wai-middleware-crowd-0.1.4: Middleware and utilities for using Atlassian Crowd authentication

Safe HaskellNone
LanguageHaskell2010

Network.Wai.Middleware.Crowd

Contents

Synopsis

Settings

data CrowdSettings Source

Settings for creating the Crowd middleware.

To create a value, use defaultCrowdSettings and then various setter functions.

Since 0.1.0

defaultCrowdSettings :: CrowdSettings Source

Default value for CrowdSettings.

Since 0.1.0

setCrowdKey :: IO Key -> CrowdSettings -> CrowdSettings Source

Set the function to get client session key for encrypting cookie data.

Default: getDefaultKey

Since 0.1.0

setCrowdRoot :: Text -> CrowdSettings -> CrowdSettings Source

Set the root of the Crowd service. This is used as an OpenID endpoint.

Default: http://localhost:8095/openidserver

Since 0.1.0

setCrowdApprootStatic :: Text -> CrowdSettings -> CrowdSettings Source

The application root for this application.

This is used for constructing completion URLs when communicating with Crowd's OpenID implementation.

Default: use the APPROOT environment variable.

Since 0.1.0

setCrowdApprootGeneric :: IO (Request -> IO Text) -> CrowdSettings -> CrowdSettings Source

More generalized version of setCrowdApprootStatic.

Since 0.1.0

setCrowdManager :: IO Manager -> CrowdSettings -> CrowdSettings Source

Acquire an HTTP connection manager.

Default: get a new tls-enabled manager.

Since 0.1.0

setCrowdAge :: Int -> CrowdSettings -> CrowdSettings Source

Number of seconds to keep an authentication cookie active

Default: 3600

Since 0.1.0

Middleware

mkCrowdMiddleware :: CrowdSettings -> IO Middleware Source

Create the Crowd middleware based on the given settings.

Since 0.1.0

Helpers

smartApproot :: IO (Request -> IO Text) Source

Determine approot by:

  • First respecting the APPROOT environment variable if present
  • If not, respect the Host header and isSecure property, together with the following de facto standards: x-forwarded-protocol, x-forwarded-ssl, x-url-scheme, x-forwarded-proto, front-end-https. (Note: this list may be updated at will in the future without doc updates.)

Normally trusting headers in this way is insecure, however in the case of approot, the worst that can happen is that the client will get an incorrect URL. Note that this does not work for some situations, e.g.:

  • Reverse proxies not setting one of the above mentioned headers
  • Applications hosted somewhere besides the root of the domain name
  • Reverse proxies that modify the host header

Since 0.1.0

waiMiddlewareCrowdVersion :: Version Source

Current version

Since 0.1.0

getUserName :: Request -> Maybe ByteString Source

Get the username for the current user.

If called on a Request behind the middleware, should always return a Just value.

Since 0.1.1.0