-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Enforce HTTPS in Wai server app safely.
--   
--   Wai middleware enforcing HTTPS protocol on any incoming request. In
--   case of non-encrypted HTTP, traffic is redirected using 301 Permanent
--   Redirect or optionally 307 Temporary Redirect. Middleware has
--   compatibility modes for various reverse proxies (load balancers) and
--   therefore can be used with Heroku, Google Cloud (Ingress), Azure or
--   any other type of PAS or Cloud provider.
@package wai-enforce-https
@version 0.0.1


-- | Parsing and Serialization of <a>Forwarded</a> HTTP header values.
module Network.HTTP.Forwarded

-- | Representation of Forwarded header data All field are optional
data Forwarded
Forwarded :: Maybe ByteString -> Maybe ByteString -> Maybe ByteString -> Maybe (CI ByteString) -> Forwarded
[forwardedBy] :: Forwarded -> Maybe ByteString
[forwardedFor] :: Forwarded -> Maybe ByteString
[forwardedHost] :: Forwarded -> Maybe ByteString
[forwardedProto] :: Forwarded -> Maybe (CI ByteString)

-- | Parse <tt>ByteString</tt> to Forwarded header Note that this function
--   works with the values of the header only. Extraction of value from
--   header depends what representation of headers you're using.
--   
--   In case of Wai you can extract headers as following:
--   
--   <pre>
--   :set -XOverloadedStrings
--   import Network.Wai
--   import Network.HTTP.Forwarded
--   getForwarded req = parseForwarded &lt;$&gt; "forwarded" `lookup` requestHeaders req
--   :t getForwarded
--   getForwarded :: Request -&gt; Maybe Forwarded
--   </pre>
parseForwarded :: ByteString -> Forwarded

-- | Serialize <a>Forwarded</a> data type back to ByteString
--   representation.
serializeForwarded :: Forwarded -> ByteString
instance GHC.Show.Show Network.HTTP.Forwarded.Forwarded
instance GHC.Classes.Eq Network.HTTP.Forwarded.Forwarded


-- | Wai Middleware for enforcing encrypted HTTPS connection safely.
--   
--   This module is intended to be imported <tt>qualified</tt>
--   
--   <pre>
--   import qualified Network.Wai.Middleware.EnforceHTTPS as EnforceHTTPS
--   </pre>
module Network.Wai.Middleware.EnforceHTTPS

-- | <a>Middleware</a> with <i>default</i> configuration. See
--   <a>defaultConfig</a> for more details.
def :: Middleware

-- | Construct middleware with provided <tt>Resolver</tt> See
--   <tt>Resolver</tt> section for information.
withResolver :: HTTPSResolver -> Middleware

-- | Resolver checking value of <tt>x-forwarded-proto</tt> HTTP header.
--   This header is for instance used by Heroku or GCP Ingress among many
--   others.
--   
--   Request is secure if value of header is <tt>https</tt> otherwise
--   request is considered not being secure.
xForwardedProto :: HTTPSResolver

-- | Azure is proxying with additional `x-arr-ssl` header if original
--   protocol is HTTPS. This resolver checks for the presence of this
--   header.
azure :: HTTPSResolver

-- | Forwarded HTTP header is relatively new standard which should replaced
--   all <tt>x-*</tt> adhoc headers by standardized one. This resolver is
--   using <tt>proto=foo</tt> part of the header and check for equality
--   with <tt>https</tt> value.
--   
--   More information can be found on <a>MDN</a> Complete implementation of
--   <tt>Forwarded</tt> is located in <tt>Network.HTTP.Forwarded</tt>
--   module
forwarded :: HTTPSResolver

-- | Some reverse proxies (Kong) are using values similar to
--   <tt>x-forwarded-proto</tt> but are using different headers. This
--   resolver allows you to specify name of header which should be used for
--   the check. Like <a>xForwardedProto</a>, request is considered as being
--   secure if value of header is <tt>https</tt>.
customProtoHeader :: ByteString -> HTTPSResolver

-- | <h3>Configuration</h3>
--   
--   <a>EnforceHTTPSConfig</a> does export constructor which should not
--   collide with ny other functions and therefore can be exposed in import
--   
--   <pre>
--   import Network.Wai.Middleware.EnforceHTTPS (EnforceHTTPSConfig(..))
--   </pre>
--   
--   <b>Default configuration is recommended</b> but you're free to
--   override any default value if you need to.
--   
--   Configuration of <a>httpsIsSecure</a> can be set using
--   <a>withResolver</a> function which is preferred way for overwriting
--   default <tt>Resolver</tt> .
data EnforceHTTPSConfig
EnforceHTTPSConfig :: HTTPSResolver -> Maybe ByteString -> Int -> Bool -> Bool -> Bool -> [Method] -> Status -> EnforceHTTPSConfig
[httpsIsSecure] :: EnforceHTTPSConfig -> HTTPSResolver
[httpsHostname] :: EnforceHTTPSConfig -> Maybe ByteString
[httpsPort] :: EnforceHTTPSConfig -> Int
[httpsIgnoreURL] :: EnforceHTTPSConfig -> Bool
[httpsTemporary] :: EnforceHTTPSConfig -> Bool
[httpsSkipDefaultPort] :: EnforceHTTPSConfig -> Bool
[httpsRedirectMethods] :: EnforceHTTPSConfig -> [Method]
[httpsDisallowStatus] :: EnforceHTTPSConfig -> Status

-- | Default Configuration Default resolver is proxy to
--   <tt>Network.Wai.isSecure</tt> function
--   
--   <ul>
--   <li>uses request <tt>Host</tt> header information to resolve
--   hostname</li>
--   <li>standard HTTPS port <tt>443</tt></li>
--   <li>redirect includes path and url params</li>
--   <li>uses permanent redirect (<tt>301</tt>)</li>
--   <li>doesn't include <tt>port</tt> in <tt>Location</tt> header id port
--   is <tt>443</tt></li>
--   <li>redirects <tt>GET</tt> and <tt>HEAD</tt> methods</li>
--   <li>all <i>other</i> methods are resolved with <tt>405</tt> (Method
--   not Allowed) and with appropriate <tt>Allowed</tt> header</li>
--   </ul>
defaultConfig :: EnforceHTTPSConfig

-- | Construct <a>Middleware</a> for specific <a>EnforceHTTPSConfig</a>
withConfig :: EnforceHTTPSConfig -> Middleware