2018-03-11 16:58:31 +01:00
|
|
|
{-# LANGUAGE DataKinds #-}
|
2016-02-17 18:49:01 +01:00
|
|
|
{-# LANGUAGE DeriveDataTypeable #-}
|
2018-03-11 16:58:31 +01:00
|
|
|
{-# LANGUAGE KindSignatures #-}
|
|
|
|
|
{-# LANGUAGE PolyKinds #-}
|
2016-04-06 04:59:49 +02:00
|
|
|
|
2016-02-17 18:49:01 +01:00
|
|
|
module Servant.API.BasicAuth where
|
|
|
|
|
|
2018-03-11 16:58:31 +01:00
|
|
|
import Data.ByteString
|
|
|
|
|
(ByteString)
|
|
|
|
|
import Data.Typeable
|
|
|
|
|
(Typeable)
|
|
|
|
|
import GHC.TypeLits
|
|
|
|
|
(Symbol)
|
2016-02-17 18:49:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
-- | Combinator for <https://tools.ietf.org/html/rfc2617#section-2 Basic Access Authentication>.
|
|
|
|
|
--
|
|
|
|
|
-- *IMPORTANT*: Only use Basic Auth over HTTPS! Credentials are not hashed or
|
|
|
|
|
-- encrypted. Note also that because the same credentials are sent on every
|
|
|
|
|
-- request, Basic Auth is not as secure as some alternatives. Further, the
|
|
|
|
|
-- implementation in servant-server does not protect against some types of
|
|
|
|
|
-- timing attacks.
|
|
|
|
|
--
|
|
|
|
|
-- In Basic Auth, username and password are base64-encoded and transmitted via
|
|
|
|
|
-- the @Authorization@ header. Handshakes are not required, making it
|
|
|
|
|
-- relatively efficient.
|
2016-02-17 19:23:05 +01:00
|
|
|
data BasicAuth (realm :: Symbol) (userData :: *)
|
2016-02-17 18:49:01 +01:00
|
|
|
deriving (Typeable)
|
|
|
|
|
|
|
|
|
|
-- | A simple datatype to hold data required to decorate a request
|
|
|
|
|
data BasicAuthData = BasicAuthData { basicAuthUsername :: !ByteString
|
|
|
|
|
, basicAuthPassword :: !ByteString
|
|
|
|
|
}
|
