module Servant.Auth.Server.Internal.ConfigTypes where
import Control.Lens
import Crypto.JOSE as Jose
import Crypto.JWT as Jose
import qualified Data.ByteString as BS
import Data.Default.Class
import Data.Time
import GHC.Generics (Generic)
data IsMatch = Matches | DoesNotMatch
deriving (Eq, Show, Read, Generic, Ord)
data IsSecure = Secure | NotSecure
deriving (Eq, Show, Read, Generic, Ord)
data IsPasswordCorrect = PasswordCorrect | PasswordIncorrect
deriving (Eq, Show, Read, Generic, Ord)
data SameSite = AnySite | SameSiteStrict | SameSiteLax
deriving (Eq, Show, Read, Generic, Ord)
data JWTSettings = JWTSettings
{ key :: Jose.JWK
, audienceMatches :: Jose.StringOrURI -> IsMatch
} deriving (Generic)
defaultJWTSettings :: Jose.JWK -> JWTSettings
defaultJWTSettings k = JWTSettings { key = k, audienceMatches = const Matches }
data CookieSettings = CookieSettings
{
cookieIsSecure :: IsSecure
, cookieMaxAge :: Maybe DiffTime
, cookieExpires :: Maybe UTCTime
, cookieSameSite :: SameSite
, sessionCookieName :: BS.ByteString
, xsrfCookieName :: BS.ByteString
, xsrfHeaderName :: BS.ByteString
} deriving (Eq, Show, Generic)
instance Default CookieSettings where
def = defaultCookieSettings
defaultCookieSettings :: CookieSettings
defaultCookieSettings = CookieSettings
{ cookieIsSecure = Secure
, cookieMaxAge = Nothing
, cookieExpires = Nothing
, cookieSameSite = SameSiteLax
, sessionCookieName = "JWT-Cookie"
, xsrfCookieName = "XSRF-TOKEN"
, xsrfHeaderName = "X-XSRF-TOKEN"
}
jwtSettingsToJwtValidationSettings :: JWTSettings -> Jose.JWTValidationSettings
jwtSettingsToJwtValidationSettings s
= defaultJWTValidationSettings
& audiencePredicate .~ (toBool <$> audienceMatches s)
where
toBool Matches = True
toBool DoesNotMatch = False