| Safe Haskell | Unsafe |
|---|
LIO.Web.Simple.TCB
Contents
Description
This module exports a function run for creating a runner that is
used to run a Web.Simple SimpleApplication in the LIO monad.
The runner is only available to trusted code since we do not impose any policy on how requests and responses should be handled. Middleware should be used on both ends to ensure safety. This module provides several such Middleware.
- type SimpleLIOApplication p l = Priv p -> SimpleApplication (LIO l)
- type SimpleLIOMiddleware p l = SimpleLIOApplication p l -> SimpleLIOApplication p l
- run :: Label l => Port -> Middleware -> SimpleApplication (LIO l) -> LIO l ()
- runP :: (PrivDesc l p, Label l) => Port -> Middleware -> Priv p -> SimpleLIOApplication p l -> LIO l ()
- browserLabelGuard :: MonadLIO l m => l -> SimpleMiddleware m
- removeRequestHeaders :: Monad m => [HeaderName] -> SimpleMiddleware m
- removeResponseHeaders :: Monad m => [HeaderName] -> SimpleMiddleware m
- lioGetTemplateTCB :: Label l => FilePath -> LIO l Template
LIO applications
type SimpleLIOApplication p l = Priv p -> SimpleApplication (LIO l)Source
An LIO simple aplpication is an LIO computation mapping a set
of privileges and request to a response. While privileges can be
provided in terms of a e.g., Reader monad, in certain cases not
having the privilege as part of the sate is cleaner.
type SimpleLIOMiddleware p l = SimpleLIOApplication p l -> SimpleLIOApplication p lSource
Simple LIO middleware.
Runners
run :: Label l => Port -> Middleware -> SimpleApplication (LIO l) -> LIO l ()Source
Run an LIO web app wrapped by some middleware. Since web servers can be quite messy it is important that you provide middleware to sanitize responses to prevent data leakage.
Since security properties vary across applications, we do not
impose any conditions on the requests and reponses. The latter can
be sanitized by supplying a middleware, while the former can simply
be baked-into the app (as SimpleMiddleware.
runP :: (PrivDesc l p, Label l) => Port -> Middleware -> Priv p -> SimpleLIOApplication p l -> LIO l ()Source
Same as run, but run SimpleLIOApplications, i.e.,
applications that take privileges.
Middleware
browserLabelGuard :: MonadLIO l m => l -> SimpleMiddleware mSource
Middleware that ensures the Response from the
application is readable by the client's browser (as determined by the
result label of the app computation and the label of the browser). If
the response is not readable by the browser, the middleware sends a
403 (unauthorized) response instead.
removeRequestHeaders :: Monad m => [HeaderName] -> SimpleMiddleware mSource
Remove certain headers from the request.
removeResponseHeaders :: Monad m => [HeaderName] -> SimpleMiddleware mSource
Remove certain headers from the response, e.g., Set-Cookie.
Templates
lioGetTemplateTCB :: Label l => FilePath -> LIO l TemplateSource
Function to use to get a template. When the underlying monad is
LIO, it looks in the viewDirectory for the given file name and
compiles the file into a template.
This function should be used only when the everything reachable
from the viewDirectory is public.
To ensure that the function cannot be abused the function first
cleans up the file path: if it starts out with a .., we consider
this invalid as it can be used explore parts of the filesystem that
should otherwise be unaccessible. Similarly, we remove any . from
the path.
Since this funciton does not use the 'lio-fs' filesystem readFile,
but rather the IO readFile, it should not be exposed to
untrusted code.