -> CheckRightsFun conn sess userId st user -> StdMethod -> [UserRights] -> Text -> (user -> SpockAction conn (VisitorSession sess userId) st ()) -> SpockM conn (VisitorSession sess userId) st ()Source

Before the request is performed, you can check if the signed in user has permissions to view the contents of the request. You may want to define a helper function that proxies this function to not pass around NoAccessHandler, LoadUserFun and CheckRightsFun all the time. Example:

 type MyWebMonad a = SpockAction Connection (VisitorSession () UserId) () a
 newtype MyUser = MyUser { unMyUser :: T.Text }

 http403 msg =
    do status Http.status403
       text (show msg)

 login :: Http.StdMethod
       -> [UserRights]
       -> RoutePattern
       -> (MyUser -> MyWebMonad ())
       -> MyWebMonad ()
 login =
     userRoute http403 myLoadUser myCheckRights