Look inside cookies instead of just the header

2017-07-17 09:18:34 +01:00 · 2017-07-17 09:18:34 +01:00 · 400bd564dc
commit 400bd564dc
parent 265b4276db
1 changed files with 9 additions and 7 deletions
--- a/doc/tutorial/Authentication.lhs
+++ b/doc/tutorial/Authentication.lhs
@ -284,14 +284,16 @@ create a value of type `AuthHandler Request Account` using the above `lookupAcco
 method:

 ```haskell
-- | The auth handler wraps a function from Request -> Handler Account
-- we look for a Cookie and pass the value of the cookie to `lookupAccount`.
+import           Web.Cookie             (parseCookies)
+
 authHandler :: AuthHandler Request Account
-authHandler =
-  let handler req = case lookup "servant-auth-cookie" (requestHeaders req) of
-        Nothing -> throwError (err401 { errBody = "Missing auth header" })
-        Just authCookieKey -> lookupAccount authCookieKey
-  in mkAuthHandler handler
+authHandler = mkAuthHandler handler
+  where
+  maybeToEither e = maybe (Left e) Right
+  throw401 msg = throwError $ err401 { errBody = msg }
+  handler req = either throw401 lookupAccount $ do
+    cookie <- maybeToEither "Missing cookie header" $ lookup "cookie" $ requestHeaders req
+    maybeToEither "Missing token in cookie" $ lookup "servant-auth-cookie" $ parseCookies cookie
 ```

 Let's now protect our API with our new, bespoke authentication scheme. We'll