wai-middleware-hmac-0.1.0.0: HMAC Authentication Middleware for WAI

Copyright(c) 2015 Christopher Reichert
LicenseBSD3
MaintainerChristopher Reichert <creichert07@gmail.com>
Stabilityexperimental
PortabilityPOSIX
Safe HaskellNone
LanguageHaskell2010

Network.Wai.Middleware.HmacAuth

Contents

Description

 

Synopsis

Middleware functionality

hmacAuth :: forall alg. HashAlgorithm alg => LookupSecret IO -> HmacAuthSettings alg -> Middleware Source

Perform Hmac authentication.

Uses a lookup function to retrieve the secret used to sign the incoming request.

let lookupSecret key = case key of
                         "client" -> Just (Secret "secretkey")
                         _        -> Nothing
     authware = hmacAuth lookupSecret defaultHmacAuth
Warp.run (read port) $ authware $ app

Crypto

signRequest :: forall m alg. (MonadIO m, HashAlgorithm alg) => HmacAuthSettings alg -> Secret -> Request -> m Request Source

Sign a request using HMAC

signature = base64( hmac-sha1 (key, utf8( stringtosign ) ) )

TODO hash contents throught MonadState using a type to make sure all the components are there or err.

Supported Hashing Algorithms

class HashAlgorithm a

Class representing hashing algorithms.

The hash algorithm is built over 3 primitives:

  • init : create a new hashing context
  • updates : update the hashing context with some strict bytestrings and return the new context
  • finalize : finalize the context into a digest

data SHA512 :: *

SHA512 cryptographic hash

data SHA256 :: *

SHA256 cryptographic hash

data SHA1 :: *

SHA1 cryptographic hash

data MD5 :: *

MD5 cryptographic hash

Hmac and Middleware Configuration

data HmacAuthSettings alg Source

Various settings for HMAC authentication

Constructors

HmacAuthSettings 

Fields

authKeyHeader :: !(CI ByteString)

Name of the header which carries the auth key

authTimestampHeader :: !(CI ByteString)

Name of the HTTP Header which carries the timestamp

authIsProtected :: !(Request -> IO Bool)

Determines whether the request needs authentication

authOnNoAuth :: !(HmacAuthException -> Application)

Function to run when authentication is unsuccessful

authAlgorithm :: alg

HMAC signing algorithm

MD5, SHA1, SHA256, and SHA512 supported

authRealm :: !ByteString

Realm provider.

authSpec :: !HmacStrategy

Use Header or Query spec.

Query spec is useful for sharing encoded URLs

authDebug :: !Bool

Print debug output

data HmacStrategy Source

Hmac requests can be accepted through GET params or Http headers.

Constructors

Header

Look for auth info in HTTP Headers

Instances

defaultHmacAuthSettings :: HmacAuthSettings SHA512 Source

Default HMAC authentication settings

Uses SHA512 as default signing algorithm

authOnNoAuth responds with: WWW-Authenticate: Realm="" HMAC-MD5;HMAC-SHA1;HMAC-SHA256;HMAC-SHA512" [...] Provide valid credentials

newtype Secret Source

HMAC Secret Key

Constructors

Secret ByteString 

Instances

newtype Key Source

HMAC Public Key

Constructors

Key ByteString 

Instances