servant/servant-examples/auth-combinator/auth-combinator.hs

{-# LANGUAGE DataKinds           #-}
{-# LANGUAGE DeriveGeneric       #-}
{-# LANGUAGE FlexibleContexts    #-}
{-# LANGUAGE FlexibleInstances   #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE OverloadedStrings   #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TypeFamilies        #-}
{-# LANGUAGE TypeOperators       #-}
{-# LANGUAGE UndecidableInstances #-}

import           Data.Aeson
import           Data.ByteString          (ByteString)
import           Data.IORef
import           Data.Text                (Text)
import           GHC.Generics
import           Network.Wai
import           Network.Wai.Handler.Warp
import           Servant
import           Servant.Server.Internal

-- Pretty much stolen/adapted from
-- https://github.com/haskell-servant/HaskellSGMeetup2015/blob/master/examples/authentication-combinator/AuthenticationCombinator.hs

type DBConnection = IORef [ByteString]
type DBLookup = DBConnection -> ByteString -> IO Bool

initDB :: IO DBConnection
initDB = newIORef ["good password"]

isGoodCookie :: DBLookup
isGoodCookie ref password = do
  allowed <- readIORef ref
  return (password `elem` allowed)

data AuthProtected

instance (HasContextEntry context DBConnection, HasServer rest context)
  => HasServer (AuthProtected :> rest) context where

  type ServerT (AuthProtected :> rest) m = ServerT rest m

  route Proxy context subserver = WithRequest $ \ request ->
    route (Proxy :: Proxy rest) context $ addAcceptCheck subserver $ cookieCheck request
      where
        cookieCheck req = case lookup "Cookie" (requestHeaders req) of
            Nothing -> return $ FailFatal err401 { errBody = "Missing auth header" }
            Just v  -> do
              let dbConnection = getContextEntry context
              authGranted <- isGoodCookie dbConnection v
              if authGranted
                then return $ Route ()
                else return $ FailFatal err403 { errBody = "Invalid cookie" }

type PrivateAPI = Get '[JSON] [PrivateData]

type PublicAPI = Get '[JSON] [PublicData]

type API = "private" :> AuthProtected :> PrivateAPI
      :<|> PublicAPI

newtype PrivateData = PrivateData { ssshhh :: Text }
  deriving (Eq, Show, Generic)

instance ToJSON PrivateData

newtype PublicData = PublicData { somedata :: Text }
  deriving (Eq, Show, Generic)

instance ToJSON PublicData

api :: Proxy API
api = Proxy

server :: Server API
server = return prvdata :<|> return pubdata

  where prvdata = [PrivateData "this is a secret"]
        pubdata = [PublicData "this is a public piece of data"]

main :: IO ()
main = do
  dbConnection <- initDB
  let context = dbConnection :. EmptyContext
  run 8080 (serveWithContext api context server)

{- Sample session:
$ curl http://localhost:8080/
[{"somedata":"this is a public piece of data"}]
$ curl http://localhost:8080/private
Missing auth header.
$ curl -H "Cookie: good password" http://localhost:8080/private
[{"ssshhh":"this is a secret"}]
$ curl -H "Cookie: bad password" http://localhost:8080/private
Invalid cookie.
-}
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`{-# LANGUAGE DataKinds #-}`
			`{-# LANGUAGE DeriveGeneric #-}`
config: remove HasConfig and make HasServer take `config` as a parameter 2016-01-19 00:19:51 +01:00			`{-# LANGUAGE FlexibleContexts #-}`
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`{-# LANGUAGE FlexibleInstances #-}`
config: remove HasConfig and make HasServer take `config` as a parameter 2016-01-19 00:19:51 +01:00			`{-# LANGUAGE MultiParamTypeClasses #-}`
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`{-# LANGUAGE OverloadedStrings #-}`
add an auth combinator example 2015-04-24 14:00:57 +02:00			`{-# LANGUAGE ScopedTypeVariables #-}`
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`{-# LANGUAGE TypeFamilies #-}`
			`{-# LANGUAGE TypeOperators #-}`
config: remove HasConfig and make HasServer take `config` as a parameter 2016-01-19 00:19:51 +01:00			`{-# LANGUAGE UndecidableInstances #-}`
Refactor RouteResult. Fix rerouting tests Fix 405 > 404 issue with Capture. Remove ServantErrWithPriority and Monoid instance More tests Update auth-combinator for routing changes 2015-09-10 08:49:19 +02:00
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`import Data.Aeson`
			`import Data.ByteString (ByteString)`
server: added Config machinery 2016-01-14 23:43:48 +01:00			`import Data.IORef`
stylish haskell changes And import fix. 2015-08-17 23:56:29 +02:00			`import Data.Text (Text)`
			`import GHC.Generics`
			`import Network.Wai`
			`import Network.Wai.Handler.Warp`
			`import Servant`
			`import Servant.Server.Internal`
add an auth combinator example 2015-04-24 14:00:57 +02:00
			`-- Pretty much stolen/adapted from`
			`-- https://github.com/haskell-servant/HaskellSGMeetup2015/blob/master/examples/authentication-combinator/AuthenticationCombinator.hs`

server: added Config machinery 2016-01-14 23:43:48 +01:00			`type DBConnection = IORef [ByteString]`
			`type DBLookup = DBConnection -> ByteString -> IO Bool`

			`initDB :: IO DBConnection`
			`initDB = newIORef ["good password"]`
add an auth combinator example 2015-04-24 14:00:57 +02:00
			`isGoodCookie :: DBLookup`
server: added Config machinery 2016-01-14 23:43:48 +01:00			`isGoodCookie ref password = do`
			`allowed <- readIORef ref`
			return (password `elem` allowed)
add an auth combinator example 2015-04-24 14:00:57 +02:00
			`data AuthProtected`

renaming: Config -> Context 2016-02-28 23:23:32 +01:00			`instance (HasContextEntry context DBConnection, HasServer rest context)`
			`=> HasServer (AuthProtected :> rest) context where`
config: remove HasConfig and make HasServer take `config` as a parameter 2016-01-19 00:19:51 +01:00
-Wall fixes 2015-05-03 01:53:38 +02:00			`type ServerT (AuthProtected :> rest) m = ServerT rest m`
add an auth combinator example 2015-04-24 14:00:57 +02:00
renaming: Config -> Context 2016-02-28 23:23:32 +01:00			`route Proxy context subserver = WithRequest $ \ request ->`
			`route (Proxy :: Proxy rest) context $ addAcceptCheck subserver $ cookieCheck request`
More systematic approach to delayed checks. This introduces a `Delayed` type in `RoutingApplication.hs` that contains a handler together with delayed checks. There are several blocks of delayed checks, so that we can ultimately execute them in the order we desire. The process is documented in more detail in `RoutingApplication.hs`. 2015-09-16 22:07:55 +02:00			`where`
			`cookieCheck req = case lookup "Cookie" (requestHeaders req) of`
			`Nothing -> return $ FailFatal err401 { errBody = "Missing auth header" }`
			`Just v -> do`
renaming: Config -> Context 2016-02-28 23:23:32 +01:00			`let dbConnection = getContextEntry context`
server: added Config machinery 2016-01-14 23:43:48 +01:00			`authGranted <- isGoodCookie dbConnection v`
More systematic approach to delayed checks. This introduces a `Delayed` type in `RoutingApplication.hs` that contains a handler together with delayed checks. There are several blocks of delayed checks, so that we can ultimately execute them in the order we desire. The process is documented in more detail in `RoutingApplication.hs`. 2015-09-16 22:07:55 +02:00			`if authGranted`
			`then return $ Route ()`
			`else return $ FailFatal err403 { errBody = "Invalid cookie" }`
add an auth combinator example 2015-04-24 14:00:57 +02:00
			`type PrivateAPI = Get '[JSON] [PrivateData]`

			`type PublicAPI = Get '[JSON] [PublicData]`

			`type API = "private" :> AuthProtected :> PrivateAPI`
			`:<\|> PublicAPI`

			`newtype PrivateData = PrivateData { ssshhh :: Text }`
			`deriving (Eq, Show, Generic)`

			`instance ToJSON PrivateData`

			`newtype PublicData = PublicData { somedata :: Text }`
			`deriving (Eq, Show, Generic)`

			`instance ToJSON PublicData`

			`api :: Proxy API`
			`api = Proxy`

			`server :: Server API`
			`server = return prvdata :<\|> return pubdata`

			`where prvdata = [PrivateData "this is a secret"]`
			`pubdata = [PublicData "this is a public piece of data"]`

			`main :: IO ()`
server: added Config machinery 2016-01-14 23:43:48 +01:00			`main = do`
			`dbConnection <- initDB`
renaming: Config -> Context 2016-02-28 23:23:32 +01:00			`let context = dbConnection :. EmptyContext`
			`run 8080 (serveWithContext api context server)`
add an auth combinator example 2015-04-24 14:00:57 +02:00
			`{- Sample session:`
			`$ curl http://localhost:8080/`
			`[{"somedata":"this is a public piece of data"}]`
			`$ curl http://localhost:8080/private`
			`Missing auth header.`
			`$ curl -H "Cookie: good password" http://localhost:8080/private`
			`[{"ssshhh":"this is a secret"}]`
			`$ curl -H "Cookie: bad password" http://localhost:8080/private`
			`Invalid cookie.`
-Wall fixes 2015-05-03 01:53:38 +02:00			`-}`