Copyright | (c) 2015 Christopher Reichert |
---|---|
License | BSD3 |
Maintainer | Christopher Reichert <creichert07@gmail.com> |
Stability | experimental |
Portability | POSIX |
Safe Haskell | None |
Language | Haskell2010 |
- hmacAuth :: forall alg. HashAlgorithm alg => LookupSecret IO -> HmacAuthSettings alg -> Middleware
- signRequest :: forall m alg. (MonadIO m, HashAlgorithm alg) => HmacAuthSettings alg -> Secret -> Request -> m Request
- class HashAlgorithm a
- data SHA512 :: *
- data SHA256 :: *
- data SHA1 :: *
- data MD5 :: *
- data HmacAuthSettings alg = HmacAuthSettings {
- authKeyHeader :: !(CI ByteString)
- authTimestampHeader :: !(CI ByteString)
- authIsProtected :: !(Request -> IO Bool)
- authOnNoAuth :: !(HmacAuthException -> Application)
- authAlgorithm :: alg
- authRealm :: !ByteString
- authSpec :: !HmacStrategy
- authDebug :: !Bool
- data HmacStrategy = Header
- defaultHmacAuthSettings :: HmacAuthSettings SHA512
- newtype Secret = Secret ByteString
- newtype Key = Key ByteString
Middleware functionality
hmacAuth :: forall alg. HashAlgorithm alg => LookupSecret IO -> HmacAuthSettings alg -> Middleware Source
Perform Hmac authentication.
Uses a lookup function to retrieve the secret used to sign the incoming request.
let lookupSecret key = case key of "client" -> Just (Secret "secretkey") _ -> Nothing authware = hmacAuth lookupSecret defaultHmacAuth Warp.run (read port) $ authware $ app
Crypto
signRequest :: forall m alg. (MonadIO m, HashAlgorithm alg) => HmacAuthSettings alg -> Secret -> Request -> m Request Source
Sign a request using HMAC
signature = base64( hmac-sha1 (key, utf8( stringtosign ) ) )
TODO hash contents throught MonadState using a type to make sure all the components are there or err.
Supported Hashing Algorithms
class HashAlgorithm a
Class representing hashing algorithms.
The hash algorithm is built over 3 primitives:
- init : create a new hashing context
- updates : update the hashing context with some strict bytestrings and return the new context
- finalize : finalize the context into a digest
Hmac and Middleware Configuration
data HmacAuthSettings alg Source
Various settings for HMAC authentication
HmacAuthSettings | |
|
data HmacStrategy Source
Hmac requests can be accepted through GET params or Http headers.
Header | Look for auth info in HTTP Headers |
defaultHmacAuthSettings :: HmacAuthSettings SHA512 Source
Default HMAC authentication settings
Uses SHA512 as default signing algorithm
authOnNoAuth
responds with:
WWW-Authenticate: Realm="" HMAC-MD5;HMAC-SHA1;HMAC-SHA256;HMAC-SHA512"
[...]
Provide valid credentials