Safe Haskell	None
Language	Haskell2010

Network.Hawk.Server

Description

These are functions for checking authenticated requests and sending authenticated responses.

Synopsis

Documentation

authenticateRequest :: MonadIO m => AuthReqOpts -> CredentialsFunc m t -> Request -> Maybe ByteString -> m (AuthResult t) Source #

Checks the Authorization header of a Request and (optionally) a payload. The header will be parsed and verified with the credentials supplied.

If the request payload is provided, it will be verified. If a payload is not supplied, it can be verified later with authenticatePayload.

authenticate :: MonadIO m => AuthOpts -> CredentialsFunc m t -> HawkReq -> m (AuthResult t) Source #

Checks the Authorization header of a generic request. The header will be parsed and verified with the credentials supplied.

If a payload is provided, it will be verified. If the payload is not supplied, it can be verified later with authenticatePayload.

authenticateBewit :: MonadIO m => AuthReqOpts -> CredentialsFunc m t -> Request -> m (AuthResult t) Source #

Checks the Authorization header of a request according to the "bewit" scheme. See Network.Hawk.URI for a description of that scheme.

authenticatePayload :: AuthSuccess t -> PayloadInfo -> Either String () Source #

Verifies the payload hash as a separate step after other things have been check. This is useful when the request body is streamed for example.

data HawkReq Source #

A package of values containing the attributes of a HTTP request which are relevant to Hawk authentication.

Constructors

HawkReq
Fields hrqMethod :: Method hrqUrl :: ByteString hrqHost :: ByteString hrqPort :: Maybe Int hrqAuthorization :: ByteString hrqPayload :: Maybe PayloadInfo hrqBewit :: Maybe ByteString hrqBewitlessUrl :: ByteString

Instances

Show HawkReq Source #
Methods showsPrec :: Int -> HawkReq -> ShowS # show :: HawkReq -> String # showList :: [HawkReq] -> ShowS #
Default HawkReq Source #
Methods def :: HawkReq #

header :: AuthResult t -> Maybe PayloadInfo -> (Status, Header) Source #

Generates a suitable Server-Authorization header to send back to the client. Credentials and artifacts would be provided by a previous call to authenticateRequest (or authenticate).

If a payload is supplied, its hash will be included in the header.

data AuthReqOpts Source #

Bundle of parameters for authenticateRequest. Provides information about what the public URL of the server would be. If the application is served from a HTTP reverse proxy, then the Host header might have a different name, or the hostname:port might need to be overridden.

Constructors

AuthReqOpts
Fields saHostHeaderName :: Maybe (CI ByteString) Alternate name for `Host` header saHost :: Maybe ByteString Overrides the URL host saPort :: Maybe ByteString Overrides the URL port saBewitParam :: ByteString Query parameter for bewit authentication saOpts :: AuthOpts Parameters for `authenticate`

Instances

Default AuthReqOpts Source #
Methods def :: AuthReqOpts #

data AuthOpts Source #

Bundle of parameters for authenticate.

Constructors

AuthOpts
Fields saCheckNonce :: NonceFunc saTimestampSkew :: NominalDiffTime saIronLocaltimeOffset :: NominalDiffTime

Instances

Default AuthOpts Source #
Methods def :: AuthOpts #

def :: Default a => a #

The default value for this type.

module Network.Hawk.Server.Types