Copyright	(c) Anton Gushcha, 2016
License	MIT
Maintainer	ncrashed@gmail.com
Stability	experimental
Portability	Portable
Safe Haskell	None
Language	Haskell2010

Servant.API.Auth.Token

Contents

API specs
Swagger helpers
Reexports

Description

Synopsis

API specs

Generic authorization API

type AuthSigninMethod = "auth" :> ("signin" :> (QueryParam "login" Login :> (QueryParam "password" Password :> (QueryParam "expire" Seconds :> Get `[JSON]` (OnlyField "token" SimpleToken))))) Source

How to get a token, expire of Nothing means some default value (server config)

type AuthTouchMethod = "auth" :> ("touch" :> (QueryParam "expire" Seconds :> (TokenHeader `[]` :> Post `[JSON]` ()))) Source

Client cat expand the token lifetime, no permissions are required

type AuthTokenInfoMethod = "auth" :> ("token" :> (TokenHeader `[]` :> Get `[JSON]` RespUserInfo)) Source

Get client info that is binded to the token

type AuthSignoutMethod = "auth" :> ("signout" :> (TokenHeader `[]` :> Post `[JSON]` ())) Source

Close session, after call of the method the token in header is not valid.

type AuthSignupMethod = "auth" :> ("signup" :> (ReqBody `[JSON]` ReqRegister :> (TokenHeader `["auth-register"]` :> Post `[JSON]` (OnlyField "user" UserId)))) Source

Creation of new user, requires registerPerm for token

type AuthUsersMethod = "auth" :> ("users" :> (PageParam :> (PageSizeParam :> (TokenHeader `["auth-info"]` :> Get `[JSON]` RespUsersInfo)))) Source

Getting list of all users, requires authInfoPerm for token

type AuthGetUserMethod = "auth" :> ("user" :> (Capture "user-id" UserId :> (TokenHeader `["auth-info"]` :> Get `[JSON]` RespUserInfo))) Source

Getting info about user, requires authInfoPerm for token

type AuthPatchUserMethod = "auth" :> ("user" :> (Capture "user-id" UserId :> (ReqBody `[JSON]` PatchUser :> (TokenHeader `["auth-update"]` :> Patch `[JSON]` ())))) Source

Updating loginemailpassword, requires authUpdatePerm for token

type AuthPutUserMethod = "auth" :> ("user" :> (Capture "user-id" UserId :> (ReqBody `[JSON]` ReqRegister :> (TokenHeader `["auth-update"]` :> Put `[JSON]` ())))) Source

Replace user with the user in the body, requires authUpdatePerm for token

type AuthDeleteUserMethod = "auth" :> ("user" :> (Capture "user-id" UserId :> (TokenHeader `["auth-delete"]` :> Delete `[JSON]` ()))) Source

Delete user from DB, requires authDeletePerm and will cause cascade deletion, that is your usually want

type AuthRestoreMethod = "auth" :> ("restore" :> (Capture "user-id" UserId :> (QueryParam "code" RestoreCode :> (QueryParam "password" Password :> Post `[JSON]` ())))) Source

Generate new password for user. There is two phases, first, the method is called without code parameter. The system sends email with a restore code to user email or sms (its depends on server). After that a call of the method with the code is needed to change password.

type AuthGetGroupMethod = "auth" :> ("group" :> (Capture "group-id" UserGroupId :> (TokenHeader `["auth-info"]` :> Get `[JSON]` UserGroup))) Source

Getting info about user group, requires authInfoPerm for token

type AuthPostGroupMethod = "auth" :> ("group" :> (ReqBody `[JSON]` UserGroup :> (TokenHeader `["auth-update"]` :> Post `[JSON]` (OnlyId UserGroupId)))) Source

Inserting new user group, requires authUpdatePerm for token

type AuthPutGroupMethod = "auth" :> ("group" :> (Capture "group-id" UserGroupId :> (ReqBody `[JSON]` UserGroup :> (TokenHeader `["auth-update"]` :> Put `[JSON]` ())))) Source

Replace info about given user group, requires authUpdatePerm for token

type AuthPatchGroupMethod = "auth" :> ("group" :> (Capture "group-id" UserGroupId :> (ReqBody `[JSON]` PatchUserGroup :> (TokenHeader `["auth-update"]` :> Patch `[JSON]` ())))) Source

Patch info about given user group, requires authUpdatePerm for token

type AuthDeleteGroupMethod = "auth" :> ("group" :> (Capture "group-id" UserGroupId :> (TokenHeader `["auth-delete"]` :> Delete `[JSON]` ()))) Source

Delete all info about given user group, requires authDeletePerm for token

type AuthGroupsMethod = "auth" :> ("group" :> (PageParam :> (PageSizeParam :> (TokenHeader `["auth-info"]` :> Get `[JSON]` (PagedList UserGroupId UserGroup))))) Source

Get list of user groups, requires authInfoPerm for token

authAPI :: Proxy AuthAPI Source

Proxy type for auth API, used to pass the type-level info into client/docs generation functions

authDocs :: API Source

Servant.Docs documentation of the Auth API

Token

newtype Token perms Source

Token is simple string marked by permissions that are expected from the token to pass guarding functions.

Constructors

Token
Fields unToken :: Text

Instances

Eq (Token perms) Source
Show (Token perms) Source
FromHttpApiData (Token perms) Source
ToHttpApiData (Token perms) Source
ToSample (Token perms) Source
ToParamSchema (Token perms) Source

type MToken perms = Maybe (Token perms) Source

Shortcut for Maybe Token with attached permissions

type TokenHeader perms = Header "Authorization" (Token perms) Source

Token header that we require for authorization marked by permissions that are expected from the token to pass guarding functions.

type SimpleToken = Text Source

Token that doesn't have attached compile-time permissions

class PermsList a where Source

Methods

unliftPerms :: forall proxy. proxy a -> [Permission] Source

Instances

PermsList ([] Symbol) Source
(KnownSymbol x, PermsList xs) => PermsList ((:) Symbol x xs) Source

downgradeToken' :: (True ~ PermsSubset ts' ts) => Token ts -> Token ts' Source

Cast token to permissions that are lower than original one

The cast is safe, the permissions are cheked on compile time.

downgradeToken :: (True ~ PermsSubset ts' ts) => MToken ts -> MToken ts' Source

Cast token to permissions that are lower than original one.

The cast is safe, the permissions are cheked on compile time.

User

type UserId = Word Source

Id of user that is used in the API

type Login = Text Source

User name for login

type Password = Text Source

Password for login

type Email = Text Source

User email

type Permission = Text Source

Special tag for a permission that a user has

type Seconds = Word Source

Amount of seconds

type RestoreCode = Text Source

Special tag for password restore

data ReqRegister Source

Request body for user registration

Constructors

ReqRegister
Fields reqRegLogin :: !Login reqRegPassword :: !Password reqRegEmail :: !Email reqRegPermissions :: ![Permission] reqRegGroups :: !(Maybe [UserGroupId])

data RespUserInfo Source

Response with user info

Constructors

RespUserInfo
Fields respUserId :: !UserId respUserLogin :: !Login respUserEmail :: !Email respUserPermissions :: ![Permission] respUserGroups :: ![UserGroupId]

data PatchUser Source

Request body for patching user

Constructors

PatchUser
Fields patchUserLogin :: !(Maybe Login) patchUserPassword :: !(Maybe Password) patchUserEmail :: !(Maybe Email) patchUserPermissions :: !(Maybe [Permission]) patchUserGroups :: !(Maybe [UserGroupId])

Instances

Show PatchUser Source
Generic PatchUser Source
ToJSON PatchUser Source
FromJSON PatchUser Source
ToSchema PatchUser Source
ToSample PatchUser Source
type Rep PatchUser Source

data RespUsersInfo Source

Response with users info and pagination

Constructors

RespUsersInfo
Fields respUsersItems :: ![RespUserInfo] respUsersPages :: !Word

User groups

type UserGroupId = Word Source

Id of user group

data UserGroup Source

Data of user group, groups allows to group permissions and assign them to particular users in batch manner.

Also a group hierarchy can be formed.

Constructors

UserGroup
Fields userGroupName :: !Text userGroupUsers :: ![UserId] userGroupPermissions :: ![Permission] userGroupParent :: !(Maybe UserGroupId)

Instances

Show UserGroup Source
Generic UserGroup Source
ToJSON UserGroup Source
FromJSON UserGroup Source
ToSchema UserGroup Source
ToSample UserGroup Source
type Rep UserGroup Source

data PatchUserGroup Source

Data type that is used to patch UserGroup

Constructors

PatchUserGroup
Fields patchUserGroupName :: !(Maybe Text) patchUserGroupUsers :: !(Maybe [UserId]) patchUserGroupPermissions :: !(Maybe [Permission]) patchUserGroupParent :: !(Maybe UserGroupId) patchUserGroupNoParent :: !(Maybe Bool) Special case when you want to set parent to `Nothing`

Default permissions

adminPerm :: Permission Source

Permission that allows everything by default

registerPerm :: Permission Source

Permission that allows registration of new users

authInfoPerm :: Permission Source

Permission that allows to query info about other users

authUpdatePerm :: Permission Source

Permission that allows to update fields of an user

authDeletePerm :: Permission Source

Permission that allows to delete users and cause cascade deletion

Swagger helpers

authOperations :: Traversal' Swagger Operation Source

Select only operations of the Auth API

Show ReqRegister Source
Generic ReqRegister Source
ToJSON ReqRegister Source
FromJSON ReqRegister Source
ToSchema ReqRegister Source
ToSample ReqRegister Source
type Rep ReqRegister Source

Show RespUserInfo Source
Generic RespUserInfo Source
ToJSON RespUserInfo Source
FromJSON RespUserInfo Source
ToSchema RespUserInfo Source
ToSample RespUserInfo Source
type Rep RespUserInfo Source

Show RespUsersInfo Source
Generic RespUsersInfo Source
ToJSON RespUsersInfo Source
FromJSON RespUsersInfo Source
ToSchema RespUsersInfo Source
ToSample RespUsersInfo Source
type Rep RespUsersInfo Source

Show PatchUserGroup Source
Generic PatchUserGroup Source
ToJSON PatchUserGroup Source
FromJSON PatchUserGroup Source
ToSchema PatchUserGroup Source
ToSample PatchUserGroup Source
type Rep PatchUserGroup Source

API specs

Token

User

User groups

Default permissions

Swagger helpers

Reexports