Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Synopsis
- data Accounts i p :: Effect
- type AccountsP i = Accounts i [Privilege]
- authenticate :: forall i p r. Member (Accounts i p) r => AccountName -> RawPassword -> Sem r (Uid i (AccountAuth i))
- generatePassword :: forall i p r. Member (Accounts i p) r => i -> Maybe Datetime -> Sem r GeneratedPassword
- create :: forall i p r. Member (Accounts i p) r => AccountName -> Sem r (Uid i (Account p))
- finalizeCreate :: forall i p r. Member (Accounts i p) r => i -> Sem r (Uid i (Account p))
- addPassword :: forall i p r. Member (Accounts i p) r => i -> RawPassword -> Maybe Datetime -> Sem r (Uid i (AccountAuth i))
- setStatus :: forall i p r. Member (Accounts i p) r => i -> AccountStatus -> Sem r ()
- byId :: forall i p r. Member (Accounts i p) r => i -> Sem r (Uid i (Account p))
- byName :: forall i p r. Member (Accounts i p) r => AccountName -> Sem r (Uid i (Account p))
- update :: forall i p r. Member (Accounts i p) r => Uid i (Account p) -> Sem r ()
- privileges :: forall i p r. Member (Accounts i p) r => i -> Sem r p
- updatePrivileges :: forall i p r. Member (Accounts i p) r => i -> (p -> p) -> Sem r ()
- all :: forall i p r. Member (Accounts i p) r => Sem r [Uid i (Account p)]
- allAuths :: forall i p r. Member (Accounts i p) r => Sem r [Uid i (AccountAuth i)]
- data Password :: Effect
- hash :: forall r. Member Password r => RawPassword -> Sem r HashedPassword
- check :: forall r. Member Password r => RawPassword -> HashedPassword -> Sem r Bool
- generate :: forall r. Member Password r => Word -> Sem r GeneratedPassword
- interpretAccounts :: forall e i p r. Show e => Member (Query AccountByName (Maybe (Uid i (Account p))) !! e) r => Member (Query (AuthForAccount i) [Uid i (AccountAuth i)] !! e) r => Members [Password, Store i (Account p) !! e, Store i (AccountAuth i) !! e, Reader (AccountsConfig p) !! e, Id i] r => InterpreterFor (Accounts i p !! AccountsError) r
- interpretAccountsState :: forall i p r. Ord i => Show i => Members [Log, Id i, Embed IO] r => AccountsConfig p -> [Uid i (Account p)] -> [Uid i (AccountAuth i)] -> InterpretersFor [Accounts i p !! AccountsError, Password] r
- interpretPassword :: Member (Embed IO) r => InterpreterFor Password r
- interpretPasswordId :: InterpreterFor Password r
- register :: Member (Accounts i p) r => AccountCredentials -> Sem r (AuthedAccount i p)
- login :: Member (Accounts i p) r => AccountCredentials -> Sem r (AuthedAccount i p)
- unlockAccountName :: Members [Accounts i p, Stop AccountsError] r => AccountName -> Sem r ()
- data Account p = Account {
- name :: AccountName
- status :: AccountStatus
- privileges :: p
- data AuthedAccount i p = AuthedAccount {
- id :: i
- authId :: i
- name :: AccountName
- status :: AccountStatus
- privileges :: p
- data AccountAuth i = AccountAuth {}
- data AccountsConfig p = AccountsConfig {
- passwordLength :: Word
- initActive :: Bool
- defaultPrivileges :: p
- type AccountsConfigP = AccountsConfig [Privilege]
- data AccountsError
- data AccountsClientError
- data AccountCredentials = AccountCredentials {}
- newtype AccountName = AccountName {}
- data RawPassword
- rawPassword :: Text -> RawPassword
- newtype GeneratedPassword = GeneratedPassword {}
- data AccountStatus
- data Privilege
- type AccountP = Account [Privilege]
- type AuthedAccountP i = AuthedAccount i [Privilege]
- newtype AuthToken = AuthToken {
- unAuthToken :: Text
- newtype Port = Port Word
- type AuthQuery i p = [Query (AuthForAccount i) [Uid i (AccountAuth i)] !! DbError, Store i (AccountAuth i) !! DbError, AtomicState (PureStore i (AccountAuth i))]
- type AccountQuery i p = [Query AccountByName (Maybe (Uid i (Account p))) !! DbError, Store i (Account p) !! DbError, AtomicState (PureStore i (Account p))]
Effects
data Accounts i p :: Effect Source #
This effect provides common operations for account and password management.
The first parameter is the ID type for both accounts and authentication data, which might be UUID
or
Int
.
The second parameter encodes an accounts basic privileges, mainly used for API authorization.
authenticate :: forall i p r. Member (Accounts i p) r => AccountName -> RawPassword -> Sem r (Uid i (AccountAuth i)) Source #
Check credentials against the storage backend.
generatePassword :: forall i p r. Member (Accounts i p) r => i -> Maybe Datetime -> Sem r GeneratedPassword Source #
Generate a fresh password.
create :: forall i p r. Member (Accounts i p) r => AccountName -> Sem r (Uid i (Account p)) Source #
Add an account to the storage backend, without authentication.
finalizeCreate :: forall i p r. Member (Accounts i p) r => i -> Sem r (Uid i (Account p)) Source #
Mark an account as fully created.
addPassword :: forall i p r. Member (Accounts i p) r => i -> RawPassword -> Maybe Datetime -> Sem r (Uid i (AccountAuth i)) Source #
Associate an account with a new password, with optional expiry time.
setStatus :: forall i p r. Member (Accounts i p) r => i -> AccountStatus -> Sem r () Source #
Update the status of an account.
byId :: forall i p r. Member (Accounts i p) r => i -> Sem r (Uid i (Account p)) Source #
Look up an account by its ID.
byName :: forall i p r. Member (Accounts i p) r => AccountName -> Sem r (Uid i (Account p)) Source #
Look up an account by its name.
update :: forall i p r. Member (Accounts i p) r => Uid i (Account p) -> Sem r () Source #
Overwrite an existing account.
privileges :: forall i p r. Member (Accounts i p) r => i -> Sem r p Source #
Look up an account's privileges.
updatePrivileges :: forall i p r. Member (Accounts i p) r => i -> (p -> p) -> Sem r () Source #
Update an account's privileges.
all :: forall i p r. Member (Accounts i p) r => Sem r [Uid i (Account p)] Source #
Fetch all accounts.
allAuths :: forall i p r. Member (Accounts i p) r => Sem r [Uid i (AccountAuth i)] Source #
Fetch all auth records.
hash :: forall r. Member Password r => RawPassword -> Sem r HashedPassword Source #
Hash a clear text password.
check :: forall r. Member Password r => RawPassword -> HashedPassword -> Sem r Bool Source #
Validate a password against a hash.
generate :: forall r. Member Password r => Word -> Sem r GeneratedPassword Source #
Generate a new clear text password of the specified length.
Interpreters
interpretAccounts :: forall e i p r. Show e => Member (Query AccountByName (Maybe (Uid i (Account p))) !! e) r => Member (Query (AuthForAccount i) [Uid i (AccountAuth i)] !! e) r => Members [Password, Store i (Account p) !! e, Store i (AccountAuth i) !! e, Reader (AccountsConfig p) !! e, Id i] r => InterpreterFor (Accounts i p !! AccountsError) r Source #
Interpret Accounts
using Store
and Query
from Polysemy.Db as the storage backend.
interpretAccountsState :: forall i p r. Ord i => Show i => Members [Log, Id i, Embed IO] r => AccountsConfig p -> [Uid i (Account p)] -> [Uid i (AccountAuth i)] -> InterpretersFor [Accounts i p !! AccountsError, Password] r Source #
Interpret Accounts
and Password
using AtomicState
as storage backend.
interpretPassword :: Member (Embed IO) r => InterpreterFor Password r Source #
Interpret Password
using the Argon2 algorithm and Data.Elocrypt-generated passwords.
interpretPasswordId :: InterpreterFor Password r Source #
Interpret Password
trivially, not performing any hashing and generating sequences of asterisks.
Misc combinators
register :: Member (Accounts i p) r => AccountCredentials -> Sem r (AuthedAccount i p) Source #
Register an account with the given credentials.
Create the account in the storage backend, hash the password and store it, then mark the account as created.
login :: Member (Accounts i p) r => AccountCredentials -> Sem r (AuthedAccount i p) Source #
Authenticate the given credentials against the storage backend and return the matched account's information.
unlockAccountName :: Members [Accounts i p, Stop AccountsError] r => AccountName -> Sem r () Source #
Convenience function for unlocking the account matching the given name.
Data types
A basic user account, consisting of a name, activation status, and an arbitrary privilege type.
Account | |
|
Instances
FromJSON p => FromJSON (Account p) Source # | |
ToJSON p => ToJSON (Account p) Source # | |
Defined in Polysemy.Account.Data.Account | |
Generic (Account p) Source # | |
Show p => Show (Account p) Source # | |
Eq p => Eq (Account p) Source # | |
type Rep (Account p) Source # | |
Defined in Polysemy.Account.Data.Account type Rep (Account p) = D1 ('MetaData "Account" "Polysemy.Account.Data.Account" "polysemy-account-0.2.0.0-JBrIF35CBfcBfeWmsi0YZS" 'False) (C1 ('MetaCons "Account" 'PrefixI 'True) (S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 AccountName) :*: (S1 ('MetaSel ('Just "status") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 AccountStatus) :*: S1 ('MetaSel ('Just "privileges") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 p)))) |
data AuthedAccount i p Source #
An account an the ID of the password used to authenticate it.
AuthedAccount | |
|
Instances
data AccountAuth i Source #
A hashed password associated with an account.
AccountAuth | |
|
Instances
data AccountsConfig p Source #
The configuration for the interpreter for Accounts
.
The defaults, when using Privilege
, are:
- Length 20
- Don't activate accounts right away
Web
privileges
AccountsConfig | |
|
Instances
type AccountsConfigP = AccountsConfig [Privilege] Source #
Convenience alias for using the default privilege type with AccountsConfig
.
data AccountsError Source #
Errors produced by the effect Accounts
.
Client AccountsClientError | Errors that indicate invalid client-supplied information. |
Internal Text | Error indicating storage backend failure. |
Instances
Show AccountsError Source # | |
Defined in Polysemy.Account.Data.AccountsError showsPrec :: Int -> AccountsError -> ShowS # show :: AccountsError -> String # showList :: [AccountsError] -> ShowS # | |
Eq AccountsError Source # | |
Defined in Polysemy.Account.Data.AccountsError (==) :: AccountsError -> AccountsError -> Bool # (/=) :: AccountsError -> AccountsError -> Bool # |
data AccountsClientError Source #
Errors that indicate invalid client-supplied information.
NoAccountId | No account was found for the given ID. |
InvalidAuth | Credentials did not match stored auth data. |
NoAccountName | No account was found for the given name. |
Conflict | Name given for registration already exists in storage. |
Instances
FromJSON AccountsClientError Source # | |
Defined in Polysemy.Account.Data.AccountsError parseJSON :: Value -> Parser AccountsClientError # parseJSONList :: Value -> Parser [AccountsClientError] # | |
ToJSON AccountsClientError Source # | |
Defined in Polysemy.Account.Data.AccountsError toJSON :: AccountsClientError -> Value # toEncoding :: AccountsClientError -> Encoding # toJSONList :: [AccountsClientError] -> Value # toEncodingList :: [AccountsClientError] -> Encoding # | |
Show AccountsClientError Source # | |
Defined in Polysemy.Account.Data.AccountsError showsPrec :: Int -> AccountsClientError -> ShowS # show :: AccountsClientError -> String # showList :: [AccountsClientError] -> ShowS # | |
Eq AccountsClientError Source # | |
Defined in Polysemy.Account.Data.AccountsError (==) :: AccountsClientError -> AccountsClientError -> Bool # (/=) :: AccountsClientError -> AccountsClientError -> Bool # |
data AccountCredentials Source #
User-supplied credentials for login or registration.
AccountCredentials | |
|
Instances
FromJSON AccountCredentials Source # | |
Defined in Polysemy.Account.Data.AccountCredentials parseJSON :: Value -> Parser AccountCredentials # parseJSONList :: Value -> Parser [AccountCredentials] # | |
ToJSON AccountCredentials Source # | |
Defined in Polysemy.Account.Data.AccountCredentials toJSON :: AccountCredentials -> Value # toEncoding :: AccountCredentials -> Encoding # toJSONList :: [AccountCredentials] -> Value # toEncodingList :: [AccountCredentials] -> Encoding # | |
Show AccountCredentials Source # | |
Defined in Polysemy.Account.Data.AccountCredentials showsPrec :: Int -> AccountCredentials -> ShowS # show :: AccountCredentials -> String # showList :: [AccountCredentials] -> ShowS # | |
Eq AccountCredentials Source # | |
Defined in Polysemy.Account.Data.AccountCredentials (==) :: AccountCredentials -> AccountCredentials -> Bool # (/=) :: AccountCredentials -> AccountCredentials -> Bool # |
newtype AccountName Source #
The name of an account.
Instances
data RawPassword Source #
A clear text password, supplied by the user or generated.
Instances
FromJSON RawPassword Source # | |
Defined in Polysemy.Account.Data.RawPassword parseJSON :: Value -> Parser RawPassword # parseJSONList :: Value -> Parser [RawPassword] # | |
ToJSON RawPassword Source # | |
Defined in Polysemy.Account.Data.RawPassword toJSON :: RawPassword -> Value # toEncoding :: RawPassword -> Encoding # toJSONList :: [RawPassword] -> Value # toEncodingList :: [RawPassword] -> Encoding # | |
Show RawPassword Source # | |
Defined in Polysemy.Account.Data.RawPassword showsPrec :: Int -> RawPassword -> ShowS # show :: RawPassword -> String # showList :: [RawPassword] -> ShowS # | |
Eq RawPassword Source # | |
Defined in Polysemy.Account.Data.RawPassword (==) :: RawPassword -> RawPassword -> Bool # (/=) :: RawPassword -> RawPassword -> Bool # |
rawPassword :: Text -> RawPassword Source #
Construct a 'RawPassword
.
newtype GeneratedPassword Source #
A password that was generated, intended to be shown to the user, and therefore permitted to be show
n, as opposed
to RawPassword
.
Instances
data AccountStatus Source #
Basic account status.
Creating | The account was added to storage, but not processed fully. |
Pending | The account was fully created, but not approved by an admin. |
Active | The account is fully operational. |
Locked | An admin has disabled the account. |
Instances
The stock privilege type, used only for admin endpoint authorization in polysemy-account-api
.
Instances
FromJSON Privilege Source # | |
ToJSON Privilege Source # | |
Defined in Polysemy.Account.Data.Privilege | |
Generic Privilege Source # | |
Show Privilege Source # | |
Eq Privilege Source # | |
Default [Privilege] Source # | |
Defined in Polysemy.Account.Data.Privilege | |
type Rep Privilege Source # | |
Defined in Polysemy.Account.Data.Privilege type Rep Privilege = D1 ('MetaData "Privilege" "Polysemy.Account.Data.Privilege" "polysemy-account-0.2.0.0-JBrIF35CBfcBfeWmsi0YZS" 'False) (C1 ('MetaCons "Web" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Api" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Admin" 'PrefixI 'False) (U1 :: Type -> Type))) |
type AccountP = Account [Privilege] Source #
Convenience alias for using the default privilege type with Account
.
type AuthedAccountP i = AuthedAccount i [Privilege] Source #
Convenience alias for using the default privilege type with AuthedAccount
.
An auth token, used by the JWT tools in polysemy-account-api
.
An API port, used by the Servant tools in polysemy-account-api
.
Instances
FromJSON Port Source # | |
ToJSON Port Source # | |
Defined in Polysemy.Account.Data.Port | |
Enum Port Source # | |
Num Port Source # | |
Read Port Source # | |
Integral Port Source # | |
Real Port Source # | |
Defined in Polysemy.Account.Data.Port toRational :: Port -> Rational # | |
Show Port Source # | |
Eq Port Source # | |
Ord Port Source # | |
type AuthQuery i p = [Query (AuthForAccount i) [Uid i (AccountAuth i)] !! DbError, Store i (AccountAuth i) !! DbError, AtomicState (PureStore i (AccountAuth i))] Source #
The effects handled by interpretAuthForAccountState
..
type AccountQuery i p = [Query AccountByName (Maybe (Uid i (Account p))) !! DbError, Store i (Account p) !! DbError, AtomicState (PureStore i (Account p))] Source #
The effects handled by interpretAccountByNameState
.